PyPI - django-restit - Versions diffs - 4.2.174__py3-none-any.whl → 4.2.176__py3-none-any.whl - Mend

django-restit 4.2.174py3-none-any.whl → 4.2.176py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

account/migrations/0023_authsession_method.py +18 -0
account/models/member.py +42 -29
account/models/session.py +3 -2
account/rpc/auth.py +23 -12
account/rpc/oauth.py +16 -15
account/rpc/passkeys.py +1 -1
{django_restit-4.2.174.dist-info → django_restit-4.2.176.dist-info}/METADATA +1 -1
{django_restit-4.2.174.dist-info → django_restit-4.2.176.dist-info}/RECORD +13 -12
rest/__init__.py +1 -1
rest/mail.py +7 -4
rest/serializers/response.py +1 -1
{django_restit-4.2.174.dist-info → django_restit-4.2.176.dist-info}/LICENSE.md +0 -0
{django_restit-4.2.174.dist-info → django_restit-4.2.176.dist-info}/WHEEL +0 -0

account/migrations/0023_authsession_method.py ADDED Viewed

@@ -0,0 +1,18 @@
+# Generated by Django 4.2.18 on 2025-03-23 19:54
+from django.db import migrations, models
+class Migration(migrations.Migration):
+    dependencies = [
+        ('account', '0022_alter_memberdevice_modified'),
+    ]
+    operations = [
+        migrations.AddField(
+            model_name='authsession',
+            name='method',
+            field=models.CharField(blank=True, db_index=True, default=None, max_length=127, null=True),
+        ),
+    ]

