djoser
djoser copied to clipboard
REST implementation of Django authentication system.
When setting "CREATE_SESSION_ON_LOGIN" is on, the signal "user_logged_in" is being sent duplicate, because function login (called in the line 19) already send this signal (/django/contrib/auth/__init__.py line 125). We have the...
It was written 'rest_framework.permissions.CurrentUserOrAdmin'. I suppose it is 'djoser.permissions.CurrentUserOrAdmin', because it is a special permission and there is no such one in rest_framework. BR Maxim
CurrentUserOrAdminOrReadOnly class was inherited from permissions.IsAuthenticated and didn't provide access to the list for unauthentificated user. Method "has permission" particularly restricts this request from unauthentificated user. ( I would like...
I using user type like admin , staff and manager so I want when if any user type is staff should need not to verify email.
I would like to request that the incorporation of MFA be implemented in the Djoser library. This is a standard practice that is expected by security-conscious users. MFA is also...
Greetings. I created this serializer: ```python from djoser.serializers import TokenCreateSerializer from rest_framework.exceptions import ValidationError from django.contrib.auth import authenticate from djoser.conf import settings class CustomTokenCreateSerializer(TokenCreateSerializer): password = serializers.CharField(required=False, style={"input_type": "password"}) default_error_messages...
Who needs this change would need to overwrite some structure like view or serialize? Or can we add through some parameter? REF: https://stackoverflow.com/questions/71628282/add-expire-time-for-validation-and-verification-in-djoser
Thank you for the great application. While testing the `reset_password` endpoint, I found due to lack of rate limiting it can be misused to DOS an email bomb a genuine...
"User Delete" endpoint expects DRF token despite `rest_framework_simplejwt` auth backend being set
As in the title, I've got simple Django app where I use `rest_framework_simplejwt`. Other flows like i.e. user's creation work flawlessly, although I've encountered an issue with `DELETE` `/users/me/` one,...
- Added support for configuring serializers through settings: "SERIALIZERS" dictionary in djoser settings. Specifically added "provider_auth": "djoser.social.serializers.ProviderAuthSerializer". - Updated `ProviderAuthView` to use the dynamic serializer: `serializer_class = settings.SERIALIZERS.provider_auth`