Reputation: 353
django complete email verification
before this question is going to be marked as a possible duplicate, I want to address a few things.
I want to make sure that users have a single email field called email. They also have an is_verified field to indicate whether the email has been verified.
There are a few pitfalls in most of the email verification implementations. Lets say that an user creates an account and has an unverified email. Lets say that the user does not actually own the email, though.
Now, the actual owner of the email enters the site. But, as the email is already saved in the database, we get an integrity error - that the email is already in use.
Thus, any scammer can enter a random email and claim it. This reduces the user experience. How can this be avoided so as to provide a complete email verification system? ( One where the actual owners can claim their emails)
So, when an user registers with an email which is already owned by another user, but is unverified, should the existing user be deleted? Or should we display integrity error messages? What is the right thing to do?
thanks a lot!
Upvotes: 3
Views: 1379
Answers (2)
Reputation: 143
if you are not using the email to authenticate (so username_field is not email), you can set the email field to a not unique field ,then when registering users in the signup view or in the customUserManager you can verify if its unique only for users with verified email (so if the email exist and verified then don't create a new user).
of course there will be the case where someone create two accounts (before validating any of them) then trying to validate two of them in the same time , in this case when you activate an email for the first time remove all other accounts with the same email (not verified email).
Upvotes: 0
Reputation: 473
Yes, it is very important to add a verification step in the signup procedure.
So first of all create an email template and send an email of unique code to users when they signup. To implement a free email service for starting in Django:
check my answer here: How to send email via Django?
Than generate a random string every time in the register function in views to send a verification code through the mail. Eg.
verifyCode = random.choice( ["a", "b", "c", "d", "x", "y", "z"]) + str(random.randint(100000, 1000000))create a temporary table where unverified user's data is stored and delete it when the verification of the email completed and then store it in the main Users table.
According to your last question, if a user is signed up with an email that is not verified it should not be stored in the main Users table. Don't Login (give access to) that user with that email and username to your site.
Hope this is what you want.
Upvotes: 2
Related Questions
- registration with email verification with dj-rest-auth
- Email verification in Django
- Email Verification django rest framework
- Django Rest Framework - Register user with email verification
- Signup email validation using Django rest framework
- Sign up with email code verification with django
- django rest framework email verification using generic view
- Django Rest Framework Send verification email
- Django email account verification
- Django rest framework email validation