I am working on a project in a team using Django. I am trying to implement User Registration part in Django. This is what I have done so far.
I have created a separate application within my project called signup.
In this application, I am providing a page to the anonymous user to sign up for my web application. The user is able to sign in successfully and I can see him as admin inside Django Admin interface.
I am also using django-allauth. Now, I want that whenever the user signs up, the admin should accept/reject the users registration. How can I achieve that in allauth?
This is what I have done so far. I have created a separate application within my project called signup.
You don't need to do this, as Django Allauth already does it. As soon as you get it running, which takes some time, allauth will already have standard apps, with views + templates for users who want to signup, login, change password, recover password, etc.
You can make new users have to confirm an email before using your app by specifying this in settings.py
ACCOUNT_EMAIL_VERIFICATION = 'mandatory'
However, I do not see a reason why you would want to manually accept users with human input. If that is the case, I suggest removing all signup pages, and manually creating users from a shell window or admin panel on request.
If you want more detail on how to set it up, try example1 or further reading.
Related
Hey guys so basically I’m implementing a custom user model extending from AbstractUser. I am also using Allauth.
In previous practice projects I have built I am able to configure Allauth so that I can register new users and login in with only an email and password. This however is implemented without actually extending my user model(I just created the class and the passed). When I do then add custom fields for my users with my current project, and after reading the docs for Allauth about custom user models, I loose that functionality. I have to login with a username.
What I would like is to have my login how it works when you don’t extend the user model. Meaning that you can register and login in with you email and password. I have tried all the combinations I can think of using the settings in Allauth docs. I just cant seem to figure it out. Has anyone had a similar experience or just know perhaps what im doing wrong?
I'm developing a management software. And I need create a module for manage the permissions and groups using the auth of django. I dont want use the admin django because this just allow log in for super users.
I want override the admin route and create a form with the same features from the admin site. If is possible, I want use the widget for the assignment of permission and group.
I need all this built into an app because I need this to work for this and other projects.
I have already written a custom form to add, edit and view users extending the class UserCreationForm, I need something similar to that.
I hope you can help me...
First things first: don't do this!
Creating your own Django admin site is a load of work, and likely to be insecure etc. Your'e opening a giant can of worms here.
If you need members of your app to edit permissions, they do not have to be superusers! Users with is_staff = True can all access the admin site. Once you've set this for the users you want, go ahead and configure the exact permissions for this type of user.
Start with the official docs on user permissions.
I am using RemoteUserMiddleware to authenticate with VAS.
Right now I set it up so the REMOTE_USER variable gets set only for my SSO login URL (/accounts/login/sso/), because I must allow my users to login via forms (for users not present in our SSO system). According to my debugging, the user gets authenticated correctly in VasMiddleware (which extends RemoteUserMiddleware to pre-process REMOTE_USER), but after the user gets redirected to the home page (/), authentication is lost.
How can I persist the information that user has been logged in?
Django 1.9 will have a PersistentRemoteUserMiddleware, which will work when the authentication header is only present on the login page.
If you look at the patch, it shouldn't be too hard to do something similar in Django 1.8. I would try overriding process_request so that it doesn't call self._remove_invalid_user(request) to log out your user (that might end up duplicating a lot of code), or overriding _remove_invalid_user itself.
I'm using django-allauth to allow users to login to a django app. I want users to be able to signup, but ONLY approved users should be able to access sensitive content. That is, a user who has signed up through the sign in page should have a pending status before accessing pages marked with the 'login-required' decorator.
I currently have django-allauth running with google-oauth2 login, and users are successfully added to my user table. Would anyone know how to set up such a system?
I did come across this post mentioning disabling signup all together, although I do want users to be able to signup, just approved, whether this is through the admin system or through an link generated that I would be able to click.
Any ideas would be much appreciated.
I'm looking at the API for authentication
https://docs.djangoproject.com/en/1.3/topics/auth/
I can't seem to find information on simple user registration form that would send confirmation email as it is the usual way on web sites.
I guess I could do this:
1) Display a form
2) User enters info and submits
3) Save user as inactive, with a confirmation code
4) Send a link with confirmation code
5) User clicks a confirmation link and becomes active
It doesn't seem that difficult but I have a feeling this might be done already, and also there are quite a few edge cases that would need to be considered.
It's not built into Django. There is a reusable app called django-allauth, which will fit your needs.
An app called django-registration used to be recommended, but that is now unmaintained and out of date.
Editor note: django-registration is not unmaintained as of December 2016.
While django-registration used to be the registration system du jour, it has been abandoned by the maintainer and doesn't work on Django 1.6 without patching.
Try maybe django-allauth - I would have used it if I had known about it when I was looking. (As it turned out, I found this question first and used django-registration, wasting a lot of time.)
EDIT 10/2016: Looks like django-registration is maintained again. It's on GitHub now: https://github.com/ubernostrum/django-registration
You can do this:
Define a function to activate the user (i. e. def
activate(request))
Configure in the url.py the route to that function (i.e /activate/)
Create a form to register user
Create the post function to create the user
When you create the user set field 'is_active' to 0.
In the same function send the email with a link inside, this link must have the target as the configured route