j、邮箱验证

昵称已经被使用 / 2023-08-13 / 原文

邮箱验证

1、⾸先需要⼀个 QQ 邮箱授权码：进⼊QQ 邮箱点击

设置

示例图

2、开启服务，并且⽣成授权码

示例图

3、setting.py 配置

示例代码

 EMAIL_HOST = 'smtp.qq.com'
 EMAIL_PORT = 25 #如果不好使 就换成 465
 EMAIL_HOST_USER = 'xxx@qq.com' # 你的QQ账号
 EMAIL_HOST_PASSWORD = '授权码,不是qq邮箱密码'
 EMAIL_USE_TLS = True # 这⾥必须是 True，否则发送不成功
 EMAIL_FROM = 'xxx@qq.com' # 你的 QQ 账号

4、业务逻辑

说明
1. 处理⽤户注册数据，存⼊数据库，is_active字段设置为False，⽤户未认证之前不允许登陆
2. 产⽣token，⽣成验证连接URL
3. 发送验证邮件
4. ⽤户通过认证邮箱点击验证连接，设置is_active字段为True，可以登陆
5. 若验证连接过期，删除⽤户在数据库中的注册信息，允许⽤户重新注册（username、email字段具有唯⼀性）
邮件验证连接主要有两步
- ⼀是产⽣token，发送邮件
- ⼆是处理验证链接。这⾥采⽤base64加密，及itsdangerous序列化（⾃带时间戳)
```
from itsdangerous import URLSafeTimedSerializer as utsr
import base64
```

from django.conf import settings as django_settings

 class Token:
     def __init__(self, security_key):
         self.security_key = security_key
         self.salt = base64.encodebytes(security_key.encode('utf8'))

     def generate_validate_token(self, username):
         serializer = utsr(self.security_key)
         return serializer.dumps(username, self.salt)
    
     def confirm_validate_token(self, token, expiration=3600):
         serializer = utsr(self.security_key)
         return serializer.loads(token, salt=self.salt, max_age=expiration)
 
def remove_validate_token(self, token):
         serializer = utsr(self.security_key)
         print(serializer.loads(token, salt=self.salt))
         return serializer.loads(token, salt=self.salt)
 
token_confirm = Token(django_settings.SECRET_KEY)    # 定义为全局变量
```

注册发送邮箱

def register_view(request):
        if request.method == 'POST':
        try:
            username = request.POST.get('username')
            password = request.POST.get('password')
 
            # 验证⽤户是否存在
            user = authenticate(username=username, password=password)
            if user:
                # ⽤户已经存在
                return render(request, 'register.html', {'msg': '⽤户名已存在'})
            else:
                # 保存⽤户
                user = User.objects.create_user(username=username, password=password)
                user.is_active = False
                # 发送邮件验证
                token = token_confirm.generate_validate_token(user.username)
                link = reverse("App:active",kwargs={'token':token})
                link = "http://"+request.get_host() + link
                print(link)
                html = loader.get_template('active.html').render({'link':link})
                send_mail('账户激活','',EMAIL_FROM,['landmark_csl@126.com'],html_message=html)
            return render(request, 'message.html', {'message': "请登录到注册邮箱中验证⽤户，有效期为1个⼩时",'username':username})
        except Exception as e:
         	print(e)
            return render(request, 'register.html', {'msg': '注册失败,⽤户名或密码错误'})
    else:
        return render(request, 'register.html')

激活⽤户

def active_user(request, token):
    try:
        username = token_confirm.confirm_validate_token(token)
    except:
        username = token_confirm.remove_validate_token(token)
        users = User.objects.filter(username=username)
        for user in users:
            user.delete()
        return render(request, 'message.html', {'message': "对不起，验证链接已经过期，请重新<a href='/register/'>注册</a>"})
    try:
        user = User.objects.get(username=username)
    except User.DoesNotExist:
        return render(request, 'message.html', {'message': u"对不起，您所验证的⽤户不存在，请重新注册"})
    user.is_active = True
    user.save()
    message = "验证成功，请进⾏<a href='/login/'>登录</a>操作"
    return render(request, 'message.html', {'message': message})