Authentication backend for django that uses a one time code instead of passwords.
This project was originally inspired by Is it time for password-less login? by Ben Brown
Run this command to install django-nopassword
pip install django-nopassword
Django >= 1.11 (custom user is supported)
Add the app to installed apps
INSTALLED_APPS = (
...
'nopassword',
'rest_framework_simplejwt',
...
)Add the authentication backend EmailBackend
AUTHENTICATION_BACKENDS = (
# Needed to login by username in Django admin, regardless of `nopassword`
'django.contrib.auth.backends.ModelBackend',
# Send login codes via email
'nopassword.backends.email.EmailBackend',
)Add urls to your urls.py
urlpatterns = patterns('',
...
url(r'^accounts/', include('nopassword.urls')),
...
)To use the REST API, djangorestframework must be installed
pip install djangorestframework
Add rest framework to installed apps
INSTALLED_APPS = (
...
'rest_framework',
'rest_framework.authtoken',
'nopassword',
...
)Add TokenAuthentication to default authentication classes
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.TokenAuthentication',
)
}Add urls to your urls.py
urlpatterns = patterns('',
...
url(r'^api/accounts/', include('nopassword.rest.urls')),
...
)You will have the following endpoints available:
/api/accounts/login/(POST)- username
- next (optional, will be returned in
/api/accounts/login/code/to be handled by the frontend) - Sends a login code to the user
/api/accounts/login/code/(POST)- code
- Returns
key(authentication token) andnext(provided by/api/accounts/login/)
/api/accounts/logout/(POST)- Performs logout
You will need to implement the endpoint to refresh the token on your application.
Information about the available settings can be found in the docs
Run with python setup.py test.
MIT © Rolf Erik Lekang