<p>Im sending an email confirmation after a registration process in my django application. I need to find out for security reasons how can i validate the code im sending in the url without adding a new code field in the user model. So far im sending a random code in the url and the username which is validated but not the code.</p> <h3>Registration VIEW</h3> <pre class="prettyprint"><code>def registrar_usuario_view(request): alphabet = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ" code = ''.join(random.choice(alphabet) for i in range(16)) print code if request.method == 'POST': f = RegisterForm(request.POST) if f.is_valid(): usuario = f.cleaned_data['usuario'] email = f.cleaned_data['email'] clave = f.cleaned_data['clave'] confirmar_clave = f.cleaned_data['confirmar_clave'] captcha = f.cleaned_data['captcha'] u = User.objects.create_user(username = usuario, email = email, password = clave) u.is_active = False u.save() # Mandamos mail de activacion to = email html_content = """<h3>Bienvenido Sr/a: %s </h3><p>Para confirmar su registro en el sitio Margonari Servicios Inmobiliarios le solicitamos haga click en el siguiente <a href='http://localhost:8000/confirmacion/%s/%s'>enlace de confirmacion</a><br><p><b>Gracias por formar parte de Margonari Servicios Inmobiliarios.</b></p><br> <small>Este es un mensaje enviado automaticamente. Por favor no responda a esta direccion de mail.</small>"""%(usuario, code, usuario) msg = EmailMultiAlternatives('Administracion Margonari', html_content, 'from@server.com', [to]) msg.attach_alternative(html_content, 'text/html') #Definimos el contenido como html msg.send() #Enviamos el correo messages.add_message(request, messages.SUCCESS, """Los datos han sido ingresados correctamente. Le enviamos un correo de confirmacion a la direccion que nos proporciono. Por favor verifique su casilla de correo no deseado. Muchas gracias.""") ctx = {'form':f} return render_to_response('users/registrar_usuario.html', ctx, context_instance = RequestContext(request)) else: ctx = {'form':f} return render_to_response('users/registrar_usuario.html', ctx, context_instance = RequestContext(request)) f = RegisterForm() ctx = {'form':f} return render_to_response('users/registrar_usuario.html', ctx, context_instance = RequestContext(request)) </code></pre> <h3>Confirmation VIEW</h3> <pre class="prettyprint"><code>def confirmacion_view(request, code, user): user = User.objects.get(username = user) user.is_active = True user.save() return HttpResponseRedirect('/') </code></pre> <h3>URL</h3> <pre class="prettyprint"><code>url(r'^confirmacion/(?P<code>.*)/(?P<user>.*)/$', 'confirmacion_view', name = 'vista_confirmacion'), </code></pre>

<p>Django provides a token creation mechanism, there is no need to reinvent the wheel. Since I don't use function based views and the point here is not to refactor your code (I would do it in CBVs anyway), I will just output a sample on how you can use it.</p> <pre class="prettyprint"><code>from django.contrib.auth.tokens import default_token_generator from django.utils.http import urlsafe_base64_encode from django.utils.encoding import force_bytes new_user = User.objects.create_user(username=usuario, email=email, password=clave) new_user.save() token = default_token_generator.make_token(new_user) uid = urlsafe_base64_encode(force_bytes(new_user.pk)) </code></pre> <p>You can then email the token to the user, the token url should look like:</p> <pre class="prettyprint"><code>url(r'^users/validate/(?P<uidb64>[0-9A-Za-z_\-]+)/(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/$', activationview, name='user-activation-link') </code></pre> <p>Somewhere in your activationview:</p> <pre class="prettyprint"><code>from django import http uidb64 = request.GET.get('uidb64') token = request.GET.get('token') if uidb64 is not None and token is not None: from django.utils.http import urlsafe_base64_decode uid = urlsafe_base64_decode(uidb64) try: from django.contrib.auth import get_user_model from django.contrib.auth.tokens import default_token_generator user_model = get_user_model() user = user_model.objects.get(pk=uid) if default_token_generator.check_token(user, token) and user.is_active == 0: # Do success stuff... return http.HttpResponseRedirect(a_success_url) except: pass return http.HttpResponseRedirect(a_failure_url) </code></pre>

Send email confirmation after registration django

Im sending an email confirmation after a registration process in my django application. I need to find out for security reasons how can i validate the code im sending in the url without adding a new code field in the user model. So far im sending a random code in the url and the username which is validated but not the code.

