def confirm_user(request): if request.method == 'POST': password = request.POST.get('check_pass', '') user = auth.authenticate(password=password) if user is not None: print("Есть совпадение") else: print("Нет совпадений") return render(request, 'check.html')

The thing is, you need to compare the entered code with the code in the database.

  1. Is the auth.authenticate method suitable for this purpose?
  2. How to organize a check? To consider the user id. And change the registration confirmation flag. Thanks in advance for the constructive advice / answers

    1 answer 1

    The authenticate method searches for a user in all authorization backends by the passed parameters. In general, if you look into the documentation , you can see that by default the username and password should be transferred there (this is for the ModelBackend backend, if you didn’t change anything in this regard, then your code will not work).

    In your case, I assume that some email_check_code is stored in the database, which is, let's say, a random string of N characters. You send an email to the user some link that contains this email_check_code, and for the corresponding user write this value to the database. The user following this link should see a message that their email has been confirmed.

    From the scheme above it is clear that our input parameters are only email_check_code (and not the password). Accordingly, the authenticate method does not suit us.

    Go ahead. It can be implemented quite simply. Suppose that you have created some related table on a table of users and store two values ​​there - user and email_check_code, and until the user confirms the email is set to is_active = False (well, so that he could not enter). Accordingly, in the view we need to check email_check_code, find this user and set it to is_active = True. Well, to heighten the comfort, delete the instance of this model with a code (so that it does not follow the same link a second time).

     from django.contrib.auth import get_user_model from .models import EmailCodeModel def confirm_user(request): if request.method == 'POST': code_instance = EmailCodeModel.objects.filter(email_check_code=request.GET.get('email_check_code')).first() if code_instance: code_instance.user.is_active = True code_instance.user.save() code_instance.delete() print('Всё хорошо') # тут можно сделать, например, redirect на страницу успеха return render(request, 'check.html')

    Still not sure? See how this is implemented in django-registration-redux . Better yet, don't bother yourself with this and use this add-on - for the simplest cases of registering and confirming email, this is exactly what you need (use backend default).

    • Great, you clarified many things to me. Probably I didn’t completely correctly asked the question, my check is not by e-mail. The user enters a phone number, generates a code to confirm the registration and send it to the user, while writing to the database, of course, far from username & password, password = request.POST.get('check_pass', '') this field I get the input code user, it will be easier for me to change the authenticate parameters in order to get the code recorded in the database? - maximus
    • It will be easier to directly search for the user model. If it is necessary that the user remains unauthorized until he enters the password from the SMS, then it is easier to store data in the session (for example, invent your _sms_user_id variable and refer it to this user) - FeroxTL