REST implementation of Django authentication system.

Overview

djoser

Codacy Badge https://img.shields.io/pypi/dm/djoser

REST implementation of Django authentication system. djoser library provides a set of Django Rest Framework views to handle basic actions such as registration, login, logout, password reset and account activation. It works with custom user model.

Instead of reusing Django code (e.g. PasswordResetForm), we reimplemented few things to fit better into Single Page App architecture.

Developed by SUNSCRAPERS with passion & patience.

https://asciinema.org/a/94J4eG2tSBD2iEfF30a6vGtXw.png

Requirements

To be able to run djoser you have to meet following requirements:

  • Python (3.6, 3.7, 3.8, 3.9)
  • Django (2.2, 3.1)
  • Django REST Framework 3.11.1

If you need to support other versions, please use djoser<2.

Installation

Simply install using pip:

$ pip install djoser

And continue with the steps described at configuration guide.

Documentation

Documentation is available to study at https://djoser.readthedocs.io and in docs directory.

Contributing and development

To start developing on djoser, clone the repository:

$ git clone [email protected]:sunscrapers/djoser.git

We use poetry as dependency management and packaging tool.

$ cd djoser
$ poetry install -E test

This will create a virtualenv with all development dependencies.

To run the test just type:

$ poetry run py.test testproject

We also preapred a convenient Makefile to automate commands above:

$ make init
$ make test

To activate the virtual environment run

$ poetry shell

Without poetry

New versions of pip can use pyproject.toml to build the package and install its dependencies.

$ pip install .[test]
$ cd testproject
$ ./manage.py test

Tox

If you need to run tests against all supported Python and Django versions then invoke:

$ poetry run tox -p all

Example project

You can also play with test project by running following commands:

$ make migrate
$ make runserver

Commiting your code

Before sending patches please make sure you have pre-commit activated in your local git repository:

$ pre-commit install

This will ensure that your code is cleaned before you commit it. Some steps (like black) automatically fix issues but the show their status as FAILED. Just inspect if eveything is OK, git-add the files and retry the commit. Other tools (like flake8) require you to manually fix the issues.

Similar projects

List of projects related to Django, REST and authentication:

Please, keep in mind that while using custom authentication and TokenCreateSerializer validation, there is a path that ignores intentional return of None from authenticate() and try to find User using parameters. Probably, that will be changed in the future.

Comments
  • Kn/settings rewrite

    Kn/settings rewrite

    I saw a few problems with how we handle settings in Djoser. And decided to try solve some of them.

    • settings.get("SEND_ACTIVATION_EMAIL") is cumbersome interface and it is used a lot across the code. We should look for more clear and simpler way. Thats why I decided to use config.SEND_ACTIVATION_EMAIL somewhat resembling how Django does.
    • merge_settings_dicts was invoked every time an setting value is looked up. This is not optimal. Additionaly djoser settings aren't so complex so why to use this recursive function? I removed it and replaced with simple approach: instantiate default djoser settings and override anything that user customized in django settings.

    There is some work to do but i want to show this idea for consideration.

    opened by KaczuH 15
  • state of session authentication in djoser

    state of session authentication in djoser

    As a DRF newbie, using djoser, but also wanting to use session auth, as my application is only browser based, I wonder why session auth is not supported by djoser, as seen here: https://djoser.readthedocs.io/en/latest/getting_started.html#supported-authentication-backends

    Then according to #320, I found the CREATE_SESSION_ON_LOGIN setting, that seems undocumented? I would gently help to improve docs, but I am wondering what exactly the current state with session auth is?

    opened by benzkji 14
  • Add support for Drf 3.5

    Add support for Drf 3.5

    This PR essentialy rename View.action into View._action because View.action is a reserved attribute of DRF.

    https://github.com/tomchristie/django-rest-framework/blob/master/rest_framework/request.py#L56

    This change is potentially backward incompatible, as such, a changelog entry should explain the steps and/or published with a major version bump (at the appreciation of the maintainers).

    fixes #171

    opened by ticosax 14
  • Allow email to be used for auth

    Allow email to be used for auth

    This provides the option of using email instead of username for auth. It works nicely with auth packages such as django-allauth, which provides an email authentication backend.

    opened by mcastle 13
  • permission_denied() got an unexpected keyword argument 'code'

    permission_denied() got an unexpected keyword argument 'code'

    Error while calling /users/me/ endpoint with no/wrong auth.

