GitXplorerGitXplorer
a

django-password-session

public
10 stars
1 forks
0 issues

Commits

List of commits on branch master.
Unverified
3a3362877c63510ca5f7a532d32f7993a3af55d1

Version bump to 0.3.3

aatugushev committed 10 years ago
Unverified
4433033cd943f693236ee97c3ba98e4dcd331c37

Fixed checking password hash if it's None

aatugushev committed 10 years ago
Unverified
a63d04d3ca4435c34c9d0563f9ffe2a01f811b18

Updated Django requirements

aatugushev committed 10 years ago
Unverified
ed470aa6916a9f33ec60691bf9a1124be9cbfec4

Version bump

aatugushev committed 10 years ago
Unverified
c1217a9e20a47739f021203ed2d439a9e9e2a405

Fixed issue #1: update_session_auth_hash causes an error after test client login()

aatugushev committed 10 years ago
Unverified
3da9f857df57191f991364901985c61398cb32ae

Bumb up version

aatugushev committed 10 years ago

README

The README file for this repository.

======================= Django Password Session

A reusable Django app that will invalidate all active sessions after change password.

Since Django 1.7 this feature implemented |warninglink|_.

.. _warninglink: https://docs.djangoproject.com/en/dev/topics/auth/default/#session-invalidation-on-password-change

.. |warninglink| replace:: out of the box

.. image:: https://badge.fury.io/py/django-password-session.png :target: http://badge.fury.io/py/django-password-session

.. image:: https://api.travis-ci.org/atugushev/django-password-session.png :target: https://travis-ci.org/atugushev/django-password-session

.. image:: https://coveralls.io/repos/atugushev/django-password-session/badge.png?branch=master :target: https://coveralls.io/r/atugushev/django-password-session?branch=master

Installation

  1. Install a package.

.. code-block:: bash

$ pip install django-password-session
  1. Add "password_session" to your INSTALLED_APPS setting:

.. code-block:: python

INSTALLED_APPS = (
    ...
    'password_session',
)
  1. Add middleware:

.. code-block:: python

MIDDLEWARE_CLASSES = (
    ...
    'password_session.middleware.CheckPasswordHash',
),
  1. Make sure that you have the following settings:

.. code-block:: python

INSTALLED_APPS = (
    ...
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
)

AUTHENTICATION_BACKENDS = (
    ...
    'django.contrib.auth.backends.ModelBackend',
)

MIDDLEWARE_CLASSES = (
    ...
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
)
  1. To avoid logging out a user from a current session you should update the session by calling the following function directly after change a password:

.. code-block:: python

from password_session import update_session_auth_hash
update_session_auth_hash(request, user)

Example view

It's a very simple view for change password just for demonstrating how to update a current session.

.. code-block:: python

from django.contrib.auth.decorators import login_required
from django.http import HttpResponse

from password_session import update_session_auth_hash


def change_password_view(request):
    user = request.user
    user.set_password(request.POST.get('password'))
    user.save()
    update_session_auth_hash(request, user)
    return HttpResponse("Hello, %s! Your password has been changed!" % user.username)

Requirements

  • Python 2.6+ or 3+
  • Django>=1.3,<1.7