Releases: jazzband/django-rest-knox
3.3.1 + skipped releases (3.2.0, 3.2.1, 3.3.0)
We skipped to release 3.2.0, 3.2.1 and 3.3.0 as we had problems publishing them to pypi.
3.3.1 has:
- Django 2.1 and Python 3.7 compability
- Signal "token_expired" gets emitted when old tokens are deleted
Refer to changelog for more info about the skipped releases.
Bugfix release
Fix for #111: knox should not fail if setting defaults are not overwritten
Allow extension of token expiry
Introduce new setting AUTO_REFRESH for controlling if token expiry time should be extended automatically on requests within the current expiry period.
Minor release
- extended docs for using only token auth
- better compability of ModelAdmin for setups with big user tables
Bugfix release
Fix compability with django-rest-swagger (bad inheritance)
Bugfix release
Avoid 500 error response for invalid-length token requests
Restore compability with Python 2.7 < 2.7.7
the hmac.compare_digest method is not available before Python 2.7.7
this restores a simple a==b if it is not available
Security fix
use hmac.compare_digest instead of == for comparing hashes for more security as reported by @fengsi
Compability with Django 2.0
- drop Django 1.8 support as djangorestframework did so too in v.3.7.0
- build rest-knox on Django 1.11 and 2.0
Drop using OpenSSL in favor of urandom for token generation
make rest-knox compatible with OpenSSL 17.3.0
https://pyopenssl.org/en/stable/changelog.html#id1