    Code in question: https://github.com/sunscrapers/djoser/blob/35e5a5e75127d7270ab8f7bb13c4f7d0c0ec5a7b/djoser/views.py#L52 Code that calls it (from django-rest-framework): https://github.com/encode/django-rest-framework/blob/be87eb43b348f1f079de81329218b79814b97173/rest_framework/views.py#L333 Change that added the code parameter: https://github.com/encode/django-rest-framework/pull/7306

    The only other issue I found about this was self closed: #538

    Full trace:

    Internal Server Error: /auth/users/me/
    Traceback (most recent call last):
      File "C:\Users\Bor\AppData\Local\Programs\Python\Python38\lib\site-packages\django\core\handlers\exception.py", line 47, in inner
        response = get_response(request)
      File "C:\Users\Bor\AppData\Local\Programs\Python\Python38\lib\site-packages\django\core\handlers\base.py", line 179, in _get_response
        response = wrapped_callback(request, *callback_args, **callback_kwargs)
      File "C:\Users\Bor\AppData\Local\Programs\Python\Python38\lib\site-packages\django\views\decorators\csrf.py", line 54, in wrapped_view
        return view_func(*args, **kwargs)
      File "C:\Users\Bor\AppData\Local\Programs\Python\Python38\lib\site-packages\rest_framework\viewsets.py", line 125, in view
        return self.dispatch(request, *args, **kwargs)
      File "C:\Users\Bor\AppData\Local\Programs\Python\Python38\lib\site-packages\rest_framework\views.py", line 509, in dispatch
        response = self.handle_exception(exc)
      File "C:\Users\Bor\AppData\Local\Programs\Python\Python38\lib\site-packages\rest_framework\views.py", line 469, in handle_exception
        self.raise_uncaught_exception(exc)
      File "C:\Users\Bor\AppData\Local\Programs\Python\Python38\lib\site-packages\rest_framework\views.py", line 480, in raise_uncaught_exception
        raise exc
      File "C:\Users\Bor\AppData\Local\Programs\Python\Python38\lib\site-packages\rest_framework\views.py", line 497, in dispatch
        self.initial(request, *args, **kwargs)
      File "C:\Users\Bor\AppData\Local\Programs\Python\Python38\lib\site-packages\rest_framework\views.py", line 415, in initial
        self.check_permissions(request)
      File "C:\Users\Bor\AppData\Local\Programs\Python\Python38\lib\site-packages\rest_framework\views.py", line 333, in check_permissions
        self.permission_denied(
    TypeError: permission_denied() got an unexpected keyword argument 'code'
    
    opened by zumoshi 12
  • [RFC] Rename the repository

    [RFC] Rename the repository

    Hi, in this kinda RFC issue I'd like to propose a respository name change. There are quite few reasons to do so:

    1. People have a hard time searching and finding our project, because the name is kinda out of this world (https://en.wikipedia.org/wiki/Djoser)
    2. The name is short, however it might not be the easiest one to remember.
    3. SEO is almost non-existent and it would take a great effort to improve it.
    4. For some time it was not being actively maintained and it might have brought a bad reputation.

    At the moment I do not have a proposition for a new name. First thing I'd like to do is to find out what everyone is thinking about the idea.

    opened by pszpetkowski 12
  • AttributeError at /auth/register

    AttributeError at /auth/register

    AttributeError at /auth/register
    'UserRegistrationSerializer' object has no attribute 'init_data'
    

    I was trying to create a new user by issuing a POST request to /auth/register. Exception location is at djoser/djoser/serializers.py in save, line 34

    Here are my package versions -

    Django==1.7.1
    djangorestframework==3.0.0
    djoser==0.1.0
    

    Can you tell me why this is happenning?

