I am new to flask app builder and am trying to set up user registration but for my purposes, I do not need reCAPTCHA. Is there a way to disable reCaptcha in the config file? Here is what my config file looks like below:
# Uncomment to setup Public role name, no authentication needed
# AUTH_ROLE_PUBLIC = 'Public'
# Will allow user self registration
AUTH_USER_REGISTRATION = True
# Config for Flask-WTF Recaptcha necessary for user registration
RECAPTCHA_PUBLIC_KEY = 'GOOGLE PUBLIC KEY FOR RECAPTCHA'
RECAPTCHA_PRIVATE_KEY = 'GOOGLE PRIVATE KEY FOR RECAPTCHA'
# Config for Flask-Mail necessary for user registration
MAIL_SERVER = 'smtp.gmail.com'
MAIL_USE_TLS = True
MAIL_USERNAME = 'yourappemail#gmail.com'
MAIL_PASSWORD = 'passwordformail'
MAIL_DEFAULT_SENDER = 'fabtest10#gmail.com'
# The default user self registration role
AUTH_USER_REGISTRATION_ROLE = "Public"
To disable the recaptcha feature and bypass validation, you will need to set RECAPTCHA_ENABLED = False
RECAPTCHA_ENABLED: Bool - True by default, when False it will bypass validation
Future calls to recaptcha.verify() in your flask server file will return True by default as a result.
To disable and hide the recaptcha in the HTML template code, simply omit any code with {{ recaptcha }} in your form.
Found from the documentation here: https://github.com/mardix/flask-recaptcha
Related
I made registration via social networks using the allauth library.
Added the necessary settings:
ACCOUNT_EMAIL_REQUIRED = True
ACCOUNT_USERNAME_REQUIRED = False
ACCOUNT_AUTHENTICATION_METHOD = "email".
and applications:
"allauth", #registration
"allauth.account", # registration
"allauth.socialaccount", # registration
"allauth.socialaccount.providers.vk", # registration via VK.
and in urls.py I also wrote:
url(r"^accounts/", include("allauth.urls"))
The problem is that sometimes the provider after registration may not provide an email.
And my users are identified using mail.
Signup:
I want the user to be redirected to a page with an email entry and send a confirmation link to this email after the suppliers confirm the entered data is correct.
Signin:
I want to return the JWT token to the user after confirming the providers that the entered data is correct
How to implement a signin/signup system in Django DRF JWT with allauth library?
(apparently I need to write custom views, but I tried - unsuccessfully)
I use Django all_auth and rest_auth for a backend service of a mobile app.
I integrated the registration and login API and all works fine.
Now I have to integrate the e-mail address validation logic.
After the registration (without social), I have to send an e-mail with the link that the user will use to validate your account.
I added this configurations into my Django settings:
ACCOUNT_EMAIL_VERIFICATION = 'mandatory'
SOCIALACCOUNT_EMAIL_VERIFICATION = 'none'
Also this works fine. I'm able to receive the e-mail after the registration of a new account. In the received e-mail I have the link to validate the account also.
I would like to have the validation of the e-mail when the user simply will click on the link.
So, I would like to use only the GET HTTP method.
I added, as suggested into the documentation, this setting also:
ACCOUNT_CONFIRM_EMAIL_ON_GET = True
I use this url linked to the all_auth views.
from allauth.account.views import ConfirmEmailView
url(r'^account-confirm-email/', ConfirmEmailView.as_view(), name='account_email_verification_sent'),
url(r'^account-confirm-email/(?P<key>[-:\w]+)/$', ConfirmEmailView.as_view(), name='account_confirm_email'),
But, if I try to click on the link from the received mail, I obtain this error:
KeyError at /account-confirm-email/NzU:1hjl8A:z5Riy8Bjv_h0zJQtoYKuTkKvRLk/
'key'
/allauth/account/views.py in get
self.object = self.get_object() ...
▶ Local vars
/allauth/account/views.py in get_object
key = self.kwargs['key'] ...
▶ Local vars
This seams that setting is not sufficient to have the possibility to use the e-mail validation with GET method.
Have I to overwrite the custom Django view for this?
Looks like you're using the same view two times where you should use another view class. Following change should fix it:
from allauth.account.views import ConfirmEmailView, EmailVerificationSentView
# ...
url(
r'^account-confirm-email/',
EmailVerificationSentView.as_view(), # This is changed
name='account_email_verification_sent',
),
url(
r'^account-confirm-email/(?P<key>[-:\w]+)/$',
ConfirmEmailView.as_view(),
name='account_confirm_email',
),
# ...
I implemented registration and login with django-allauth and django-rest-auth. I can successfully login with Facebook to the server with both allauth and rest-auth (web and mobile).
When I'm trying to login with FB account that its email already exists (someone already signed up with that email), it shows the signup form. However, when I'm trying doing the same using rest-auth, I get an error:
Internal Server Error: /rest-auth/facebook/
IntegrityError at /rest-auth/facebook/
duplicate key value violates unique constraint "auth_user_username_key"
DETAIL: Key (username)=() already exists.
My Configuration:
ACCOUNT_USERNAME_REQUIRED = False
ACCOUNT_AUTHENTICATION_METHOD = 'email'
ACCOUNT_EMAIL_REQUIRED = True
ACCOUNT_EMAIL_VERIFICATION = 'optional'
SOCIALACCOUNT_AUTO_SIGNUP = True
SOCIALACCOUNT_EMAIL_VERIFICATION = False
SOCIALACCOUNT_EMAIL_REQUIRED = True
SOCIALACCOUNT_QUERY_EMAIL = True
I solved the issue by creating a social adapter that connects the existing account to the social account.
