- Django 6.0 Support: Added official support for Django 6.0. Note that Django 6.0 requires Python 3.12+.
- Admin Interface Enhancements: Added expiration status display in Django admin with
is_validcolumn showing intuitive boolean indicators (green checkmark for valid codes, red X for expired codes). Addedis_expiredproperty toSMSVerificationmodel for easy expiration checking. - Database Cleanup: Added
cleanup_phone_verificationsmanagement command to automatically delete old verification records. Supports--daysparameter to customize retention period and--dry-runmode for previewing deletions. NewRECORD_RETENTION_DAYSsetting (default: 30 days) for configuring default retention period.
- Settings:
SECURITY_CODE_EXPIRATION_TIMEis now deprecated in favor of the more explicitSECURITY_CODE_EXPIRATION_SECONDS. Both settings are supported for backward compatibility, withSECURITY_CODE_EXPIRATION_SECONDStaking precedence. A deprecation warning is issued when the old setting name is used. The old name will be removed in a future major version.
- Brute Force Protection: Added comprehensive brute force protection for SMS verification codes to prevent automated attacks. New settings:
MAX_FAILED_ATTEMPTS(default: 5) for session lockout threshold andMIN_TOKEN_LENGTH(default: 6) to enforce minimum security code length. Addedfailed_attemptsfield toSMSVerificationmodel with migration for backward compatibility. Contributed by Harsh. Closes #100. - Internationalization (i18n): Added support for localizing verification messages based on the
Accept-LanguageHTTP header. The library now automatically detects the user's preferred language and sends verification messages in that language using Django's translation system. Contributed by Hari Mahadevan. - Documentation: Completely overhauled documentation to professional, enterprise-grade quality:
- Getting Started Guide - Expanded with prerequisites, step-by-step configuration, environment variables, and testing instructions
- Architecture & Flow - New comprehensive guide explaining system architecture, verification flow diagrams, security features, and extension points
- Security Best Practices - Detailed guide covering rate limiting, credential storage, compliance (GDPR, CCPA, TCPA), and production deployment
- API Reference - Complete documentation of all services, backends, models, serializers, and viewsets with code examples
- Advanced Examples - 8 real-world implementations: 2FA, password reset, marketing opt-in, multi-tenant, async/Celery, custom messages, fallback providers, phone number updates
- Configuration Reference - Detailed explanations of all settings with security recommendations and examples
- Troubleshooting Guide - Common issues and solutions for installation, configuration, SMS, verification, and performance
- FAQ - 30+ frequently asked questions covering all aspects of the library
- Enhanced README - Added "What It Does" section, improved features list, better Quick Start with response examples
- Security: Added
SECURITY.mdfile with vulnerability reporting process, supported versions, and security best practices summary - Package Metadata: Added
__version__attribute tophone_verifymodule for programmatic version checking - Modern Packaging: Added
pyproject.tomlfor PEP 518 compliance with modern Python tooling and consolidated configuration
- Python Support: Officially dropped support for Python 3.6 and 3.7 (both EOL). Minimum Python version is now 3.8
- README: Improved with Quick Start section showing actual usage examples, better configuration examples, and fixed documentation links
- CI/CD: Updated GitHub Actions workflow to test Python 3.8-3.13 for full coverage
- Testing: Updated tox configuration to include Python 3.8 in test matrix
- Allow custom backends to override
generate_message(security_code, context=None)for dynamic message generation at runtime contextparameter support added tosend_verification()for passing additional formatting data dynamically
PhoneVerificationServicenow delegates message generation to the backend ifgenerate_message()is implemented- Moved
phone_settingsinside__init__for better error handling whenPHONE_VERIFICATIONis missing from settings
- Optional dependencies (
twilio,nexmo) are now only required if explicitly used in thePHONE_VERIFICATION["BACKEND"]setting. - Improved error messaging to guide users to install the required backend package (e.g.,
twilio,nexmo) only when needed. - Custom backends now raise a clear
RuntimeErrorif the import fails, instead of misleading dependency errors. - Support for Python 3.11, 3.12, 3.13
- CI tests for Py{311,312,313}-Django{2x,3x,4x,5x}.
phonenumbersdependency is replaced withphonenumbersliteto reduce the package size.