    bug 
    opened by ansal 12
  • Unauthorized: /auth/jwt/create/

    Unauthorized: /auth/jwt/create/

    I install Djoser with JWT. I am able to activate the user with the Postman. When I send a POST request to this url: /auth/jwt/create/ I get this message from postman: "detail": "No active account found with the given credentials".

    opened by epetrov1 11
  • Update user only sends email confirmation if email field was updated

    Update user only sends email confirmation if email field was updated

    I was running into a similar (or same) issue as described here https://github.com/sunscrapers/djoser/issues/546. I had SEND_ACTIVATION_EMAIL=True and was updating a user's information that wasn't the email (i.e. first_name, last_name, etc). This resulted in sending an activation email, which doesn't really make sense since the email isn't being updated.

    • Update user only sends email confirmation if email field was updated
      • Updating fields other than the email result in NOT sending an activation email
    • Keeps functionality of SEND_ACTIVATION_EMAIL
    • All tests passed
    opened by nicknickel 10
  • Sanitization for username + tests. Closes #146

    Sanitization for username + tests. Closes #146

    Didn't work out sanitization for dictionary, because LoginSerializer doesn't provide dictionary. Could go around, but decided to create sanitization for string argument. Included sanitization in 3 classes: UserRegistrationSerializer, LoginSerializer and SetUsernameSerializer. Created 3 tests for each use case - similar to primary tests. Created list of 2 test sanitizers: uppercase and trim3, to check if works for list of sanitizers.

    opened by ppeczek 10
  • Enhance error message for not activated user

    Enhance error message for not activated user

    Hi. Thanks for the djoser. I like it as it makes life easier unlike other packages.

    There is one thing I have come across. I'd suggest to change a feedback message for a non-active user who tries to obtain jwt, because now it returns the following:

    {
        "non_field_errors": [
            "Unable to log in with provided credentials."
        ]
    }
    

    How can I detect if user tried wrong credentials or user has not just activated his account yet?

    opened by igsm 9
  • Is it possible to add expiration time to tokens of email activation?

    Is it possible to add expiration time to tokens of email activation?

    Who needs this change would need to overwrite some structure like view or serialize? Or can we add through some parameter?

    REF: https://stackoverflow.com/questions/71628282/add-expire-time-for-validation-and-verification-in-djoser

    opened by albjoaov 0
  • update permisisons

    update permisisons

    CurrentUserOrAdminOrReadOnly class was inherited from permissions.IsAuthenticated and didn't provide access to the list for unauthentificated user. Method "has permission" particularly restricts this request from unauthentificated user. ( I would like to suggest to inherite CurrentUserOrAdminOrReadOnly from IsAuthenticatedOrReadOnly) BR Maxim

    opened by Maxim-Zima 0
  • Update settings - permissions

    Update settings - permissions

    It was written 'rest_framework.permissions.CurrentUserOrAdmin'. I suppose it is 'djoser.permissions.CurrentUserOrAdmin', because it is a special permission and there is no such one in rest_framework. BR Maxim

    opened by Maxim-Zima 0
  • Bump certifi from 2021.10.8 to 2022.12.7

    Bump certifi from 2021.10.8 to 2022.12.7

    Bumps certifi from 2021.10.8 to 2022.12.7.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Fix duplicate signals in login_user and logout_user functions.

    Fix duplicate signals in login_user and logout_user functions.

    When setting "CREATE_SESSION_ON_LOGIN" is on, the signal "user_logged_in" is being sent duplicate, because function login (called in the line 19) already send this signal (/django/contrib/auth/init.py line 125).

