I'm working on a project, the frontend is being built using React while I'm using Django Rest Framework for the backend.
I want to send verification and password reset mail to the user.
I know I can set emails sub folder in my templates directory, and send the appropriate mail.
Is there a way I can navigate that, in the sense that the frontend should be the one to set up the mail design and send the design to the backend while I handle the parameters that should be In the mail and send the mail on the backend?
Related
I will create python api using Django
now I trying to verify phone number using firebase authentication end send SMS to user but I don't know how I will do
The phone number authentication in Firebase is only available from it's client-side SDKs, so the code that runs directly in your iOS, Android or Web app. It is not possible to trigger sending of the SMS message from the server.
So you can either find another service to send SMS messages, or to put the call to send the SMS message into the client-side code and then trigger that after it calls your Django API.
I have setup a simple REST API server (using Django REST framework) that responds to POST requests by doing some processing on an image uploaded to the server in the request. Previously I used it to power my own frontend (http://lips.kyleingraham.com) as a demonstration but I would now like to open the API to other users.
I would like for an end-user to be able to sign up and, from a dashboard, generate a token based on their credentials that could then be hard-coded into their web app. The sign-up part I believe I can handle but I am unclear on how to restrict a generated token to a user's web app domain. I know that the code for a web app is easily inspected so any API token I provide would need to be policed on my backend.
How can I restrict an authorization token to a users' web app domain so that even if the token was leaked, another user would not be able to utilize it?
If you want to hard-code url into user web app, in that way you can't guarantee that if someone get the token, he won't be able to use it.
The only idea is to set some time limit for each token
One of my projects I have developed backend API using Django REST Framework and mobile app using React Native. I have done the following things:
When the users log in I store their username in local (mobile) database.
When users post data I send the username to server reading from local database along with the POST data.
I check whether the user is logged in or not using the username and then process the request.
My question is: am I doing it in the right way? If no then what are the right procedures to do this kind of authentication checking?
How are you authenticating your users? It sounds like your using sessions authentication which is fine as long as both ends are on the same doamin. Then you just use the request.user object as you normal would in a non-api setting. I would recommend using Django-rest-framework-Jwt https://github.com/GetBlimp/django-rest-framework-jwt Json Web Tokens do not require you to store a bunch of information in sessions on your server keeping things faster.
Here is a good example of implementing jwt if your interested https://www.techiediaries.com/django-rest-framework-jwt-tutorial/
I am trying to create a daemon python application which will get emails from outlook server using Microsoft outlook graph API. They have provided excellent tutorial and documentation on how to get it done for python app like django and flask. But I want to create daemon script which can get access code without using web interface(which was used in django).
Note: This app will only collect email from single email and will feed it to db.
Any help is appriciated.
It really depends on what kind of security you need. You can have your daemon/service authenticate with username/password directly, or you can have it authenticate with a certificate.
There are several different authentication scenarios, take a look at the docs page.
Either way, you need to register your daemon as an app in Azure and give it permissions to the Outlook API, just as if it were a web app.
My app needs to retrieve user's dropbox data in both frontend when user is present(js) and backend when user is away(python/django)
I understand after authorization I will receive a token code. Does that mean I should use this token code for both JS and Python when communicating with Dropbox? or should I use my python backend as a proxy when communicating with Dropbox?
I am worried by using a proxy it will add unnecessary delay to the user experience.