I'm new into python and django and I'm developing an app liked to a django server that works as oauth provider.
I've set this on settings.py file:
ACCOUNT_DEFAULT_HTTP_PROTOCOL = 'https'
ACCOUNT_EMAIL_VERIFICATION = 'none'
ACCOUNT_EMAIL_REQUIRED = True
But if I did not add the verified flag on the mail section in django I cannot login into the app.
What should I do in order to remove the verification step?
remove those tree lines and paste this, I hope it works
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
Related
I am encountering the error Forbidden (403) CSRF verification failed when trying to login into the Django Admin after updating the version of Django.
Also, there were no changes in the settings of Django.
The error can be seen in the below image:
I Already posted it on https://shriekdj.hashnode.dev/unable-to-login-django-admin-after-update-giving-error-forbidden-403-csrf-verification-failed-request-aborted.
This Issue can happen suddenly after updating to the newer version Of Django.
Details
Django Project Foundation team made some changes in security requirements for all Django Versions 4.0 and Above. They made it mandatory to create a list of URLs getting any type of form upload or POST request in project settings named as CSRF_TRUSTED_ORIGINS.
They did not update the details in the latest tutorial documentation, but they published the Changes Notes at https://docs.djangoproject.com/en/4.0/releases/4.0/#csrf-trusted-origins-changes-4-0.
First Solution
For localhost or 127.0.0.1.
Goto settings.py of your Django project and create a new list of URLs at last like given below
CSRF_TRUSTED_ORIGINS = ['http://*', 'https://*']
if You're running a project in localhost, then you should open all URLs here * symbol means all URLs. Also, http:// is mandatory.
Second Solution
This is also for Localhost and DEBUG=True.
Copy the list of ALLOWED_ORIGINS into CSRF_TRUSTED_ORIGINS as given below.
ALLOWED_ORIGINS = ['http://*', 'https://*']
CSRF_TRUSTED_ORIGINS = ALLOWED_ORIGINS.copy()
Third Solution
When deploying, you have to add URLs to allow form uploading ( making any POST request ).
I know this may be tricky and time-consuming but it's now mandatory.
Also, this is mandatory for Online IDEs also like Replit and Glitch.
Open the config file (most likely settings.py) and set the CSRF_TRUSTED_ORIGINS key as a shallow copy of the ALLOWED_HOSTS key which, in turn, should be set as recommended in the documentation.1
For example:
# -*- coding: utf-8 -*-
# For security consideration, please set to match the host/domain of your site, e.g., ALLOWED_HOSTS = ['.example.com'].
# Please refer https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts for details.
ALLOWED_HOSTS = ['.yourdomain.com', '.localhost', '127.0.0.1', '[::1]']
# Whether to use a secure cookie for the CSRF cookie
# https://docs.djangoproject.com/en/3.2/ref/settings/#csrf-cookie-secure
CSRF_COOKIE_SECURE = True
# The value of the SameSite flag on the CSRF cookie
# https://docs.djangoproject.com/en/3.2/ref/settings/#csrf-cookie-samesite
CSRF_COOKIE_SAMESITE = 'Strict'
CSRF_TRUSTED_ORIGINS = ALLOWED_HOSTS.copy()
(...)
1 The config file contains a link to the documentation of the ALLOWED_HOSTS key — right above that key. Surprise, surprise.
I have turned on the 'allow less secure apps' on my google account.
But when I submit the password reset form, it goes to the password_reset_done.html and DOESN'T show any error. But the mail is not sending. It's neither in my sentbox nor in the inbox of the email it's supposed to send to.
This is what my urls.py looks like :
from django.contrib.auth import views as auth_views
path('password_reset/',
auth_views.PasswordResetView.as_view(template_name="my_app/password_reset.html"),
name="password_reset"),
path('password_reset/done/',
auth_views.PasswordResetDoneView.as_view(template_name="my_app/password_reset_done.html"),
name="password_reset_done"),
path('password-reset-confirm/<uidb64>/<token>/',
auth_views.PasswordResetConfirmView.as_view(template_name="my_app/password_reset_confirm.html"),
name="password_reset_confirm" ),
path('reset_password/',
auth_views.PasswordResetCompleteView.as_view(template_name="my_app/password_reset_complete.html"),
name="password_reset_complete" ),
And here is the settings.py file:
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = 'smtp.gmail.com'
EMAIL_PORT = 587
EMAIL_USE_TLS = True
EMAIL_HOST_USER = 'my_g_mail_id_here#domain.com'
EMAIL_HOST_PASSWORD = '**********'
I have literally read every other question and tried everything. Nothing is working for me.