    We have the same situation for logout, function logout (called in the line 29) already send the user_logged_out signal.

    opened by wcipriano 0
Releases(1.1.5)
  • 1.1.5(Dec 8, 2017)

    Bugfix release. List of changes:

    • Add Steam config to testproject
    • Add python egg data to .gitignore
    • Update social auth serializer to use GET parameters instead of JSON data
    • Update python-social-auth integration tests to use GET parameters
    • Update social auth credentials in testproject to use environment variables by default
    Source code(tar.gz)
    Source code(zip)
  • 1.1.4(Dec 8, 2017)

  • 1.1.3(Dec 8, 2017)

  • 1.1.2(Dec 8, 2017)

  • 1.1.1(Nov 5, 2017)

  • 1.1.0(Nov 5, 2017)

    In this major release a primary goal was to introduce a basic integration with third party based authentication. List of changes:

    • Add third party based authentication support
    • Add JWT token strategy for new authentication method
    • Add EMAIL setting to allow simpler email customization.
    • Add SOCIAL_AUTH_TOKEN_STRATEGY and SOCIAL_AUTH_ALLOWED_REDIRECT_URIS settings along new authentication method
    • Add documentation about new authentication method
    • Update documentation index into captioned sections for better readability
    Source code(tar.gz)
    Source code(zip)
  • 1.0.1(Oct 19, 2017)

  • 1.0.0(Oct 14, 2017)

    In this major release we have focused on stabilization effort with JWT support. List of changes:

    • Add JWT authentication support
    • Add/Update documentation about JWT
    • Add/Update/Fix tests where necessary
    • Add support for Django REST Framework 3.7
    • Drop support for Django REST Framework 3.6
    • Replace built-in email support with django-templated-mail
    • Refactor test configuration for better performance and organization
    • Refactor RootView to have better support for modular URLs
    • Update URLs to be slightly more RESTful.
    • Update codebase with small syntax/formatting fixes
    • Update README/documentation to reflect on codebase changes
    • Move DOMAIN and SITE_NAME settings to django-templated-mail
    • Remove USE_HTML_EMAIL_TEMPLATES and ROOT_VIEW_URLS_MAPPING settings
    Source code(tar.gz)
    Source code(zip)
  • 0.7.0(Sep 1, 2017)

    This backward incompatible release provides large amount of changes with new settings implementation, new features, integration of new developer tools and many refactors. List of all changes:

    • Add TOKEN_MODEL setting to allow third party apps to specify a custom token model
    • Add USER_EMAIL_FIELD_NAME setting as a compatibility solution in Django < 1.11
    • Add support for Django Password Validators
    • Add HTML templates for djoser emails
    • Add flake8 integration to CI
    • Add py.test integration
    • Add Python 3.7 to CI
    • Update from coveralls to codecov
    • Update README to rST with uniform badges
    • Update djoser.views.PasswordResetView to allow non-database User.is_active
    • Update docs on topics which have been added/modified since last release
    • Remove serializers manager, so the serializers in djoser are now accessed via dot notation
    • Remove support for DRF 3.4
    • Remove support for basic auth as authentication backend
    • Refactor djoser settings module for cleaner and more pythonic/djangonic solution
    • Refactor tests into multiple files and fix some minor issues
    • Refactor some parts of codebase for better readability
    • Slightly refactor/simplify parts of djoser.utils
    • Fix all style issues reported by flake8_ in codebase
    • Fix security bug in djoser.views.UserView
    Source code(tar.gz)
    Source code(zip)
  • 0.6.0(Jun 2, 2017)

    This backward incompatible release focuses on delivering cleaner documentation, faster CI, bugfixes and other small improvements. It also drops support for unsupported Django / DRF versions. List of changes:

    • Add ReadTheDocs integration
    • Add basic pipenv integration
    • Add Makefile to simplify setup and development
    • Add release notes to GitHub Releases and CHANGELOG.rst
    • Update README with documentation split into Sphinx docs
    • Update .travis.yml with approximately 3.5x faster CI builds
    • Remove support for Django 1.7
    • Remove support for DRF 3.3 as a consequence of dropping Django 1.7
    • Slightly refactor use of Response in djoser/views.py
    • Fix #190 - race condition for near-simultaneous sign-ups
    Source code(tar.gz)
    Source code(zip)
  • 0.5.4(May 12, 2017)

    This release adds a test case and fixes broken factory added in last release. List of changes:

    • Add djoser.utils.UserEmailFactoryBase test case
    • Fix dictionary syntax error
    Source code(tar.gz)
    Source code(zip)
  • 0.5.3(May 12, 2017)

