526互联

28-邮箱验证

发布时间 2023-03-28 18:45:45作者: 测试圈的彭于晏

1.settings.py配置

    # smtp服务的邮件服务器
    EMAIL_HOST = 'smtp.163.com'
    # smtp服务固定的端口是25 / 625
    EMAIL_PORT = 25
    # 发送邮件的邮箱
    EMAIL_HOST_USER = 'a123@163.com'
    # 在邮箱中设置的客户端授权密码
    EMAIL_HOST_PASSWORD = 'ADQWEQDQ'
    # 收件人看到的发件人《此处要和发送邮件的邮箱相同>
    EMAIL_FROM = 'python<a123@163.com>'

2. 流程

# 1. 安装第三方库
      pip install itsdangerous

# 2. 创建token工具utils.py
'''
为什么要用itsdangerous,是为了保证你的加密的数据没有被人修改,
因为修改了就无法重新解出原数据,若超时了也无法解出内容,应用场景激活,
发一个激活的网址给你,你若在一定时间内,未激活,会激活超时。
'''
import base64
from itsdangerous import URLSafeTimedSerializer as utsr
from new.settings import SECRET_KEY
class Token:
    def __init__(self, security_key):
        self.security_key = security_key
        self.salt = base64.encodebytes(security_key.encode('utf8'))  # 随机字符串

    # 生成token
    def generate_validate_token(self, username):
        serializer = utsr(self.security_key)
        return serializer.dumps(username, self.salt)

    # 验证token
    def confirm_validate_token(self, token, expiration=3600):
        serializer = utsr(self.security_key)
        return serializer.loads(token, salt=self.salt, max_age=expiration)

    # 删除token
    def remove_validate_token(self, token):
        serializer = utsr(self.security_key)
        print(serializer.loads(token, salt=self.salt))
        return serializer.loads(token, salt=self.salt)


token_confirm = Token(SECRET_KEY)  # 定义为全局变量: SECRET_KEY:settings.py里的随机字符串

# 3. 创建路由(urls.py)
    # 生成token发送邮件,邮件验证
    path('checkuser/',views.check_user,name="checkuser"),
    # 点击跳转激活
    path('active/<token>/',views.active,name="active"),

# 4. 创建注册页面(re.html)
  <body>
    <form action="{% url 'App02:checkuser' %}" method="post">
        {% csrf_token %}
        用户名:<input type="text" name="username"><br>
        密码:<input type="password" name="password"><br>
        <input type="submit">
    </form>
  </body>

# 5. 创建邮箱内容html(ac.html)
  <body>
    <p>亲爱的用户:</p>
    <h2>请点击链接<a href="{{ url }}">激活</a> 账号</h2>
  </body>

# 6. 生成token发送邮件
    def check_user(request):
      if request.method == "POST":
          username = request.POST.get("username")
          password = request.POST.get("password")
          # 检测用户是否存在
          user = User.objects.filter(username=username, password=password).first()
          if user:
              return HttpResponse("用户已存在")
          # 保存用户信息
          user = User.objects.create(username=username, password=password, is_active=0)

          # 获取token
          token = token_confirm.generate_validate_token(user.uid)
          print(token)
          # 构造验证url
          url = 'http://' + request.get_host() + reverse('App02:active', kwargs={'token': token})
          print(url)
          # 加载模板
          html = loader.get_template('ac.html').render({'url': url})
         
          # 发送邮箱确认激活: html_message:加载html文件
          send_mail("账号激活", "", EMAIL_FROM, ['1476088673@qq.com'], html_message=html)
          return HttpResponse("激活邮件已发送,请登录邮箱确认激活")
      return render(request, 're.html')
  

# 7. 邮件跳转后的操作(验证token)
    def active(request, token):
    """激活用户"""
        try:
            uid = token_confirm.confirm_validate_token(token)
            print("uid=", uid)
        except:
            uid = token_confirm.remove_validate_token(token)
            user = User.objects.get(pk=uid)
            user.delete()
            return HttpResponse("激活失败,请重新注册")
        try:
            user = User.objects.get(pk=uid)
        except User.DoesNotExist:
            return HttpResponse("你激活的用户不存在,请重新注册")
        user.is_active = 1  # 激活用户
        user.save()
        return HttpResponse('用户已激活,请登录系统')