Comments (5)
Redirecting user to the login page (with a message that the link has been sent to the given email) after form submission is a common behavior for most websites (if that's what you mean) and can be handled from within your Django project's view.py
users are redirected to the login page either by:
- User register for the first time and submit the email through the signup page, in this case, an email will be sent to the given email, and user will be directed to the login page.
- when the user clicks on the verification link and if verification is successful, then the user will be redirected to either directly to the login page or an intermediate page for showing the verification successful message depending on your settings.py configuration.
from django-verify-email.
I was talking about second case:
when the user clicks on the verification link and if verification is successful, then the user will be redirected to either directly to the login page or an intermediate page for showing the verification successful message depending on your settings.py configuration.
I think that it is better to authenticate user right after he clicks on the link, e.g. I would like to redirect user to his profile page after successful verification. But I can image cases where you don't feel like doing it, so I suggest to add settings variable which controls this behavior.
Below is my solution, it is a little bit quirky(I made it for my work project), but I may do some polishing during the weekends and submit pull request if you approve my proposal.
from base64 import urlsafe_b64decode
from binascii import Error as BASE64ERROR
from django.contrib.auth import get_user_model
from django.utils import timezone
from django.contrib.auth.tokens import default_token_generator
from django.contrib.auth import login
class _UserActivationProcess:
"""
This class is pretty self.explanatory...
"""
backend = "django.contrib.auth.backends.ModelBackend"
def __init__(self):
pass
def __activate_user(self, user):
user.is_active = True
user.last_login = timezone.now()
user.save()
def verify_token(self, request, useremail, usertoken):
try:
email = urlsafe_b64decode(useremail).decode('utf-8')
token = urlsafe_b64decode(usertoken).decode('utf-8')
except BASE64ERROR:
return False
inactive_users = get_user_model().objects.filter(email=email)
try:
if inactive_users:
for unique_user in inactive_users:
valid = default_token_generator.check_token(unique_user, token)
if valid:
self.__activate_user(unique_user)
login(request, unique_user, self.backend)
return valid
return False
return False
except Exception as e:
print(e)
return False
def _verify_user(request, useremail, usertoken):
return _UserActivationProcess().verify_token(request, useremail, usertoken)
The main difference between this and current code is that after self.__activate_user(unique_user)
I login
user, so he is stored in session. Login part may be wrapped in if statement depending on some variable determined in setttings.py, for example.
from django-verify-email.
Redirecting users directly to profile without prompting them to fill in credentials explicitly might be a security issue where if the user by mistake fills the wrong email and the verification link is sent to the wrong email then that person will have the access to the profile info without knowing username or password.
But this may be a feature for some websites to give the user quick access and reducing steps in the verification process.
You can add this by keeping it disabled by default and give the option to manually enable from settings.py it as per the need of other developers. Add a clear documentation section for the feature specifying how and where to use it.
I'll review, test, and approve the PRs if you do that.
from django-verify-email.
were these changes merged to the project @foo290 ?
from django-verify-email.
no
from django-verify-email.
Related Issues (20)
- Redirect URL after verification is going to /account/login
- Verification link always invalid when trying to register again with the same email address
- SMTP relay unavailable - error 500 HOT 1
- "User Not Found" - No template HOT 2
- NoReverseMatch after clicking verification link HOT 4
- Check in views if sending Failed
- Release the latest master? HOT 1
- Reverse for '/accounts/login/' not found. '/accounts/login/' is not a valid view function or pattern name. HOT 2
- Django-Verify-Email 2.0.3 HOT 1
- Request: DRF support HOT 1
- Verification is only based on isActive HOT 1
- 'RegistrationForm' object has no attribute 'save' HOT 2
- Reverse for '/accounts/login/' not found. '/accounts/login/' is not a valid view function or pattern name. HOT 2
- Invalid Link
- Problem in password after user gets verified.
- Migration path to add this library into existing project
- Project still active?
- Project still active? HOT 1
- Invalid Link
- Request: internationalization
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-verify-email.