account/models/member.py CHANGED Viewed

@@ -149,7 +149,7 @@ class Member(User, RestModel, MetaDataModel):
     display_name = models.CharField(max_length=64, blank=True, null=True, default=None)
     picture = models.ForeignKey("medialib.MediaItem", blank=True, null=True, help_text="Profile picture", related_name='+', on_delete=models.CASCADE)
-    # we use this token to allow us to invalidate JWT tokens
+    # we use this token to allow us to invalidate JWT tokens
     security_token = models.CharField(max_length=64, blank=True, null=True, default=None, db_index=True)
     auth_code = models.CharField(max_length=64, blank=True, null=True, default=None, db_index=True)
     auth_code_expires = models.DateTimeField(blank=True, null=True, default=None)
@@ -263,6 +263,24 @@ class Member(User, RestModel, MetaDataModel):
             return self.has_usable_password()
         return False
+    def getFailedLoginCount(self):
+        c = RemoteEvents.hget("users:failed:username", self.username)
+        if c is not None:
+            return int(c)
+        return c
+    @classmethod
+    def GetFailedLoginsForIP(cls, ip):
+        c = RemoteEvents.hget("users:failed:ip", ip)
+        if c is not None:
+            return int(c)
+        return c
+    @classmethod
+    def GetIPsWithFailedLoginAttempts(cls, threshold):
+        failed_ips = RemoteEvents.hgetall("users:failed:ip")
+        return {ip: int(count) for ip, count in failed_ips.items() if int(count) > threshold}
     def recordFailedLogin(self, request):
         c = RemoteEvents.hincrby("users:failed:username", self.username, 1)
         if c >= settings.LOCK_PASSWORD_ATTEMPTS:
@@ -273,13 +291,15 @@ class Member(User, RestModel, MetaDataModel):
                 "account", f"incorrect password for {self.username}", level=8,
                 error_code=498,
                 request=request)
-        c = RemoteEvents.hincrby("users:failed:ip", request.ip, 1)
+        ic = RemoteEvents.hincrby("users:failed:ip", request.ip, 1)
+        return c
     def recordSuccessLogin(self, request):
         self.last_login = datetime.now()
         self.save()
         RemoteEvents.hdel("users:failed:username", self.username)
-        RemoteEvents.hdel("users:failed:ip", request.ip)
+        if request:
+            RemoteEvents.hdel("users:failed:ip", request.ip)
     def hasPasswordExpired(self):
         now = datetime.now()
@@ -288,38 +308,33 @@ class Member(User, RestModel, MetaDataModel):
             self.save()
         return now - self.password_changed > timedelta(days=settings.PASSWORD_EXPIRES_DAYS)
-    def login(self, password=None, request=None, use_jwt=False):
-        if not self.is_active or self.is_blocked:
-            return False
-        # can force login
+    def login(self, password=None, request=None):
         if not request:
             request = rh.getActiveRequest()
+        if not self.is_active or self.is_blocked:
+            return False
         if not self.checkPassword(password):
-            # invalid password
             self.recordFailedLogin(request)
             return False
-        else:
-            self.recordSuccessLogin(request)
-        if use_jwt:
-            self.recordSuccessLogin(request)
-            self.locateByIP(request.ip)
-            return True
-        self.user_ptr.backend = 'django.contrib.auth.backends.ModelBackend'
-        auth_login(request, self.user_ptr)
-        self.locateByIP(request.ip)
+        self.authLogin(request)
         return True
     def loginNoPassword(self, request=None):
         if not self.is_active or self.is_blocked:
             return False
-        # can force login
         if not request:
             request = rh.getActiveRequest()
-        self.user_ptr.backend = 'django.contrib.auth.backends.ModelBackend'
-        auth_login(request, self.user_ptr)
-        self.locateByIP(request.ip)
+        self.authLogin(request)
         return True
+    def authLogin(self, request, use_session=True):
+        if use_session:
+            self.user_ptr.backend = 'django.contrib.auth.backends.ModelBackend'
+            auth_login(request, self.user_ptr)
+        if request:
+            self.locateByIP(request.ip)
+        self.recordSuccessLogin(request)
     def canLogin(self, request=None, throw_exception=True, using_password=True):
         if not self.is_active:
             self.log("login_blocked", F"account is not active {self.username}", request, method="login", level=31)
@@ -577,7 +592,7 @@ class Member(User, RestModel, MetaDataModel):
         SMS.send(phone, msg)
         return True
-    def sendEmail(self, subject, body, attachments=[], do_async=True, template=None,
+    def sendEmail(self, subject, body, attachments=[], do_async=True, template=None,
                   context=None):
         default_domain = self.getProperty("default_domain", settings.EMAIL_DEFAULT_DOMAIN)
         from_email = rh.getFromEmailForHost(default_domain)
@@ -675,7 +690,7 @@ class Member(User, RestModel, MetaDataModel):
             allow_email = not self.email_disabled and valid_email and (force or via in ["all", "email"])
         else:
             allow_email = valid_email
         if not allow_email and not allow_sms:
             return False
@@ -796,7 +811,7 @@ class Member(User, RestModel, MetaDataModel):
     def block(self, reason, request=None):
         if not request:
             request = self.getActiveRequest()
-        PersistentLog.log("account blocked, {}".format(reason), 5, request, "account.Member", self.pk, "blocked")
+        self.auditLog(f"account blocked, {reason}", "blocked", level=5)
         RemoteEvents.hset("users:blocked:username", self.username, time.time())
         self.reportIncident(
             "account", f"account '{self.username}' blocked: {reason}", level=2,
@@ -832,7 +847,7 @@ class Member(User, RestModel, MetaDataModel):
     # BEGIN REST CALLBACKS
     def on_permission_change(self, key, value, old_value, category):
-        # called when a metadata.permissions field changes.. see django settings USER_METADATA_PROPERTIES
+        # called when a metadata.permissions field changes.. see django settings USER_METADATA_PROPERTIES
         # we want to log both the person changing permissions
         # and those being changed
         request = RestModel.getActiveRequest()
@@ -865,7 +880,7 @@ class Member(User, RestModel, MetaDataModel):
         request = self.getActiveRequest()
         if not request.member.is_superuser:
             raise PermissionDeniedException("Permission Denied: attempting to super user")
-        self.is_superuser = int(value)
+        self.is_superuser = int(value)
     def set_disable(self, value):
         if value is not None and value in [1, '1', True, 'true']:
@@ -1219,7 +1234,7 @@ class Member(User, RestModel, MetaDataModel):
     def authWS4RedisConnection(cls, auth_data):
         """
         This method is used by the async/websocket service to authenticate.
-        If the model can authenticate the connection it should return dict
+        If the model can authenticate the connection it should return dict
         with kind and pk of the model that is authenticaed
         """
         from rest import UberDict
@@ -1338,5 +1353,3 @@ class AuthToken(models.Model, RestModel):
     def __str__(self):
         return "{o.member}: {o.secure_token}".format(o=self)

