Giter Club home page Giter Club logo

Comments (5)

foo290 avatar foo290 commented on May 30, 2024

Redirecting user to the login page (with a message that the link has been sent to the given email) after form submission is a common behavior for most websites (if that's what you mean) and can be handled from within your Django project's view.py

users are redirected to the login page either by:

  • User register for the first time and submit the email through the signup page, in this case, an email will be sent to the given email, and user will be directed to the login page.
  • when the user clicks on the verification link and if verification is successful, then the user will be redirected to either directly to the login page or an intermediate page for showing the verification successful message depending on your settings.py configuration.

from django-verify-email.

hadrizi avatar hadrizi commented on May 30, 2024

I was talking about second case:

when the user clicks on the verification link and if verification is successful, then the user will be redirected to either directly to the login page or an intermediate page for showing the verification successful message depending on your settings.py configuration.

I think that it is better to authenticate user right after he clicks on the link, e.g. I would like to redirect user to his profile page after successful verification. But I can image cases where you don't feel like doing it, so I suggest to add settings variable which controls this behavior.

Below is my solution, it is a little bit quirky(I made it for my work project), but I may do some polishing during the weekends and submit pull request if you approve my proposal.

from base64 import urlsafe_b64decode
from binascii import Error as BASE64ERROR
from django.contrib.auth import get_user_model
from django.utils import timezone
from django.contrib.auth.tokens import default_token_generator
from django.contrib.auth import login

class _UserActivationProcess:
    """
    This class is pretty self.explanatory...
    """

    backend = "django.contrib.auth.backends.ModelBackend"

    def __init__(self):
        pass

    def __activate_user(self, user):
        user.is_active = True
        user.last_login = timezone.now()
        user.save()

    def verify_token(self, request, useremail, usertoken):
        try:
            email = urlsafe_b64decode(useremail).decode('utf-8')
            token = urlsafe_b64decode(usertoken).decode('utf-8')
        except BASE64ERROR:
            return False

        inactive_users = get_user_model().objects.filter(email=email)
        try:
            if inactive_users:
                for unique_user in inactive_users:
                    valid = default_token_generator.check_token(unique_user, token)
                    if valid:
                        self.__activate_user(unique_user)
                        login(request, unique_user, self.backend)
                        return valid
                return False
            return False
        except Exception as e:
            print(e)
            return False


def _verify_user(request, useremail, usertoken):
    return _UserActivationProcess().verify_token(request, useremail, usertoken)

The main difference between this and current code is that after self.__activate_user(unique_user) I login user, so he is stored in session. Login part may be wrapped in if statement depending on some variable determined in setttings.py, for example.

from django-verify-email.

foo290 avatar foo290 commented on May 30, 2024

Redirecting users directly to profile without prompting them to fill in credentials explicitly might be a security issue where if the user by mistake fills the wrong email and the verification link is sent to the wrong email then that person will have the access to the profile info without knowing username or password.

But this may be a feature for some websites to give the user quick access and reducing steps in the verification process.

You can add this by keeping it disabled by default and give the option to manually enable from settings.py it as per the need of other developers. Add a clear documentation section for the feature specifying how and where to use it.

I'll review, test, and approve the PRs if you do that.

from django-verify-email.

pssolanki111 avatar pssolanki111 commented on May 30, 2024

were these changes merged to the project @foo290 ?

from django-verify-email.

foo290 avatar foo290 commented on May 30, 2024

no

from django-verify-email.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.