I'm trying to implement signup with confirmation email with Django using SendGrid as email provider, my 'SignUpActivationView' code validates the token and then redirects the user to the home page, where a success/error message is displayed using the messages framework:
class SignUpActivationView(RedirectView):
redirect_url = reverse_lazy('link_list')
def dispatch(self, request, *args, **kwargs):
...
# if token is valid:
messages.error(self.request, 'Your account is now active.')
return HttpResponseRedirect(self.redirect_url)
# if token is invalid:
messages.error(self.request, 'Your account could not be activated.')
return HttpResponseRedirect(self.redirect_url)
So far my approach works as long as I copy-paste the link in my browser, if I click on it instead, the user is activated but the success message is not shown in my application. I believe this is because SendGrid's Click Tracking service is wrapping my link:
A workaround I found is to tell SendGrid to NOT track the link by adding and the 'clicktracking=off' HTML attribute, the disadvantage is that I can only tell SendGrid not to track links in the HTML version of my email. In case the user's email client decides to open the Plain text version of the email, then link will still be wrapped.
# solution: do not track clicks
# caveat: only works in HTML, not in plain text emails
<a clicktracking=off href="http://foo.bar">Confirmation link</a>
So Link Tracking is pretty month mandatory for Plain text emails.
Is there any way to make the messages framework work with Link Tracking?
When SendGrid tracks your link, the "click" goes to SendGrid, which returns a 302 Found redirect to the URL you provided in the original email, before SendGrid tracked it.
So, as long as you provide the correct link there, by the time the "click" is getting to your server, it's back to that, with the appropriate token.
You can review this behavior in Chrome's Developer Tools, under the Network tab, which should help you troubleshoot what's happening here.
Also, you can disable all of SendGrid's Click Tracking, instead of just link-by-link, under their Settings: Tracking Settings section.
By default, SendGrid does not track plain-text links, since it makes them so much longer. You'd have to actively enable that under those same settings if you want it to do that. It's very rare that a recipient views in Plain Text these days, so it's not a significant contributor to your engagement statistics, so enabling that feature is generally not recommended.
Related
Basically I understand how to integrate Stripe payment into Flask, I'm using the official website (https://stripe.com/docs/payments/accept-a-payment?integration=elements) as a guide. In the guide the user is taken to a success page after the payment is successful. What I want to do upon a successful payment is collect the user's email, create a randomized password, and then email that password to the user. I've learned how to grab information from the session id using this page (https://stripe.com/docs/payments/checkout/custom-success-page). What I'm concerned about is that a user might go to the success page, get an account, and bypass the required payment.
My idea to solve that is to get the session info using this line:
session = stripe.checkout.Session.retrieve(request.args.get('session_id'))
and then before doing anything else check if it's none. If it's none, it will display an error page, if it is not none then it will create an account for the user. Would that work? Or would people just be able to change the session_id in the url until they find a number that is a valid session?
If that doesn't work, all I really want to do is upon successful payment create an account for the user using their email and a randomized password. How do I do that?
You're on the right track. Generally the flow is:
Customer is redirected to Checkout
Customer pays
Checkout redirects customer back to your success_url
You fetch the Checkout Session using the ID in the URL to confirm a valid payment
For #4 you can do various things to make sure people can't guess a Checkout Session ID (which would be unlikely due to their length and complexity). I suggest checking to see if the successful payment happened within a certain timeframe, like the past hour or past day, for example.
Review Board documentation mentions that
Sender Headers
Review Board can send e-mail on behalf of users. This may happen when creating a new review request or reviewing some code.
E-mails appear to be sent from the users, rather than from Review Board itself.
...
By using these two fields instead of just faking the From address, we can avoid e-mails appearing to be spam or otherwise malicious. Many modern e-mail clients warn if the From address appears to be suspicious.
Is there any way to disable email sending on behalf of users? I want to send emails from default email which is set in the admin panel.
