下面来进行分析,给用户发送,激活邮件,需要如何构成一条激活链接:
- 发送激活邮件,包含激活链接:http://127.0.0.1:8000/user/active/1(1就是注册的用户id,可以通过id号进行用户身份的判断)
- 激活链接中需要包含用户的身份信息:并且要将身份信息加密(防止某些人看穿规律,肆意伪造链接访问)
下面进行加密。需要导入一个模块:
![在这里插入图片描述](https://img-blog.csdnimg.cn/20191122191645431.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3B5dGhvbnN0cmF0,size_16,color_FFFFFF,t_70)
下面进行安装:
pip install -i https://pypi.tuna.tsinghua.edu.cn/simple itsdangerous
from itsdangerous import TimedJSONWebSignatureSerializer as Serializer
Python 3.6.8 (default, Oct 7 2019, 12:59:55)
[GCC 8.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from itsdangerous import TimedJSONWebSignatureSerializer as Serializer
>>> serializer = Serializer('secretkey', 3600)
>>> info = {'confirm': 1}
>>> res = serializer.dumps(info)
>>> res
b'eyJhbGciOiJIUzUxMiIsImlhdCI6MTU3NDQyMTkwNiwiZXhwIjoxNTc0NDI1NTA2fQ.eyJjb25maXJtIjoxfQ.QFNkET46NVy-Orlaq7GVkJKKPMhoB6791--ueEZ1k8DjSMJuEMKS236a4SmZ3cqAEbkMjeE7mC96ih_eFh05BA'
>>> serializer.loads(res)
{'confirm': 1}
>>>
>>> serializer = Serializer('secretkey', 5)
>>> info = {'confirm': 1}
>>> res = serializer.dumps(info)
>>> serializer.loads(res)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/home/huangdonglin/.virtualenvs/django_py3/lib/python3.6/site-packages/itsdangerous/jws.py", line 205, in loads
date_signed=self.get_issue_date(header),
itsdangerous.exc.SignatureExpired: Signature expired
>>>
下面可以看天天生鲜实例
from django.conf import settings
serializer = Serializer(settings.SECRET_KEY, 3600)
info = {'confirm': user.id}
token = serializer.dumps(info)
token = token.decode()
之后成功接收到链接之后,我们提取到加密之后的token,就需要对它解密,获得它的真实值(id)。
from itsdangerous import SignatureExpired
class ActiveView(View):
"""用户激活"""
def get(self, request, token):
"""进行用户激活"""
serializer = Serializer(settings.SECRET_KEY, 3600)
try:
info = serializer.loads(token)
user_id = info.get('confirm')
print(user_id,"++++++++++++++++++++++++++++++++" )
user = User.objects.get(id=user_id)
user.is_active = 1
user.save()
return redirect(reverse('user:login'))
except SignatureExpired as e:
return HttpResponse("激活链接以过期")