Django Token验证用户注册邮箱验证

Token 验证

Token是一个用户自定义的任意字符串。在成功提交了开发者自定义的这个字符串之后，Token的值会保存到微信后台。只有服务器和微信后台知道这个字符串，也就是说只有微信后台和公众账号服务器知道这个字符串。于是Token就成了这两台服务器之间的密钥，它可以让公众账号服务器确认请求是来自微信后台还是恶意的第三方。以下是Token验证的具体过程。

pip install itsdangerous

1.定义Token类

from itsdangerous import URLSafeTimedSerializer as utsr
import base64
import re
from django.conf import settings as django_settings

class Token:
    def __init__(self, security_key):
        self.security_key = security_key
        self.salt = base64.encodestring(security_key)
    def generate_validate_token(self, username):
        serializer = utsr(self.security_key)
        return serializer.dumps(username, self.salt)
    def confirm_validate_token(self, token, expiration=3600):
        serializer = utsr(self.security_key)
        return serializer.loads(token, salt=self.salt, max_age=expiration)
    def remove_validate_token(self, token):
        serializer = utsr(self.security_key)
        return serializer.loads(token, salt=self.salt)
token_confirm = Token(django_settings.SECRET_KEY) # 定义为全局变量

2.表单处理函数

def regfirm(request):
    name = request.POST['name']
    code= request.POST['code']
    boss = request.POST['boss']
    reg_l =request.POST['reg_l']
    reg_d= request.POST['reg_d']
    loc= request.POST['loc']
    phone = request.POST['phone']
    emill= request.POST['emill']
    pw = request.POST['pw1']
    firm = {'name': str(name),
           'code': str(code),
           'boss': str(boss),
           'reg_l': str(reg_l),
           'reg_d': str(reg_d),
           'state': str('在营'),
           'loc': str(loc),
           'phone': str(phone),
           'emill': str(emill)
           }
    login = {
        'username': str(name),
        'password': str(pw),
        'type': 1,  # 1企业  0:求职者
    }

    jobmodel.Company.objects.create(**firm)
    flag2 = sysmodel.Login.objects.create(**login)
    flag2.state=False
    flag2.save()
    global token_confirm
    token = token_confirm.generate_validate_token(name)
    message = "\n".join([u'{0},欢迎加入EeasyJob在线招聘网站'.format(name), u'请访问该链接，完成用户验证:',
                         '/'.join([django_settings.DOMAIN, 'activate', token])])
    send_mail(u'注册用户验证信息', message, '[email protected]', [emill,], fail_silently=False)
    return HttpResponse(u"请登录到注册邮箱中验证用户，有效期为1个小时")

3.邮箱验证函数

def active_user(request, token):
    try:
        username = token_confirm.confirm_validate_token(token)
    except:
        username = token_confirm.remove_validate_token(token)
        users = sysmodel.Login.objects.filter(username=username)
        for user in users:
           user.delete()
        return HttpResponse( u'对不起，验证链接已经过期，请重新 + unicode(django_settings.DOMAIN) + u'/login\">注册')
    try:
        user = sysmodel.Login.objects.get(username=username)
    except sysmodel.Login.DoesNotExist:
        return HttpResponse(u"对不起，您所验证的用户不存在，请重新注册")
    user.state = True
    user.save()
    message = u'验证成功，请进行 + unicode(django_settings.DOMAIN) + u'/login\">登录操作'
    return HttpResponse(message)

4.配置urls.py文件

 url(r'^activate/(?P\w+.[-_\w]*\w+.[-_\w]*\w+)/$',active_user,name='active_user'),

如果提示django_settings.DOMAIN报错，可以在setting.py文件中加入

DOMAIN='localhost:8099'

此处8099 为

manage.py runserver 8099

文章参考自：https://my.oschina.net/keyven/blog/726123