Accounts for Django made beautifully simple

Overview

Django Userena

Build Status Coverage Status

Userena is a Django application that supplies your Django project with full account management. It's a fully customizable application that takes care of the signup, activation, messaging and more. It's BSD licensed, which means you can use it commercially for free!

Documentation

Complete documentation about the installation, settings and F.A.Q. is available on Read the Docs.

For list of updates and changes see UPDATES.md file.

Comments
  • Signin after signup

    Signin after signup

    Adds a USERENA_SIGNIN_AFTER_SIGNUP setting, which automatically signs a newly registered user in if True and if USERENA_ACTIVATION_REQUIRED is False.

    Adds documentation in settings.rst.

    If you like the feature but I am missing something, let me know and I'll complete.

    Thanks for Userena!

    opened by kvnn 15
  • HTTP 405 response when user tries to signup, but the form contains errors.

    HTTP 405 response when user tries to signup, but the form contains errors.

    The problem is in ExtraContextTemplateView - it only implements the get method (in TemplateView), but the signup view is defined as:

    def signup(...):
        if request.method == 'POST':
            if form.is_valid():
                . . .
                return redirect(...)
    
        return ExtraContextTemplateView.as_view(...)
    

    Since I think this might happen on other places in userena.views, I added a post() method to ExtraContextTemplateView by copying the get method.

    opened by boris-chervenkov 7
  • Django 1.9 compatibility fixes

    Django 1.9 compatibility fixes

    Some commits that makes django-userena work with Django 1.9.

    Django 1.4 compatibility had to be dropped ({% load url from future %} was removed from Django 1.9).

    So far, the changes seem to work fine, but some more testing is certainly needed before making a release.

    improvement 
    opened by smlz 6
  • django 1.6 password reset compatibility fixes

    django 1.6 password reset compatibility fixes

    This pull request fixes password reset on django>=1.6.0.

    It adds password reset wies tests and creates new submodule named userena.compat. This is proposition to handle in future any compatibility issues.

    Note that this pull request depend on #386. Merge #386 before merging this one or simply forgot about #386. Sorry for that inconvienience but I was in hurry and wanted to contribute my code ASAP because I need that fixes in my production application. I simply simply don't want to watch if earlier PR was accepted and merged, because I could forget to create new one.

    Finally I couldn't be sure that my fixes doesn't break anything without merging #386.

    This pull request fixes/closes issues #381, #384, #372, #371 without duplicating urls in userena.urls or changing url names.

    opened by swistakm 6
  • Invitation flow

    Invitation flow

    This patch is not ready to be merged, but I wanted to put it out there to see if there is interest in offering an invitation flow in django-userena.

    The patch allows existing users to invite a new user by entering their email address and optionally other user info like their first name. If no user with that email address exists a user is created so that it can be used for some basic interaction.

    At the same time an activation email is sent out to the email address. It contains a link that allows the user to activate their account by entering a password. At this point no further email address validation is needed and the user is immediately signed in.

    Cheers, Felix

    opened by fberger 5
  • Remove 'username' param from URLs with keys

    Remove 'username' param from URLs with keys

    It seems like something of a lapse in the security/anonymity provided by using SHA1 keys for user activation and email confirmation changes to have the "username" directly in the URL, and really there's no reason to have it since the lookup can be done on the key anyway.

    opened by ghinch 5
  • Moderated Registration Feature - Issue #81

    Moderated Registration Feature - Issue #81

    I've implemented a moderated registration feature. By default all functionality is the same, however there is now the capability to set the following in your settings.py:

    USERENA_MODERATED_REGISTRATION = True
    USERENA_ACTIVATION_REJECTED = 'ACTIVATION_REJECTED'
    USERENA_PENDING_MODERATION = 'PENDING_MODERATION'
    

    With moderated registration enabled, the following happens:

    • User registers
    • Receives activation email, and clicks activation link
    • Gets msg that they are activated, but pending administrators approval
    • The admin logs into the django admin, clicks 'Users', selects user, performs the 'Approve user registration' or 'Reject user registration' action from the drop down.
    • An approval or rejection email is sent accordingly

    This is an extremely important feature for us during pilot periods where we want something online publicly but only want specific people able to fully register and login. I did my best to follow Userena's coding style/layout/etc. If there is anything you are questionable about please let me know... however I feel it is a very sane and simple solution.

