I tried to use the usual way of having my gmail account send user activation email to used but it keep failing. Please is there any new changes made to Django or Gmail that is preventing this and how do I work around it.
Please see below for the error detail:
raise SMTPAuthenticationError(code, resp)
smtplib.SMTPAuthenticationError: (535, b'5.7.8 Username and Password not accepted. Learn more at\n5.7.8 https://support.google.com/mail/?p=BadCredentials s2-20020a05620a29c200b006af0ce13499sm6006618qkp.115 - gsmtp')
You would need to generate app passwords to use them in your account.
Check out the google support page here
Following this Steps
Create & use App Passwords
for
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = 'smtp.gmail.com'
EMAIL_USE_TLS = True
EMAIL_PORT = 587
EMAIL_HOST_USER = 'your#gmail.com'
EMAIL_HOST_PASSWORD = 'prposomwfmwyghhe'
DEFAULT_FROM_EMAIL = 'ShopY Business <no-reply#django-shop.localhost>'
If you use 2-Step-Verification and get a "password incorrect" error when you sign in, you can try to use an App Password.
Go to your Google Account.
Select Security.
Under "Signing in to Google," select App Passwords. You may need to sign in. If you don’t have this option, it might be because:
2-Step Verification is not set up for your account.
2-Step Verification is only set up for security keys.
Your account is through work, school, or other organizations.
You turned on Advanced Protection.
At the bottom, choose Select app and choose the app you using and then Select device and choose the device you’re using and then Generate.
Follow the instructions to enter the App Password. The App Password is the 16-character code in the yellow bar on your device.
Example 16-character keycode :
prpo somw fmwy ghhe
Tap Done.
I enabled App Password and used it in settings to access my account. Everything works fine now
Related
How do I prevent django-allauth from sending password recovery emails to emails not registered in the database?
It is to prevent account enumeration.
ACCOUNT_PREVENT_ENUMERATION = False
in settings.py should change the behaviour.
Let’s suppose I have an app where all users have an email address and password in the User model. And let’s also also assume that all the users use the same email host and port. Is it possible to set the EMAIL_HOST_USER and EMAIL_HOST_PASSWORD shown below to be variables that pull from the user model?
This way when a logged in user uses an email sending functionality, it comes from their email instead of some single email account defined in settings.py as shown below?
‘’’
EMAIL_HOST = 'smtp.sendgrid.net'
EMAIL_PORT = 587
EMAIL_HOST_USER = 'parsifal_app'
EMAIL_HOST_PASSWORD = 'mys3cr3tp4ssw0rd'
EMAIL_USE_TLS = True
‘’’
After assuming all the things your mentioned
This can definitely be done, however you will still need to enable less secure apps access in all those accounts manually(as its an security measure) which will make your email vulnerable.
more on less secure apps here less secure apps
Besides that you will need to store passwords in original form(non-encrypted) for this requirement and storing user password in non-hashed/encrypted form is not recommended at all.
you should definitely consider Gmail API for this purpose
I use all the functionalities of dj-rest-auth to register, log in, confirm the email address, change the password, reset the password and many more. Unfortunately, the library does not support changing the email address. I would like the authenticated user to first enter the account password and the new email address. After the successful process of authentication, I would like to send the user a specially generated confirmation code. Only when he enters it, the old email address will be changed to the new one. As far as I know, there is no such functionality in dj-rest-auth. Unfortunately, I also have not found any current solutions or libraries for this purpose anywhere. Did anyone have such a problem and could share his solution here? Thank you in advance.
Though i don't have any solution for what you want accurately but here is a replace.
You can use django all-auth and some email backend to send an email to the new added email to confirm the new email. In the sent email, there will be a confirmation link and the user has to click that to confirm the new email.
After using django all-auth you only have to add an email backend which will help in sending email. Rest will be maintained by all-auth.
e.g,
In your settings.py you can add an SMTP email backend to send email from your selected gmail account.
Add these lines of code to your settings.py;
EMAIL_BACKEND='django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = 'smtp.gmail.com'
EMAIL_USE_TLS = True
EMAIL_PORT = 587
EMAIL_HOST_USER = DEFAULT_FROM_EMAIL = 'HOST_EMAIL' #HOST_EMAIL is your email from which you want to send email to the user.
EMAIL_HOST_PASSWORD = 'HOST_PASSWORD' #HOST_PASSWORD is the password of the email you are using as HOST_EMAIL
But after doing all these things, to make it work locally, you need to go to your google account which you are using as HOST_EMAIL. Go to manage google account >> security >> Turn on less secure apps. Then you will be able to send email to the user.
NOTE: If you have 2-factor authentication turned on for your google account, then these steps will not work. That type of account has some different setup.
I have a form on my website and once it is submitted, it sends an email to mail own mailbox.
My problem is that, to do so, I hardcoded my email and my password in my settings.py like this:
EMAIL_HOST_USER = 'myemail#gmail.com'
EMAIL_HOST_PASSWORD = 'mypassword'
but I feel that it is not secured at all, so I try to find a way to make it not hardcoded in my settings.py. Based on how I store my secret key, I tried the following thing:
with open('/Users/myapp/email.txt') as f:
EMAIL_HOST_USER = f.read().strip()
with open('/Users/myapp/email_password.txt') as f:
EMAIL_HOST_PASSWORD = f.read().strip()
But it did not work. It raises an SMTP error: "Username and Password not accepted."
Any idea on how to protect my password better ?
You should use an environment variable, and then read it in your settings like:
import os
EMAIL_HOST_USER = os.environment.get('EMAIL_HOST_USER')
Then you can keep the value out of your repo.
The environment needs need to be in effect for the process that is running Django.
I'm searching a way to report all exception like error 500,
by sending a mail to the settings.ADMINS .
I had set Debug to False, but in code when I raise an Exception, no mail was sent.
I use django 1.4
Thanks !
Posting your relevant settings (loggers, email, and admins) may help in assisting you further, but a few pointers:
From the Django's docs:
In order to send email, Django requires a few settings telling it how to connect to your mail server. At the very least, you’ll need to specify EMAIL_HOST and possibly EMAIL_HOST_USER and EMAIL_HOST_PASSWORD, though other settings may be also required depending on your mail server’s configuration. Consult the Django settings documentation for a full list of email-related settings.
And:
By default, Django will send email from root#localhost. However, some mail providers reject all email from this address. To use a different sender address, modify the SERVER_EMAIL setting.
They could look like this for a Gmail account:
EMAIL_HOST_USER = 'this-is-not-a-real-address#gmail.com'
EMAIL_HOST = 'smtp.gmail.com'
EMAIL_HOST_PASSWORD = 'mypassword'
EMAIL_PORT = 587
EMAIL_USE_TLS = True
SERVER_EMAIL = EMAIL_HOST_USER
Have you checked the logs on the machine? Like Postfix logs, or its mail queue. Maybe the emails are indeed being handed over by Django but Postfix (or whatever you're using) cannot deliver them for some reason (like the one quoted above).
Also, you may be interested in this question/answers:
How do you log server errors on django sites. I like to use Sentry myself.