Release Notes#
[3.3.0] - 2025-12-21#
Added#
Django 6.0 Support: Added official support for Django 6.0. Note that Django 6.0 requires Python 3.12+.
Admin Interface Enhancements: Added expiration status display in Django admin with
is_validcolumn showing intuitive boolean indicators (green checkmark for valid codes, red X for expired codes). Addedis_expiredproperty toSMSVerificationmodel for easy expiration checking.Database Cleanup: Added
cleanup_phone_verificationsmanagement command to automatically delete old verification records. Supports--daysparameter to customize retention period and--dry-runmode for previewing deletions. NewRECORD_RETENTION_DAYSsetting (default: 30 days) for configuring default retention period.
Changed#
Settings:
SECURITY_CODE_EXPIRATION_TIMEis now deprecated in favor of the more explicitSECURITY_CODE_EXPIRATION_SECONDS. Both settings are supported for backward compatibility, withSECURITY_CODE_EXPIRATION_SECONDStaking precedence. A deprecation warning is issued when the old setting name is used. The old name will be removed in a future major version.
[3.2.0] - 2025-10-19#
Added#
Brute Force Protection: Added comprehensive brute force protection for SMS verification codes to prevent automated attacks. New settings:
MAX_FAILED_ATTEMPTS(default: 5) for session lockout threshold andMIN_TOKEN_LENGTH(default: 6) to enforce minimum security code length. Addedfailed_attemptsfield toSMSVerificationmodel with migration for backward compatibility. Contributed by Harsh. Closes #100.Internationalization (i18n): Added support for localizing verification messages based on the
Accept-LanguageHTTP header. The library now automatically detects the user’s preferred language and sends verification messages in that language using Django’s translation system. Contributed by Hari Mahadevan.Documentation: Completely overhauled documentation to professional, enterprise-grade quality:
Getting Started Guide - Expanded with prerequisites, step-by-step configuration, environment variables, and testing instructions
Architecture & Flow - New comprehensive guide explaining system architecture, verification flow diagrams, security features, and extension points
Security Best Practices - Detailed guide covering rate limiting, credential storage, compliance (GDPR, CCPA, TCPA), and production deployment
API Reference - Complete documentation of all services, backends, models, serializers, and viewsets with code examples
Advanced Examples - 8 real-world implementations: 2FA, password reset, marketing opt-in, multi-tenant, async/Celery, custom messages, fallback providers, phone number updates
Configuration Reference - Detailed explanations of all settings with security recommendations and examples
Troubleshooting Guide - Common issues and solutions for installation, configuration, SMS, verification, and performance
FAQ - 30+ frequently asked questions covering all aspects of the library
Enhanced README - Added “What It Does” section, improved features list, better Quick Start with response examples
Security: Added
SECURITY.mdfile with vulnerability reporting process, supported versions, and security best practices summaryPackage Metadata: Added
__version__attribute tophone_verifymodule for programmatic version checkingModern Packaging: Added
pyproject.tomlfor PEP 518 compliance with modern Python tooling and consolidated configuration
Changed#
Python Support: Officially dropped support for Python 3.6 and 3.7 (both EOL). Minimum Python version is now 3.8
README: Improved with Quick Start section showing actual usage examples, better configuration examples, and fixed documentation links
CI/CD: Updated GitHub Actions workflow to test Python 3.8-3.13 for full coverage
Testing: Updated tox configuration to include Python 3.8 in test matrix
[3.1.0]#
Added#
Allow custom backends to override
generate_message(security_code, context=None)for dynamic message generation at runtimecontextparameter support added tosend_verification()for passing additional formatting data dynamically
Changed#
PhoneVerificationServicenow delegates message generation to the backend ifgenerate_message()is implementedMoved
phone_settingsinside__init__for better error handling whenPHONE_VERIFICATIONis missing from settings
[3.0.1]#
Added#
Optional dependencies (
twilio,nexmo) are now only required if explicitly used in thePHONE_VERIFICATION["BACKEND"]setting.Improved error messaging to guide users to install the required backend package (e.g.,
twilio,nexmo) only when needed.Custom backends now raise a clear
RuntimeErrorif the import fails, instead of misleading dependency errors.Support for Python 3.11, 3.12, 3.13
CI tests for Py{311,312,313}-Django{2x,3x,4x,5x}.
