incuna / django-user-management Goto Github PK
View Code? Open in Web Editor NEWUser management model mixins and api views.
License: BSD 2-Clause "Simplified" License
User management model mixins and api views.
License: BSD 2-Clause "Simplified" License
If you post two matching passwords that do not fulfil the password strength validation rules then the endpoint responds that new_password2 does not match
{
"new_password": ["Password must have at least one upper case letter, one lower case letter, and one number."],
"new_password2": ["Your new passwords do not match."]
}
Security requirements of a number of projects require the site to enforce a set of complexity for passwords. Usually this is some of the following:
This would make it line up with @perry's angular-registration
(soon to be angular-user-management
).
Should it be useful to have ThumbnailNamedField
to generate images with both query parameters and arguments?
Avatar support requires the fix in encode/django-rest-framework#1377. We are including this in test_requirements.txt
, but not in setup.py
. We should not release a new version (> v0.0.7
) until a new version of django-rest-framework is released.
An error message is displayed in model.py.
"unresolve import 'user_management.models.mixins'"
`from django.db import models
from django.db.models import Sum
from django.contrib.auth.models import AbstractBaseUser, PermissionsMixin
from user_management.models.mixins import ActiveUserMixin`
Am I missing something?
The email templates have a #/
in the /register/verify
URL, which is a bit awkward. We could use having alternate templates in the ui
folder that don't have the #/
in.
Returning a 404 response doesn't interrupt the workflow but instead is dispatched and a AssertionError: .accepted_renderer not set on Response
is raised. A workaround is to raise a 404.
If you request a password reset with an email address for a user that does not exist or is not active then no email is sent.
Can we send a "You do not have a an account email" in this case.
(cc @meshy @jturnbull )
I think that DELETE
to the Auth endpoint should require a token in order to invalidate it, otherwise we may be deleting tokens too casually.
I'm trying to e2e test user registration and login.
When I try to log in with bad credentials I get back a 400
error with a text in non_field_errors
Unable to log in with provided credentials.
When I try to log in with an unverified account I also get back a 400
error with a different non_field_errors
User account is disabled.
The only way to distinguish between them is by the error text, which will break when the text changes or we change to a different language.
A possible solution would be to use a different error status or maybe add a field which describes error type in machine readable form.
A changelog would be nice ;)
We currently support:
I think we should consider dropping support for the bold versions.
django-user-management/user_management/models/mixins.py
Lines 59 to 63 in c5cccfa
Just encountered an odd thing where I could create a user with no parameters, and there was no error. It doesn't feel right that a blank email isn't validated as false.
@incuna/backend @meshy What do you think?
from django.contrib.auth.models import AbstractBaseUser, PermissionsMixin
from user_management.models.mixins import VerifyEmailMixin
class User(VerifyEmailMixin, PermissionsMixin, AbstractBaseUser):
pass
I know it's abstract, but it still seems presumptuous to me. A custom user model will always be custom. This seems to be duplicating incuna/custom-user-model
.
A non-API view that verifies a user's email address on a GET request (accessed via a link in an email) would be a very useful thing to keep around in a library.
Having a library migration for AuthToken
would avoid to create the migration with MIGRATION_MODULES
in the project.
This would need to be addressed when we drop support for Django v1.6
Currently the (other) users list detail serialiser (UserSerializer
) extend HyperlinkedModelSerializer
however the (my) profile serializer (ProfileSerializer
) does not. It is not therefore possible to identify (my) profile in the users list detail list.
Should the ProfileSerializer
include a way to identify the user in the users list? Such as a public_url
link?
We have tests, we should have Travis on this.
In user_management/utils/validators.py
, the validate_password_strength
function does two different validation checks, and can throw two errors. It should be two validators.
The password_reset_email_handler
and validation_email_handler
each define a subject
that is formatted with the site.domain
. This is difficult to override when the domain is unwanted.
We could instead use a django template, to which we pass the site.domain
in a context
. This would allow a project to replace the subject completely, ignoring the context
.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.