Verification code before saving to database

Hello.
I’m trying to achieve something similar to OTP (One Time Password) but instead of login purposes, to authorize submitting a form and saving it to database.
I have a function that returns a random string each time it is called.
Currently, I “found” two approaches:

  • The first one is to restrict the entire form view (I am working with class-based views and in this case, CreateView) with some weird implementation of this app called django-lockdown or something like that.
  • The second one is to generate the ‘code’ in the backend, send it as context and only if the user has typed it right, it submits the form and saves normally.

Of course, the code would be sent to an administrator via email so the user needs to have some sort cleareance before doing anything with the database.
Any help would be appreciated.

Could you use django-sesame’s per-view authentication?

2 Likes

And instead of sending codes I would be sending “magic links” with expiration time, I’ll give it a try, thanks.