Skip to main content

A Django app to support phone number verification using security code sent via SMS.

Project description

https://travis-ci.org/CuriousLearner/django-phone-verify.svg?branch=master https://coveralls.io/repos/github/CuriousLearner/django-phone-verify/badge.svg?branch=master License https://img.shields.io/badge/Made%20with-Python-1f425f.svg https://img.shields.io/badge/Maintained%3F-yes-green.svg https://badge.fury.io/py/django-phone-verify.svg https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square

A Django app to support phone number verification using the security code sent via SMS.

Salient Features

  • Let’s devs verify phone numbers via SMS.

  • Extensibility to provide tokens with varying lengths.

  • Comes with Twilio and Nexmo already integrated.

  • Set expiration time on tokens.

  • Provides an interface for writing custom SMS sending backend for easy extensibility.

  • Does not mess up with existing AUTH_USER_MODEL at all.

  • Can be used for several potential use-cases, and not just auth.

  • Provides ready endpoints for sending SMS and verification (See api_endpoints.rst).

Installation

pip install django-phone-verify

Configuration

  • Add app to INSTALLED_APPS

# In settings.py:

# Add app to `INSTALLED_APPS`
INSTALLED_APPS = [
    ...
    "phone_verify",
]
  • Add settings for Phone Verify as you desire:

# In settings.py
# Add settings for phone_verify to work
PHONE_VERIFICATION = {
    "BACKEND": "phone_verify.backends.twilio.TwilioBackend",
    "OPTIONS": {
        "SID": "fake",
        "SECRET": "fake",
        "FROM": "+14755292729",
        "SANDBOX_TOKEN": "123456",
    },
    "TOKEN_LENGTH": 6,
    "MESSAGE": "Welcome to {app}! Please use security code {security_code} to proceed.",
    "APP_NAME": "Phone Verify",
    "SECURITY_CODE_EXPIRATION_TIME": 3600,  # In seconds only
    "VERIFY_SECURITY_CODE_ONLY_ONCE": False,  # If False, then a security code can be used multiple times for verification
}

Usage

  • To explore more about how to use, integrate and leverage the existing functionality of Django Phone Verify, have a look at usage.rst

Note: Django Phone Verify also provides Nexmo as a backend service other than Twilio. To switch to Nexmo, replace BACKEND within your PHONE_VERIFICATION setting with phone_verify.backends.nexmo.NexmoBackend and define KEY within OPTIONS of PHONE_VERIFICATION setting, with your Nexmo API key, in place of already available SID.

Compatibility

  • Python 3.6+

  • Django 2.1+

  • Django REST Framework 3.9+

Contributing

No code is bug-free and I’m sure this app will have bugs. If you find any bugs, please create an issue on GitHub.

Licence

GPLv3

Release Notes

[3.0.0]

Added

  • Support for Django 4.x.

  • Support for Django 3.2.

Changed

  • Method phone_verify.backends.nexmo.NexmoBackend.send_sms changes parameter name from numbers to number to be consistent with rest of the inherited classes.

[2.0.1]

Added

  • Support for Python 3.8 & Python 3.9.

  • CI tests for Py{36,37,38,39}-Django{20,21,22,30,31}.

Changed

  • Fixed issue generate_session_token to handle cases in Py38, Py39 when the session_token is already string instead of bytes.

[2.0.0]

NOTE: The previous version of this library provided the security_code in the JWT session_token. You would have to re-verify phone_numbers in this version to ensure they are authentically verified.

Added

  • Tests added to provide 100% coverage on the package.

  • Add nexmo.errors.ClientError as exception class in phone_verify.backends.nexmo.NexmoBackend & phone_verify.backends.nexmo.NexmoSandboxBackend.

Changed

  • Method signature changed for phone_verify.backends.BaseBackend.generate_session_token. It now accepts only phone_number instead of combination of phone_number and security_code.

  • Remove the security_code from JWT session_token to avoid leaking information.

  • Add nonce in session_token to generate unique tokens for each phone_number.

  • Fixes call to phone_verify.backends.nexmo.NexmoBackend.send_sms method.

[1.1.0]

Added

  • Support Nexmo as a backend service along with Twilio.

  • Add docs for writing a custom backend.

Changed

  • Update backends.base.BaseBackend.validate_security_code to use save() instead of update() to allow Django to emit its post_save() signal.

[1.0.0]

Added

  • Add coverage report through coveralls.

  • Support for One-Time Passwords (OTP) using VERIFY_SECURITY_CODE_ONLY_ONCE as True in the settings.

  • Script to support makemigrations for development.

  • BaseBackend status now have SECURITY_CODE_VERIFIED and SESSION_TOKEN_INVALID status to support new states.

Changed

  • Rename TWILIO_SANDBOX_TOKEN to SANDBOX_TOKEN.

  • Fix signature for send_bulk_sms method in TwilioBackend and TwilioSandboxBackend.

  • Response for /api/phone/register contains key session_token instead of session_code.

  • Request payload for /api/phone/verify now expects session_token key instead of session_code.

  • Response for /api/phone/verify now sends additional response of Security code is already verified in case VERIFY_SECURITY_CODE_ONLY_ONCE is set to True.

  • Rename otp to security_code in code and docs to be more consistent.

  • Rename BaseBackend status from VALID, INVALID, EXPIRED to SECURITY_CODE_VALID, SECURITY_CODE_INVALID, and SECURITY_CODE_EXPIRED respectively.

  • Rename session_code to session_token to be consistent in code and naming across the app.

  • Rename service send_otp_and_generate_session_code to send_security_code_and_generate_session_token.

  • Rename method BaseBackend.generate_token to BaseBackend.generate_security_code.

  • Rename method create_otp_and_session_token to create_security_code_and_session_token.

  • Rename method BaseBackend.validate_token to BaseBackend.validate_security_code with an additional parameter of session_token.

[0.2.0]

Added

  • pre-commit-config to maintain code quality using black and other useful tools.

  • Docs for integration and usage in usage.rst.

  • Tox for testing on py{37}-django{20,21,22}.

  • Travis CI for testing builds.

Changed

  • Convert *.md docs to reST Markup.

  • Fix issue with installing required package dependencies via install_requires.

[0.1.1]

Added

  • README and documentation of API endpoints.

  • setup.cfg to manage coverage.

  • phone_verify app including backends, requirements, tests.

  • Initial app setup.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-phone-verify-3.0.0.tar.gz (31.1 kB view details)

Uploaded Source

File details

Details for the file django-phone-verify-3.0.0.tar.gz.

File metadata

  • Download URL: django-phone-verify-3.0.0.tar.gz
  • Upload date:
  • Size: 31.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.10.8

File hashes

Hashes for django-phone-verify-3.0.0.tar.gz
Algorithm Hash digest
SHA256 6f3c2074ead8c35006d2ac1ff5f8487b8d3f49cbf4613e21f26b62341b368ef3
MD5 44d326d29a24befc391ea65a76312f17
BLAKE2b-256 645c3e654ab20e4f03ec3d04aa10d49271544be7453c155b0422d08f7b62b9df

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page