Skip to content
This repository has been archived by the owner on May 5, 2020. It is now read-only.
/ django-nopassword Public archive

Authentication backend for django that uses a one time code instead of passwords

License

Notifications You must be signed in to change notification settings

relekang/django-nopassword

Repository files navigation

django-nopassword

CircleCI

Authentication backend for django that uses a one time code instead of passwords.

This project was originally inspired by Is it time for password-less login? by Ben Brown

Installation

Run this command to install django-nopassword

pip install django-nopassword

Requirements

Django >= 1.11 (custom user is supported)

Usage

Add the app to installed apps

INSTALLED_APPS = (
    ...
    'nopassword',
    ...
)

Add the authentication backend EmailBackend

AUTHENTICATION_BACKENDS = (
    # Needed to login by username in Django admin, regardless of `nopassword`
    'django.contrib.auth.backends.ModelBackend',

    # Send login codes via email
    'nopassword.backends.email.EmailBackend',
)

Add urls to your urls.py

urlpatterns = patterns('',
    ...
    url(r'^accounts/', include('nopassword.urls')),
    ...
)

REST API

To use the REST API, djangorestframework must be installed

pip install djangorestframework

Add rest framework to installed apps

INSTALLED_APPS = (
    ...
    'rest_framework',
    'rest_framework.authtoken',
    'nopassword',
    ...
)

Add TokenAuthentication to default authentication classes

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.TokenAuthentication',
    )
}

Add urls to your urls.py

urlpatterns = patterns('',
    ...
    url(r'^api/accounts/', include('nopassword.rest.urls')),
    ...
)

You will have the following endpoints available:

  • /api/accounts/login/ (POST)
    • username
    • next (optional, will be returned in /api/accounts/login/code/ to be handled by the frontend)
    • Sends a login code to the user
  • /api/accounts/login/code/ (POST)
    • code
    • Returns key (authentication token) and next (provided by /api/accounts/login/)
  • /api/accounts/logout/ (POST)
    • Performs logout

Settings

Information about the available settings can be found in the docs

Tests

Run with python setup.py test.


MIT © Rolf Erik Lekang