Welcome to django_nopassword’s documentation!


Run this command to install django-nopassword:

pip install django-nopassword

Requirements: Django >= 1.4 (1.5 custom user is supported)


Add the app to installed apps:


Set the authentication backend to EmailBackend:

AUTHENTICATION_BACKENDS = ( 'nopassword.backends.email.EmailBackend', )

Add urls to your urls.py:

urlpatterns = patterns('',
    url(r'^accounts/', include('nopassword.urls')),

Verify users

If it is necessary to verify that users still are active in another system. Override verify_user(user) to implement your check. In NoPasswordBackend that method checks whether the user is active in the django app.


There are several predefined backends. Usage of those backends are listed below.

class nopassword.backends.email.EmailBackend

Delivers the code by email. It uses the django send email functionality to send the emails. It will attach both HTML and plain-text versions of the email.

class nopassword.backends.sms.TwilioBackend

Delivers the code by sms sent through the twilio service.

Custom backends

In backends.py there is a NoPasswordBackend, from which it is possible to build custom backends. The EmailBackend described above inherits from this backend. Creating your own backend is can be done by creating a subclass of NoPasswordBackend and implementing send_login_code. A good example is the EmailBackend:

class EmailBackend(NoPasswordBackend):

    def send_login_code(self, code, secure=False, host=None):
        subject = getattr(settings, 'NOPASSWORD_LOGIN_EMAIL_SUBJECT', _('Login code'))
        to_email = [code.user.email]
        from_email = getattr(settings, 'DEFAULT_FROM_EMAIL', 'root@example.com')

        context = {'url': code.login_url(secure=secure, host=host), 'code': code}
        text_content = render_to_string('registration/login_email.txt', context)
        html_content = render_to_string('registration/login_email.html', context)

        msg = EmailMultiAlternatives(subject, text_content, from_email, to_email)
        msg.attach_alternative(html_content, 'text/html')



Default: 900

Defines how long a login code is valid in seconds.


Default: 'nopassword'

Defines the namespace for the urls, this must match the namespace of the include of nopassword.urls.


Default: False

If set to True, the login url will not contain the username.


Default: _('Login code')

Sets Email Subject for Login Emails.


Default: 'sha256'

Set the algorithm for used in logincode generation. Possible values are those who are supported in hashlib. The value should be set as the name of the attribute in hashlib. Example hashlib.sha256() would be `NOPASSWORD_HASH_ALGORITHM = ‘sha256’.


Default: True

By default, the login code url requires a POST request to authenticate the user. A GET request renders registration/login_submit.html, which contains some Javascript that automatically performs the POST on page load. To authenticate directly inside the initial GET request instead, set this to False.


Default: 20

The length of the code used to log people in.


Account ID for Twilio.


Account secret for Twilio


Default: False

A boolean flag if set to True, codes will contain numeric characters only (0-9).


Default: 'example.com'

By default, nopassword.views.login passes the result of result.get_host() to LoginCode.send_login_code to build the login URL. If you write your own view and/or want to avoid this behavior by not passing a value for host, the SERVER_URL setting will be used instead.


Default: 'root@example.com'