Try setting the from_email in
https://github.com/reviewboard/reviewboard/blob/0935f8daf9b2f07d1f679a1cbed49998df3d59de/reviewboard/notifications/email.py
for the method:
def send_review_mail(user, review_request, subject, in_reply_to,
to_field, cc_field, text_template_name,
html_template_name, context=None, extra_headers=None)
In particular, the line:
from_email = get_email_address_for_user(user)
We do something similar for our server setup at the company to force the sender to be a particular user that we want users to respond to.
I have an AngularJS Single Page Application that uses a Django backend API based on the Django Rest Framework. The API is protected via django-rest-framework-jwt. I would like to use django-allauth for account management and authentication on the server side.
I am just missing one single piece in the flow: How does my Oauth-Token from the client get transferred into a JWT-token? Basically, I would like to do as described here http://blog.wizer.fr/2013/11/angularjs-facebook-with-a-django-rest-api/ based on python-social-auth.
So my question is, how do I implement the ObtainAuthToken class from the link with django-allauth?
There are usually two login flows with social login: client-side ("Javascript SDK") and server-side. If your server needs to be authorised, it's usually a lot easier to go through the server-side flow. And that's also what all-auth does I think (and you didn't mention you use a frontend library like the blogpost you mentioned does).
Now the challenge is to provide the token from the server to the frontend. You would probably load the token in the HTML of the initialisation of the SPA, and then from Angular save the token client side (cookie, localStorage, etc.) so the session isn't lost on a refresh.
If you don't want the user to leave your app, you can open your /accounts/login/ or /accounts/signup/ url in a new window. In that new window they authorise your app, and your server receives the token upon return. There, you will have to generate a JWT token manually, and render that into the template so that javascript can access it. With js in that popup window, you can then communicate with your app that opened the popup and pass it the token – see this SO answer for an example – so it can save it.
Django-allauth provides signals that let you hook into the social login process. In your case, I would recommend subscribing to the allauth.socialaccount.signals.pre_social_login signal. The code will look something like this:
from allauth.socialaccount.signals import pre_social_login
#receiver(pre_social_login)
def create_jwt_token(sender, request, sociallogin, **kwargs):
# dig into the sociallogin object to find the new access token.
We used hello.js for O-Auth at the company I worked at.
You provide a shim on the Python end and get the refresh token and whatever other data needed once the user connects their social account.
We redirect them via Django to the page they attempted to access from their OAuth provider's page.
Each user still has their own email account which is needed for the JWT, but you could assume that whatever email is in the scope of their social account is their email then use django's functionality to create new users: User.objects.create(email=emailStringFromOauthData) etc.
The use case:
User makes order his payment gets accepted and his details are getting post to a django's view. Using these details django's view creates user and everything that is necessary (Username and password is provided by me). Then before returning it sends email to clients email with his data (Username and password for now).
But sometimes I get a gateway timeout error from apache(app is deployed on openshift). Because the user is created I assume that the timeout comes from the email sending part. How can I make sure everything went ok and inform the user? How can I make sure that if the email isn't sent I can resend it? What is the best practice at that?
If you have timeouts with an API or Service, you should fire your POST / sendmail request with AJAX...
Serialize the whole form (like jQuery's serialize())
Send that data via AJAX (with jQuery's ajax())
Inform the User of success or error (alert() or jQuery UI dialog)
You can find a lot of examples on this website.
Another "dirty" approach would be to add the attribute target="_blank" to your form tag what opens your lazy request in a new tab / window.
I am creating a form through web form from marketers and on submit button's save action I have added a 'Send Email Action' for sending a email. And I have also changed 'Send Email Message' action's parameters and . But still it is not sending email. Please tell me how to resolve this problem?
here is the error:
We experienced a technical difficulty while processing your request.
There are two things you should check.
Does the SMTP server you have configured, actually pass mail through?
Are there any exceptions showing in the Sitecore logs?
This blog post: http://intothecore.cassidy.dk/2012/05/email-confusion-configuring-smtp.html takes you through pretty much everything in relation to setting SMTP options for your Sitecore solution and for Webforms for Marketers. It's easy to get confused as to how these work.