account/models/session.py CHANGED Viewed

@@ -42,6 +42,7 @@ class AuthSession(models.Model, RestModel):
     signature = models.CharField(max_length=127, db_index=True)
     ip = models.CharField(max_length=127, null=True, blank=True, db_index=True)
     buid = models.CharField(max_length=127, null=True, blank=True, default=None)
+    method = models.CharField(max_length=127, null=True, blank=True, db_index=True, default=None)
     member = models.ForeignKey("account.Member", null=True, blank=True, related_name="auth_sessions", on_delete=models.CASCADE)
     location = models.ForeignKey("location.GeoIP", related_name="auth_sessions", blank=True, null=True, default=None, on_delete=models.CASCADE)
@@ -72,8 +73,9 @@ class AuthSession(models.Model, RestModel):
         return f"{self.member.username} - {self.ip} - {self.os} - {self.browser}"
     @classmethod
-    def NewSession(cls, request):
+    def NewSession(cls, request, method="jwt"):
         obj = cls(ip=request.ip, member=request.member, signature=request.signature)
+        obj.method = method
         obj.user_agent = request.META.get('HTTP_USER_AGENT', None)
         obj.last_activity = datetime.now()
         obj.buid = request.POST.get("__buid__", request.GET.get("__buid__", None))
@@ -92,4 +94,3 @@ class AuthSession(models.Model, RestModel):
                 session.touch()
             return session
         return None