    Thanks!

    opened by derks 5
  • fix issue #455

    fix issue #455

    in python 3 all model must be have the str method because unicode doesn't exist

    https://docs.djangoproject.com/en/1.7/topics/python3/#str-and-unicode-methods

    opened by leonardoo 4
  • BUGFIX: Signin form initialization.

    BUGFIX: Signin form initialization.

    It's hard to realized this issue when using Django default templating system as it's too nice to tell the error. However, if you use Jinja2 you will get error in signin form.

    I believe it was a typo as other forms in views are okay.

    Credit goes to Fuhong Liu for locating this bug. Initially we had a fix in template but later Fuhong Liu found that it should have been fixed in the views.

    opened by fengsi 4
  • User activation

    User activation

    Why User's activation is so impositive? There should have others options, like allowing users to login even if they don't confirm their emails.

    This commit adds 'USERENA_ACTIVATION', and when it is False, users signup as active.

    opened by zvictor 4
  • Identify stealing for superusers

    Identify stealing for superusers

    Hi userena team,

    Here's a patch for the auth backend that allows a superuser to steal the identity of another user. This is very useful when a user reports an error on her/his account and you want to test it.

    Cheers,

    Guillaume

    opened by glibersat 4
  • Update FAQ to Work with Current Version of Django

    Update FAQ to Work with Current Version of Django

    Updated the "Hackery" to move the new fields to the front of the OrderedDict with move_to_end('key', last=False).

    Updated user_profile = new_user.get_profile() to user_profile = new_user.my_profile. get_profile() has been deprecated.

    opened by WisChrendel 3
  • don't allow signin view redirect to different host

    don't allow signin view redirect to different host

    Current signin view accept next parameter for redirect after login successfully but it don't safe check url. It could be exploited to redirect to different page other than current host

    opened by meomap 3
  • Signin view should have argument for inactive url redirect

    Signin view should have argument for inactive url redirect

    After login successfully, there's no way to specify redirect url if account is disabled. It's hardcoded with url resolved from name userena_disabled and arguments username.

    What if application doesn't want to include username in url and just return a static template. All the usage of redirect in views have option for that except this usecase

    opened by meomap 1
  • Support custom user model with USERNAME_FIELD !=

    Support custom user model with USERNAME_FIELD != "username"

    I'm using a custom auth model with USERNAME_FIELD = "email".

    The changes here are enough, along with

    USERENA_REGISTER_PROFILE = False
    USERENA_REGISTER_USER = False
    

    to get django-userena up and running with my project. However, I haven't done any thorough testing yet.

    improvement 
    opened by dpretty 4
Releases(v2.0.1)
  • v2.0.1(Mar 23, 2016)

    Fixes and improvements:

    • Fixed missing README.md that caused installation failure (#517).
    • Use universal wheels when distributing the package.
    Source code(tar.gz)
    Source code(zip)
  • v2.0.0(Mar 22, 2016)

    Backwards incompatible changes:

    • Drop support for Django 1.4
    • Add support for Django 1.9
    • Added new Django 1.9 migration for userena and userena.contrib.umessages. Old South migrations are still available in userena.south_migrations and userena.contrib.umessages.south_migrations but are deprecated and may be removed in future major releases. South>1.0 is required for older versions of Django.
    • django-guardian requirement bumped to <=1.4.1 as newer version (1.4.2) fails on tests.
    • removed all {% load url from future %} from userena templates for compatibility with Django 1.9
    • sha_constructor(), smart_text(), and md5_constructor removed from userena.compat
    • Use simple list literal as url patterns instead of django.conf.urls.patterns() function

    Deprecated features:

    • userena.utils.get_user_model is deprecated and will be removed in version 3.0.0. Use django.contrib.auth.get_user_model

    Fixes and improvements:

    • More nodes added to the travis test matrix.
    • Some documentation moved to .md files.
    • Deprecated unittest aliases replaced in tests.
    • Updated list of trove classifiers.
    • Added option to execute runtests script with pattern parameter to limit number of tests.
    • Added {posargs} to test command execution in tox.ini to improve developer experience during tests.
    • Minor documentation improvements.
    • Set django-guardian<1.4.0 version for Django 1.5 and 1.6 tests.
    Source code(tar.gz)
    Source code(zip)
  • v1.5.1(Mar 22, 2016)

  • v1.5.0(Mar 22, 2016)

    Fixes and improvements:

    • Updated Norwegian translations and fixed issue with unicode characters sent to utils.generate_sha1 (#472)
    • Fix upload_to_mugshot if model uses primary key diffrent than id (#475)
    • Minor compatibility improvements (#485)
    • Refactored mailer (#486)
    • Password reset email now inlcudes email template for django>=1.7 (#493)
    • Fixes to translations (#499)
    • Added Romanian translations (#500)

    Backwards incompatible changes:

    • django-guardian has version fixed to <=1.3.1 due to django 1.4 compatibility
    Source code(tar.gz)
    Source code(zip)
  • v1.4.1(May 22, 2015)

    • hack in usermail removed since recent dependencies does not require it (#462)
    • minor improvements in documentation (#461)
    • fixed bug that caused usernames to be altered (#456)
    • fixed support for python3.2/python3.4 (#455, #453)
    Source code(tar.gz)
    Source code(zip)
  • v1.4.0(Mar 22, 2016)

  • v1.3.2(Mar 22, 2016)

  • v1.3.1(Mar 22, 2016)

    Backwards incompatible changes:

    • When USERENA_ACTIVATION_REQUIRED = False, creating new user does not automatically create userena profile (bug).
    Source code(tar.gz)
    Source code(zip)
  • v1.2.2(Mar 22, 2016)

    Backwards incompatible changes:

    • Changed backwards relationships names for Umessages contrib application from to_user to um_to_user and from_user to um_from_user.
    Source code(tar.gz)
    Source code(zip)
  • v1.2.0(Mar 22, 2016)

    Backwards incompatible changes:

    • This version updates Userena to be able to use the new User model found in Django 1.5. This does require the django-guardion > 1.5-dev. To make this work, there is a get_user_model function in userena/utils.py which is used to get the correct User model.
    Source code(tar.gz)
    Source code(zip)
  • v1.1.2(Mar 22, 2016)

    Backwards incompatible changes:

    • Activation view no longer contains username. If you override userena/templates/userena/emails/activation_email_message.txt and userena/templates/userena/emails/confirmation_email_message_new.txt be sure to remove username from the URL.
    Source code(tar.gz)
    Source code(zip)
  • v1.1(Mar 22, 2016)

  • v1.0.1(Mar 22, 2016)

    Backwards incompatible changes:

    • Removed the user relationship outside UserenaBaseProfile model. This allows the user to define it's own relationship and fixes a conflict while running manage.py test. To migrate, place the user field inside your profile model, instead of inheriting it from the abstract class.
    Source code(tar.gz)
    Source code(zip)
A Login/Registration GUI Application with SQLite database for manipulating data.

Login-Register_Tk A Login/Registration GUI Application with SQLite database for manipulating data. What is this program? This program is a GUI applica

Arsalan 1 Feb 01, 2022
A generic, spec-compliant, thorough implementation of the OAuth request-signing logic

OAuthLib - Python Framework for OAuth1 & OAuth2 *A generic, spec-compliant, thorough implementation of the OAuth request-signing logic for Python 3.5+

OAuthlib 2.5k Jan 01, 2023
Brute force a JWT token. Script uses multithreading.

JWT BF Brute force a JWT token. Script uses multithreading. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help!

