diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml new file mode 100644 index 00000000..7f3937b6 --- /dev/null +++ b/.github/workflows/gh-pages.yml @@ -0,0 +1,34 @@ +name: Publish Docs to GitHub Pages + +permissions: + contents: write + +on: + push: + branches: + - develop + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Set up Python + uses: actions/setup-python@v2 + with: + python-version: 3.x + + - name: Install dependencies + run: pip install mkdocs-material + + - name: Build docs + run: mkdocs build + + - name: Deploy to GitHub Pages + uses: peaceiris/actions-gh-pages@v3 + with: + personal_token: ${{ secrets.GITHUB_TOKEN }} + publish_dir: ./site \ No newline at end of file diff --git a/README.md b/README.md index 8a5ca1d7..001fccc2 100644 --- a/README.md +++ b/README.md @@ -4,15 +4,15 @@ django-rest-knox [![Jazzband](https://jazzband.co/static/img/badge.svg)](https://jazzband.co/) [![image](https://github.com/jazzband/django-rest-knox/workflows/Test/badge.svg?branch=develop)](https://github.com/jazzband/django-rest-knox/actions) -Authentication Module for django rest auth +Authentication module for Django rest auth. -Knox provides easy to use authentication for [Django REST +Knox provides easy-to-use authentication for [Django REST Framework](https://www.django-rest-framework.org/) The aim is to allow -for common patterns in applications that are REST based, with little +for common patterns in applications that are REST-based, with little extra effort; and to ensure that connections remain secure. -Knox authentication is token based, similar to the `TokenAuthentication` -built in to DRF. However, it overcomes some problems present in the +Knox authentication is token-based, similar to the `TokenAuthentication` +built into DRF. However, it overcomes some problems present in the default implementation: - DRF tokens are limited to one per user. This does not facilitate @@ -24,13 +24,14 @@ default implementation: client to have its own token which is deleted on the server side when the client logs out. - Knox also provides an option for a logged in client to remove *all* + Knox also provides an option for a logged-in client to remove *all* tokens that the server has - forcing all clients to re-authenticate. - DRF tokens are stored unencrypted in the database. This would allow - an attacker unrestricted access to an account with a token if the + an attacker unrestricted access to an account with a token if the database were compromised. + Knox tokens are only stored in a secure hash form (like a password). Even if the database were somehow stolen, an attacker would not be able to log in with the stolen credentials. @@ -44,8 +45,7 @@ More information can be found in the # Run the tests locally -If you need to debug a test locally and if you have [docker](https://www.docker.com/) installed: - +If you need to debug a test locally and if you have [docker](https://www.docker.com/) installed, simply run the ``./docker-run-tests.sh`` script and it will run the test suite in every Python / Django versions. @@ -56,7 +56,7 @@ Python / Django versions a bit more tricky. Our documentation is generated by [Mkdocs](https://www.mkdocs.org). -You can refer to their documentation on how to install it locally. +You can refer to their [documentation](https://www.mkdocs.org/user-guide/installation/) on how to install it locally. Another option is to use `mkdocs.sh` in this repository. It will run mkdocs in a [docker](https://www.docker.com/) container. diff --git a/docs/index.md b/docs/index.md index 1619797b..4a674fed 100644 --- a/docs/index.md +++ b/docs/index.md @@ -1,10 +1,10 @@ # Django-Rest-Knox -Knox provides easy to use authentication for [Django REST Framework](https://www.django-rest-framework.org/) +Knox provides easy-to-use authentication for [Django REST Framework](https://www.django-rest-framework.org/) The aim is to allow for common patterns in applications that are REST based, with little extra effort; and to ensure that connections remain secure. Knox authentication is token based, similar to the `TokenAuthentication` built -in to DRF. However, it overcomes some problems present in the default implementation: +into DRF. However, it overcomes some problems present in the default implementation: - DRF tokens are limited to one per user. This does not facilitate securely signing in from multiple devices, as the token is shared. It also requires diff --git a/knox/settings.py b/knox/settings.py index d1b09347..a2c3d9c8 100644 --- a/knox/settings.py +++ b/knox/settings.py @@ -1,7 +1,7 @@ from datetime import timedelta from django.conf import settings -from django.test.signals import setting_changed +from django.core.signals import setting_changed from rest_framework.settings import APISettings, api_settings USER_SETTINGS = getattr(settings, 'REST_KNOX', None) diff --git a/mkdocs.sh b/mkdocs.sh index ac64849e..8365e1ae 100755 --- a/mkdocs.sh +++ b/mkdocs.sh @@ -9,4 +9,4 @@ docker run --rm -it \ -w $MOUNT_FOLDER \ -p $MKDOCS_DEV_PORT:$MKDOCS_DEV_PORT \ -e MKDOCS_DEV_ADDR="$MKDOCS_DEV_ADDR:$MKDOCS_DEV_PORT" \ - squidfunk/mkdocs-material:3.2.0 $* + squidfunk/mkdocs-material:latest $* diff --git a/tox.ini b/tox.ini index 3a159a54..aaf77486 100644 --- a/tox.ini +++ b/tox.ini @@ -1,25 +1,9 @@ [tox] envlist = - isort, - flake8, py{36,37,38,39,310}-django32, py{38,39,310,311,312}-django42, py{310,311,312}-django50, -[testenv:flake8] -deps = flake8 -changedir = {toxinidir} -commands = flake8 knox - -[testenv:isort] -deps = isort -changedir = {toxinidir} -commands = isort --check-only --diff \ - knox \ - knox_project/views.py \ - setup.py \ - tests - [testenv] commands = python manage.py migrate @@ -33,7 +17,6 @@ deps = django42: Django>=4.2,<4.3 django50: Django>=5.0,<5.1 markdown>=3.0 - isort>=5.0 djangorestframework freezegun mkdocs @@ -50,5 +33,5 @@ python = 3.8: py38 3.9: py39 3.10: py310 - 3.11: py311, isort, flake8 + 3.11: py311 3.12: py312