I have checked many resources,till now I couldn not understand how to setup password reset confirm.How do I do that?I can send email in /u/admin/register/reset_password/ endpoint but when it directs I don't know the process.It said no password reset confirm url,I set it in djoser settings but I got below error.I would like to know whole password reset process in djoser from start.
after i click post below error shows up.
my settings.py:
DJOSER = {
"USER_ID_FIELD": "username",
"LOGIN_FIELD": "email",
"PASSWORD_RESET_CONFIRM_URL": "u/admin/register/reset_password_confirm/{uid}/{token}",
"ACTIVATION_URL": "/activate/{uid}/{token}",
"SEND_ACTIVATION_EMAIL": True,
"SERIALIZERS": {},
'PASSWORD_CHANGED_EMAIL_CONFIRMATION':True
# "EMAIL": {"password_reset": "users.views.ResetPasswordView"},
}
Related
I made registration via social networks using the allauth library.
Added the necessary settings:
ACCOUNT_EMAIL_REQUIRED = True
ACCOUNT_USERNAME_REQUIRED = False
ACCOUNT_AUTHENTICATION_METHOD = "email".
and applications:
"allauth", #registration
"allauth.account", # registration
"allauth.socialaccount", # registration
"allauth.socialaccount.providers.vk", # registration via VK.
and in urls.py I also wrote:
url(r"^accounts/", include("allauth.urls"))
The problem is that sometimes the provider after registration may not provide an email.
And my users are identified using mail.
Signup:
I want the user to be redirected to a page with an email entry and send a confirmation link to this email after the suppliers confirm the entered data is correct.
Signin:
I want to return the JWT token to the user after confirming the providers that the entered data is correct
How to implement a signin/signup system in Django DRF JWT with allauth library?
(apparently I need to write custom views, but I tried - unsuccessfully)
I have a VueJS/Django rest framework application and working on the confirmation email when a user signup.
My frontend is on another URL than my backend so I try to configure djoser to put the activation link with the good domain.
I finally managed to do it kind of adding DOMAIN and SITE_NAME informations but the result is not as expected because my domain name is surrounded by brackets.
In my settings Django I have:
DOMAIN = 'localhost:8080',
SITE_NAME = 'Frontend',
DJOSER = {
'PASSWORD_RESET_CONFIRM_URL': '#/password/reset/confirm/{uid}/{token}',
'USERNAME_RESET_CONFIRM_URL': '#/username/reset/confirm/{uid}/{token}',
'ACTIVATION_URL': 'activate/{uid}/{token}',
'SEND_ACTIVATION_EMAIL': True,
'SERIALIZERS': {},
}
But the result in the email is:
You're receiving this email because you need to finish activation process on ('Frontend',).
Please go to the following page to activate account:
http://('localhost:8080',)/activate/MzE/an7e2w-73af66245317921904307cc266f4983e
Thanks for using our site!
The ('Frontend',) team
Does anyone have an idea why these brackets pop here?
Instead of:
DOMAIN = 'localhost:8080',
SITE_NAME = 'Frontend',
try without comma.
DOMAIN = 'localhost:8080'
SITE_NAME = 'Frontend'
A comma form a tuple.
I have a new Django project (version 2.2), a custom user model and django-allauth to manage user registration (not via social, just with the email confirmation) and I'm trying to test some protected views.
In the setUp method of the test I create a new user and create a new EmailAddress (from allauth.account.models) with verified and primary set to True.
Next I try to login with: self.client.login(username=username, password=password)
and I get True so everything is working so far and the user is logged.
If I try to view anything that requires login, I get a 301 redirect to the login page.
Here's my code:
user creation in setUp
username = 'test#test.com'
password = 'testtesttest'
new_user = User.objects.create_user(
username=username,
email=username,
password=password,
)
new_user.save()
new_user.is_active = True
new_user.save()
new_email_address = EmailAddress(
user_id=new_user.id,
email=username,
verified=True,
primary=True,
)
new_email_address.save()
login and test logged in
logged_in = self.client.login(email=username, password=password)
self.assertTrue(logged_in) # and this works as expected
Now if I try to request a view that requires login:
response = self.client.get("/protected")
I get <HttpResponsePermanentRedirect status_code=301, "text/html; charset=utf-8", url="/protected/">
What am I missing or doing wrong?
The redirect you're showing actually shows you the url it's redirecting to: url="/protected/". So you're not redirected to the login page.
Note that a normal redirect would be 302 redirect (temporary), whereas here you see a permanent redirect, 301.
Either request the correct url (self.client.get('/protected/')) or follow through the redirects: self.client.get('/protected', follow=True). That way your response will be for the final page and you can test whether its contents are what you expect.
