I am using Django allauth for authentication to my rest api. I have the whole process working as expected (login, registration, password reset) with email confirmation ..etc.
My question is when a user register the user receives an email with the link that user need to click and confirm to get access to the website. However, i want to use allauth but instead of a link I want a randomly generated activation code (example: 123456). That user can input in a form to confirm.
Allauth currently doesn't support this. You could open up an issue asking for the feature to be implemented, but considering that there's really no obvious advantage of using both systems, I doubt this would be accepted.
Is there a reason why the link method doesn't work for you, but this does? If so, maybe there's some workaround that could work?
Here's a possible workaround (albeit a very complicated one):
Write a template tag that would trim out the website part (ex example.com/confirm/ out of example.com/confirm/sdafsdagfsagfsdafasdfsafgfdsg), so that only the actual code is sent to the user in the email
Make a form that would accept this code, and, on submission, reconstruct the url back to its original state, and go to that url, effectively activating the account. You would almost definitely need to write custom javascript for this.
Related
At first i wanna say that my code is not important here. I wanna understand logick how this works. So when i try to Login with Django Rest Framework i need to pass 2 fields "Password and Username". Is this possible to add more required fields for example i need to pass email to log in. And How do i make it compare to data that i passed while registering user. (sorry for eanglish)
I wanna make this:
enter image description here
Fields only required to log in:
enter image description here
Images Fixed
Well, login can be anything you want. See an example here :
https://docs.djangoproject.com/en/4.0/topics/http/sessions/#examples
What you need to understand is own you keep your users logged. This is done through the Authentication engines, which you can implement yourself, or keep something simple like session (cookies).
But you can even do "log-less" actions by using pre-generated token, or even using headers if you're using an proxy that setup users for you, etc.
Here is another view from SimpleJWT that generate your token (which is then used with the middleware to perform authentication when your client sends it): https://github.com/jazzband/djangorestframework-simplejwt/blob/master/rest_framework_simplejwt/views.py
I have a django project where I want to create users, and some time later be able to send a welcome email with a link inviting them to log in and set a password.
I'm using django-allauth. I found this SO question which shows how to call allauth's password reset form, which is close to what I need, except that:
I want to send a "welcome" email, which would be worded differently.
I want it to send them to a "welcome" page, which would be different to a password reset (although perhaps operate the same way in that it use a token etc...)
I'm thinking I could somehow hijack that, but am not sure how or where that email gets sent.
django-allauth docs mention the routes /accounts/password/set/ and /accounts/password/set/ but I can't access either without logging in first.
This is an existing project I inherited, and I do have a template for "/account/password_reset_from_key.html". Just not sure how it all gets wired together.
Has anyone done anything similar?
You mention:
...and some time later be able to send a welcome email with a link inviting them to log in and set a password.
If sometime later, then you might be interested in queues like Celery to do that for you.
Here's an approach you might take:
Listen to the save django model signal on the User model. Send an email to a user whenever that is triggered (this will happen immediately. However with your "some time later" thing, then you add that sending to the user to a celery job queue for later
Send a dynamic email with html. With this, you can customize the design etc to your taste.
Is there a way to use django's inbuilt password reset function without sending reset links via email or without the email option. I am currently developing a simple system with a few number of users on which sending emails are not needed.Thanks in advance
There are some options in django.contrib.auth that allows you to change the password without needing to send an email:
PasswordChangeForm: A form that lets a user change their password by entering their old password.
SetPasswordForm: A form that lets a user change set their password without entering the old password
You can implement one of them in your view to change the users password.
You can change password with forms and in the views.py use the function
make_password()
if passwordForm.is_valid():
password = passwordForm.cleaned_data['password']
request.user.password = make_password(password)
request.user.save()
[make_password][1]https://docs.djangoproject.com/en/1.11/topics/auth/passwords/
I'm not familiar with django but I've worked on other apps before where access was gained for any user, even the initial admin, via password reset. In all those cases the method of working has been similar - the reset link is formed from some URL stub plus a unique key that is found in some database table somewhere. Manually assembling the link and using it worked out just fine, though one system used an emailsentdate column and refused to do anything unless it was populated , so check for anything similar if you don't get success with a simple approach
If you absolutely have to have an email server, there do exist simple ones intended for dev use like smtpdev, they behave like an smtp server to fool an app that demands one, but they don't send the emails onto anywhere, they just display them. Intended for debugging but might help you if django insists on one being configured that looks like a real mail server
I need to implement a fairly simple registration workflow:
User fills a registration request (form).
Admin(s) recieves a notification about the registration request. (maybe)
Admin(s) activates desired users from the django-admin interface.
User recieves a notification about the activation of his account.
I've been reading about the django-registration application.
From what I've read, it seems that this app is used very frequently but I'm not sure of its advantages.
So, my question is: from the following options (I'm open to other alternatives as well), what would be better in this case?
Implement all the registration from scratch.
Extend one of the backends on django-registration.
Write a django-registration backend from scratch.
Also, reasons supporting the choice please.
you might want to take a look at django inspectional registration it fits your use case perfectly. It's an enhanced version of django registration since the latter doesn't have the function to approve/deny user's registration.
I use Django social-auth (omab version just to avoid any confusion with the other similarly named project) and right now I am trying it with Facebook. It is possible to register a new user and to login/logout without any issue. The only thing that I would like to add is a form during registration to let the user enter the desired username to be used on site because at the moment the username is either a facebook username (I do not want to force the user to use the same username) or a uuid if there is no facebook username (and that is ugly).
I am reading the docs, the pipelines and all that stuff but I'm not sure to understand, any hint or explanation would be welcome.
I found it in the example app that comes with social-auth https://github.com/omab/django-social-auth/tree/master/example/app. There is an example of the pipeline to use and even the form and views you need to implement. Very few to no changes are necessary to have a working implementation. At least some work needs to be done on the form at the time I write this because you can enter a username already taken.
The accepted answer links to an entire GitHub project without explaining anything about what parts of it are relevant, and some of it is outdated, so I'll try to share what I've learned.
django-social-auth is deprecated and the replacement is social-app-django, which integrates Django with the python-social-auth project.
The documentation on python-social-auth Pipelines is relevant. In the default pipeline, this is the stage that generates the username:
# Make up a username for this person, appends a random string at the end if
# there's any collision.
'social_core.pipeline.user.get_username',
The implementation of get_username shows the default behavior. We will have to copy these aspects:
It ensures that the username it comes up with is unique, by checking storage.user.user_exists(username=...) and modifying the username until it is unique.
It returns the dictionary {'username': '...'}, which is passed to the next stages in the pipeline.
To prompt the user, we need a custom "partial" pipeline stage. This lets us pause the pipeline to wait for the user to submit the username form and then resume it once we have the username.