A note on Email confirmation.
Part 2 is about Email Confirmation. Check out the whole series Django-allauth.
Table of Contents:
- Setting a Gmail account
- Trying it out
If you are following my Part 1 tutorial on django-allauth and you’ve already tested connection to Facebook, and if you want to test Email Confirmation, you may want to go to
/admin/socialaccount/socialaccount/ and remove existing connection and do the whole cycle again.
Settings for django-allauth
Additional configuration in settings.py file.
ACCOUNT_LOGOUT_REDIRECT_URL = '/accounts/login/' LOGIN_REDIRECT_URL = '/accounts/email/' AUTH_USER_MODEL = 'generalapp.CustomUser' ACCOUNT_AUTHENTICATED_LOGIN_REDIRECTS = False # a personal preference. True by default. I don't want users to be interrupted by logging in ACCOUNT_AUTHENTICATION_METHOD = 'email' # a personal preference. I don't want to add 'i don't remember my username' like they did at Nintendo, it is stupid ACCOUNT_EMAIL_CONFIRMATION_ANONYMOUS_REDIRECT_URL = 'gen:email_success' # a page to identify that email is confirmed when not logged in ACCOUNT_EMAIL_CONFIRMATION_AUTHENTICATED_REDIRECT_URL = 'gen:email_success' # same but logged in ACCOUNT_EMAIL_CONFIRMATION_EXPIRE_DAYS = 7 # a personal preference. 3 by default ACCOUNT_EMAIL_REQUIRED = True # no questions here ACCOUNT_EMAIL_VERIFICATION = 'mandatory' # as the email will be used for login ACCOUNT_LOGIN_ON_PASSWORD_RESET = True # False by default ACCOUNT_LOGOUT_ON_PASSWORD_CHANGE = True # True by default # ACCOUNT_LOGOUT_REDIRECT_URL = '/accounts/login' ACCOUNT_USERNAME_BLACKLIST = ['yomama',] ACCOUNT_USERNAME_MIN_LENGTH = 4 # a personal preference ACCOUNT_SESSION_REMEMBER = True # None by default (to ask 'Remember me?'). I want the user to be always logged in
Setting a Gmail account
You will need an email account to send emails from, obviously. An easy way is setting up Gmail. Here is a Google approved tutorial on that. Generally, steps are:
- Go to https://mail.google.com/mail/#settings/general
- Go to tab Forwarding POP/IMAP
- Enable IMAP Access
- Save changes.
Go to settings.py and add your account information.
EMAIL_HOST = 'smtp.gmail.com' EMAIL_PORT = 587 EMAIL_HOST_USER = 'email@example.com' EMAIL_HOST_PASSWORD = 'Password1234' EMAIL_USE_TLS = True DEFAULT_FROM_EMAIL = EMAIL_HOST_USER EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' # !!!! very important for django-allauth specifically
Now, it’s not secure at all, you can hide it any way you normally do it.
Then in order to prepare your Gmail account for these highly invasive actions:
- https://accounts.google.com/DisplayUnlockCaptcha and set it free~
- https://myaccount.google.com/u/0/lesssecureapps and enable suspicious websites. Attention! In this link
0stands for the order number of the gmail account (starts with 0; you see
/u/0/= user #0). In the right top corner check if it is the right account you are working with.
- You also have to go to your Gmail and find a notification email from Google about security of your account from firstname.lastname@example.org. Then go and confirm that it was you who did that.
Trying it out
Then let’s signup again. Go to http://localhost:8000/accounts/login/ and press Facebook. If everything’s fine, you will get am email:
Then you will be redirected to Login page, if you didn’t set up an Email_Success one. You can do it like this.
def email_success(request): res = 'Email is verified!' return HttpResponse('<p>%s</p>' % res)
urlpatterns = [ path('email_success/', user_views.email_success, name='email_success') ]
ACCOUNT_EMAIL_CONFIRMATION_ANONYMOUS_REDIRECT_URL = 'yourapp:email_success' # if you are not logged in ACCOUNT_EMAIL_CONFIRMATION_AUTHENTICATED_REDIRECT_URL = 'yourapp:email_success' # if you are logged in UNIQUE_EMAIL = True # just to be sure, ok
I recommend adding UNIQUE_EMAIL too. Just to spare yourself a headache later.
In order to see if the email is confirmed, you need to look into
verified. Go to
/admin/account/emailaddress/ and see for yourself if it worked.
It did!! Congrats, y’all.
SMTPAuthenticationError at /accounts/facebook/login/callback/
- YOU PASSWORD IS WRONG ok? You check that first (caps is out of my own disappointment in myself, nothing personal, pal).
- This error may occur at
127.0.0.1:8000, but if it happens online, you need to set https.
- If that doesn’t help either, check if both settings files contain these settings – your development one and production (live) one.
- Something is wrong with settings.
If you get other errors, go to my original post and find a solution. Or let me know in the comments – I’ll be happy to be of help 😉