User registration is one of the most essential parts of a web application.
django-alluth are the most famous registration apps available in Django. This tutorials series deals with setup, configuration, and customization of
django-allauth and serve as a guide for new users who want to get started quickly with
allauth and make useful customizations along the way without much pain.
This article covers setup and some basic configurations. Later, we will deal with social login, extending classes and efficient use of
DefaultAccountAdapter to add custom process.
It can be overwhelming to a
django novice or a new user of
djnago-allauth itself. Although it is well documented, due to time and resource constraints of the developers involved, there has not been many articles and in-depth tutorials on the library. So this series tries to solve that problem and make a comprehensive series of guides to make
django-allauth easy to use and work with for the django-community.
How to Setup?
You can download the files used in the tutorial to get a head start. The steps below guide you through the setup.
- Create a Django project if you already don’t have one.
django-allauthusing the command
pip install django-allauth
allauth.socialaccountand all the necessary social logins to
INSTALLED_APPS.You can view the entire list of supported API’s here. The Social login feature is described in detail in the next article. After you configure your installed apps should be similar as given below.
- Configure the
templatecontext processor settings in
settings.pyand also add URL pattern in the project urls.py
- Add the following authentication backend.
- Copy the template files from the django-allauth repository or my custom repository(I have made some modifications and some good structuring) and paste it in the
templatesfolder in your project directory.
- Add the allauth urls in
urls.pyof your main project directory. After adding the allauth urls the below should look like,
- You can also add the custom CSS yourself or my CSS (Well commented and documented) that I have created during my use of the allauth templates. It includes styling for almost all the pages, and even mobile-friendly email templates for confirmation and password reset emails. You can do that by creating a
staticfolder in the project directory and placing the CSS in
python manage.py makemigrationsand
python manage.py migrateto run all the necessary migrations and run
python manage.py runserverto start the django server.
- Follow the URL patterns to display the registration form.
localhost:8000/accounts/loginto display the login page.
- Email confirmation expiry: Sets the number of days within which an account should need to be activated. Eg:
- Email required for activation: This option allows you to set whether the email address should be required to register. Set
Falseto disable email requirement. Eg:
ACCOUNT_EMAIL_REQUIRED = True
- Account email verification: This option can be used to set whether an email verification is necessary for a user to login after he registers an account. You can use ‘mandatory’ to block a user from logging in until the email gets verified. You can set
optionalfor sending the email but allowing the user to login without an email. You can also set
noneto not send any verification email. (Not Recommended) Eg:
ACCOUNT_EMAIL_VERIFICATION = "mandatory"
- Login Attempt Limit: This is an important feature which can be used to prevent brute force attacks on the user login module in allauth. The maximum number of login attempts can be set, and the user gets blocked from logging in until a timeout. This feature makes use of
ACCOUNT_LOGIN_ATTEMPTS_LIMIT = 5
- Login Attempt Limit timeout: This setting needs to should is used with
ACCOUNT_LOGIN_ATTEMPTS_LIMITsetting. The value set is in seconds from last unsuccessful login attempt. Please do not that this does not prevent admin login from being brute forced. Eg:
ACCOUNT_LOGIN_ATTEMPTS_TIMEOUT = 86400 # 1 day in seconds
- Login and Logout URL redirection: When user logs in or logs out, you might want to redirect the user to a particular URL or page and the below settings can be used to set those values. By default allauth redirects login to
/accounts/profile/URL and logout to the
LOGIN_REDIRECT_URL = '/accounts/email/'
Most django-allauth features are can be configured using the built-in adapters and variables by placing them in
settings.py. file. Although the documentation has tons of such options with good explanations, highlighted some important ones below.
allauth settings should look similar to the below settings.