- Support for Django 4.x.
- Support for Django 3.2.
- Method
phone_verify.backends.nexmo.NexmoBackend.send_smschanges parameter name fromnumberstonumberto be consistent with rest of the inherited classes.
- Support for Python 3.8 & Python 3.9.
- CI tests for Py{36,37,38,39}-Django{20,21,22,30,31}.
- Fixed issue
generate_session_tokento handle cases in Py38, Py39 when thesession_tokenis alreadystringinstead ofbytes.
NOTE: The previous version of this library provided the security_code in the JWT session_token. You would have to re-verify phone_numbers in this version to ensure they are authentically verified.
- Tests added to provide 100% coverage on the package.
- Add
nexmo.errors.ClientErroras exception class inphone_verify.backends.nexmo.NexmoBackend&phone_verify.backends.nexmo.NexmoSandboxBackend.
- Method signature changed for
phone_verify.backends.BaseBackend.generate_session_token. It now accepts onlyphone_numberinstead of combination ofphone_numberandsecurity_code. - Remove the
security_codefrom JWTsession_tokento avoid leaking information. - Add nonce in
session_tokento generate unique tokens for eachphone_number. - Fixes call to
phone_verify.backends.nexmo.NexmoBackend.send_smsmethod.
- Support
Nexmoas a backend service along withTwilio. - Add docs for writing a custom backend.
- Update
backends.base.BaseBackend.validate_security_codeto usesave()instead ofupdate()to allow Django to emit itspost_save()signal.
- Add coverage report through
coveralls. - Support for One-Time Passwords (OTP) using
VERIFY_SECURITY_CODE_ONLY_ONCEasTruein the settings. - Script to support makemigrations for development.
BaseBackendstatus now haveSECURITY_CODE_VERIFIEDandSESSION_TOKEN_INVALIDstatus to support new states.
- Rename
TWILIO_SANDBOX_TOKENtoSANDBOX_TOKEN. - Fix signature for
send_bulk_smsmethod inTwilioBackendandTwilioSandboxBackend. - Response for
/api/phone/registercontains keysession_tokeninstead ofsession_code. - Request payload for
/api/phone/verifynow expectssession_tokenkey instead ofsession_code. - Response for
/api/phone/verifynow sends additional response ofSecurity code is already verifiedin caseVERIFY_SECURITY_CODE_ONLY_ONCEis set toTrue. - Rename
otptosecurity_codein code and docs to be more consistent. - Rename
BaseBackendstatus fromVALID,INVALID,EXPIREDtoSECURITY_CODE_VALID,SECURITY_CODE_INVALID, andSECURITY_CODE_EXPIREDrespectively. - Rename
session_codetosession_tokento be consistent in code and naming across the app. - Rename service
send_otp_and_generate_session_codetosend_security_code_and_generate_session_token. - Rename method
BaseBackend.generate_tokentoBaseBackend.generate_security_code. - Rename method
create_otp_and_session_tokentocreate_security_code_and_session_token. - Rename method
BaseBackend.validate_tokentoBaseBackend.validate_security_codewith an additional parameter ofsession_token.
pre-commit-configto maintain code quality using black and other useful tools.- Docs for integration and usage in :doc:`getting_started`
- Tox for testing on py{37}-django{20,21,22}.
- Travis CI for testing builds.
- Convert
*.mddocs to reST Markup. - Fix issue with installing required package dependencies via
install_requires.
- README and documentation of API endpoints.
setup.cfgto manage coverage.phone_verifyapp including backends, requirements, tests.- Initial app setup.