Ivan Šincek 5 Dec 02, 2022
Django Authetication with Twitch.

Django Twitch Auth Dependencies Install requests if not installed pip install requests Installation Install using pip pip install django_twitch_auth A

Leandro Lopes Bueno 1 Jan 02, 2022
Flask JWT Router is a Python library that adds authorised routes to a Flask app.

Read the docs: Flask-JWT-Router Flask JWT Router Flask JWT Router is a Python library that adds authorised routes to a Flask app. Both basic & Google'

Joe Gasewicz 52 Jan 03, 2023
This Python based program checks your CC Stripe Auth 1$ Based Checker

CC-Checker This Python based program checks your CC Stripe Auth 1$ Based Checker About Author Coded by xBlackx Reach Me On Telegram @xBlackx_Coder jOI

xBlackxCoder 11 Nov 20, 2022
Django Rest Framework App wih JWT Authentication and other DRF stuff

Django Queries App with JWT authentication, Class Based Views, Serializers, Swagger UI, CI/CD and other cool DRF stuff API Documentaion /swagger - Swa

Rafael Salimov 4 Jan 29, 2022
Generate payloads that force authentication against an attacker machine

Hashgrab Generates scf, url & lnk payloads to put onto a smb share. These force authentication to an attacker machine in order to grab hashes (for exa

xct 35 Dec 20, 2022
RSA Cryptography Authentication Proof-of-Concept

RSA Cryptography Authentication Proof-of-Concept This project was a request by Structured Programming lectures in Computer Science college. It runs wi

Dennys Marcos 1 Jan 22, 2022
python-social-auth and oauth2 support for django-rest-framework

Django REST Framework Social OAuth2 This module provides OAuth2 social authentication support for applications in Django REST Framework. The aim of th

1k Dec 22, 2022
Quick and simple security for Flask applications

Note This project is non maintained anymore. Consider the Flask-Security-Too project as an alternative. Flask-Security It quickly adds security featur

Matt Wright 1.6k Dec 19, 2022
A Python package, that allows you to acquire your RecNet authorization bearer token with your account credentials!

RecNet-Login This is a Python package, that allows you to acquire your RecNet bearer token with your account credentials! Installation Done via git: p

Jesse 6 Aug 18, 2022
JSON Web Token Authentication support for Django REST Framework

REST framework JWT Auth JSON Web Token Authentication support for Django REST Framework Overview This package provides JSON Web Token Authentication s

Styria Digital Development 178 Jan 02, 2023
Official implementation of the AAAI 2022 paper "Learning Token-based Representation for Image Retrieval"

Token: Token-based Representation for Image Retrieval PyTorch training code for Token-based Representation for Image Retrieval. We propose a joint loc

Hui Wu 42 Dec 06, 2022
Local server that gives you your OAuth 2.0 tokens needed to interact with the Conta Azul's API

What's this? This is a django project meant to be run locally that gives you your OAuth 2.0 tokens needed to interact with Conta Azul's API Prerequisi

Fábio David Freitas 3 Apr 13, 2022
API-key based security utilities for FastAPI, focused on simplicity of use

FastAPI simple security API key based security package for FastAPI, focused on simplicity of use: Full functionality out of the box, no configuration

Tolki 154 Jan 03, 2023
A module making it easier to manage Discord oAuth with Quart

quart_discord A module making it easier to manage Discord oAuth with Quart Install pip install git+https://github.com/xelA/ 5 Oct 27, 2022

Some scripts to utilise device code authorization for phishing.

OAuth Device Code Authorization Phishing Some scripts to utilise device code authorization for phishing. High level overview as per the instructions a

Daniel Underhay 6 Oct 03, 2022
Accounts for Django made beautifully simple

Django Userena Userena is a Django application that supplies your Django project with full account management. It's a fully customizable application t

Bread & Pepper 1.3k Sep 18, 2022
Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).

Welcome to Corsair_scan Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS) misconfigurations. CORS is a mechanism that allow

Santander Security Research 116 Nov 09, 2022