account/rpc/auth.py CHANGED Viewed

@@ -37,6 +37,7 @@ def member_login(request):
 @rd.never_cache
 def jwt_login(request):
     # poor mans JWT, carried over
+    auth_method = "basic"
     username = request.DATA.get('username', None)
     if not username:
         return rv.restPermissionDenied(request, "Password and/or Username is incorrect", error_code=422)
@@ -45,29 +46,31 @@ def jwt_login(request):
         return rv.restPermissionDenied(request, error=f"Password and/or Username is incorrect for {username}", error_code=422)
     auth_code = request.DATA.get(["auth_code", "code", "invite_token"], None)
     if username and auth_code:
+        # this is typically used for OAUTH (final)
         return member_login_uname_code(request, username, auth_code)
     password = request.DATA.get('password', None)
     member.canLogin(request)  # throws exception if cannot login
     if member.requires_totp or member.has_totp:
+        auth_method = "basic+totp"
         resp = checkForTOTP(request, member)
         if resp is not None:
             return resp
-    if not member.login(request=request, password=password, use_jwt=True):
+    if not member.login(request=request, password=password):
         # we do not want permission denied catcher invoked as it is already handled in login method
         return rv.restStatus(request, False, error=f"Invalid Credentials {username}", error_code=401)
-    return on_complete_jwt(request, member)
+    return on_complete_jwt(request, member, auth_method)
-def on_complete_jwt(request, member):
+def on_complete_jwt(request, member, method="basic"):
     if member.security_token is None or member.security_token == JWT_KEY or member.force_single_session:
         member.refreshSecurityToken()
     member.log(
-        "jwt_login", "jwt login succesful",
+        "jwt_login", "jwt login succesful",
         request, method="login", level=7)
     device_id = request.DATA.get(["device_id", "deviceID"])
     token = JWToken(
         user_id=member.pk,
         key=member.security_token,
@@ -80,13 +83,13 @@ def on_complete_jwt(request, member):
     request.signature = token.session_id
     request.device_id = device_id
     request.buid = request.DATA.get("__buid__", None)
-    request.auth_session = am.AuthSession.NewSession(request)
+    request.auth_session = am.AuthSession.NewSession(request, method)
     if bool(device_id):
         am.MemberDevice.register(request, member, device_id)
     request.jwt_token = token.access_token  # this tells the middleware to store in cookie
     return rv.restGet(
-        request,
+        request,
         dict(
             access=token.access_token,
             refresh=token.refresh_token,
@@ -218,12 +221,13 @@ def member_login_uname_code(request, username, auth_code):
         member.setPassword(password)
     member.auth_code = None
     member.auth_code_expires = None
-    member.login(request=request)
+    member.canLogin(request, using_password=False)  # throws exception if cannot login
+    member.loginNoPassword(request)
     member.save()
     member.log("code_login", "code login", request, method="login", level=8)
-    if request.DATA.get("auth_method") == "basic":
+    if request.DATA.get("auth_method") == "basic" and ALLOW_BASIC_LOGIN:
         return rv.restGet(request, dict(id=member.pk, session_key=request.session.session_key))
-    return on_complete_jwt(request, member)
+    return on_complete_jwt(request, member, "auth_code")
 @rd.url(r'^logout$')
@@ -296,7 +300,7 @@ def get_member_from_request(request):
         request.member = member
         member.log("login_blocked", "account is locked out", request, method="login", level=31)
         return member, rv.restPermissionDenied(request, error=f"{member.username} Account locked out", error_code=411)
-    return member, None
+    return member, None
 @rd.urlPOST('forgot')
@@ -410,3 +414,10 @@ def totp_verify(request):
     return rv.restStatus(request, True)
+# time based one time passwords
+@rd.urlPOST('security/ip/failed_logins')
+@rd.login_required
+def failed_logins_by_ip(request):
+    ips = am.Member.GetIPsWithFailedLoginAttempts(request.DATA.get("threshold", 10))
+    lst = [dict(ip=k, count=v) for k, v in ips.items()]
+    return rv.restList(request, lst)

account/rpc/oauth.py CHANGED Viewed

@@ -20,37 +20,43 @@ def oauth_google_login(request):
     state = request.DATA.get("state")
     app_url = settings.DEFAULT_LOGIN_URL
-    rh.log_print("google/login", request.DATA.toDict(), request.session.get("state"))
+    # rh.log_print("google/login", request.DATA.toDict(), request.session.get("state"))
     if state:
+        # this is where we should pull out the passed in state and get the proper URL
         state = objict.fromJSON(rh.hexToString(state))
         rh.log_print("state", state)
         app_url = state.url
     if not code:
         params = urlencode({'error': error})
-        return redirect(f"{app_url}?{params}")
+        separator = '&' if '?' in app_url and app_url[-1] != '?' else '?'
+        return redirect(f"{app_url}{separator}{params}")
-    redirect_uri = f"{settings.BASE_URL_SECURE}{REST_PREFIX}account/oauth/google/login"
+    redirect_uri = f"{request.scheme}://{request.get_host()}/{REST_PREFIX}account/oauth/google/login"
     auth_data = google.getAccessToken(code, redirect_uri)
     if auth_data is None or auth_data.access_token is None:
         params = urlencode({'error': "failed to get access token from google"})
-        return redirect(f"{app_url}?{params}")
+        separator = '&' if '?' in app_url and app_url[-1] != '?' else '?'
+        return redirect(f"{app_url}{separator}{params}")
     user_data = google.getUserInfo(auth_data.access_token)
     if user_data is None:
         params = urlencode({'error': "failed to get user data from google"})
-        return redirect(f"{app_url}?{params}")
+        separator = '&' if '?' in app_url and app_url[-1] != '?' else '?'
+        return redirect(f"{app_url}{separator}{params}")
     if not user_data.email:
         params = urlencode({'error': "no email with account"})
-        return redirect(f"{app_url}?{params}")
+        separator = '&' if '?' in app_url and app_url[-1] != '?' else '?'
+        return redirect(f"{app_url}{separator}{params}")
     # TODO allow new accounts?
     member = Member.objects.filter(email=user_data.email).last()
     if member is None:
         params = urlencode({'error': "user not found"})
-        return redirect(f"{app_url}?{params}")
+        separator = '&' if '?' in app_url and app_url[-1] != '?' else '?'
+        return redirect(f"{app_url}{separator}{params}")
     member.setProperties(auth_data, category="google_auth")
     member.setProperties(user_data, category="google")
@@ -69,13 +75,8 @@ def oauth_google_login(request):
     member.save()
     member.auditLog("user succesfully authenticated with google", "google_oauth", level=17)
-    params = urlencode({'oauth_code': member.auth_code, "username":member.username})
+    params = urlencode({'oauth_code': member.auth_code, "username":member.username, "auth_method":"google_oauth"})
     rurl = None
-    if "?" in app_url:
-        if app_url[-1] == "?":
-            rurl = f"{app_url}{params}"
-        else:
-            rurl = f"{app_url}&{params}"
-    else:
-        rurl = f"{app_url}?{params}"
+    separator = '&' if '?' in app_url and app_url[-1] != '?' else '?'
+    rurl = f"{app_url}{separator}{params}"
     return redirect(rurl)

