Views

API views for authentication and user management.

Login Views

class auth_kit.views.LoginView(**kwargs: Any)

Bases: GenericAPIView

User Authentication

Authenticate users and obtain access tokens for API access. Supports both JWT and DRF token authentication based on configuration.

__init__(**kwargs: Any) → None

Initialize login view.

Parameters:

**kwargs – Arbitrary keyword arguments

authentication_classes = []

create_redirect_response(serializer: BaseSerializer, redirect_url: str) → HttpResponseRedirect

Create HTTP redirect response with authentication cookies.

Reuses the cookie setting logic from create_response_with_cookies.

Parameters:

• serializer – Validated login serializer containing tokens

• redirect_url – URL to redirect to

Returns:

HttpResponseRedirect with authentication cookies set

create_response_with_cookies(serializer: BaseSerializer) → Response

Create login response with authentication cookies.

Parameters:

serializer – Validated login serializer containing tokens

Returns:

DRF response with authentication cookies set

dispatch(*args: Any, **kwargs: Any) → HttpResponseBase

Dispatch the request with sensitive parameter protection.

Parameters:

• *args – Variable length argument list

• **kwargs – Arbitrary keyword arguments

Returns:

HTTP response

get_serializer_class() → type[Serializer]

Get the login serializer class based on current settings.

Returns the appropriate serializer class for handling login requests and responses based on the configured authentication type (JWT, token, or custom).

Returns:

The login serializer class from the auth kit settings

perform_login(serializer: BaseSerializer) → Response

Complete the login process after successful validation.

This method handles the final steps of user authentication including:

• Creating the response with authentication tokens

• Setting authentication cookies if configured

• Performing Django session login if enabled

• Redirecting if configured

Parameters:

serializer – The validated login serializer containing user data and tokens

Returns:

DRF response with login result (cast from HttpResponseRedirect if redirecting)

Return type:

Response

perform_session_login(user: AbstractBaseUser) → None

Process user login using Django’s login function.

permission_classes = (<class 'rest_framework.permissions.AllowAny'>,)

post(request: Request, *args: Any, **kwargs: Any) → Response

Authenticate user and return access tokens.

Parameters:

• request – The DRF request object

• *args – Variable length argument list

• **kwargs – Arbitrary keyword arguments

Returns:

DRF response with login result

set_custom_cookie(response: Response) → None

Set custom authentication cookies.

Override this method to implement custom cookie setting logic.

Parameters:

response – The DRF response object

throttle_scope = 'auth_kit'

Logout Views

class auth_kit.views.LogoutView(**kwargs)

Bases: GenericAPIView

User Logout

Logout user and invalidate authentication tokens. Clears authentication cookies and blacklists tokens when available.

get_serializer_class() → type[Serializer]

Get the logout serializer class based on current settings.

Returns the appropriate serializer class for handling logout requests based on the configured authentication type (JWT, token, or custom).

Returns:

The logout serializer class from the auth kit settings

initial(request: Request, *args: Any, **kwargs: Any) → None

Initialize the request with refresh token from cookies.

Parameters:

• request – The DRF request object

• *args – Variable length argument list

• **kwargs – Arbitrary keyword arguments

logout(request: Request) → Response

Perform user logout based on authentication type.

Parameters:

request – The DRF request object

Returns:

DRF response with logout result

logout_custom(request: Request, response: Response) → None

Handle custom logout logic.

Override this method to implement custom logout behavior.

Parameters:

• request – The DRF request object

• response – The DRF response object

logout_jwt(request: Request, response: Response) → None

Handle JWT logout including token blacklisting.

Parameters:

• request – The DRF request object

• response – The DRF response object

permission_classes = (<class 'rest_framework.permissions.IsAuthenticated'>,)

post(request: Request, *args: Any, **kwargs: Any) → Response

Logout user and invalidate tokens.

Parameters:

• request – The DRF request object

• *args – Variable length argument list

• **kwargs – Arbitrary keyword arguments

Returns:

DRF response with logout result

throttle_scope = 'auth_kit'

JWT Views

class auth_kit.views.jwt.RefreshViewWithCookieSupport(**kwargs)

Bases: TokenRefreshView

JWT Token Refresh

Refresh JWT access tokens using refresh tokens. Supports both request data and cookie-based refresh tokens.

finalize_response(request: Request, response: Response, *args: Any, **kwargs: Any) → Response

Finalize the response by setting JWT cookies.

Parameters:

• request – The DRF request object

• response – The DRF response object

• *args – Variable length argument list

• **kwargs – Arbitrary keyword arguments

Returns:

The finalized DRF response with cookies set

post(request: Request, *args: Any, **kwargs: Any) → Response

Refresh JWT access tokens.

serializer_class

alias of CookieTokenRefreshSerializer

User Views

class auth_kit.views.UserView(**kwargs)

Bases: RetrieveUpdateAPIView

User Profile Management

Retrieve and update user profile information for authenticated users. Allows viewing and modifying profile details like name and preferences.

get(request: Request, *args: Any, **kwargs: Any) → Response

Retrieve user profile information.

get_object() → AbstractBaseUser | AnonymousUser

Get the current authenticated user object.

Returns:

The current user instance

get_queryset() → QuerySet

Get the user queryset.

This method is sometimes called when using django-rest-swagger for API documentation generation.

