### Local Project Setup Source: https://github.com/ubernostrum/django-registration/blob/trunk/CONTRIBUTING.rst Installs the project dependencies and creates a local virtual environment using PDM. ```shell pdm install ``` -------------------------------- ### Django URL Configuration for Registration Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/quickstart.rst Example of how to include django-registration's URL patterns in your project's root URLconf. This sets up URLs for registration, completion, and disallowed states, as well as integrating with Django's built-in authentication views. ```python from django.urls import include, path urlpatterns = [ # Other URL patterns ... path("accounts/", include("django_registration.backends.one_step.urls")), path("accounts/", include("django.contrib.auth.urls")), # More URL patterns ... ] ``` -------------------------------- ### Install Pre-commit Hooks Source: https://github.com/ubernostrum/django-registration/blob/trunk/CONTRIBUTING.rst Installs the pre-commit hooks to ensure code formatting and style consistency before committing changes. ```shell pre-commit install ``` -------------------------------- ### Install django-registration (Windows) Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/install.rst Installs the django-registration package using pip on Windows. ```shell py -m pip install django-registration ``` -------------------------------- ### Clone django-registration repository Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/install.rst Clones the django-registration project repository from GitHub using Git for local development. ```shell git clone https://github.com/ubernostrum/django-registration.git ``` -------------------------------- ### License Identifier Comment Source: https://github.com/ubernostrum/django-registration/blob/trunk/CONTRIBUTING.rst Example of a license identifier comment that should be included at the top of new code files. ```python # SPDX-License-Identifier: BSD-3-Clause ``` -------------------------------- ### Install django-registration (macOS/Linux/Unix) Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/install.rst Installs the django-registration package using pip on macOS, Linux, and other Unix-like systems. ```shell python -m pip install django-registration ``` -------------------------------- ### Run Full CI Suite Locally Source: https://github.com/ubernostrum/django-registration/blob/trunk/CONTRIBUTING.rst Executes the complete Continuous Integration suite locally, including tests, documentation checks, linting, formatting, and package building. ```shell nox ``` -------------------------------- ### Django Registration URL Names Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/quickstart.rst Lists the URL names defined by django_registration.backends.one_step.urls, which are used for reversing URLs within the application. ```APIDOC URL Names: django_registration_register: The account-registration view. django_registration_complete: The post-registration success message. django_registration_disallowed: A message indicating registration is not currently permitted. ``` -------------------------------- ### One-Step Registration URL Configuration Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/index.rst Example of how to include django-registration's one-step backend URLs in your Django project's root URL configuration. This setup assumes you are using Django's default authentication URLs as well. ```python from django.urls import include, path urlpatterns = [ # Other URL patterns ... path("accounts/", include("django_registration.backends.one_step.urls")), path("accounts/", include("django.contrib.auth.urls")), # More URL patterns ... ] ``` -------------------------------- ### Activation Complete Template Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/quickstart.rst The 'django_registration/activation_complete.html' template is displayed after successful account activation. It informs the user that their account is now active and has no specific context variables. ```django
Your account has been successfully activated. You can now log in.