I am trying to write some tests for the authentication part of my application and I encountered a problem with checking if the user is logged in or not. Here's the code:
client = Client()
# user signup form
response = client.post(signup_url, data={
'email': "lorem#ipsum.pl",
'password1': 'hunter2',
'password2': 'hunter2',
}, follow=True)
# checking if the user is logged in
with self.assertRaises(KeyError):
client.session['_auth_user_id']
self.assertEquals(len(mail.outbox), 1)
url = find_verification_url(mail.outbox[0].body)
response = client.get(url, follow=True)
self.assertEqual(200, response.status_code)
user = User.objects.get(email="lorem#ipsum.pl")
self.assertEqual(client.session['_auth_user_id'], user.pk)
# how to logout a user?
force_logout()
self.assertFalse(response.request.user.is_authenticated())
The user fills the form and clicks submit, then receives an email with a verification url. After he clicks the verification url in the email he's supposed to get directed to the site and authenticated. My questions is, what is a good way to find out if the user is authenticated or not? What is a preferred way to log out a user in this situation? I want to check that if the user is logged out and clicks the link the verification link second time it doesn't work. I tried some things like:
client.logout()
But unfortunately it seems to work once every two times even when I remove this line.
Thanks for any help!
Ok so the problem was that the authentication system was using a timestamp function to know if a url was expired or not. When run in a test the verification url was not expired when it should be. The login request after the logout was too fast and the system was thinking that the verification url was still valid and the user got authenticated. And that's why user.is_authenticated() was returning True all the time.
So I'll give full disclosure from the get-go that I am quite new to both Django and django-allauth.
Now that that is out of the way, the problem that I am having is that when a user logs in via a social site, (I have been trying Google and Facebook), none of the data retrieved from the site is pulled into the user's data fields. After authenticating, the user is still prompted to enter an email, and all name fields are left blank. I tried to fix this manually by creating a custom adapter, but that did not work either. From using print statements, I can see that the data is being fetched from the site just fine -- it just isn't being saved to the user's attributes.
Correct me if I'm wrong, but by reading the documentation and the some of the source of django-allauth, I am under the impression that social authorization automatically saves the user's email and first and last names via the populate_user(self, request, sociallogin, data): hook in the DefaultSocialAccountAdapter class, so I really shouldn't even have to deal with workarounds.
Thus, I'm guessing that I am just doing something foolish that is messing this up for me... Although if there is a clever workaround that will fix this problem, I'd be fine with that, for lack for a better solution.
Note: Using Django 1.7 and Python 3.4.1
EDIT: Django-allauth is succeeding in creating a User and linking the user to a social account, which contains all of the data fetched from the social site, but none of that data is populating the fields within the User object, like email, first_name, and last_name.
Here are my django-allauth configuration settings in settings.py:
ACCOUNT_AUTHENTICATION_METHOD = "email"
ACCOUNT_EMAIL_REQUIRED = True
ACCOUNT_EMAIL_VERIFICATION = "required"
ACCOUNT_USERNAME_REQUIRED = False
SOCIALACCOUNT_AUTO_SIGNUP = True
# The following line was uncommented when I was trying to use my own adapter
# SOCIALACCOUNT_ADAPTER = 'profiles.profile_adapter.ProfileAdapter'
SOCIALACCOUNT_PROVIDERS = {
'facebook':
{ 'SCOPE': ['email'],
'AUTH_PARAMS': {'auth_type': 'reauthenticate'},
'METHOD': 'oauth2',
'LOCALE_FUNC': lambda request: 'en_US'},
'google':
{ 'SCOPE': ['https://www.googleapis.com/auth/userinfo.profile'],
'AUTH_PARAMS': { 'access_type': 'online' } },
}
And here is the code I had in my custom adapter (Which, by using print statements, I could tell was getting used and processing the correct data) where I tried to manually save the fields into the user object
from allauth.socialaccount.adapter import DefaultSocialAccountAdapter
class ProfileAdapter(DefaultSocialAccountAdapter):
def pre_social_login(self, request, sociallogin):
'''
Check for extra user data and save the desired fields.
'''
data = sociallogin.account.extra_data
user = sociallogin.account.user
print("LOGS: Caught the signal -> Printing extra data of the account: \n" + str(data))
if 'first_name' in data:
user.first_name = data['first_name']
elif 'given_name' in data:
user.first_name = data['given_name']
if 'last_name' in data:
user.last_name = data['last_name']
elif 'family_name' in data:
user.last_name = data['family_name']
user.save()
Note The above code creates a user in the database that is not linked to any social account, but contains the correct first and last names. Then the user is redirected to a form saying they are logging in with a social account and is prompted for an email address. Once this form is submitted, the original user created is overwritten by a new user that is linked to a social account, contains the email entered into the form, but does not have first or last name fields populated.
The problem was that when an email was not included with the data fetched from the social media site, django-allauth would ask for an email in a subsequent form to create the account with. When the account is then created from this form, django-allauth would not use the data fetched from the social media to populate fields. I think that this is a problem with django-allauth.