Email confirmation

Hi ,
I try to make a function that confirm email of a certain user by :

• Sending a link to user via email.
• This user must click on this link to authorize further acces to the website.

The first part works fine the function can send a token to the user .
The second part didn’t work .

The code is divided in two functions 1 to create a user and send the mail the second to compare if a given token is valid for a given user.

2023-02-08_11h43_48729×559 25.5 KB

2023-02-08_11h44_01981×393 18.6 KB

The second function return Activation link is invalid !

I tried to dig into the problem by examining the source code of the PasswordResetTokenGenerator class.

In the second function the code that i’m using employs a method of this class called check_token . This check if a given reset token is valid for a given user.

2023-02-08_11h45_00791×682 23.5 KB

Inside this method there is another methos used in a statement called : make_token_with_timestamp.

This method compare 2 string and return a boolean if they are the same or not .

2023-02-08_11h45_09739×340 14.3 KB

The init method of the PasswordGeneratorTokenGenerator class set self.algorithm = self.algorithm or “sha256”

The _make_token_with_timestamps generate a int_to_base_36 - HMAC string
but the HMAC string in generated with SHA1

I maybe completly wrong here but it is possible that the condition in my validate function didn’t become True due to to this difference of algorithms ?

Side note: Please do not post images of code. They can’t be indexed or searched in the forum, and they can’t be copied and quoted to highlight issues in specific areas of code.
Copy / paste your code into the body of your message surrounded by lines of three backtick - ` characters. This means that you’ll have a line of ```, then your code, then another line of ```. This forces the forum software to keep your code properly formatted.

I’m a bit confused by what you have here. You’ve got multiple references to objects or variables that aren’t defined in what you have posted. My initial reaction to what I’m seeing here is that I would expect this code to result in a 500 error on the page(s) referencing them.
Please post the complete functions.

Ok

All the functions are there . The first two come from my views.py and the last two come from the PassewordResetTokenGenerator class

In your first function, you reference a variable named account_activation_token. I don’t see where that has been defined, nor do I find a system variable, function, or class by that name.

In your second function, you’re using that same variable name - again, without a definition.

We’re going to need to see all the code that’s involved in this process to be able to properly try and diagnose this.

Yes Sorry i forgot this one

 from django.contrib.auth.tokens import PasswordResetTokenGenerator
from django.utils import six

class TokenGenerator(PasswordResetTokenGenerator):
    def _make_hash_value(self, user, timestamp):
        return (six.text_type(user.pk)+six.text_type(timestamp)+six.text_type(user.is_active))


account_activation_token=TokenGenerator() ```

In your create_user function, you’re not calling the make_token method on the account_activation_token object in your render_to_string call.

No I tought it was auomaticly called or not when i instanciated the object in the render_to_string token variable context

Nope. You need to call it. (Django calls it in django.contrib.auth.forms.PasswordResetForm.save)

It worked ! Thank you for your help sir.

Deat all, can you guys be more clear in how to procced with that

Hi ,

Your account has successfully created. Please click below link to activate your account

http://127.0.0.1:8000/account/activate/MTI/c6u8b2-28d19f943b7cc7c4fa30f842e2c0d020)/

[11/May/2024 01:04:15] “POST /account/register/ HTTP/1.1” 200 9648
Internal Server Error: /account/activate/MTE/c6u6wk-d7342c0c23d80eda7a7ef53a856eb85d)/
Traceback (most recent call last):
I’m still facing issue