``` -------------------------------- ### Django Registration Settings Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/quickstart.rst This documentation entry describes essential Django settings for the django-registration package, specifically for the two-step activation workflow. It covers account activation duration and registration availability. ```APIDOC ACCOUNT_ACTIVATION_DAYS: int - Specifies the number of days users have to activate their accounts after registering. If not activated within this period, the account remains inactive. - Example: ACCOUNT_ACTIVATION_DAYS = 7 REGISTRATION_OPEN: bool - Determines if new account registrations are currently allowed. Defaults to True. - If set to False, all registration attempts will be rejected. URL Names Defined by django_registration.backends.activation.urls: - django_registration_register: The account-registration view. - django_registration_complete: The post-registration success message view. - django_registration_activate: The account-activation view. ``` -------------------------------- ### Run django-registration Tests (Windows) Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/faq.rst Instructions for running the django-registration tests using nox on Windows. This involves installing nox using the py command and then executing nox. ```shell py -m pip install nox py -m nox ``` -------------------------------- ### Ensure pip is installed/upgraded (Windows) Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/install.rst Ensures that pip, the Python package installer, is installed or upgraded on Windows. ```shell py -m ensurepip --upgrade ``` -------------------------------- ### Ensure pip is installed/upgraded (macOS/Linux/Unix) Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/install.rst Ensures that pip, the Python package installer, is installed or upgraded on macOS, Linux, and other Unix-like systems. ```shell python -m ensurepip --upgrade ``` -------------------------------- ### Django Registration Workflow Examples Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/faq.rst This section touches upon different workflows in django-registration, including the one-step workflow for immediate login and the two-step activation workflow. It also mentions manual activation via the admin interface. ```python # For one-step workflow, login occurs immediately after registration. # For two-step activation, toggle 'is_active' field in the admin. ``` -------------------------------- ### Registration Complete Template Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/quickstart.rst The 'django_registration/registration_complete.html' template is displayed after successful registration. It informs the user that an activation email has been sent and has no specific context variables. ```djangoRegistration successful! Please check your email for activation instructions.
``` -------------------------------- ### Run django-registration Tests (macOS/Linux/Unix) Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/faq.rst Instructions for running the django-registration tests using nox on macOS, Linux, and other Unix-like systems. This involves installing nox and then executing the nox command. ```shell python -m pip install nox python -m nox ``` -------------------------------- ### Include Registration URLs in Django Project Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/quickstart.rst This snippet shows how to integrate django-registration's activation URLs into your main Django URL configuration. It also includes Django's built-in authentication URLs. ```python from django.urls import include, path urlpatterns = [ # Other URL patterns ... path("accounts/", include("django_registration.backends.activation.urls")), path("accounts/", include("django.contrib.auth.urls")), # More URL patterns ... ] ``` -------------------------------- ### Registration Form Template Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/quickstart.rst The 'django_registration/registration_form.html' template is used to display the user registration form. It receives a 'form' context variable, typically a subclass of 'RegistrationForm'. ```django ``` -------------------------------- ### Run Tests with Nox Source: https://github.com/ubernostrum/django-registration/blob/trunk/CONTRIBUTING.rst Executes the test suite using nox. By default, it runs against all supported Python versions. You can specify a particular Python version using the --python flag. ```shell nox --tags tests ``` ```shell nox --tags tests --python "3.11" ``` -------------------------------- ### Required Registration Templates Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/quickstart.rst Specifies the HTML template files that need to be created for the django-registration workflow to function correctly. These templates handle the registration form, success message, and closed registration states. ```APIDOC Required Templates: django_registration/registration_form.html django_registration/registration_complete.html django_registration/registration_closed.html ``` -------------------------------- ### Registration Closed Template Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/quickstart.rst The 'django_registration/registration_closed.html' template is rendered when new user account registration is disabled. It does not provide any context variables. ```djangoRegistration is currently closed. Please try again later.