Please make sure you're aware of the risks before using it - if the email address is not verified in one of the accounts a malicious user might take control of the account by signing up before the social signup (for example).
class MySocialAccountAdapter(DefaultSocialAccountAdapter):
def pre_social_login(self, request, sociallogin):
user = sociallogin.user
if user.id:
return
if not user.email:
return
try:
user = User.objects.get(email=user.email) # if user exists, connect the account to the existing account and login
sociallogin.connect(request, user)
except User.DoesNotExist:
pass
except Exception as e:
logger.exception('Social adapter failure - {}'.format(e))
You need to set the path to the adapter in the settings.py:
SOCIALACCOUNT_ADAPTER = 'path.to.MySocialAccountAdapter'
The latest version of django-rest-auth v0.9.3 now includes social connect views, which allow you to link existing account to a social account.
In order to use them you need to be authenticated via existing account, due to security issues outlined in the previous answer. More info in the docs: Additional Social Connect Views
Unique constraint 500 error is fixed as well.
I'm working on a Django project that requires user authentication for BitBucket, I have setup allauth such that users can authenticate with Bitbucket, I just don't understand how to make further requests to the Bitbucket API now that the user is authenticated.
I understand that allauth is purely for authentication purposes, there is just no documentation on how to access and make further use of the authentication, in this case accessing the credentials (oauth_token) such that I can make further requests on behalf of the resource-owner.
I found the authentication details to make a further requests.
Workflow
from allauth.socialaccount.models import SocialAccount, SocialApp
bitbucket_app = SocialApp.objects.get(provider='bitbucket')
user_account = SocialAccount.objects.get(user=request.user)
# User should only have one SocialToken object per SocialApp
# https://github.com/pennersr/django-allauth/blob/master/allauth/socialaccount/models.py#L137
user_token = useraccount.socialtoken_set.first()
# Credentials to make further requests
client_key = bitbucket_app.client_id
client_secret = bitbucket_app.secret
resource_owner_key = user_token.token
resource_owner_secret = user_token.token_secret
Using credentials with requests and requests_oauthlib
import requests
from requests_oathlib import OAuth1
auth = OAuth1(client_key, client_secret, resource_owner_key, resource_owner_secret)
r = requests.get(protected_url, auth=auth)
An example with the bitbucket-api
https://bitbucket-api.readthedocs.org/en/latest/index.html
from bitbucket.bitbucket import Bitbucket
bb = Bitbucket(user_account.uid) # Initialise with bitbucket username
bb.authorize(client_key, client_secret, 'http://localhost', resource_owner_key, resource_owner_secret)
# Get user repositories as an example
bb.repository.all()
Recently, I ran into something unusual. When i tried to sign up on my django site through Linked In it logged me in right away and redirected me to whatever the login redirect URL i had set. But now when I finnaly deployed my site on AWS, django-allauth takes me to this user sign up page asking for username before sign up. I would like to skip this and use the email instead of "username". Here are my django all auth specific settings from settings.py:
ACCOUNT_AUTHENTICATION_METHOD = "email"
ACCOUNT_EMAIL_REQUIRED = True
ACCOUNT_EMAIL_VERIFICATION = "none"
ACCOUNT_LOGOUT_REDIRECT_URL = "/user/"
ACCOUNT_SIGNUP_PASSWORD_VERIFICATION = True
ACCOUNT_UNIQUE_EMAIL = True
Moreover, I have also tried setting SOCIALACCOUNT_AUTO_SIGNUP = True .
Yes, it seems that I overlooked their documentation or perhaps they recently updated it, the problem was i was using "sign up flow" to sign in an already registered user and thus allauth used to present this signup-form. You can avoid this by writing:
login with facebook
and your sign up link will look like:
sign up with facebook
and to connect multiple accounts to same email you'll need to define an adapter like this:
class SocialLoginAdapter(DefaultSocialAccountAdapter):
def pre_social_login(self, request, sociallogin):
# This is tested and should work
try:
user = User.objects.get(email=sociallogin.account.user.email)
sociallogin.connect(request, user)
# Create a response object
response = HttpResponse()
raise ImmediateHttpResponse(response)
except Exception:
pass
and do mention this in your settings.py
SOCIALACCOUNT_ADAPTER = 'path_to_your_adapter_module.SocialLoginAdapter'
And this is how my final settings.py looked like (allauth part)
ACCOUNT_AUTHENTICATION_METHOD = "email"
ACCOUNT_EMAIL_REQUIRED = True
ACCOUNT_EMAIL_VERIFICATION = "none" #later change to mandatory
ACCOUNT_SIGNUP_PASSWORD_VERIFICATION = True
ACCOUNT_UNIQUE_EMAIL = True
ACCOUNT_USERNAME_REQUIRED = False
SOCIALACCOUNT_EMAIL_REQUIRED = True
SOCIALACCOUNT_AUTO_SIGNUP = True
# custom adapter to override login behavior and associate different social profiles with same email,with same user
SOCIALACCOUNT_ADAPTER = 'path_to_your_adapter_module.SocialLoginAdapter'