account/rpc/passkeys.py CHANGED Viewed

@@ -51,4 +51,4 @@ def rest_on_passkeys_auth_complete(request):
         request.session.pop("fido2_state"),
         request.session.pop("fido2_rp_id"))
     # we now want to handle the JWT or basic login flow
-    return on_complete_jwt(request, uk.member)
+    return on_complete_jwt(request, uk.member, "passkey")

{django_restit-4.2.174.dist-info → django_restit-4.2.176.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: django-restit
-Version: 4.2.174
+Version: 4.2.176
 Summary: A Rest Framework for DJANGO
 License: MIT
 Author: Ian Starnes

{django_restit-4.2.174.dist-info → django_restit-4.2.176.dist-info}/RECORD RENAMED Viewed

@@ -24,17 +24,18 @@ account/migrations/0019_group_location.py,sha256=EfMB_w4qWUGDqQeNc453PFZwpjpTeoA
 account/migrations/0020_cloudcredentials_cloudcredentialsmetadata.py,sha256=mHwxkyDfA4ueQOt34w5ndJB4XwNTDLv79CkKgzhlz-c,2250
 account/migrations/0021_alter_cloudcredentials_group.py,sha256=zoFYmE-hd3uRGX6DRO9k-osPwH0jFeTU7S-pjCOtakk,561
 account/migrations/0022_alter_memberdevice_modified.py,sha256=9eeKcdr9p6qFJ8ZxSnKSj1KxZjW8NZfM0YCMck6i0QQ,424
+account/migrations/0023_authsession_method.py,sha256=5oIOXyj24rlrLFq7frij5VBaWk_ckh7hRPqq_jpO_b0,452
 account/migrations/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 account/models/__init__.py,sha256=cV_lMnT2vL_mjiYtT4hlcIHo52ocFbGSNVkOIHHLXZY,385
 account/models/device.py,sha256=8D-Sbv9PZWAnX6UVpp1lNJ03P24fknNnN1VOhqY7RVg,6306
 account/models/feeds.py,sha256=vI7fG4ASY1M0Zjke24RdnfDcuWeATl_yR_25jPmT64g,2011
 account/models/group.py,sha256=JVyMIakLskUuGXBJFyessw4LlD9Fl6AsHtpo1yZEYjk,22884
 account/models/legacy.py,sha256=zYdtv4LC0ooxPVqWM-uToPwV-lYWQLorSE6p6yn1xDw,2720
-account/models/member.py,sha256=qmLCOVbNTRr4L-E7BbOMtv4V64QN7K-0pXDgnuB-AbY,54722
+account/models/member.py,sha256=6-KbOYFyvloyiITgz5gKMyORmPtDESdzbBbMrjmz4Rs,55058
 account/models/membership.py,sha256=90EpAhOsGaqphDAkONP6j_qQ0OWSRaQsI8H7E7fgMkE,9249
 account/models/notify.py,sha256=YKYEXT56i98b7-ydLt5UuEVOqW7lipQMi-KuiPhcSwY,15627
 account/models/passkeys.py,sha256=lObapudvL--ABSTZTIELmYvHE3dPF0tO_KmuYk0ZJXc,1699
-account/models/session.py,sha256=ELkWjB_2KXQvPtRPrvuGJpJsqrxCQX_4J53SbqGz_2U,3737
+account/models/session.py,sha256=5tpyRF1BHTPBL5gBIx8Eu55sWc6pTziqDpm7Zm5bdJI,3876