``` -------------------------------- ### Activation Email Subject Template Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/quickstart.rst The 'django_registration/activation_email_subject.txt' template generates the subject line for the activation email. It has access to 'activation_key', 'expiration_days', 'request', 'scheme', 'site', and 'user'. ```django {% autoescape off %} {{ site.name }} account activation {% endautoescape %} ``` -------------------------------- ### Activation Form Template Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/quickstart.rst The 'django_registration/activation_form.html' template is used for the account activation form. It receives a 'form' context variable with an 'activation_key' field and an 'activation_error' variable if activation fails. ```django {% if activation_error %}Error: {{ activation_error }}
{% endif %} ``` -------------------------------- ### Activation Email Body Template Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/quickstart.rst The 'django_registration/activation_email_body.txt' template generates the body of the activation email, including a link for account activation. It uses context variables like 'activation_key', 'expiration_days', 'request', 'scheme', 'site', and 'user'. ```django {% autoescape off %} Hello {{ user.username }}, Thank you for registering at {{ site.name }}. To activate your account, please click the following link: {{ scheme }}://{{ site.domain }}{% url 'registration_activate' activation_key %} Your activation key is: {{ activation_key }} This key will expire in {{ expiration_days }} days. Sincerely, The {{ site.name }} Team {% endautoescape %} ``` -------------------------------- ### Python HMAC Implementation Reference Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/security.rst This section references the Python standard library's HMAC implementation, which is used by django-registration for cryptographic signing. ```python https://docs.python.org/3/library/hmac.html ``` -------------------------------- ### Django Cryptographic Signing Tools Reference Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/security.rst This section references Django's cryptographic signing tools, which are utilized by django-registration's activation workflow for verifying user signups. ```django https://docs.djangoproject.com/en/1.11/topics/signing/ ``` -------------------------------- ### Include Activation URLs in Django Project Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/activation-workflow.rst Example of how to include the activation URLs provided by django-registration into your project's main URL configuration. This sets up the necessary URL patterns for the registration and activation views. ```python from django.urls import include, path urlpatterns = [ # Other URL patterns ... path('accounts/', include('django_registration.backends.activation.urls')), path('accounts/', include('django.contrib.auth.urls')), # More URL patterns ... ] ``` -------------------------------- ### Check for security issues in Django codebase Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/security.rst This command helps identify common security vulnerabilities within your Django project. It's a recommended step before deploying or making significant changes. ```python python manage.py check --tag security ``` -------------------------------- ### Django Security Documentation Reference Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/security.rst This section references Django's official security documentation, which provides a comprehensive overview of web development security issues and Django's protective measures. ```django https://docs.djangoproject.com/en/stable/#security ``` -------------------------------- ### ReservedNameValidator - django-registration Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/security.rst This class from django-registration enforces restrictions on usernames to prevent impersonation and confusion. It includes a default list of reserved names. ```python from django_registration.validators import ReservedNameValidator ``` -------------------------------- ### Customizing Success URL for Registration Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/one-step-workflow.rst This example demonstrates how to customize the success URL after a user successfully registers using the one-step workflow. It involves subclassing the RegistrationView and specifying a custom success URL. ```python from django.urls import include, path from django_registration.backends.one_step.views import RegistrationView urlpatterns = [ # Other URL patterns ... path('accounts/register/', RegistrationView.as_view(success_url='/profile/'), name='django_registration_register'), path('accounts/', include('django_registration.backends.one_step.urls')), path('accounts/', include('django.contrib.auth.urls')), # More URL patterns ... ] ``` -------------------------------- ### Two-Factor Authentication Integration Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/security.rst Implement two-factor authentication (2FA) for significantly increased user account security. The `django-two-factor-auth` package provides integration with Django's authentication framework, supporting authenticator applications and hardware security keys. ```python # Install the package: # pip install django-two-factor-auth # In settings.py: # INSTALLED_APPS = [ # ... # 'django_otp', # 'django_otp.plugins.otp_totp', # 'django_otp.plugins.otp_hotp', # 'two_factor', # 'two_factor.urls', # ... # ] # Include two_factor URLs in your project's urls.py: # urlpatterns = [ # ... # path('two-factor/', include('two_factor.urls')), # ... # ] ``` -------------------------------- ### Documentation Dependencies Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/requirements.txt These Python packages are required to build the