Returns:

Empty user queryset

patch(request: Request, *args: Any, **kwargs: Any) → Response

Partially update user profile information.

permission_classes = (<class 'rest_framework.permissions.IsAuthenticated'>,)

put(request: Request, *args: Any, **kwargs: Any) → Response

Update user profile information.

serializer_class

alias of UserSerializer

Registration Views

class auth_kit.views.RegisterView(**kwargs)

Bases: CreateAPIView

User Registration

Create new user accounts with email verification. Users must verify their email address before the account is fully activated.

authentication_classes = []

dispatch(*args: Any, **kwargs: Any) → HttpResponseBase

Dispatch the request with sensitive parameter protection.

Parameters:

• *args – Variable length argument list

• **kwargs – Arbitrary keyword arguments

Returns:

HTTP response

get_response_data(user: AbstractBaseUser) → dict[str, Any]

Get response data for successful registration.

Parameters:

user – The newly registered user

Returns:

Dictionary containing response message

permission_classes = (<class 'rest_framework.permissions.AllowAny'>,)

post(request: Request, *args: Any, **kwargs: Any) → Response

Create a new user account.

Parameters:

• request – The DRF request object

• *args – Variable length argument list

• **kwargs – Arbitrary keyword arguments

Returns:

DRF response with registration result

serializer_class

alias of RegisterSerializer

throttle_scope = 'auth_kit'

class auth_kit.views.VerifyEmailView(**kwargs)

Bases: APIView, ConfirmEmailView

Email Verification

Verify email addresses using confirmation keys sent via email. Required to activate user accounts after registration.

authentication_classes = []

get(*args: Any, **kwargs: Any) → NoReturn

GET method not allowed for email verification.

get_serializer(*args: Any, **kwargs: Any) → VerifyEmailSerializer

Get the email verification serializer.

Parameters:

• *args – Variable length argument list

• **kwargs – Arbitrary keyword arguments

Returns:

Email verification serializer instance

permission_classes = (<class 'rest_framework.permissions.AllowAny'>,)

post(request: Request, *args: Any, **kwargs: Any) → Response

Verify email address using confirmation key.

Parameters:

• request – The DRF request object

• *args – Variable length argument list

• **kwargs – Arbitrary keyword arguments

Returns:

DRF response with verification result

class auth_kit.views.ResendEmailVerificationView(**kwargs)

Bases: CreateAPIView

Resend Email Verification

Request a new email verification message for unverified accounts. Useful when the original verification email was lost or expired.

authentication_classes = []

get_queryset() → QuerySet

Get queryset of email addresses for verification resend.

Returns:

QuerySet of EmailAddress objects for filtering and lookup during email verification resend operations

permission_classes = (<class 'rest_framework.permissions.AllowAny'>,)

post(request: Request, *args: Any, **kwargs: Any) → Response

Send new email verification message.

Parameters:

• request – The DRF request object

• *args – Variable length argument list

• **kwargs – Arbitrary keyword arguments

Returns:

DRF response with success message

serializer_class

alias of ResendEmailVerificationSerializer

Password Management Views

class auth_kit.views.PasswordChangeView(**kwargs)

Bases: GenericAPIView

Password change view for authenticated users.

Allows authenticated users to change their password.

dispatch(*args: Any, **kwargs: Any) → HttpResponseBase

Dispatch the request with sensitive parameter protection.

Parameters:

• *args – Variable length argument list

• **kwargs – Arbitrary keyword arguments

Returns:

HTTP response

permission_classes = (<class 'rest_framework.permissions.IsAuthenticated'>,)

post(request: Request, *args: Any, **kwargs: Any) → Response

Handle POST request for password change.

Parameters:

• request – The HTTP request object

• *args – Variable length argument list

• **kwargs – Arbitrary keyword arguments

Returns:

HTTP response with success message

serializer_class

alias of PasswordChangeSerializer

throttle_scope = 'auth_kit'

class auth_kit.views.PasswordResetView(**kwargs)

Bases: GenericAPIView

Password reset request view.

Accepts email address and sends password reset email using django-allauth forms.

authentication_classes = []

permission_classes = (<class 'rest_framework.permissions.AllowAny'>,)

post(request: Request, *args: Any, **kwargs: Any) → Response

Handle POST request for password reset.

Parameters:

• request – The HTTP request object

• *args – Variable length argument list

• **kwargs – Arbitrary keyword arguments

Returns:

HTTP response with success message

serializer_class

alias of PasswordResetSerializer

throttle_scope = 'auth_kit'

class auth_kit.views.PasswordResetConfirmView(**kwargs)

Bases: GenericAPIView

Password reset confirmation view.

Validates reset token and sets new password for the user.

authentication_classes = []

dispatch(*args: Any, **kwargs: Any) → HttpResponseBase

Dispatch the request with sensitive parameter protection.

Parameters:

• *args – Variable length argument list

• **kwargs – Arbitrary keyword arguments

Returns:

HTTP response

permission_classes = (<class 'rest_framework.permissions.AllowAny'>,)

post(request: Request, *args: Any, **kwargs: Any) → Response

Handle POST request for password reset confirmation.

Parameters:

• request – The HTTP request object

• *args – Variable length argument list

• **kwargs – Arbitrary keyword arguments

Returns:

HTTP response with success message

serializer_class

alias of PasswordResetConfirmSerializer

throttle_scope = 'auth_kit'