Updates Docs, Bumps Version

iMerica · Jul 10, 2020 · 26482cc · 26482cc
1 parent 1ffcbfe
commit 26482cc
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 6 deletions.
diff --git a/dj_rest_auth/__version__.py b/dj_rest_auth/__version__.py
@@ -1,7 +1,7 @@
 __title__ = 'dj-rest-auth'
 __description__ = 'Authentication and Registration in Django Rest Framework.'
 __url__ = 'http://github.com/jazzband/dj-rest-auth'
-__version__ = '1.0.9'
+__version__ = '1.1.0'
 __author__ = '@iMerica https://github.com/iMerica'
 __author_email__ = '[email protected]'
 __license__ = 'MIT'

diff --git a/docs/configuration.rst b/docs/configuration.rst
@@ -41,18 +41,15 @@ Configuration
         - REGISTER_SERIALIZER - serializer class in ``dj_rest_auth.registration.views.RegisterView``, default value ``dj_rest_auth.registration.serializers.RegisterSerializer``
 
         .. note:: The custom REGISTER_SERIALIZER must define a ``def save(self, request)`` method that returns a user model instance
-
 - **REST_AUTH_TOKEN_MODEL** - path to model class for tokens, default value ``'rest_framework.authtoken.models.Token'``
-
 - **REST_AUTH_TOKEN_CREATOR** - path to callable or callable for creating tokens, default value ``dj_rest_auth.utils.default_create_token``.
-
 - **REST_SESSION_LOGIN** - Enable session login in Login API view (default: True)
-
 - **REST_USE_JWT** - Enable JWT Authentication instead of Token/Session based. This is built on top of djangorestframework-simplejwt https://github.com/SimpleJWT/django-rest-framework-simplejwt, which must also be installed. (default: False)
 - **JWT_AUTH_COOKIE** - The cookie name/key.
 - **JWT_AUTH_SECURE** - If you want the cookie to be only sent to the server when a request is made with the https scheme (default: False).
 - **JWT_AUTH_HTTPONLY** - If you want to prevent client-side JavaScript from having access to the cookie (default: True).
 - **JWT_AUTH_SAMESITE** - To tell the browser not to send this cookie when performing a cross-origin request (default: 'Lax'). SameSite isn’t supported by all browsers.
 - **OLD_PASSWORD_FIELD_ENABLED** - set it to True if you want to have old password verification on password change enpoint (default: False)
-
 - **LOGOUT_ON_PASSWORD_CHANGE** - set to False if you want to keep the current user logged in after a password change
+- **JWT_AUTH_COOKIE_USE_CSRF** -  Enables CSRF checks for only authenticated views when using the JWT cookie for auth. Does not effect a client's ability to authenticate using a JWT Bearer Auth header without a CSRF token.
+- **JWT_AUTH_COOKIE_ENFORCE_CSRF_ON_UNAUTHENTICATED** - Enables CSRF checks for authenticated and unauthenticated views when using the JWT cookie for auth. It does not effect a client's ability to authenticate using a JWT Bearer Auth header without a CSRF token (though getting the JWT token in the first place without passing a CSRF token isnt possible).