documentation for the django-registration project. They are not installed as regular package extras but are essential for the documentation build process, which typically runs on a newer Python version (e.g., 3.12) than the package's minimum supported version. ```python furo sphinx sphinx-copybutton sphinx-inline-tabs sphinx-notfound-page sphinxext-opengraph ``` -------------------------------- ### ActivationView Rewrite and Workflow Change Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/changelog.rst Describes the rewrite of `ActivationView` and related activation workflow components in version 5.1.0. The primary change is that user account activation now only occurs on HTTP POST requests, enhancing security by preventing activation via GET requests triggered by email clients. ```APIDOC Class: django_registration.views.ActivationView * **Change**: Rewritten in version 5.1.0, impacting the built-in activation workflow. * **Security Enhancement**: User account activation now exclusively occurs on HTTP `POST` requests. * **Previous Behavior**: Previously activated on `GET` requests, posing a security risk due to email client auto-following. * **Backwards Incompatibility**: Activation now requires a `POST` request. * **User Experience Change**: The view displays a form on `GET` requests. * **Template Impact**: Templates associated with the activation view have changed. Refer to the template documentation for required updates. ``` -------------------------------- ### Django Registration Configuration and Usage Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/faq.rst This section provides guidance on configuring django-registration, including how to handle templates, custom user models, and control user signups. It references specific methods and settings within the library. ```python REGISTRATION_OPEN = False # To close user signups ``` ```python from django_registration.views import RegistrationView class CustomRegistrationView(RegistrationView): def registration_allowed(self, request): # Custom logic for registration allowance return True ``` -------------------------------- ### Running Nox Tests for Specific Python Versions Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/faq.rst This snippet demonstrates how to execute Nox tests for a particular Python version using the --python flag. It covers commands for both Unix-like systems and Windows. ```shell python -m nox --python "3.10" ``` ```shell py -m nox --python "3.10" ``` -------------------------------- ### Django URL Configuration for One-Step Registration Source: https://github.com/ubernostrum/django-registration/blob/trunk/README.rst This snippet shows how to include the django-registration URLs in your Django project's root URL configuration for a one-step registration process. It assumes you have already added 'django_registration' to your INSTALLED_APPS. ```python from django.urls import include, path urlpatterns = [ # Other URL patterns ... path("accounts/", include("django_registration.backends.one_step.urls")), path("accounts/", include("django.contrib.auth.urls")), # More URL patterns ... ] ``` -------------------------------- ### Django Registration Activation Workflow API Documentation Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/activation-workflow.rst API documentation for the django-registration activation workflow, detailing the views, forms, and configuration settings involved in the two-step registration process. ```APIDOC Module: django_registration.backends.activation Views: RegistrationView Subclasses base registration views. Customization points specific to this implementation are listed below. ActivationView Subclasses base registration views. Customization points specific to this implementation are listed below. Forms: ActivationForm Located in django_registration.backends.activation.forms. Configuration Settings: ACCOUNT_ACTIVATION_DAYS Specifies the permitted window for account activation. REGISTRATION_OPEN A boolean indicating if registration is currently allowed. REGISTRATION_SALT A salt value used for namespacing HMAC signatures, defaulting to "registration". Security Considerations: Activation keys are generated using Django's cryptographic signing tools (TimestampSigner). The key format is: encoded_username:timestamp:signature. Signature is an HMAC of username and timestamp, using SECRET_KEY and REGISTRATION_SALT. Username and HMAC are URL-safe base64 encoded; timestamp is base62 encoded. Verification includes signature validation and time window check. ``` -------------------------------- ### Preventing Homograph Attacks in Usernames and Emails Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/security.rst django-registration includes validation to prevent homograph attacks by rejecting mixed-script usernames and email addresses that contain visually confusable characters. This validation can be enabled via `validate_confusables` and `validate_confusables_email`. ```python from django_registration.validators import validate_confusables from django_registration.validators import validate_confusables_email # Example usage (within a Django form or model validation): # validate_confusables(username) # validate_confusables_email(email_address) ``` -------------------------------- ### Removal of Model-Based Workflow Source: https://github.com/ubernostrum/django-registration/blob/trunk/docs/changelog.rst The legacy two-step model-based signup workflow, present since 2007, has been removed. Users are now recommended to use the two-step activation workflow, which requires no additional server-side storage. ```python Removal of model-based workflow: The two-step model-based signup workflow, which has been present since the first public release of ``django-registration`` in 2007, has now been removed. In its place, it is recommended that you use :ref:`the two-step activation workflow