I did that later, rendered the CustomSignUp form, but then the form doesn’t work. I can make the form accept POST data and register user etc. but it won’t be amazing like allauth’s system. To make it work like allauth’s system I have to write all the back-end code. And what’s the purpose of using allauth if I’m going to write everything myself anyway?
I didn’t find a solution to the original problem, but I found a simple workaround:
In settings.py:
ACCOUNT_AUTHENTICATED_LOGIN_REDIRECTS = False
So that both logged-in and non-logged-in users can view the original form.
Then I put simple logic in the template file so only staff users can view the register form. Others can see just a sorry message. You can see the code below for demonstration.
Since CSRF_token is used to register new user, I assume it prevents other users can’t just write the form on the frond end and register whoever they want even if they are not logged in. Else it would be very easy to hack. But I’m not sure about that.
Do you think it’s a good idea, or that’s too vulnerable?
{% extends "base.html" %}
{% load i18n %}
{% block head_title %}{% trans "Signup" %}{% endblock %}
{% block content %}
<br>THIS IS A CUSTOM TEMPLATE</br>
{% if user.is_authenticated and user.is_staff %}
<h1>{% trans "Sign Up" %}</h1>
<p>{% blocktrans %}Already have an account? Then please <a href="{{ login_url }}">sign in</a>.{% endblocktrans %}</p>
<form class="signup" id="signup_form" method="post" action="{% url 'account_signup' %}">
{% csrf_token %}
{{ form.as_p }}
{% if redirect_field_value %}
<input type="hidden" name="{{ redirect_field_name }}" value="{{ redirect_field_value }}" />
{% endif %}
<button type="submit">{% trans "Sign Up" %} »</button>
</form>
{% else %}
Only admins are allowed to register new users
{% endif %}
{% endblock %}