I have been working on custom API token logic, that would allow me to verify users using just their email, but not username and password. How I see it:
One user send me credentials (just an email address);
Django SMTP server sends an email with verification code;
User sends its email address and verification code to the server and then gets access and refresh tokens;
I read approximately the same question, but I did not find the answer concrete enough, so I would be glad to hear any suggestion how to solve it.
Related
I have performed this same for forgot password by writing lambda function. But I am not getting verification code in Gmail it shows "Your verification code is {####}.
While I have tried to create an account using fake email and when I try to forgot the password, the mail receives with the verification code.
I am getting verification code in default email but not in recoveryEmail attribute.
I am using django version 3.2.4 in combination with Django Rest Framework.
I also use https://github.com/jazzband/djangorestframework-simplejwt for JWTs.
Problem:
I need to enable Two Factor Authentication in the following way.
User uses an endpoint that he submits his username & password. He receives back a jwt token that includes in a claim the verification code he needs to enter hashed.
At the same time an email with this code goes to his email.
Once the user receives the email he posts in another enpoint the verification code received and the jwt token he received in the previous step.
If the code the user submitted matches the hashed code then he obtains the jwt token that it will be used in the subsequent requests.
P.S. Any other ideas, that achieve something similar with the above are welcomed.
The way I would approach this is by adding a confirmation_code field to user model and handle login using one view with two cases:
1st case, I have username and password in request but no code, after checking username and password, I would create manually and return a short lived access token only without refresh token (which would expire in 3 minutes for example), I'd create a confirmation code, save it in db and send it via mail or sms etc...
2nd case the user posts the received confirmation code using the access token in the request, but no username and password, this way I'd be sure the user has an available access token and confirmation code, I would then return access token and refresh token as usual, in this step I would blacklist the access token after login is confirmed.
I am doing a web app in Django. I hardly tried to create a TokenGenerator for verifying the user's email to activate the user's account
coming to the problem,
how to send the verification email to the user account while
signup. while signup, users can receive a verification link email
with a token generator
the user has to input the password at the time of account signup
After verifying the email user can log in to the respective page via their mail id and password
while login it should check whether an email is present in the DB
(DB will be updated with user emails )
for the first question, Django has built-in functions and classes for sending emails, you can check them here: https://docs.djangoproject.com/en/3.2/topics/email/ and this post will help you send and email: https://dev.to/yash2115/how-to-send-e-mail-in-django-37ge, and if you want sen an email for any user's sign up you have to use signals, check it here: https://docs.djangoproject.com/en/3.2/ref/signals/
other questions are all related and they are pre-built in Django, these links will help you: https://learndjango.com/tutorials/django-login-and-logout-tutorial
https://developer.mozilla.org/en-US/docs/Learn/Server-side/Django/Authentication
repositories which may help:
https://github.com/shoukreytom/pdfstack
https://github.com/shoukreytom/notes
https://github.com/shoukreytom/blog (advanced - apis)
https://github.com/mitchtabian/Food2Fork
I'm building a registeration portal for my website. I'm using Django. Any user needs to input unique username and email to register. How to enable email verification?
If you are asking about verification link inside the email that your app is going to send after users registration then maybe check this link
I am using WSO2 for authentication. I want to use email as username so i did below change
<EnableEmailUserName>true</EnableEmailUserName>
It is working fine as expected.
Then i try to implement forgot password functionality. As per my requirement i need to send email notification with link to the user if he/she forgot the password. On doing this, i have to verify the username and get the key. My username should be example#gmail.com#tenant.com to get the key, but the problem is while calling "sendRecoveryNotification(username, key, notificationType)" it is expecting the username as only email without tenant id like "example#gmail.com".
But the actual key generated against the username "example#gmail.com#tenant.com" and it is throwing exception like "javax.mail.SendFailedException: Invalid Addresses". When i give only email address "example#gmail.com" it is throwing "18001 invalid confirmation code for user: example#gmail.com".
I don't know where i am missing. Is this problem with WSO2?
The only solution i have is to use javax library directly to send email notification.
Can anyone help me to get out of this. Thanks in advance.