Hi, I am attempting to setup email verification for a site.
I have tried to use django.contrib.auth.tokens.default_token_generator. However, I always get an invalid result when I try and check the token.
I had a look at the code, and when I print the user.password (which is used internally in the default_token_generator to calculate the hash value) in the make_token function, it is different to when I print user.password in check_token.
Because the user.password field differs, the check_token fails.
Any clues as to why the user.password field might change would be gratefully received.
Oh, and I’ve just checked. A user that hasn’t clicked on the email link, but has been made active via admin, can login.
A user that has clicked on the email link, and has been made active by the admin, cannot login, as the password has definitely changed.
I have tried with both a postgres backend and the sqlitedb.
We would need to see all the relevant code here. This includes every function where you accept a password being entered in a form and every function where you are creating or comparing tokens. (This would be code that you have written, no need to post system code from Django.)
I have figured it out. In my register view, I was calling the function to make_token and send email, before I called the registerView.super.
So, I changed this:
def form_valid(self, form):
user = form.save()
sendConfirm(user)
return super(RegisterView, self).form_valid(form)
To this:
def form_valid(self, form):
user = form.save()
bob = super(RegisterView, self).form_valid(form)
sendConfirm(user)
return bob
Internally, the sendConfirm is using a threaded function to send the email, and by the time the super class had been called, the link was sent with a password that was then overwritten by the threaded function.
I will, of course, change bob to a more meaningful name…