 account/models/settings.py,sha256=gOyRWBVd3BQpjfj_hJPtqX3H46ztyRAFxBrPbv11lQg,2137
 account/oauth/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 account/oauth/google.py,sha256=q5M6Qhpfp9QslKRVYFZBvtG6kgXV6vYMrR5fp6Xdb9I,2078
@@ -42,13 +43,13 @@ account/passkeys/__init__.py,sha256=FwXYJXwSJXfkLojGBcVpF1dFpgFhzDdd9N_3naYQ0cc,
 account/passkeys/core.py,sha256=4aUBNCuF_kjOvE1zFapK1Pj28ap5slO71dRyfnWi0YU,4148
 account/periodic.py,sha256=-u0n-7QTJgDOkasGhBAPwHAwjpqWGA-MZLEFkVTqCGU,874
 account/rpc/__init__.py,sha256=SGF0M_-H0dKh3b1apSX29BotNWAvITYccGQVC0MIjL8,336
-account/rpc/auth.py,sha256=O-co_vZM9T4lsu3hidjKAeL2tTPWgbmoLsrjhmFZ7lA,17064
+account/rpc/auth.py,sha256=MDXXhTlzTRcKB8TQ0OPawvsb0P4EeH_J3ukeSljgytk,17615
 account/rpc/device.py,sha256=lU2BHNPreHV0dDTjAPc7Sc-5m2JP8SiWVqiKuBfV7Fo,2281
 account/rpc/group.py,sha256=hw7iczZ6W_IrRbx5ZDw6cZ5I_ztqxhtUFJD9WR91_4s,4948
 account/rpc/member.py,sha256=8XnJX-iri0Om4nc-V2_tDJzfCSzziKLw6dUx9egtEZE,2236
 account/rpc/notify.py,sha256=Q2YWejP36egeF060Hih5uX4Psv_B8NWlLLPi7iDYlIw,3344
-account/rpc/oauth.py,sha256=ISLVsR5HvKALANokaOFRvF4FTRxWtXPvVnZAYANKxpo,2864
-account/rpc/passkeys.py,sha256=5x28nYILJUMMSwfVuWYL66hfoGUXahMqOwiHhM4I3Do,1729
+account/rpc/oauth.py,sha256=1dMvEpoMcvGXEdgDq2OBZcRMnXcE1jD18-itVrZwH9A,3333
+account/rpc/passkeys.py,sha256=AKgF2xgaGJi8UCFgfSMBh7rUqrJgVL8-RfDDRoPWiDM,1740
 account/rpc/settings.py,sha256=EvPuwW63Gp_Va0ANIPAZ894tnS_JCctQ0FzqYRdKUNM,271
 account/settings.py,sha256=XEvZdcA6p_iUpDq9NmICK8rxzIQ8NViKfrpyuYgSV4o,53
 account/templates/email/base.html,sha256=GUuatccaZtO_hLLNZmMQQKew1Bjfz3e6Z7p3dM6BrWk,9669
@@ -379,7 +380,7 @@ pushit/utils.py,sha256=IeTCGa-164nmB1jIsK1lu1O1QzUhS3BKfuXHGjCW-ck,2121
 rest/.gitignore,sha256=TbEvWRMnAiajCTOdhiNrd9eeCAaIjRp9PRjE_VkMM5g,118
 rest/README.md,sha256=V3ETc-cJu8PZIbKr9xSe_pA4JEUpC8Dhw4bQeVCDJPw,5460
 rest/RemoteEvents.py,sha256=nL46U7AuxIrlw2JunphR1tsXyqi-ep_gD9CYGpYbNgE,72
-rest/__init__.py,sha256=j76Rqm_TIvJvezmNJkUripR1cpoqTtqZAXhwIQ0t_Uk,122
+rest/__init__.py,sha256=57yJpEKX4zpzd53NtME1OKpJzJqzJxz38KVjs86WJ0g,122
 rest/arc4.py,sha256=y644IbF1ec--e4cUJ3KEYsewTCITK0gmlwa5mJruFC0,1967
 rest/cache.py,sha256=1Qg0rkaCJCaVP0-l5hZg2CIblTdeBSlj_0fP6vlKUpU,83
 rest/crypto/__init__.py,sha256=Tl0U11rgj1eBYqd6OXJ2_XSdNLumW_JkBZnaJqI6Ldw,72
@@ -399,7 +400,7 @@ rest/helpers.py,sha256=t7smlOUzchVno-zeq7xMJIwogAR2DeSrffWxgysOHX8,29531
