views:

383

answers:

2

I want to create django users from django application, and then confirming user creation by sending them e-mail with validation link.

How can I safely generate this link from user details (I don't want to generate random value and store it in DB, and I don't want to use any external modules like Pinax for this)

+3  A: 

You'll want to go grab django-registration and call it a done: http://bitbucket.org/ubernostrum/django-registration/wiki/Home

This is a simple application which provides flexible user registration for Django-based projects. The default setup implements a fairly common workflow:

  1. User signs up for account.
  2. User receives an email containing instructions for activating the account.
  3. User activates and begins using the site.

Docs on how to integrate and use it: http://bitbucket.org/ubernostrum/django-registration/src/tip/docs/overview.txt

It manages the reg key, timeout period and all processing for activating an account.

I have used this a few times with slight mods and it is very easy to get going testing using even a gmail account for sending to test.

Add this to your settings.py in the app to test with a gmail account:

EMAIL_USE_TLS = True
EMAIL_HOST = 'smtp.gmail.com'
EMAIL_HOST_USER = '[email protected]'
EMAIL_HOST_PASSWORD = 'YOURPASSWORD'
EMAIL_PORT = 587

Also, django-profiles is a great addition to this django-registration kit: http://bitbucket.org/ubernostrum/django-profiles/wiki/Home

Ryan Christensen
+1  A: 

You could do something like this:

from django.utils.hashcompat import sha_constructor

salt = "secret_salt"
confirmation_key = sha_constructor(salt + email_address).hexdigest()

and then send confirmation_key as part of the query string in the validation link. I'm not sure how secure this would be though.

Why do you want to do it without the db? Take a look at django-email-confirmation for the standard (uses the db) way to approach this.

Daveyjoe