django-rest-auth icon indicating copy to clipboard operation
django-rest-auth copied to clipboard

Published 20 hours ago verified publisher icon Tivix

Password whitespace and input in browsable API

Open illagrenan opened this issue 7 years ago • 6 comments

  • Do not trim password whitespace (trim_whitespace, see: http://www.django-rest-framework.org/api-guide/fields/#charfield)
  • Mask password input (inspired by https://github.com/encode/django-rest-framework/blob/master/rest_framework/authtoken/serializers.py#L11-L12)

illagrenan avatar Oct 25 '17 13:10 illagrenan

Coverage Status

Coverage remained the same at 97.089% when pulling 28e712cf4b4784522589f4678ccf0d2a26e8cbb3 on illagrenan:patch-1 into e4c04528a2c3aaf21f638589639d84df278866ec on Tivix:master.

coveralls avatar Oct 25 '17 13:10 coveralls

The same change should also be done to the PasswordChangeSerializer and PasswordResetConfirmSerializer.

sloria avatar Oct 25 '17 13:10 sloria

Coverage Status

Coverage remained the same at 97.089% when pulling cfe6c5b6933b5406a601707734d795cf462e81ed on illagrenan:patch-1 into e4c04528a2c3aaf21f638589639d84df278866ec on Tivix:master.

coveralls avatar Oct 25 '17 13:10 coveralls

@sloria Thanks! Done.

illagrenan avatar Oct 25 '17 13:10 illagrenan

Coverage Status

Coverage remained the same at 97.089% when pulling dfe3f12356db3028f18c06c3fed97e5feac275b0 on illagrenan:patch-1 into e4c04528a2c3aaf21f638589639d84df278866ec on Tivix:master.

coveralls avatar Oct 25 '17 13:10 coveralls

Hi, as a user of rest-auth, thanks for the contribution! This repo is not maintained anymore, so the development moved to dj-rest-auth. (reference: https://github.com/Tivix/django-rest-auth/issues/568) It may be best, if you move this PR there. (and upgrade to using dj_rest_auth)

new repo link: https://github.com/jazzband/dj-rest-auth (I'm not the upkeeper of that repo, it just makes sense for me to help you merge your PR)

Many Thanks, Barney

BarnabasSzabolcs avatar May 30 '20 01:05 BarnabasSzabolcs