Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

註冊 - Email 認證 #3

Closed
flywindy opened this issue Dec 19, 2015 · 8 comments
Closed

註冊 - Email 認證 #3

flywindy opened this issue Dec 19, 2015 · 8 comments
Assignees
@uranusjr

Comments

@flywindy
Copy link
Contributor

Reference: The HMAC activation workflow
@uranusjr uranusjr mentioned this issue Dec 19, 2015
Merged
8 tasks
@uranusjr
Copy link
Member

我在 cfp branch 實作了簡單的 HMAC workflow,大家再幫忙測試一下吧。

cc @ccwang002

@ccwang002
Copy link
Member

我 local 測試可以,有收到信。

@uranusjr
Copy link
Member

補一下目前的註冊流程:

  1. 使用者在註冊頁面填入 email 與 password。
  2. 系統會建立 user model instance,把 ia_active 設成 False,並送一封 activation mail 到使用者的信箱。信件裡面會包含一個 activation key。
  3. 使用者可以在 24 小時內(settings.USER_ACTIVATION_EXPIRE_SECONDS)點擊啓用連結,完成註冊。
  4. 使用者啓用帳戶後 is_active 會被設為 True
  5. 註冊完成後,使用者會被導向登入頁面。

如果啓用頁面在超過 24 小時後被訪問,會出現 404。這時候使用者會無法使用他的帳戶(因為 email 已經被註冊了,無法再次註冊,但 activation link 已無法使用)。這時候應該假設為使用者的 email 被盜用來註冊,所以如果使用者有問題,要請他 email 聯絡管理員,如果沒問題的話再手動幫他開通,或刪除原本的註冊資料。

@uranusjr uranusjr mentioned this issue Dec 24, 2015
Closed
@flywindy flywindy reopened this Dec 25, 2015
@flywindy
Copy link
Contributor Author

重新討論一下流程 @uranusjr @ccwang002
剛剛我跟 Andy 討論一下,沒認證就不能登入的情況好像比較少見吧?
然後超過 24 小時候那頁面就變 404,結果後來要聯絡管理者,我覺得也不太對。
這不一定是盜用啊,應該滿有可能就是忘記去驗證吧!

我覺得應該是

  • signup page -> dashboard (只有提醒驗證 和 resend email button)
  • login page -> (沒認證但還是可以登入) -> dashboard (只有提醒驗證 和 resend email button)
  • login page -> (已認證) -> dashboard (完整功能)

@uranusjr
Copy link
Member

這部分我其實沒什麼意見(記得我一開始是覺得連認證都不需要嗎…)。

現在的流程其實就只是照上面 reference 做出來的,只有改 redirect 到哪裡之類的細節。只要討論有結果都可以改。

@flywindy
Copy link
Contributor Author

我記得,而且亮亮說要加驗證主要也是為了未來聯絡方便,所以我覺得還是可以登入,但沒認證就不能 cfp 應該有符合他的目的。

@uranusjr
Copy link
Member

所以現在的流程就確定了嗎?沒問題的話我開工囉。

@ccwang002
Copy link
Member

照 flywindy 的做法吧

@uranusjr uranusjr mentioned this issue Dec 25, 2015
Merged
yychen pushed a commit that referenced this issue Aug 11, 2020
@kenson2998
Merge pull request #3 from pycontw/master
1bad1d0 
pull master
josix pushed a commit that referenced this issue Oct 8, 2023
@erik1110
Merge pull request #3 from erik1110/feature/unit_test
53d0cab 
[feat] flake8
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@uranusjr uranusjr

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@uranusjr @flywindy @ccwang002