Djangorestframework-api-key

**NOTE**: this release contains migrations. See [Upgrade to v1.4](https://florimondmanca.github.io/djangorestframework-api-key/upgrade/1.4/) for detailed instructions.

Added

- The `prefix` and `hashed_key` are now stored in dedicated fields on the `APIKey` model. (Pull 62)

**NOTE**: this release contains migrations. In your Django project, run them using:

python
python manage.py migrate rest_framework_api_key


Added

- Add abstract API key model (`AbstractAPIKey`) and base manager (`BaseAPIKeyManager`). (Pull 36)
- Add base permissions (`BaseHasAPIKey`). (Pull 46)

Changed

- The `id` field of `APIKey` is now non-`editable`.
- `APIKeyModelAdmin` does not define `fieldsets` anymore. This allows subclasses to benefit from Django's automatic fieldsets. (Pull 52)

Fixed

- Explicitly use `utf-8` encoding in `setup.py`, which could previously lead to issues when installing on certain systems. (Pull 58)

Fixed

- Fixed a critical bug in `APIKeyModelAdmin` that prevented `rest_framework_api_key` from passing Django system checks. (Pull 39)

**NOTE**: this release contains migrations. In your Django project, run them using:

python
python manage.py migrate rest_framework_api_key


Added

- API keys can now have an optional `expiry_date`. (Pull 33) `HasAPIKey` denies access if the API key has expired, i.e. if `expiry_date`, if set, is in the past.
- It is now possible to search by `prefix` in the API key admin panel.
- The `prefix` is now displayed in the edit view of the API key admin panel.

Added

- Improve documentation on which password hasher is used.
- Add tests against the Argon2, BcryptSHA256 and PBKDF2SHA1 hashers. (Pull 32)

Fixed

- Fix support for password hashers that generate hashes that contain dots. (Pull 31)

**This release is incompatible with 0.x**. See [Upgrade to 1.0](https://florimondmanca.github.io/djangorestframework-api-key/upgrade/1.4/) for migration steps.

Removed

- Remove `HasAPIKeyOrIsAuthenticated` permission class. You should use bitwise composition now, e.g. `HasAPIKey | IsAuthenticated`.
- Drop the `DRF_API_KEY_*` settings. (Pull 19)

Changed

- Switch to a new API key generation and validation scheme. Clients must now authorize using a single API key header (Pull 19). The header is `Authorization` by default. It can be customized using the `API_KEY_CUSTOM_HEADER` setting (Pull 26). Use the `name` field to identify clients.

Added

- Add support for Django 2.2. (Pull 27)
- Add programmatic API key creation using `APIKey.objects.create_key()`. (Pull 19)

Fixed

- Improved API key storage using Django's password hashing helpers. (Uses the default Django password hasher.) (Pull 19)