Changed#
phonenumbersdependency is replaced withphonenumbersliteto reduce the package size.
[3.0.0]#
Added#
Support for Django 4.x.
Support for Django 3.2.
Changed#
Method
phone_verify.backends.nexmo.NexmoBackend.send_smschanges parameter name fromnumberstonumberto be consistent with rest of the inherited classes.
[2.0.1]#
Added#
Support for Python 3.8 & Python 3.9.
CI tests for Py{36,37,38,39}-Django{20,21,22,30,31}.
Changed#
Fixed issue
generate_session_tokento handle cases in Py38, Py39 when thesession_tokenis alreadystringinstead ofbytes.
[2.0.0]#
NOTE: The previous version of this library provided the security_code in the JWT session_token. You would have to re-verify phone_numbers in this version to ensure they are authentically verified.
Added#
Tests added to provide 100% coverage on the package.
Add
nexmo.errors.ClientErroras exception class inphone_verify.backends.nexmo.NexmoBackend&phone_verify.backends.nexmo.NexmoSandboxBackend.
Changed#
Method signature changed for
phone_verify.backends.BaseBackend.generate_session_token. It now accepts onlyphone_numberinstead of combination ofphone_numberandsecurity_code.Remove the
security_codefrom JWTsession_tokento avoid leaking information.Add nonce in
session_tokento generate unique tokens for eachphone_number.Fixes call to
phone_verify.backends.nexmo.NexmoBackend.send_smsmethod.
[1.1.0]#
Added#
Support
Nexmoas a backend service along withTwilio.Add docs for writing a custom backend.
Changed#
Update
backends.base.BaseBackend.validate_security_codeto usesave()instead ofupdate()to allow Django to emit itspost_save()signal.
[1.0.0]#
Added#
Add coverage report through
coveralls.Support for One-Time Passwords (OTP) using
VERIFY_SECURITY_CODE_ONLY_ONCEasTruein the settings.Script to support makemigrations for development.
BaseBackendstatus now haveSECURITY_CODE_VERIFIEDandSESSION_TOKEN_INVALIDstatus to support new states.
Changed#
Rename
TWILIO_SANDBOX_TOKENtoSANDBOX_TOKEN.Fix signature for
send_bulk_smsmethod inTwilioBackendandTwilioSandboxBackend.Response for
/api/phone/registercontains keysession_tokeninstead ofsession_code.Request payload for
/api/phone/verifynow expectssession_tokenkey instead ofsession_code.Response for
/api/phone/verifynow sends additional response ofSecurity code is already verifiedin caseVERIFY_SECURITY_CODE_ONLY_ONCEis set toTrue.Rename
otptosecurity_codein code and docs to be more consistent.Rename
BaseBackendstatus fromVALID,INVALID,EXPIREDtoSECURITY_CODE_VALID,SECURITY_CODE_INVALID, andSECURITY_CODE_EXPIREDrespectively.Rename
session_codetosession_tokento be consistent in code and naming across the app.Rename service
send_otp_and_generate_session_codetosend_security_code_and_generate_session_token.Rename method
BaseBackend.generate_tokentoBaseBackend.generate_security_code.Rename method
create_otp_and_session_tokentocreate_security_code_and_session_token.Rename method
BaseBackend.validate_tokentoBaseBackend.validate_security_codewith an additional parameter ofsession_token.
[0.2.0]#
Added#
pre-commit-configto maintain code quality using black and other useful tools.Docs for integration and usage in Getting Started
Tox for testing on py{37}-django{20,21,22}.
Travis CI for testing builds.
Changed#
Convert
*.mddocs to reST Markup.Fix issue with installing required package dependencies via
install_requires.
[0.1.1]#
Added#
README and documentation of API endpoints.
setup.cfgto manage coverage.phone_verifyapp including backends, requirements, tests.Initial app setup.