 rest/joke.py,sha256=0PpKaX2iN7jlS62kgjfmmqkFBYLPURz15aQ8R7OJkJ8,260
 rest/jwtoken.py,sha256=F7Vvpm31rAplTXr8XFP-Lb4BnDB3j1B2nQq0P1iTCLQ,2576
 rest/log.py,sha256=hd1_4HBOS395sfXJIL6BTw9yekm1SLgBwYx_PdfIhKA,20930
-rest/mail.py,sha256=Rm40hWDYop0tMqxdN-J2NT-dCnP-f4SfCZxSO02ajzs,7965
+rest/mail.py,sha256=FFvHgNcq84sJP5DyaJQKbuoao5NAsS6r-PT4MRfjWFU,8139
 rest/mailman.py,sha256=v5O1G5s3HiAKmz-J1z0uT6_q3xsONPpxVl9saEyQQ2I,9174
 rest/management/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 rest/management/commands/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -429,7 +430,7 @@ rest/serializers/legacy.py,sha256=a5O-x2PqMKX8wYWrhCmdcivVbkPnru7UdyLbrhCaAdY,61
 rest/serializers/localizers.py,sha256=BegaCvTQVaruhWzvGHq3zWeVFmtBChatquRqAtkke10,410
 rest/serializers/model.py,sha256=08HJeqpmytjxvyiJFfsSRRG0uH-iK2mXCw6w0oMfWrI,8598
 rest/serializers/profiler.py,sha256=OxOimhEyvCAuzUBC9Q1dz2xaakjAqmSnekMATsjduXM,997
-rest/serializers/response.py,sha256=aSZ9bvhsYGHR26NA6sin7fGqFptjTsBhmIcDKrqeeoY,8656
+rest/serializers/response.py,sha256=fsGgS9mtZSceXzNjMcjEJplisn4bG8qQSSdRGrq5Spo,8657
 rest/serializers/util.py,sha256=-In89fpuVTd6_Ul8nwEUt3DjVKdpeoEyAxudlyB8K6Y,2734
 rest/service.py,sha256=jl8obnMDEUzB8y3LROGPvmfKKoFU_SzOvywUQjoQZpg,4046
 rest/settings_helper.py,sha256=_Vn9nmL5_GPss9zIsXzacbTQkn99NbO42CqvOZC3ge4,1532
@@ -516,7 +517,7 @@ ws4redis/servers/uwsgi.py,sha256=VyhoCI1DnVFqBiJYHoxqn5Idlf6uJPHvfBKgkjs34mo,172
 ws4redis/settings.py,sha256=KKq00EwoGnz1yLwCZr5Dfoq2izivmAdsNEEM4EhZwN4,1610
 ws4redis/utf8validator.py,sha256=S0OlfjeGRP75aO6CzZsF4oTjRQAgR17OWE9rgZdMBZA,5122
 ws4redis/websocket.py,sha256=R0TUyPsoVRD7Y_oU7w2I6NL4fPwiz5Vl94-fUkZgLHA,14848
-django_restit-4.2.174.dist-info/LICENSE.md,sha256=VHN4hhEeVOoFjtG-5fVv4jesA4SWi0Z-KgOzzN6a1ps,1068
-django_restit-4.2.174.dist-info/METADATA,sha256=r1t8GFE4qKAq75b6CnYkpJCE6BbfW7-t2qt2dy-XkaA,7714
-django_restit-4.2.174.dist-info/WHEEL,sha256=IYZQI976HJqqOpQU6PHkJ8fb3tMNBFjg-Cn-pwAbaFM,88
-django_restit-4.2.174.dist-info/RECORD,,
+django_restit-4.2.176.dist-info/LICENSE.md,sha256=VHN4hhEeVOoFjtG-5fVv4jesA4SWi0Z-KgOzzN6a1ps,1068
+django_restit-4.2.176.dist-info/METADATA,sha256=WVtqfF02L5jyZtQQoObLI57ZpcubGld7ZDyqc1vSXlg,7714
+django_restit-4.2.176.dist-info/WHEEL,sha256=IYZQI976HJqqOpQU6PHkJ8fb3tMNBFjg-Cn-pwAbaFM,88
+django_restit-4.2.176.dist-info/RECORD,,

