Is there a way to set up the django authentication model where, instead of a password, users put in their email address, and then are emailed a link that they click on to login with? If so, are there any tutorials on how to set this up?

CodePudding user response：

Yes, there is.

You'll either need to hope there is already a module out for this, otherwise you will have to write your own way of authenticating.

I'll give a rough estimate of how it's gonna work.

• First, you will need to create a class inheriting from AbstractBaseUser
• Set the username field to email, still include password fields. They are required.
• Then, you will need to create a manager for that custom base user.
• the user manager must have two methods: create_user() and create_superuser()
• Then, in a view, have user enter their email address, and then generate a token with Django's default_token_generator, and send that token via e-mail to the user.
• Create a view which accepts the token, and logs the user in.

I highly advise you to take the docs as your guide. This might get relatively complicated.

More info on the Django Docs

Side note: This will not be as secure as email and password validation. If a user's email gets hacked, the hackers will instantly know not only which site they can target, but also get a free pass to access.

Alternatively; check out Django AllAuth, they provide lots of ways to authenticate, including with Gmail or Facebook. There are some great tutorials online, but you'll have to do some googling. ;)