User registration with email

I don’t really know how to “signal” django developers for a request of improvement, this seems the most appropriate place.

I would just like to ask to build/why there is not a section of the docs dedicated to the super super classical two step user registration: form + one time link sent via email.

I mean there is a lot third party stuff for this (allauth ?), and also very good guides (eg : https://medium.com/@frfahim/django-registration-with-confirmation-email-bb5da011e4ef, https://simpleisbetterthancomplex.com/tutorial/2016/08/24/how-to-create-one-time-link.html )

BUT

it would be nice to have an organic guide on it on the official page. Because it’s not just the code bits, it’s also about explaining a bit how to use the PasswordResetTokenGenerator class, why such a potent class is extended with a pair of custom methods in every guide and has not all the methods needed out of the box, how to use the methods for uid encode-decode, the mechanism (if any) that makes a link one time use, whether inactive users are conserved or dumped from db after some time…stuff like that. It’d be nice to have a nice, organic tutorial/topic guide. Not necessairly improve the django-code related part: if there is some standard piece of code that must be written every time, great, but it’s good to know what to do.

If I have to present this request somewhere else please let me

Actually, unless I’m missing something, there aren’t any “User Registration” mechanisms built-it. They’re all supplied via third-party apps.

(What follows here is just person’s opinion - I’m not even one of the core developers or anyone directly involved, I’m just a developer who uses Django regularly.)

Now, whether or not there should be is a different question. If you think about Django’s history and origins, it makes sense to me that the vast majority of users would be anonymous, and those needing authenticated access would be limited and controlled. (This is all conjecture on my part. There are probably more than 1000 people who would know better than me, but it fits with what I know and have read.)

I do have the impression that at this point there’s a general resistance toward adding features to core - especially if the feature is new and not fully stabilized - and the variety of options in that area certainly gives me the impression that there isn’t one “generally accepted” mechanic for doing this.

(I have looked at a couple of the samples - and I’ll have to admit, I don’t see where overriding the PasswordResetTokenGenerator class is necessary. I haven’t used this yet, but in thinking about how I would implement this, I don’t think I would end up taking that approach.)

Anyway, I hope people more knowledgeable about this choose to join in to provide a more informed opinion.

Ken

I have meditated about this a bit and… 3 things:

  • First and foremost: thank you. It’s nice to have an opinion, and your response was super fast.
  • Yes, I might agree with you on the fact that most of users should be anonymous or manually inserted into the system, and now that I think about it, a full documentation “”"“section”""" about registering users may be not in line with the core philosophy…although…
  • Despite this, I still think that the docs can be improved. At least, well made guides never hurt. (Besides, E.g I can’t find an API for the PasswordResetTokenGenerator class. So yeah, although I can think of at least 10 ways of generating one time use user-specific tokens, I can’t seem to find info enough to decide whether I should extend the class. https://docs.djangoproject.com/en/3.0/search/?q=django.contrib.auth.tokens :frowning: )