I'm trying to configure Django app with a user authentication model(django-allauth).
It almost works well but when a user tries to change his password, a problem occurs.
Let's say when a user want to change his password, he goes to Password reset page
Example
http://3.129.xx.xxx/accounts/password/reset/
He put his Email address on the form and submit, then he recieve a "Password Reset E-mail" with a link to reset the password.
Example
https://u22207100.ct.sendgrid.net/ls/click?upn=EGpFlOkd4a3JZnFjHjqKqsCiiinSf51vqFvV.....
Cliking above link, the user redirected to
http://3.129.xx.xxx/accounts/password/reset/key/1-set-password/
But that page has only links "Sign In" and "Sign Up".
It does not have any form to put new password the user want to set.
Change password page's image
In this situation, the user can not change password.
should I set something to allauth system??
I just mentioned the above settings in this question but still if more code is required then tell me I'll update my question with that information. Thank you
Related
Say I have two pages one is example.com/login and another page is example.com/admin
And when I put the credentials on the login page I get redirected to the admin page.
Admin page has a logout button. If I press that button then it redirects me to the login page again.
What I exactly want to do is, I want to display a message "Login again" dynamically (I know how to display a message dynamically) but only when user gets redirected from the login page via admin panel.
How can I do that?
You can do that either by:
Using Session:
upon logout you set a variable in the session, that this user has been loged out.
logout(request)
request.session['logged_out'] = True
Get parameter:
add a parameter to the redirected login url, if you find that parameter show you message, if there is no parameter you don't have to show.
redirect('login/?logged-out=True')
in both cases you have to check in your view, and add a a property to check with in your context.
I use all the functionalities of dj-rest-auth to register, log in, confirm the email address, change the password, reset the password and many more. Unfortunately, the library does not support changing the email address. I would like the authenticated user to first enter the account password and the new email address. After the successful process of authentication, I would like to send the user a specially generated confirmation code. Only when he enters it, the old email address will be changed to the new one. As far as I know, there is no such functionality in dj-rest-auth. Unfortunately, I also have not found any current solutions or libraries for this purpose anywhere. Did anyone have such a problem and could share his solution here? Thank you in advance.
Though i don't have any solution for what you want accurately but here is a replace.
You can use django all-auth and some email backend to send an email to the new added email to confirm the new email. In the sent email, there will be a confirmation link and the user has to click that to confirm the new email.
After using django all-auth you only have to add an email backend which will help in sending email. Rest will be maintained by all-auth.
e.g,
In your settings.py you can add an SMTP email backend to send email from your selected gmail account.
Add these lines of code to your settings.py;
EMAIL_BACKEND='django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = 'smtp.gmail.com'
EMAIL_USE_TLS = True
EMAIL_PORT = 587
EMAIL_HOST_USER = DEFAULT_FROM_EMAIL = 'HOST_EMAIL' #HOST_EMAIL is your email from which you want to send email to the user.
EMAIL_HOST_PASSWORD = 'HOST_PASSWORD' #HOST_PASSWORD is the password of the email you are using as HOST_EMAIL
But after doing all these things, to make it work locally, you need to go to your google account which you are using as HOST_EMAIL. Go to manage google account >> security >> Turn on less secure apps. Then you will be able to send email to the user.
NOTE: If you have 2-factor authentication turned on for your google account, then these steps will not work. That type of account has some different setup.
I'd like to implement phone verification with pyotp in my view class-based Django (2.5) project.
After new users sign up (specifying name, phone, e-mail and password) in RegisterView, they should be redirected to GetAccessCodeView with an input field for verification code and a hidden field with a secure token. For generating and sending the code and the token I have to pass there a newly created user instanse from RegisterView to GetAccessCodeView.
How can I do that? Currently newly created users have is_active field set to False (it should become True after code succesful verification), thus cannot be authorized by default, so without changing login procedure, it is impossible to use request.user directly. But if I let inactive users to log in, then all the login_required views will let unconfirmed users to open corresponding pages. Should I write is_active check for each view manually or maybe Django has some ready stuff like 'login_and_active_required'? Or maybe there is some different solution?
In python, I want to send a request to a url which will return some information to me. If I try to access the url from the browser, a popup box appears and asks for a username and password. But after that I need to login again with another username and password. I have a username and password for these url and I don't know how to make python automatically complete these fields to access the URL. Can anyone help me to solve this problem?
I see django-allauth supports forcing users to login using their email address, and doesn't ask them for a username when signing up (instead generating one automatically from the email address) - https://stackoverflow.com/a/19683532/221001
Is it possible to have a user sign up, entering an email address and username manually, and then allow them to sign in using either? (e.g. there are two fields on the Login page: "username or email" and "password")
As Yogesh posted above, the username_email value for ACCOUNT_AUTHENTICATION_METHOD does the job.
http://django-allauth.readthedocs.org/en/latest/configuration.html