I am dying here to find out a solution, please help.
Don't use Gmail for this. It's not designed for programmatic email sending.
Instead, use something like SendGrid or Mailgun. Both have inexpensive or free starter plans.
I found the solution. I was not registering user's email ID's through the Djangos default registration form.
Tweaked it a little to add the email field in the form and then the users started recieving the email.
Nothing wrong in the conf file.
I am authenticating users who login against through django REST framework against NIS using pythonPAM . But when I make the changes to settings.py as mentioned below, user credentials isnt being verified against LDAP.
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
)
This along with ldap credentials for binding is used.
Note: I can connect to LDAP server and get all teh details. Its only a problem with django restframework.
I also tried
AUTHENTICATION_BACKENDS = [ 'django.contrib.auth.backends.RemoteUserBackend',]
and it did not work.
Currently in my urls.py, I call url(/login,) endpoint and authenticate against NIS server. How do I change it to LDAP?
I am new to django and need help on this.
I've been trying to get the django-registration-redux account activation email to send to newly registered users.
I've gotten all non-email related parts to work, such as loggin in/out and actually registering the user! When i register, it automatically logs my in as that user. But i never get the activation email.
I've tried various different things to try get this to work, I've followed some tutorials on setting whole thing up but the emails still dont work.
heres some of the code setup, im using registration templates that i downloaded online.
settings.py
INSTALLED_APPS = (
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'registration',
'synths',
)
# user reg settings
REGISTRATION_OPEN = True
ACCOUNT_ACTIVATION_DAYS = 7
REGISTRATION_AUTO_LOGIN = True
LOGIN_REDIRECT_URL = '/'
LOGIN_URL = '/login/'
# i tried including this line but still nothing
# EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
# email
# first i tried setting up the debbuging server with this CMD line
# python -m smtpd -n -c DebuggingServer localhost:1025
# i dont know if it worked!, i got no errors but the cursor just
# sat there blinking at me! i was expecting some output to tell me
# the server had started
# these were the settings i used for that
EMAIL_HOST = '127.0.0.1'
EMAIL_PORT = 1025
EMAIL_HOST_USER = ''
EMAIL_HOST_PASSWORD = ''
# then i tried using my own address and smtp.live.com
EMAIL_HOST = 'smtp.live.com'
EMAIL_PORT = 25
EMAIL_HOST_USER = 'myemailaddress#hotmail.com'
EMAIL_HOST_PASSWORD = '123123abcabc'
# still nothing
am i missing any important settings here?
urls.py
# included amongst my other urls
(r'^accounts/', include('registration.backends.simple.urls')),
seems all in order with the tutorials and documentation. like i said, registration works perfectly bar the emails.
one thing ive noticed is that you probably shouldn't have auto loggin = True if you want a user to activate their accounts, but commenting that line out didnt change anything, i still got logged in automatically after registering. Seems like a minor aside but maybe this has something to do with the emails not working?
i dunno, im lost with it. Either im missing some settings, the code doesnt work, python smtpd doesnt work, or my smtp.live.com settings are wrong!
any insigths greatly appreciated!
EDIT: when trying the 'reset password' email function i get this error
SMTPException at /accounts/password/reset/
SMTP AUTH extension not supported by server.
Request Method: POST
Request URL: http://localhost:8000/accounts/password/reset/
Django Version: 1.7.6
Exception Type: SMTPException
Exception Value: SMTP AUTH extension not supported by server.
Exception Location: C:\Python34\lib\smtplib.py in login, line 613
Python Executable: C:\Python34\python.exe
Python Version: 3.4.3
EDIT 2: using these settings i get the the password/reset/done page but recieve no actual email
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
EMAIL_HOST = '127.0.0.1'
EMAIL_PORT = 1025
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
will only display the email on the console.
