Rate Limiting

.circleci/config.yml

@@ -0,0 +1,34 @@
+version: 2.1
+orbs:
+ docker: circleci/[email protected]
+
+jobs:
+ test-django-3: &template
+ docker:
+ - image: circleci/python:3.8.0
+ environment:
+ DJANGO_VERSION: 3.0.3
+ DRF: 3.11
+ executor: docker/docker
+ steps:
+ - checkout
+ - run: pip install --user -r dev-requirements.txt
+ - run: pip install --user -r dj_rest_auth/tests/requirements.pip
+ - run: pip install -q --user coveralls djangorestframework==$DRF Django==$DJANGO_VERSION
+ - run:
+ command: coverage run --source=dj_rest_auth setup.py test
+ name: Test
+ - run:
+ command: COVERALLS_REPO_TOKEN=Q58WdUuZOi89XHyDeDsGE2lxUGQ2IfqP3 coveralls
+ name: Coverage
+ test-django-2:
+ <<: *template
+ environment:
+ DJANGO_VERSION: 2.2.10
+ DRF: 3.9
+
+workflows:
+ main:
+ jobs:
+ - test-django-3
+ - test-django-2

.coveralls.yml

@@ -0,0 +1,2 @@
+service_name: travis-pro
+repo_token: Q58WdUuZOi89XHyDeDsGE2lxUGQ2IfqP3

.gitignore

@@ -72,6 +72,9 @@ target/
 # Jupyter Notebook
 .ipynb_checkpoints
 
+# IDE
+.idea
+
 # pyenv
 .python-version
 
@@ -102,3 +105,5 @@ venv.bak/
 
 # mypy
 .mypy_cache/
+demo/react-spa/node_modules/
+demo/react-spa/yarn.lock

AUTHORS

@@ -1 +1 @@
-http://github.com/Tivix/django-rest-auth/contributors
+http://github.com/jazzband/dj-rest-auth/contributors

CONTRIBUTING.md

@@ -0,0 +1,3 @@
+[![Jazzband](https://jazzband.co/static/img/jazzband.svg)](https://jazzband.co/)
+
+This is a [Jazzband](https://jazzband.co/) project. By contributing you agree to abide by the [Contributor Code of Conduct](https://jazzband.co/about/conduct) and follow the [guidelines](https://jazzband.co/about/guidelines).

LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2014 Tivix
+Copyright (c) 2014 iMerica https://github.com/iMerica/
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -18,4 +18,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+SOFTWARE.

MANIFEST.in

@@ -2,4 +2,4 @@ include AUTHORS
 include LICENSE
 include MANIFEST.in
 include README.md
-graft rest_auth
+graft dj_rest_auth

README.md

@@ -0,0 +1,77 @@
+# Dj-Rest-Auth
+[![<iMerica>](https://circleci.com/gh/jazzband/dj-rest-auth.svg?style=svg)](https://app.circleci.com/pipelines/github/jazzband/dj-rest-auth)
+[![Jazzband](https://jazzband.co/static/img/badge.svg)](https://jazzband.co/)
+[![Coverage Status](https://coveralls.io/repos/github/jazzband/dj-rest-auth/badge.svg?branch=master)](https://coveralls.io/github/jazzband/dj-rest-auth?branch=master)
+
+Drop-in API endpoints for handling authentication securely in Django Rest Framework. Works especially well 
+with SPAs (e.g React, Vue, Angular), and Mobile applications. 
+
+## Requirements
+- Django 2 or 3.
+- Python 3
+
+## Quick Setup
+
+Install package
+
+ pip install dj-rest-auth
+
+Add `dj_rest_auth` app to INSTALLED_APPS in your django settings.py:
+
+```python
+INSTALLED_APPS = (
+ ...,
+ 'rest_framework',
+ 'rest_framework.authtoken',
+ ...,
+ 'dj_rest_auth'
+)
+```
+
+Add URL patterns
+
+```python
+urlpatterns = [
+ url(r'^dj-rest-auth/', include('dj_rest_auth.urls'))
+]
+```
+
+
+(Optional) Use Http-Only cookies
+
+```python
+REST_USE_JWT = True
+JWT_AUTH_COOKIE = 'jwt-auth'
+```
+
+### Testing
+
+To run the tests within a virtualenv, run `python runtests.py` from the repository directory.
+The easiest way to run test coverage is with [`coverage`](https://pypi.org/project/coverage/),
+which runs the tests against all supported Django installs. To run the test coverage 
+within a virtualenv, run `coverage run ./runtests.py` from the repository directory then run `coverage report`.
+
+#### Tox
+
+Testing may also be done using [`tox`](https://pypi.org/project/tox/), which
+will run the tests against all supported combinations of python and django.
+
+Install tox, either globally or within a virtualenv, and then simply run `tox`
+from the repository directory. As there are many combinations, you may run them
+in [`parallel`](https://tox.readthedocs.io/en/latest/config.html#cmdoption-tox-p)
+using `tox --parallel`.
+
+The `tox.ini` includes an environment for testing code [`coverage`](https://pypi.org/project/coverage/)
+and you can run it and view this report with `tox -e coverage`.
+
+Linting may also be performed via [`flake8`](https://pypi.org/project/flake8/)
+by running `tox -e flake8`.
+
+### Documentation
+
+View the full documentation here: https://dj-rest-auth.readthedocs.io/en/latest/index.html
+
+
+### Acknowledgements
+
+This project began as a fork of `django-rest-auth`. Big thanks to everyone who contributed to that repo!