    This release increases reusability of UserEmailFactoryBase in djoser / user apps. Besides that it's mostly codebase cleanup. List of changes:

    • Update UserEmailFactoryBase to accept arbitrary arguments for the context
    • Update some code in djoser/utils.py to comply with PEP-8
    • Update README with additional information related to djoser requirements
    • Remove unnecessary requirements
    • Remove leftover in RegistrationView after #141
    • Cleanup setup.py and testproject/testapp/tests.py
    Source code(tar.gz)
    Source code(zip)
  • 0.5.2(May 25, 2017)

    This release breaks compatibility with pre-south Django versions and adds support for DRF 3.5. There are also some changes in documentation. List of changes:

    • Add support for DRF 3.5
    • Add documentation on using djangorestframework-jwt with djoser
    • Update required Django version to >= 1.7
    • Update docs with tweaks on encoding and names
    Source code(tar.gz)
    Source code(zip)
  • 0.5.1(May 25, 2017)

    This release introduces new features controlled via appropriate setting flags. They have been described in documentation. There also is a backward-incompatible refactor, and other various contributions. List of changes:

    • Add SEND_CONFIRMATION_EMAIL flag to djoser settings
    • Add LOGOUT_ON_PASSWORD_CHANGE flag to djoser settings
    • Add PASSWORD_RESET_SHOW_EMAIL_NOT_FOUND flag to djoser settings
    • Refactor SendEmailViewMixin into UserEmailFactoryBase
    • Update documentation
    • Update user creation to wrap it inside atomic transaction
    • Update .gitignore
    • Update tests
    Source code(tar.gz)
    Source code(zip)
  • 0.5.0(May 25, 2017)

    This backward incompatible release offers a possibility to specify arbitrary serializer for each of djoser views. It also breaks compatibility with old Python / Django / DRF versions. List of changes:

    • Add customizable serializers controlled with SERIALIZERS djoser setting field
    • Update documentation
    • Update HTTP_200_OK to HTTP_204_NO_CONTENT where appropriate
    • Remove compatibility for Python < 2.7, Django < 1.7, and DRF < 3.3
    Source code(tar.gz)
    Source code(zip)
  • 0.4.3(May 25, 2017)

    This release provides few bugfixes / UX improvements. List of changes:

    • Add human readable error message when incorrect uid is provided
    • Fix user being active, before activating his account via email
    Source code(tar.gz)
    Source code(zip)
  • 0.4.2(May 25, 2017)

    This release adds a new feature - custom password validators. List of changes:

    • Add support for /register/ and /password/reset/confirm/ arbitrary password validators, with PASSWORD_VALIDATORS djoser setting field
    Source code(tar.gz)
    Source code(zip)
  • 0.4.1(May 25, 2017)

    This release adds support for new Django / Python versions. It also contains few bugfixes / documentation updates. List of changes:

    • Add check for stale activation token
    • Add support for Django 1.9 and Python 3.5
    • Update documentation on login and logout
    • Fix #92
    • Fix #100
    Source code(tar.gz)
    Source code(zip)
  • 0.4.0(May 25, 2017)

Owner
Sunscrapers
Unrivaled Python engineers who help world’s greatest companies drive business growth with technology
Sunscrapers
Web authentication testing framework

What is this This is a framework designed to test authentication for web applications. While web proxies like ZAProxy and Burpsuite allow authenticate

OWASP 88 Jan 01, 2023
蓝鲸用户管理是蓝鲸智云提供的企业组织架构和用户管理解决方案,为企业统一登录提供认证源服务。

蓝鲸用户管理 简体中文 | English 蓝鲸用户管理是蓝鲸智云提供的企业组织架构和用户管理解决方案,为企业统一登录提供认证源服务。 总览 架构设计 代码目录 功能 支持多层级的组织架构管理 支持通过多种方式同步数据:OpenLDAP、Microsoft Active Directory(MAD)

