django : how to confirm registration without email verification - django

I wnat to confirm registration without email verification
How can it config?
And, Where is the django-registration views?
Can I change the registration views?
Thank you.

You could use django-social-auth to make users register with their social account (which has been verified already). This would have the added bonus of being much quicker to sign up via.
You can see the registration views here. If you want to change them, copy the urls from django-registration's urls.py and put them into your own urls.py, then link them to a new views.py file and wrap the registration views with your own custom code.

Django-registration comes with a default backend as well as a simple backend.
The default backend takes care of the email verification / activation.
If you want to disable the email verification in django-registration, then you'd need to use the simple backend instead.
Add something like the following to your urls.py:
(r'^registration/', include('registration.backends.simple.urls')),

i would use janrain or gigya, i think janrain is better, it's just my opinion.
anyway what that would do is let people login using facebook, gmail, twitter etc.. like the django social auth...i'm just giving you other options :)

Related

Is it needed to add reCaptcha to built in Django's login form?

Hello I'm new to Django and I'm using Django's built in forms to login my users, also I have a contact form where I'm using Google reCaptcha to avoid attacks.
I was wondering if it is needed to add reCaptcha to my login form. I have heard Django takes care most of security and I don't want to repeat code if default login form is already prepared for brute force attacks.
In case its better to add reCaptcha to default login form how can I process the validation? In my contact form I call Google's API to verify user click within my views, but I don't feel comfortable adding that code inside the auth_views.LoginView class.
Thanks!
Django does not take care of any rate-limiting with its forms, including login.
I think that it is a good idea to include some sort of rate-limiting security measure to your login form. re-Captcha might be overkill as a default, unless there are several incorrect attempts within a timeframe.
Take a look at the Django rate-limit project for an easy to implement alternative to captcha.
In order to add reCaptcha to the login view, rather than modifying the auth_views.LoginView class, just create a new view that extends that class. You can add your recaptcha form validation just like in your contact form.
Then you can update your url to point to your custom view and template:
url(r'^login/$', custom_auth_views.recaptcha_login, {'template_name': 'core/recaptcha_login.html'}, name='login'),
See this post on how to extend the login views / templates.

Implementing Ajax requests / response with django-allauth

I am using django-allauth for one of my project. I would like to implement login/signup process via ajax. I would like to have customized signup form. I was going through their signupmixin and signup form. Sounds like I can write custom views for each action and map it to the url config. I am not sure what is the best way to do this.
Thank you so much for any help or advice on this.
It depends a bit on what you mean by ajax. If you just want to have a popup-style login/signup box on every page, then you can simply add the form to your base template and show it dynamically using Javascript in a popup box or so. If you keep the form action url to the original allauth urls then this will already give the feel of an ajax signin. You could also tweak things by using $.ajax or $.post to post to the original allauth views.
Something like the above is done on http://officecheese.com/ -- this is an allauth based site, though I am not affiliated with it.
If by ajax you mean that all authentication related views should be displayed via ajax, without causing a new document reload, then I am afraid you are a little bit out of luck. This simply is problematic for scenario's where e-mail verification, or OAuth handshakes are involed, as here you are typically navigating to a new URL from your mailbox, or redirecting to Twitter and so on.

django-registration login and register on one page

Is there a good way to have both the login and register forms for django-registration on one page? I've had trouble finding a way to do it now that the backend system is enforced. Is there a view that can be overwritten that would allow you to add both forms to it? Anyone done this before or can point to an article about this?
Edit: Just to clarify I have the whole django-registration and login system set up and working properly, I'd just like to get both forms on the same page. I do not have access to their views.
Just hard-code your login-form in the registration-html-template. It should work like a charm.
You can always override the default login and registration views/templates. You can take a look at this link and see if this was what you were thinking to do. Then, you can read the Django documentation for further information about making custom login and registration views and templates as well.

Invite Only app for Django Auth

I'm working on a Django web app and want to restrict signup to my site. For thatI want to use invite only app..I could find a couple of app built on the top of Django registration but I'm using Django Auth . Is there any app which I can use with Django app to get the same functionality.
General idea:
First, you can check out the code I have written which works fine for me.
Take a look at the example include in the application, you will learn
how to write your own pipeline. this pipeline can be redirected to any
view you would like.
from there you can save a invitation_key in your sessions and if that
key is valid, you can continue with create_user built in pipeline.
I have used this application for invitations that produces and validates invitation keys.
Implementation
It took me quite a day to figure it out.
This is a invite app built on allauth which restricts signup to invite only:
https://pypi.python.org/pypi/django-invitations/0.12

User management app for Django's auth

I am working on a small Django site where every user who leaves a comment on the site gets an email with a password (email is the user name) to change the comment later on.
The site should also support functions for users to retrieve or reset passwords. For this simple task I wanted to use the Django auth capabilities.
Is there a Django app which provides a simple package of user management (to reset or change a user's password) which I could incorporate in my site?
Would packages like Pinax or Drupal help for this simple task? They seem to be the overkill.
If you are looking for an advanced profile-/account-module you could take a look at django-userena
Some other options are listed in the profiles-grid on Django Packages.
Reset and change password are both included in the standard contrib.auth views.
I would have a look at django-user-accounts