- ru
- Language: en
- Documentation version: 0.1
Email Auth¶
python-social-auth comes with an EmailAuth backend which comes handy when your site uses requires the plain old email and password authentication mechanism.
Actually that’s a lie since the backend doesn’t handle password at all, that’s up to the developer to validate the password in and the proper place to do it is the pipeline, right after the user instance was retrieved or created.
The reason to leave password handling to the developer is because too many things are really tied to the project, like the field where the password is stored, salt handling, password hashing algorithm and validation. So just add the pipeline functions that will do that following the needs of your project.
Backend settings¶
SOCIAL_AUTH_EMAIL_FORM_URL = '/login-form/'
Used to redirect the user to the login/signup form, it must have at least one field named
email
. Form submit should go to/complete/email
, or if it goes to your view, then your view should complete the process callingsocial_core.actions.do_complete
.SOCIAL_AUTH_EMAIL_FORM_HTML = 'login_form.html'
The template will be used to render the login/signup form to the user, it must have at least one field named
email
. Form submit should go to/complete/email
, or if it goes to your view, then your view should complete the process callingsocial_core.actions.do_complete
.
Email validation¶
Check Email validation pipeline in the pipeline docs.
Password handling¶
Here’s an example of password handling to add to the pipeline:
def user_password(strategy, backend, user, is_new=False, *args, **kwargs):
if backend.name != 'email':
return
password = strategy.request_data()['password']
if is_new:
user.set_password(password)
user.save()
elif not user.validate_password(password):
# return {'user': None, 'social': None}
raise AuthForbidden(backend)