Development #5223
Remove use of django-registration
0%
Description
Actuellement l'enregistrement des nouveaux utilisateurs se passe dans une vue héritant de registration et l'activation du compte utilisateur se fait directement via une vue registration.
Pourrait-on déleguer tout le travail de création et activation aux vues de registration?
Si besoin, coder notre backend si nous avons des checks spécifiques à faire les utilisateurs.
Je le vois dans l'optique de pouvoir changer facilement de backend d'enregistrement, de default
à ldap
par exemple, en chargeant les vues correspondantes, en fonction d'une variable dans les settings
par exemple.
Fichiers
Historique
Mis à jour par Serghei Mihai il y a plus de 9 ans
- Fichier 0001-django-registration-dependency-removed-with-however-.patch 0001-django-registration-dependency-removed-with-however-.patch ajouté
- Patch proposed changé de Non à Oui
J'avais oublié de le poster.
Mis à jour par Frédéric Péters il y a plus de 9 ans
I wonder what's the point of moving things in a default/ subdirectory; it made sense in django-registration as it wanted to be a generic application catering for many different usecases but I don't see that reason applying to Authentic.
Mis à jour par Serghei Mihai il y a plus de 9 ans
The idea is to add, later, another registration backend, let's say "ldap", putting its views and stuff under "ldap" directory.
It could be activated then by changing the A2_REGISTRATION_BACKEND to "ldap".
Mis à jour par Frédéric Péters il y a plus de 9 ans
This is only my opinion but I'd rather not have abstractions created before proven necessary.
Anyway, this patch does two very different things: 1) remove the dependency on django-registration, 2) move things around to create some kind of abstraction (broken in my opinion); this shouldn't be done in a single commit (in my opinion).
Mis à jour par Benjamin Dauvergne il y a plus de 9 ans
Just to add my opinion to Fred's. I was thinking that we could start from a clean page instead of copying django-registration in authentic.
First I would move account management view from the urls.py of registration_backend to the main urls.py as it's not related to registration. Then I would rewrite a simple registration backend that would:Mis à jour par Benjamin Dauvergne il y a plus de 9 ans
Another requirement could be to check for email unicity at registration and activation.
Mis à jour par Benjamin Dauvergne il y a plus de 9 ans
- Sujet changé de Utilisation de python-django-registration à Remove use of django-registration
Mis à jour par Frédéric Péters il y a plus de 9 ans
As I closed #5263 as a duplicate; here are some additional notes that were written over there:
At least, considering certivox, it would need an additional hook at the "user signs up" step, to validate that the request is ok.
Another requirement for a rewrite of this is that the "next" parameter of the login page should be conserved through the whole registration process so that the registration workflow at the IdP can be integrated into the login workflow of any service provider.
In a discussion about Vincennes, it was noted they would like the possibility to have an email sent to the site admins whenever a new user registers.
Mis à jour par Serghei Mihai il y a plus de 9 ans
- Fichier 0001-Registration-process-refactored-django-registration-.patch 0001-Registration-process-refactored-django-registration-.patch ajouté
- Fichier 0002-urls-not-involved-in-registration-process-removed-fr.patch 0002-urls-not-involved-in-registration-process-removed-fr.patch ajouté
- Fichier 0003-automatically-authenticating-user-on-account-activat.patch 0003-automatically-authenticating-user-on-account-activat.patch ajouté
Here are the patches removing django-registration, using the schema proposed by Benjamin and authenticating user at account creation.
Mis à jour par Benjamin Dauvergne il y a plus de 9 ans
This does not seem good:
'user': form.cleaned_data,
Mis à jour par Benjamin Dauvergne il y a plus de 9 ans
Mis à jour par Serghei Mihai il y a plus de 9 ans
- Fichier 0001-useless-data-removed-from-emailing-context.patch 0001-useless-data-removed-from-emailing-context.patch ajouté
Benjamin Dauvergne a écrit :
This does not seem good:
[...]
Indeed. I did not check if user attributes were used in activation email templates.
Mis à jour par Benjamin Dauvergne il y a plus de 9 ans
I think that passing the form data to the template is ok, just don't call it user
, maybe you could just do ctx_dict.update(cleaned_data)
.
Also Authentic2 do not use the django.contrib.sites
application anymore, we just pass the the site hostname instead.
Mis à jour par Serghei Mihai il y a plus de 9 ans
- Fichier 0001-user-data-passed-directly-to-activate-email-template.patch 0001-user-data-passed-directly-to-activate-email-template.patch ajouté
- Fichier 0002-django.contrib.sites-removed-from-registration-backe.patch 0002-django.contrib.sites-removed-from-registration-backe.patch ajouté
Last two remarks done.
Mis à jour par Benjamin Dauvergne il y a plus de 9 ans
On pourrait avoir la série de patch complète rebasée ?
Mis à jour par Serghei Mihai il y a plus de 9 ans
- Fichier 0001-Registration-process-refactored-django-registration-.patch 0001-Registration-process-refactored-django-registration-.patch ajouté
- Fichier 0002-urls-not-involved-in-registration-process-removed-fr.patch 0002-urls-not-involved-in-registration-process-removed-fr.patch ajouté
- Fichier 0003-automatically-authenticating-user-on-account-activat.patch 0003-automatically-authenticating-user-on-account-activat.patch ajouté
- Fichier 0004-user-data-passed-directly-to-activate-email-template.patch 0004-user-data-passed-directly-to-activate-email-template.patch ajouté
- Fichier 0005-django.contrib.sites-removed-from-registration-backe.patch 0005-django.contrib.sites-removed-from-registration-backe.patch ajouté
- Fichier 0006-next_url-param-propagated-from-service-provider-to-r.patch 0006-next_url-param-propagated-from-service-provider-to-r.patch ajouté
Here they are
Mis à jour par Benjamin Dauvergne il y a plus de 9 ans
- Patch proposed changé de Oui à Non
- first validation (mail, invitation number, whatever.. for now now we will only handle mail validation)
- then registration
The validation view should ask for the mail and send the activation mail, the activation URL would target the registration view which would verify the token passed in the activation URL.
The patch set should be rewritten in this way. It will improve security as the password will not be included in the activation URL (included in the activation mail) anymore.
Mis à jour par Benjamin Dauvergne il y a plus de 9 ans
Another requirement for the new registration backend, some SMTP server are a bit too restrictive on what email they accept (see https://sentry.entrouvert.org/montpellier/compte-agglo-montpellier-prod/group/831/) we need to handle the exceptions that send_mail()
can raise, log a warning and show a humanly understandable error message in this case.
Mis à jour par Benjamin Dauvergne il y a environ 9 ans
- Statut changé de Nouveau à Solution déployée
It has been pushed.
commit efa4305df0c67f1fdea6c6d018bebafd6e7d9b3d Author: Serghei MIHAI <smihai@entrouvert.com> Date: Tue Nov 18 17:23:26 2014 +0100 Registration refactored: email validation done first and registration process finished on profile completion. django-registration removed commit 717c7ee65daef95805a8a9
Mis à jour par Benjamin Dauvergne il y a environ 9 ans
- Statut changé de Solution déployée à Fermé