We recently took over a project that was developed in Django, which uses allauth. We are hoping to send out some additional information to users once they have signed up and confirmed their email address, is there a default/native way to do this in django-allauth? At the moment the system uses email_confirmation_message.txt to configure the email for users to confirm their email address, but we couldn't find something similar once the account is confirmed.
Yes, there is a way: django-allauth emits signals in various phases of the user signup process, including a signal when the user confirms their email:
allauth.account.signals.email_confirmed(request, email_address)
Adding a listener for that signal should solve your problem.
I recent upgraded web2py and starting using username=True, the form returned via auth/profile no longer contains the user email address.
How can a user change email address under the standard api?
With or without username=True, the email address is not editable via the current Auth API (this was changed about a year ago, presumably for security reasons). For now, you'll have to implement your own email change functionality. For extra security, you might want to require password verification, and maybe send a verification email to the new address (and possibly a notification to the old address upon completion of the change).
I need to call a REST service from django where authentication (username + password) is required . I can get the password from request.user.password but it is not there in clean-text format but
pbkdf2_sha256$36000$rOpm97qpHsy4$NFKCCfMmve1Z6c1U/grizJ6TyQck3bE/Fe+Gy3Gi+c8=
(which is good from security point of view)
However as far as I know a secured REST service needs the clean-text password to perform the authentication so I cannot call it. I wouldn't be a big fan of storing the password when the user logs in.
How can a secured REST service be called from Django?
////////////////////////////////////////////////////// UPDATE //////////////////////////////////////////////////////
I have a Django web application where the users can log in to (the REST has to be called from here).
Also I have a completely separate Spring Boot application that provides the REST interface. At the moment it is not secured but I want to implement authentication here.
Please read the Django restframework authentication for the better understanding. Actually this what happen in Oauth mechanism
Client will have to make GET request to user server and asking for code. They initially provide you the client_id and redirect_url
you will show them to enter the username and password and you will provide the code
After that client can make another post method to your server along with client id and client secret and your provide the authentication token.
Whenever user make some request with oauth token assume that user is authenticated user and provide the resource.
I am working on an application using Django/Python.
I am implementing Twitch Connect and I need email address of the user for my application.
My problem is that if the user has verified email id, i obtain it as apart of the django social auth pipeline in "details" argument.
However, if the user has not verified his/her email, 'email' key does not exist in details.
Is there any way I can ensure that email always flows through?
Thank you!
Twitch does not pass through unverified emails with a user's information. It's a valid API design choice.
On GAE, a non-gmail user can create a Google Account using their non-gmail email and log into a google app engine application. However, sending from that email does not appear to work all the time.
For example, suppose foobar#yahoo.com creates a google account and they log in. Then, GAE should be able to send email from foobar#yahoo.com during a user request.
The problem is that this does not appear to work for yahoo email accounts and others. In my experience, only the following users can have email sent on their behalf:
Currently logged in gmail users
Currently logged in users with emails that run on google apps
Administrators
However, you cannot send email on behalf of users with the following email address:
yahoo and hotmail users
.gov or .mil users
most .edu users, although I think some schools use google apps and they work.
If I send from those email addresses, I get the following error:
message.send();
File "/base/python_runtime/python_lib/versions/1/google/appengine/api/mail.py", line 799, in send
raise ERROR_MAP[e.application_error](e.error_detail)
InvalidSenderError: Unauthorized sender
Am I missing something here?
I know there are similar questions out there on this topic but I don't think they nail them.
Your application has no right to originate email from addresses you don't own.
Doing so is called spoofing and there has been a lot of work done in the last 8 years to prevent spoofing: DKIM, SPF...
If you need to send email you need to have your own email address(es)/domain to send the email from for this application and you'll need to handle bounces as well.
Update:
Google Accounts
Google accounts can be created using 3rd party domain email addresses (e.g. hotmail, yahoo, *.edu, etc). There will be an email confirmation step to verify the email address, but there may be no greater relationship than this. The email address is the "username" and there's a password created with Google that has nothing to do with the 3rd party domain.
Google accounts don't have to have a mail service component. You can create a Google account and not have Gmail.
Google email on a 3rd party domain
Google Apps can be run "on" 3rd party domains, this can, but not necessarily include Google email.
Google email could be run on any domain without any other "Apps", they offer email outsourcing which is quite attractive to the Education sector. In this scenario, Google is authoritative for email for that domain.
On behalf of mailing
Google email has the functionality to set up "On Behalf of" emailing. This requires configuration. A confirmation email is sent to the target account. Once created the email is sent using the originating account's email address in the mail envelope, so any delivery status messages (delays, rejections) will be returned to this account. The originating email address will also be in the sender header. The address that you're sending on behalf of will appear in the from header in the messages, but otherwise, with regards to security settings and validation, it's a Google email from Google.
A quick search has returned some tech blog websites that suggest that they are considering retiring this feature in favour of supporting third party SMTP services.
Third party SMTP server
So someone could configure their Google Email account with the SMTP server, username and password of their mail service provider and use it to send email via their Google mail interface through the valid servers of their mail service provider. This email would therefore genuinely "originate" from that domain's infrastructure.
I've not read the documentation for this GAE function to send email. However, I can see that if someone is signed into their Google account and that account has a mail service, then it could be possible to send email from that account using an API.
However, Google will not generate email "From" 3rd party domains for which it has not been assigned authority over. The email would not be valid; it would be "spoofed". It may not comply with a variety of security enhancements, could be used maliciously and would bring them into disrepute.
I hope this makes the situation clearer for you.
If the documentation is lacking in this regard, it could be that those who wrote it, being so familiar with email, might find it hard to imagine someone would think it were possible.
For me it looks like Google has changed something. I've had an application running 1,5 years without problems (and changes) but suddenly on 2011-05-03 sending emails for example on behalf of Yahoo users stopped working.
This change also affected other non-Google (non-developer users).
If foobar#yahoo.com creates a Google account and logs in, you will be able to send on behalf of their Gmail user, but not their Yahoo user. Same for Hotmail. As for .gov, .mil or .edu, there's nothing special about these TLDs. If they are Google Apps domains, you can send from them, otherwise you cannot.
Note, though, that you can specify a Reply-To address when sending mail. This can be any email address whatsoever, so if you use a reply-to address of foobar#yahoo.com on outbound mail and the recipient clicks reply, this should be the address that's populated as the recipient.