rest/__init__.py CHANGED Viewed

@@ -1,4 +1,4 @@
 from .uberdict import UberDict  # noqa: F401
 from .settings_helper import settings  # noqa: F401
-__version__ = "4.2.174"
+__version__ = "4.2.176"

rest/mail.py CHANGED Viewed

@@ -37,11 +37,16 @@ SES_REGION = settings.SES_REGION
 EMAIL_METRICS = settings.get("EMAIL_METRICS", False)
-def send(to, subject, body=None, attachments=[],
+def send(to, subject, body=None, attachments=[],
          from_email=settings.DEFAULT_FROM_EMAIL,
-         fail_silently=True, template=None,
+         fail_silently=True, template=None,
          context=None, do_async=False, replyto=None):
     # make sure to is list
+    if isinstance(to, str):
+        if "," in to:
+            to = [t.strip() for t in to.split(',')]
+        elif ";" in to:
+            to = [t.strip() for t in to.split(';')]
     if not isinstance(to, (tuple, list)):
         to = [to]
     # if template lets render
@@ -254,5 +259,3 @@ def render_to_mail(name, context):
         body = html_content
     send(toaddrs, subject, body=body, from_email=fromaddr, do_async=True, replyto=replyto)

rest/serializers/response.py CHANGED Viewed

@@ -15,7 +15,7 @@ from . import csv
 from . import excel
 # from . import profiler
 STATUS_ON_PERM_DENIED = settings.get("STATUS_ON_PERM_DENIED", 403)
-REST_LIST_CACHE_COUNT = settings.get("REST_LIST_CACHE_COUNT", True)
+REST_LIST_CACHE_COUNT = settings.get("REST_LIST_CACHE_COUNT", False)
 def get_query_hash(queryset):

{django_restit-4.2.174.dist-info → django_restit-4.2.176.dist-info}/LICENSE.md RENAMED Viewed

File without changes

{django_restit-4.2.174.dist-info → django_restit-4.2.176.dist-info}/WHEEL RENAMED Viewed

File without changes

django-restit 4.2.174__py3-none-any.whl → 4.2.176__py3-none-any.whl

django-restit 4.2.174py3-none-any.whl → 4.2.176py3-none-any.whl