Django Sign Up and login with confirmation Email

Introduction to Django Sign Up and Login with Confirmation Email

User authentication is a crucial part of any web application. Django simplifies this process by providing built-in authentication mechanisms. One common feature is allowing users to sign up and log in with an email confirmation step to verify their identity, improving security and reducing spam registrations.

Why Use Email Confirmation in Django?

Email confirmation helps ensure that users register with valid email addresses. This verification step prevents fake accounts and allows you to communicate important information to your users, such as password resets or notifications, reliably.

Setting Up Django Project for Email Confirmation

To implement sign up with email confirmation, start by creating a Django project and app. Make sure your settings.py is configured to send emails, usually via SMTP. For example, you can use Gmail's SMTP server for development purposes:

EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = 'smtp.gmail.com'
EMAIL_PORT = 587
EMAIL_USE_TLS = True
EMAIL_HOST_USER = 'your_email@gmail.com'
EMAIL_HOST_PASSWORD = 'your_password'

Creating the User Registration Form

Create a registration form using Django's built-in UserCreationForm or customize it according to your needs. The form will collect user data like username, email, and password. Ensure the email field is required and validated.

Handling User Registration and Sending Confirmation Email

When a user submits the sign-up form, create an inactive user account first. Then generate a unique token and send a confirmation email containing a link with this token. When the user clicks the link, activate their account.

Sample View for Registration with Email Confirmation

from django.contrib.auth.models import User
from django.contrib.sites.shortcuts import get_current_site
from django.core.mail import EmailMessage
from django.shortcuts import render, redirect
from django.template.loader import render_to_string
from django.utils.http import urlsafe_base64_encode, urlsafe_base64_decode
from django.utils.encoding import force_bytes, force_text
from .tokens import account_activation_token
from .forms import SignUpForm

def signup(request):
    if request.method == 'POST':
        form = SignUpForm(request.POST)
        if form.is_valid():
            user = form.save(commit=False)
            user.is_active = False
            user.save()
            current_site = get_current_site(request)
            mail_subject = 'Activate your account.'
            message = render_to_string('acc_active_email.html', {
                'user': user,
                'domain': current_site.domain,
                'uid': urlsafe_base64_encode(force_bytes(user.pk)),
                'token': account_activation_token.make_token(user),
            })
            email = EmailMessage(mail_subject, message, to=[form.cleaned_data.get('email')])
            email.send()
            return render(request, 'confirmation_sent.html')
    else:
        form = SignUpForm()
    return render(request, 'signup.html', {'form': form})

Activating the User Account

To activate the account, create a view that verifies the token and user ID from the URL. If valid, set user.is_active = True and allow the user to log in.

Login Implementation

Django provides a built-in login view, but you can customize it to redirect users based on their status or role. Make sure only active users can log in, which is handled automatically if is_active is properly set.

Conclusion

Adding email confirmation during sign up in Django strengthens your application’s authentication system. It not only improves security but also enhances user experience by verifying genuine users. With Django’s flexible tools, implementing this feature is straightforward and efficient.