I want a Registration Form with only email + password. I am thinking to insert automatically email in username field. So, for eash user, I will have this:
username: example#example.com
password: mypassword
email: example#example.com
Of course email + password will be used in login process.
Is it a good solution to having 2 fields with the same value ? Or is there a more sofisticated solution ?
Thanks :)
Probably not a good idea to circumvent the expected regex validation on username which is r'^\w+$' (so no # or ., obviously). Also, there's a 30 character limit on username, so lots of email addresses won't fit.
You should write a custom auth backend that authenticates based on the actual email field - many people do this, so you can probably find samples on djangosnippets.
Two things to keep in mind - by default, the email field is non-unique. Also, you are almost definitely going to break the admin app, so you'll need to do some jiggery pokery if you want to use contrib.admin.
Related
Is it possible to change Django database user based on login user. I'm using postgres db.
I'm writting this answer according to my understanding of the question.
For your question yes, for example if you have an application and its support multiple users login consider 3 to 4 kind of users like..
Normal user
Superuser
And many more...
And if you want to switch between these users you have to made some uniqueness to find them while login. For that you should add an attribute (field) to your database table (for example user_role anyway you can give your own).
Note: you should predefined all the users in this table.
And while signing up, use this user_role(u should insert 4 user_type as already mentioned above ) and make it to foreign key to your users table.
So now you saved users by giving the user_role.
While login u should send the request containing user_role along with user_name and password.
{
"user_role" : 2
"user_name(or email)" : "***#gmail.com",
"password" : "****"
}
If you are not find this answer as more relevant please elaborate your question so someone can help you.
Happy coding!!
I am attempting to create Reset Password functionality using Djoser. I am successfully hitting my API's auth/users/reset_password/ endpoint, which is then sending an email as expected. But the problem is occurring in the content of the email. It is sending a redirection link to my api, rather than to my frontend.
Please note, any <> is simply hiding a variable and is not actually displayed like that
Here is an example of what the email looks like:
You're receiving this email because you requested a password reset for your user account at <api>.
Please go to the following page and choose a new password: <api>/reset-password/confirm/<uid>/<token>
Your username, in case you've forgotten: <username>
Thanks for using our site!
The <api> team
The goal with this email is to send the user to the /reset-password/confirm/ url on my frontend, not on my api, which is currently occurring.
Here are my DJOSER settings:
DJOSER = {
'DOMAIN': '<frontend>',
'SITE_NAME': '<site-name>',
'PASSWORD_RESET_CONFIRM_URL': 'reset-password/confirm/{uid}/{token}',
}
The expected behavior is for the DOMAIN setting to alter the link that is being placed in the email, but it is not. I can't seem to find reference to this particular problem within the docs.
Any help here would be greatly appreciated, thanks.
I figured it out:
Due to Djoser extending the package django-templated-mail, the variables DOMAIN and SITE_NAME have to override django-templated-mail setting rather than Djoser's setting. So, you have to pull variables specific to django-templated-mail out of the Djoser variable.
The working setup actually looks like:
DOMAIN = '<frontend>',
SITE_NAME = '<site-name>',
DJOSER = {
'PASSWORD_RESET_CONFIRM_URL': 'reset-password/confirm/{uid}/{token}',
}
deploying an internal (corporate) API manager 2.0.0 we found a limitation - the email address validation apparently enforces email validation with 2-4 email :
/store/site/themes/wso2/templates/ui/validation/custom-validation.js:
$.validator.addMethod('validEmail', function(value, element) {
var emailRegex = /^([A-Za-z0-9_\-\.])+\#([A-Za-z0-9_\-\.])+\.([A-Za-z]{2,4})$/;
return emailRegex.test(value);
}, i18n.t('Invalid email address'));
However - email addresses today may have even long last domain name (e.g. someuser#stad.gent, otheruse#my.internal.corporation)
I see the validation logic is implemented in the followinf file:
repository/deployment/server/jaggeryapps/store/site/themes/wso2/templates/ui/validation/custom-validation.js
Question: is the file the only place where the email format is enforced? (Users are managed in AD, so the default user view / management UI doesn't concern us too much atm)
Seems the only place where the email is validated is the script:
repository/deployment/server/jaggeryapps/store/site/themes/wso2/templates/ui/validation/custom-validation.js
Goal: I'm trying to get a Ruby on Rails application to send me emails whenever a user fails to log into OmniAuth. I want the e-mail to include (1) the username entered in the form, and (2) an MD5 hash of the password field.
Obstacle: OmniAuth returns a POST after a successful login, and a GET after an authentication failure. The "success" POST includes the username and a filtered password, but the "fail" GET does not include these two parameters.
So I guess my question is "Can I make OmniAuth return the parameters I want? If not, how can I make Rails remember the form data after it gets POST'ed to OmniAuth?"
I emailed the OmniAuth team and they gave me the solution below (thank you so much!):
You can do custom failure handling by adding an on_failure action.
OmniAuth.config.on_failure = Proc.new { |env| #do stuff }
https://github.com/intridea/omniauth/blob/master/lib/omniauth/failure_endpoint.rb
is the default failure endpoint as an example
So I added the following in config/initializers/omniauth.rb:
OmniAuth.config.on_failure = Proc.new{|env|
myLog = ActiveSupport::TaggedLogging.new(Logger.new("log/omniauth_log.txt"))
myLog.tagged("OmniAuth", "ENV") { myLog.info "Failed login attempt - username: #{env["rack.request.form_hash"]["username"]}, password: #{env["rack.request.form_hash"]["password"]} "}
OmniAuth::FailureEndpoint.new(env).redirect_to_failure}
...and it records the username and password correctly. All that's left to do is encrypt the password.
If you want to display everything that's going on, you can log #{env.inspect} itself. It's a very large hash though (that also contains smaller hashes), so maybe log #{env.inspect} once and pick out the fields relevant to your task.
I'm using django-allauth for my user management and using the user's email address as the username field.
Everything is working fine and I've got a form the user can use to update their details - first name, last name etc. - which works perfectly.
But it won't update the user's email address using that form. I'm guessing it's because it's the primary key but how would I go about allowing the user to change their email address in this scenario?
You can use EmailAddress.change in your view.