腾讯蓝鲸 35 Dec 14, 2022
Skit-auth - Authorization for skit.ai's platform

skit-auth This is a simple authentication library for Skit's platform. Provides

Skit 3 Jan 08, 2022
A module making it easier to manage Discord oAuth with Quart

quart_discord A module making it easier to manage Discord oAuth with Quart Install pip install git+https://github.com/xelA/ 5 Oct 27, 2022

Phishing Abusing Microsoft 365 OAuth Authorization Flow

Microsoft365_devicePhish Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack This is a simple proof-of-concept script that allows an at

bigb0ss 11 Dec 11, 2022
Django x Elasticsearch Templates

Django x Elasticsearch Requirements Python 3.7 Django = 3 Elasticsearch 7.15 Setup Elasticsearch Install via brew Install brew tap elastic/tap brew

Aji Pratama 0 May 22, 2022
API with high performance to create a simple blog and Auth using OAuth2 ⛏

DogeAPI API with high performance built with FastAPI & SQLAlchemy, help to improve connection with your Backend Side to create a simple blog and Cruds

Yasser Tahiri 111 Jan 05, 2023
Script that provides your TESLA access_token and refresh_token

TESLA tokens This script helps you get your TESLA access_token and refresh_token in order to connect to third party applications (Teslamate, TeslaFi,

Bun-Ny TAN 3 Apr 28, 2022
Ready-to-use and customizable users management for FastAPI

FastAPI Users Ready-to-use and customizable users management for FastAPI Documentation: https://frankie567.github.io/fastapi-users/ Source Code: https

François Voron 2.4k Jan 04, 2023
User-related REST API based on the awesome Django REST Framework

Django REST Registration User registration REST API, based on Django REST Framework. Documentation Full documentation for the project is available at

Andrzej Pragacz 399 Jan 03, 2023
Ready to use and customizable Authentications and Authorisation management for FastAPI ⚡

AuthenticationX 💫 Ready-to-use and customizable Authentications and Oauth2 management for FastAPI ⚡ Source Code: https://github.com/yezz123/AuthX Doc

Yasser Tahiri 404 Dec 27, 2022
A Python package, that allows you to acquire your RecNet authorization bearer token with your account credentials!

RecNet-Login This is a Python package, that allows you to acquire your RecNet bearer token with your account credentials! Installation Done via git: p

Jesse 6 Aug 18, 2022
Easy and secure implementation of Azure AD for your FastAPI APIs 🔒 Single- and multi-tenant support.

Easy and secure implementation of Azure AD for your FastAPI APIs 🔒 Single- and multi-tenant support.

Intility 220 Jan 05, 2023
Graphical Password Authentication System.

Graphical Password Authentication System. This is used to increase the protection/security of a website. Our system is divided into further 4 layers of protection. Each layer is totally different and

Hassan Shahzad 12 Dec 16, 2022
Mock authentication API that acceccpts email and password and returns authentication result.

Mock authentication API that acceccpts email and password and returns authentication result.

Herman Shpryhau 1 Feb 11, 2022
OpenConnect auth creditials collector.

OCSERV AUTH CREDS COLLECTOR V1.0 Зачем Изначально было написано чтобы мониторить какие данные вводятся в интерфейс ханипота в виде OpenConnect server.

0 Sep 23, 2022
Django-registration (redux) provides user registration functionality for Django websites.

Description: Django-registration provides user registration functionality for Django websites. maintainers: Macropin, DiCato, and joshblum contributor

Andrew Cutler 920 Jan 08, 2023
Simplifying third-party authentication for web applications.

Velruse is a set of authentication routines that provide a unified way to have a website user authenticate to a variety of different identity provider

Ben Bangert 253 Nov 14, 2022
Simple extension that provides Basic, Digest and Token HTTP authentication for Flask routes

Flask-HTTPAuth Simple extension that provides Basic and Digest HTTP authentication for Flask routes. Installation The easiest way to install this is t

Miguel Grinberg 1.1k Jan 05, 2023
Minimal authorization through OO design and pure Ruby classes

Pundit Pundit provides a set of helpers which guide you in leveraging regular Ruby classes and object oriented design patterns to build a simple, robu

Varvet 7.8k Jan 02, 2023