0

I'm working on DRF project. I use email as a unique username in my own user model and using jwt as authentication. I made everything but cannot implement email verification when create user model.

I was thinking of making token of user and use it to make user activate after first logged in. So I tried to override every single methods in generics.createAPIView and django.contrib.auth.tokens.PasswordResetTokenGenerator. And now it seems like impossible. I coulnd't find any information who made it with DRF.

I want to do email verification before user model is actually written in database, and if it succeed, then write in database. I'm using vue as front-end so what I want is
[ vue(register page) --> drf(check if it's validate) --> send mail to request.data['email'] -->
click the link in email and finish registration --> drf(finish register and write in database) ]

Is there any possible way to make it with override on methods of CreateAPIView?

Improve this question
1
  • 1
    It somehow depends on how you wrote your custom user model. One solution would be to write the user to database the after registration, but with something like status = INACTIVE, and then change that upon email verification. Another way would be to write your own views to handle registration (if you end up overriding every single methods of createAPIView, this might make more sense). You can save the data somewhere else while waiting for the email verification Commented Jun 8, 2020 at 14:21

1 Answer 1

Reset to default
1

I used django all-auth, django rest and django jwt

Objective of this code snippet:

as per django simple jwt docs, the url is "token/", whenever you submit the login form. It will take email and password from frontend, and assign those values in json field like this -

{
  "username" : "[email protected]",
  "password" : "password"
}

after that it will check in the email column of AbstractUser Model and if it exists then it will check in the all-auth EmailAddress Model table if it's verified. if it's verified then it will return tokens. Others it will show error messages.

override TokenObtainPairSerializer from Django Rest Simple JWT in serilizer.py

class CustomJWTSerializer(TokenObtainPairSerializer):
        def update(self, instance, validated_data):
            pass
    
        def create(self, validated_data):
            pass
    
        def validate(self, attrs):
            credentials = {
                'username': '',
                'password': attrs.get("password")
            }
    
            user = User.objects.filter(email=attrs.get("username")).first()
            email_address = EmailAddress.objects.filter(user=user, verified=True).exists()
    
            if email_address and user:
                credentials['username'] = user.username
                return super().validate(credentials)
            elif user and not email_address:
                return {'message': 'Email not verified'}
            else:
                return {'message': 'This email does not exist, please create a new account'}

router.py -

path(API_VERSION + 'token/', TokenObtainPairView.as_view(serializer_class=CustomJWTSerializer), name='token_obtain_pair'),

Then it will only return jwt tokens if the mail is validate. to send mail use all-auth and in settings.py -

OLD_PASSWORD_FIELD_ENABLED = True
LOGOUT_ON_PASSWORD_CHANGE = True
ACCOUNT_AUTHENTICATION_METHOD = "email"
ACCOUNT_EMAIL_REQUIRED = True
ACCOUNT_UNIQUE_EMAIL = True
ACCOUNT_EMAIL_VERIFICATION = 'mandatory'
ACCOUNT_CONFIRM_EMAIL_ON_GET = True
ACCOUNT_EMAIL_CONFIRMATION_AUTHENTICATED_REDIRECT_URL = FRONTEND_URL
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.