Instead you should use
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
Moreover it is more convenient to use a existing smtp server like gmail
For that you need to add these to your django settings file
EMAIL_BACKEND='django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST ='smtp.gmail.com'
EMAIL_PORT = 587
EMAIL_HOST_USER = 'youruser#gmail.com'
EMAIL_HOST_PASSWORD = 'gmail app password' #This is not your gmail password.
EMAIL_USE_TLS = True
More help on the password can be found here
You may want to try adding a DEFAULT_FROM_EMAIL setting and setting these settings:
EMAIL_USE_TLS = True
EMAIL_USE_SSL = True
This will allow Django to use secure email-sending.
Check your urls.py file, and make sure you are using the hmac not the simple
urlpatterns = [
#...
url(r'^accounts/', include('registration.backends.hmac.urls')),
]
Also, in your setting.py, INSTALLED_APPS, make sure that the 'registration' is before django.contrib.auth.
INSTALLED_APPS = [
#.....
'registration',
'django.contrib.auth',
#...
]
I know this is an old question, but I thought it would help anybody else looking for the answer. You have setup your urlconf to use the one step registration. Below is a snippet from their docs -
This backend’s workflow is deliberately as simple as possible:
A user signs up by filling out a registration form.
The user’s account is created and is active immediately, with no intermediate confirmation or activation step.
The new user is logged in immediately.
If you want to see the emails in the console, use the following urlconf instead -
url(r'^account/', include('registration.backends.default.urls')),
Hope that helps.
I have some trouble setting up an email option for my django project.
I am using post office for the backend, but I can't seem to get anything to queue.
views.py:
from django.views.generic import TemplateView
from post_office import mail
class EmailView(TemplateView):
model = Customer
mail.send(
'a.sophiewirth#gmail.com', # List of email addresses also accepted
'your.generic.test.email#gmail.com',
subject='My email',
message='Hi there!',
html_message='Hi <strong>there</strong>!',
)
template_name = 'customers/send_email.html'
settings.py:
# using post office as the default email backend
EMAIL_BACKEND = 'post_office.EmailBackend'
POST_OFFICE = {
'DEFAULT_PRIORITY' : 'now'
}
EMAIL_HOST = 'smtp.gmail.com'
EMAIL_HOST_USER = "your.generic.test.email#gmail.com"
EMAIL_PORT = 25 # default smtp port
EMAIL_HOST_PASSWORD = "password"
EMAIL_USE_TLS = False
DEFAULT_FROM_EMAIL = 'your.generic.test.email#gmail.com'
urls.py:
from django.conf.urls import patterns, include, url
from customers.views import CustomerList, CreateCustomerView, CustomerUpdateView, EmailView
from . import views
urlpatterns = patterns('',
url(r'^$', CustomerList.as_view(), name="customer-list"),
url(r'^create-customer$', CreateCustomerView.as_view(), name="create-customer"),
url(r'^customer-update/(?P<pk>\d+)$', CustomerUpdateView.as_view(), name="customer-update"),
url(r'^send-email$', EmailView.as_view(), name="send-email"),
)
send_email.html itself is pretty empty thus far, it just contains a paragraph to tell you that you sent an email.
Can anyone tell me why nothing is sending? Also, how can I get the recipient of the email into the View, as the specific user I want to send the mail to?
Thank you very much :)
I have both djcelery and Django celery email installed. This is in an older project and I believe djcelery is no longer needed but my setup should still give you a start. My Django settings include the following:
import djcelery
...
djcelery.setup_loader()
EMAIL_BACKEND = 'post_office.EmailBackend'
POST_OFFICE_BACKEND = 'djcelery_email.backends.CeleryEmailBackend'
My project also includes a shell script, which I run to start and configure the celery daemon. My project is running in a virtualenv so some of this may not be needed for you.
#!/bin/bash
set -e
# user/group to run as
USER=your_username
GROUP=your_groupname
cd /path/to/virtualenv/
source ./bin/activate
cd /path/to/directory/containing/manage.py/
exec python manage.py celeryd --settings=directory.path.settings.py
Running the shell script should show you a running celery process and your emails should now send and queue happily.
remove default priority now and add 'CELERY_ENABLED': True, to POST_OFFICE settings like this:
POST_OFFICE = {
'CELERY_ENABLED': True,
}
after this when u start celery worker you should see 2 tasks received from
post_office
post_office.tasks.cleanup_expired_mails
post_office.tasks.send_queued_mail