Cliff F
Reputation: 391
Restrict access to view for unique user in Django w/o providing username and password
I'm trying to limit access to a Django view for a unique user, but shouldn't require the user to register. The use case is a link would be sent to a customer to view a page with private information that only he/she can see, but doesn't require them to register with the site. I'm thinking using some type of token might be the way to go but I'm not sure. What is the best way to solve this?
Upvotes: 0
Views: 46
Answers (1)
arocks
Reputation: 2882
Here is typically how such a use case is implemented:
- A new entry is created in a model with a unique (and long) random token and a foreign key to the user information
- A URL endpoint consisting of the random token in the path or part of query parameters is sent via email.
- The view for that URL looks up the entry in the model and retrieves the corresponding user information.
- Optionally, the entry is deleted so that the URL cannot be reused in case the email falls into wrong hands.
Upvotes: 2
Related Questions
- Restricting all the views to authenticated users in Django
- How to make a Django view ONLY accessible to Unauthenticated users?
- How to restrict view in Django from other users?
- How to require login for Django Generic Views?
- Django:How to prevent non authorize users to access reset url to reset password?
- In django, how can I ensure that a specific user is accessing a view?
- Django Login with preset single Username and Password
- Restrict access to a Class Based View based on the request user and view to be rendered
- Allow access to only non-logged in user in django
- Django Authorization- Identify the User in Views