Is there a way to set up the django authentication model where, instead of a password, users put in their email address, and then are emailed a link that they click on to login with? If so, are there any tutorials on how to set this up?
CodePudding user response:
Yes, there is.
You'll either need to hope there is already a module out for this, otherwise you will have to write your own way of authenticating.
I'll give a rough estimate of how it's gonna work.
- First, you will need to create a
class
inheriting fromAbstractBaseUser
- Set the username field to email, still include password fields. They are required.
- Then, you will need to create a manager for that custom base user.
- the user manager must have two methods:
create_user()
andcreate_superuser()
- Then, in a view, have user enter their email address, and then generate a token with Django's
default_token_generator
, and send that token via e-mail to the user. - Create a view which accepts the token, and logs the user in.
I highly advise you to take the docs as your guide. This might get relatively complicated.
Side note: This will not be as secure as email and password validation. If a user's email gets hacked, the hackers will instantly know not only which site they can target, but also get a free pass to access.
Alternatively; check out Django AllAuth, they provide lots of ways to authenticate, including with Gmail or Facebook. There are some great tutorials online, but you'll have to do some googling. ;)