demo/demo/settings.py

@@ -31,23 +31,23 @@
  'django.contrib.auth',
  'django.contrib.contenttypes',
  'django.contrib.sessions',
- # 'django.contrib.messages',
+ 'django.contrib.messages',
  'django.contrib.staticfiles',
  'django.contrib.sites',
-
  'rest_framework',
  'rest_framework.authtoken',
- 'rest_auth',
-
+ 'dj_rest_auth',
  'allauth',
  'allauth.account',
- 'rest_auth.registration',
+ 'dj_rest_auth.registration',
  'allauth.socialaccount',
  'allauth.socialaccount.providers.facebook',
  'rest_framework_swagger',
+ 'corsheaders'
 )
 
 MIDDLEWARE = (
+ 'corsheaders.middleware.CorsMiddleware',
  'django.contrib.sessions.middleware.SessionMiddleware',
  'django.middleware.common.CommonMiddleware',
  'django.middleware.csrf.CsrfViewMiddleware',
@@ -116,14 +116,23 @@
 ACCOUNT_AUTHENTICATION_METHOD = 'username'
 ACCOUNT_EMAIL_VERIFICATION = 'optional'
 
+REST_USE_JWT = True
+JWT_AUTH_COOKIE = 'auth'
+
 REST_FRAMEWORK = {
  'DEFAULT_AUTHENTICATION_CLASSES': (
  'rest_framework.authentication.SessionAuthentication',
  'rest_framework.authentication.TokenAuthentication',
- )
+ 'dj_rest_auth.utils.JWTCookieAuthentication'
+ ),
+ 'DEFAULT_SCHEMA_CLASS': 'rest_framework.schemas.coreapi.AutoSchema'
 }
 
 SWAGGER_SETTINGS = {
  'LOGIN_URL': 'login',
  'LOGOUT_URL': 'logout',
 }
+
+
+# For demo purposes only. Use a white list in the real world.
+CORS_ORIGIN_ALLOW_ALL = True

demo/demo/urls.py

@@ -1,7 +1,6 @@
 from django.conf.urls import include, url
 from django.contrib import admin
-from django.views.generic import TemplateView, RedirectView
-
+from django.views.generic import RedirectView, TemplateView
 from rest_framework_swagger.views import get_swagger_view
 
 urlpatterns = [
@@ -35,8 +34,8 @@
  TemplateView.as_view(template_name="password_reset_confirm.html"),
  name='password_reset_confirm'),
 
- url(r'^rest-auth/', include('rest_auth.urls')),
- url(r'^rest-auth/registration/', include('rest_auth.registration.urls')),
+ url(r'^dj-rest-auth/', include('dj_rest_auth.urls')),
+ url(r'^dj-rest-auth/registration/', include('dj_rest_auth.registration.urls')),
  url(r'^account/', include('allauth.urls')),
  url(r'^admin/', admin.site.urls),
  url(r'^accounts/profile/$', RedirectView.as_view(url='/', permanent=True), name='profile-redirect'),

demo/demo/wsgi.py

@@ -8,7 +8,9 @@
 """
 
 import os
-os.environ.setdefault("DJANGO_SETTINGS_MODULE", "demo.settings")
 
 from django.core.wsgi import get_wsgi_application
+
+os.environ.setdefault("DJANGO_SETTINGS_MODULE", "demo.settings")
+
 application = get_wsgi_application()

demo/react-spa/.gitignore

@@ -0,0 +1,23 @@
+# See https://help.github.com/articles/ignoring-files/ for more about ignoring files.
+
+# dependencies
+/node_modules
+/.pnp
+.pnp.js
+
+# testing
+/coverage
+
+# production
+/build
+
+# misc
+.DS_Store
+.env.local
+.env.development.local
+.env.test.local
+.env.production.local
+
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*