I am trying to hack my way through the wonderful django-registration app, and add the ability to send email invitations for the site.
The sending of invitations is trivial: the user enters an email, and the view sends an email to the recipient with a random alphanumeric sequence in the activation link.
I largely took the code from Ayman Hourieh's book on Django. The problem is that in the book Ayman develops a custom made registration system, and then adds the variable invitation to the session. I don't know how to do it with Bennett's django-registration, so that when somebody follows the link, and performs the activation, he can become friend with the user than sent the invitation. This is crucial for me because I need the ability to track the number of users that each user drove to the site. Anyone had experience with this problem?
Have you had a look at django-invitation? It's build on django-registration
http://code.welldev.org/django-invitation/wiki/Home
EDIT
I haven't used it before so I don't know its exact functionality, but looking at the code, when an invitation is sent, an InvitationKey object is created which has a from_user and registrant so the functionality is there whether it's documented or not.
Related
Im using Django Allauth and have a number of questions.
(a) When a user registers they are instantly logged in and a confirmation email is sent to their inbox. I am wondering if this is best practice? Should the user instead be signed out after registration and only allowed to sign in using the link in their email?
I am also wondering about password change. The password change functionality that comes with Allauth simply asks the user to enter their old password then enter a new one twice. My two questions for this are (b) is this good practice or should I make my users request a new password via email, and (c) should I force logout my users after a password change and make them login using their new credentials?
(d) And lastly, if a user has forgotten their password they can request a new one sent to them via email. I could imagine this could easily be abused as you do not need to be signed in to do this (a person or bot continually enter a users email address sending them thousands of password reset links). Is there a way to add a limit on a persons email address so the one user can only be sent maybe 2 password reset links per day?
I would appreciate answers to any of these questions and greatly appreciate any elaboration on how to do any of this as I am new to Django and really dont know where to begin if I am to make these changes.
Thank you very much.
It all depends on what you want to do, if your site is gonna manage a lot privacy data, then the story would be completely different. Assuming that it is true.
A) Best practice would be to be able to log in right away but they have restriction until they confirm the email.
B)Always request password change via Email using generated url.
C)You should not keep the user logged in with the old password, either log it out or automatic re login.
D)This is probably the most important here. There is a lot of way to prevent such abuse, tho they are not 100% effective but it is very effective, here is the thing: 1) if your way to recover password is by email, you can KEEP THE EMAIL PRIVATE, no one can see it, and what do you think the odds are to type a random email and matches the one on your database ? 2) Use popular antibots like Google's Recaptcha. 3) Set a limit of attempts on a limited range of time.
I have a django project where I want to create users, and some time later be able to send a welcome email with a link inviting them to log in and set a password.
I'm using django-allauth. I found this SO question which shows how to call allauth's password reset form, which is close to what I need, except that:
I want to send a "welcome" email, which would be worded differently.
I want it to send them to a "welcome" page, which would be different to a password reset (although perhaps operate the same way in that it use a token etc...)
I'm thinking I could somehow hijack that, but am not sure how or where that email gets sent.
django-allauth docs mention the routes /accounts/password/set/ and /accounts/password/set/ but I can't access either without logging in first.
This is an existing project I inherited, and I do have a template for "/account/password_reset_from_key.html". Just not sure how it all gets wired together.
Has anyone done anything similar?
You mention:
...and some time later be able to send a welcome email with a link inviting them to log in and set a password.
If sometime later, then you might be interested in queues like Celery to do that for you.
Here's an approach you might take:
Listen to the save django model signal on the User model. Send an email to a user whenever that is triggered (this will happen immediately. However with your "some time later" thing, then you add that sending to the user to a celery job queue for later
Send a dynamic email with html. With this, you can customize the design etc to your taste.
I've seen this use case a few times.
A user goes to a company's web site and places an order with the company.
User logs into Facebook.
Messenger window shows up that says order confirmation # and now there's a chat between you and the business.
I'm trying to figure out how this is done.
Of course, if the user has given the app permissions or there was some Facebook integration on check out, then presumably the company has captured the user id and can send messages.
Is there any possible way that a company can send a message to a user by simply knowing their e-mail address? I think FB ids are scoped to Apps so even if you knew the user's FB Id, the ID on your app would be different. Any ideas?
I did it with ruby on rails.Let me give my articles about messenger bot.
This link show from scratch. and it uses this gem to make it happen. These are so useful articles. if you have additional questions, please let me know.
I'm trying to sell virtual goods using PayPal (already implemented Zong+) in Django. I decided to use django-paypal to handle the IPN for me (decided that IPN was the best fully automated option.)
I've currently made a buy-now button using the PayPal button wizard on their website, ie it's secure and saved on paypal to protect against tampering. (I'm very new to PayPal, not living in a fully supported country, so haven't used it myself.)
My questions:
How do I include the username that made the purchase or a similar means of identifying the user that made the purchase with the IPN callback later and retrieve that with django-paypal? Preferably with no means for the user to mess with it.
Should i ditch the auto-generated button and roll my own instead? Will that let me pass extra invisible parameters that PayPal will send in the IPN later?
The Sandbox doesn't let me make User Accounts that I can test on the real site, right? Unless I make a merchant in the Sandbox and make a button for that merchant, I think.
1: If you use the django-paypal PayPalPaymentsForm you can specify a "custom" field containing the username. This will be posted back to you with the IPN. If your buttons are encrypted the user will be unable to tamper with this.
2: Yes, see 1 :-)
3: No, but you can create buyer and seller accounts on the Sandbox.
I am trying develop a basic referrer system to my Django website, system will be generating a unique url for each users to share with their friends. Once these friends enter this website, system somehow keep the data that "this user is browsing by the reference of X user" and once this invited person decided to register for an account, system will save this information (maybe as an extra Foreign Key of the inviting user in the UserProfile model)
Now how can I keep track of the inviting user from the moment entering using the referred link to the point where he/she registers to the site. Would session framework work on this? If not how could this be done ?
I implemented this feature in my book 'Django 1.0 Website Development'. You can view the relevant chapter online at 'inviting friends via email'.
I used the sessions framework to track clicks on referral links. When a link is clicked, the session is populated with the id of the invitation. When the user registers, the session is checked for an invitation id.
The formatting of the code is a bit off on that page. I've just noticed this. I will let the publisher know. You can download the source code with proper formatting from the book's page.