Registration VIEW

def registrar_usuario_view(request):
alphabet = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
code = ''.join(random.choice(alphabet) for i in range(16))
print code
if request.method == 'POST':
    f = RegisterForm(request.POST)
    if f.is_valid():
        usuario = f.cleaned_data['usuario']
        email = f.cleaned_data['email']
        clave = f.cleaned_data['clave']
        confirmar_clave = f.cleaned_data['confirmar_clave']
        captcha = f.cleaned_data['captcha']
        u = User.objects.create_user(username = usuario, email = email, password = clave)
        u.is_active = False
        u.save()
        # Mandamos mail de activacion
        to = email
        html_content = """<h3>Bienvenido Sr/a: %s </h3><p>Para confirmar su registro en el sitio Margonari Servicios Inmobiliarios le solicitamos haga click en el siguiente 
        <a href='http://localhost:8000/confirmacion/%s/%s'>enlace de confirmacion</a><br><p><b>Gracias por formar parte de Margonari Servicios Inmobiliarios.</b></p><br>
        <small>Este es un mensaje enviado automaticamente. Por favor no responda a esta direccion de mail.</small>"""%(usuario, code, usuario)
        msg = EmailMultiAlternatives('Administracion Margonari', html_content, '[email protected]', [to])
        msg.attach_alternative(html_content, 'text/html') #Definimos el contenido como html
        msg.send() #Enviamos el correo

        messages.add_message(request, messages.SUCCESS, """Los datos han sido ingresados correctamente. Le enviamos un correo de confirmacion 
            a la direccion que nos proporciono. Por favor verifique su casilla de correo no deseado. Muchas gracias.""")
        ctx = {'form':f}
        return render_to_response('users/registrar_usuario.html', ctx, context_instance = RequestContext(request))
    else:
        ctx = {'form':f}
        return render_to_response('users/registrar_usuario.html', ctx, context_instance = RequestContext(request))

f = RegisterForm()
ctx = {'form':f}
return render_to_response('users/registrar_usuario.html', ctx, context_instance =    RequestContext(request))

Confirmation VIEW

def confirmacion_view(request, code, user):
user = User.objects.get(username = user)
user.is_active = True
user.save()
return HttpResponseRedirect('/')

URL

url(r'^confirmacion/(?P<code>.*)/(?P<user>.*)/$', 'confirmacion_view', name = 'vista_confirmacion'),

How does Django validate email?

Django provides several validation methods for checking email address validity. The easiest way is to import the validate_email method from the core validators module.

How do I send an email using Django?

In most cases, you can send email using django. core. mail. send_mail() .

Django provides a token creation mechanism, there is no need to reinvent the wheel. Since I don't use function based views and the point here is not to refactor your code (I would do it in CBVs anyway), I will just output a sample on how you can use it.

from django.contrib.auth.tokens import default_token_generator
from django.utils.http import urlsafe_base64_encode
from django.utils.encoding import force_bytes

new_user = User.objects.create_user(username=usuario,
                                    email=email,
                                    password=clave)
new_user.save()
token = default_token_generator.make_token(new_user)
uid = urlsafe_base64_encode(force_bytes(new_user.pk))

You can then email the token to the user, the token url should look like:

url(r'^users/validate/(?P<uidb64>[0-9A-Za-z_\-]+)/(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/$',
    activationview,
    name='user-activation-link')

Somewhere in your activationview:

from django import http

uidb64 = request.GET.get('uidb64')
token = request.GET.get('token')

if uidb64 is not None and token is not None:
    from django.utils.http import urlsafe_base64_decode
    uid = urlsafe_base64_decode(uidb64)
    try:
        from django.contrib.auth import get_user_model
        from django.contrib.auth.tokens import default_token_generator
        user_model = get_user_model()
        user = user_model.objects.get(pk=uid)
        if default_token_generator.check_token(user, token) and user.is_active == 0:
            # Do success stuff...
            return http.HttpResponseRedirect(a_success_url)
    except:
        pass

return http.HttpResponseRedirect(a_failure_url)

Send email confirmation after registration django

Tags:

python

django

Registration VIEW

Confirmation VIEW

URL

Andrés Da Viá

People also ask

1 Answers

petkostas

Recent Activity

Donate For Us

Send email confirmation after registration django

Tags:

python

django

Registration VIEW

Confirmation VIEW

URL

Andrés Da Viá

People also ask

1 Answers

petkostas

Related questions

Recent Activity

Donate For Us