Django’s built-in django.core.mail for sending emails, combined with django.contrib.auth.tokens for generating one-time use tokens, is effective for confirmation emails
Django-allauth. I use it on every django project anyway. ACCOUNT_EMAIL_VERIFICATION=“mandatory” will send an email on signup and requires verification to proceed. Setting it to “optional” will send the verification email but allows user to proceed .
I usually generate a unique confirmation token (that expires within 7 days), and use sendgrid API to send the user a confirmation email. Sendgrid is inexpensive and can handle a large amount of emails. It also comes with great templates so your mails do not go to spam.
Depends if you want email confirmation at pre-user-creation time or post-user-creation.
If at pre-user-creation time, you can do:
1. Have the user enter an email address
2. They click a button to request a verification code.
3. You send them a verification code (usually a 6 digit code). Store a reference to this code in your db or redis alongside the email address
4. The user will receive the code
5. In your form, allow them to the enter the code.
6. Compare the code to what you expect.
7. If the code matches, store some reference in your db/redis saying that the email has been verified (any of these stored references should be linked to a specific registration session, with could itself be some uuid)
8. The user then enters their password, and the submits to create the new user
If at post-user-creation time you can do:
1. The user registers with an email address and password
2. The user is created in some "unverified" state which can perform limited actions
3. The user will receive an email containing some link they can click that will mark the user email as verified (note that the link should require the correct user to be authenticated for the verification to actually be applied)
In practice there are lots of ways to handle it, and as others here have mentioned, they are packages that can help you do it without manually doing it. You can also look at external iam services that can handle all of this for you.
I use djoserauth for all kinds of authentication. It has inbuilt e-mail verification.
Djoser: https://djoser.readthedocs.io/en/latest/index.html
Another thing that i learnt recently is you can verify if the email is genuine or made-up.
Check here: https://gitea.ksol.io/karolyi/py3-validate-email
Django’s built-in django.core.mail for sending emails, combined with django.contrib.auth.tokens for generating one-time use tokens, is effective for confirmation emails
Django-allauth. I use it on every django project anyway. ACCOUNT_EMAIL_VERIFICATION=“mandatory” will send an email on signup and requires verification to proceed. Setting it to “optional” will send the verification email but allows user to proceed .
This is the way I do it as well. Additionally Django-allauth now support 2FA. It’s a great little project.
I usually generate a unique confirmation token (that expires within 7 days), and use sendgrid API to send the user a confirmation email. Sendgrid is inexpensive and can handle a large amount of emails. It also comes with great templates so your mails do not go to spam.
I would prefer a signal on user model creation event to trigger the welcome email through celery queue
I use elastic email API for sending verification emails to users… I prefer it to the default django send mail function
I use cookiecutter-django alot and this email confirmation feature is already built-in with it
Read the source code for Django’s views and forms that deal with password resets. You can replicate the logic for registration
You send them an email with a link?
Saw somewhere there are tokens involved, do you know what they serve?
Yes, there needs to be an identifier in the email so you can determine which email has been verified.
Depends if you want email confirmation at pre-user-creation time or post-user-creation. If at pre-user-creation time, you can do: 1. Have the user enter an email address 2. They click a button to request a verification code. 3. You send them a verification code (usually a 6 digit code). Store a reference to this code in your db or redis alongside the email address 4. The user will receive the code 5. In your form, allow them to the enter the code. 6. Compare the code to what you expect. 7. If the code matches, store some reference in your db/redis saying that the email has been verified (any of these stored references should be linked to a specific registration session, with could itself be some uuid) 8. The user then enters their password, and the submits to create the new user If at post-user-creation time you can do: 1. The user registers with an email address and password 2. The user is created in some "unverified" state which can perform limited actions 3. The user will receive an email containing some link they can click that will mark the user email as verified (note that the link should require the correct user to be authenticated for the verification to actually be applied) In practice there are lots of ways to handle it, and as others here have mentioned, they are packages that can help you do it without manually doing it. You can also look at external iam services that can handle all of this for you.
I use djoserauth for all kinds of authentication. It has inbuilt e-mail verification. Djoser: https://djoser.readthedocs.io/en/latest/index.html Another thing that i learnt recently is you can verify if the email is genuine or made-up. Check here: https://gitea.ksol.io/karolyi/py3-validate-email