How to add resend interval to django activation emails?












0














I have set up my django backend to send the activation email (with activation link) to the user's email address provided at registration. But recently, I have been getting spam attacks where the user (or bot or whatever) requests the activation link continuously and increases the load on my email server. To counter this, how can I add a time delay/interval between successive requests for an activation email to the same email address?



Should I create a custom view for this? if so, what view should I look at modifying and how can I add a time interval that say restricts the user from requesting 1 an activation link every 5 or 10 mins?



Edit:



I have found that django-allauth itself supports a feature to add a cooldown period, but I am not able to get this to work. An issue was raised regarding this and I've tried the solution in the issue thread by modifying my relevant app settings to the following:



ACCOUNT_EMAIL_CONFIRMATION_HMAC = False

ACCOUNT_EMAIL_CONFIRMATION_COOLDOWN = 300

ACCOUNT_AUTHENTICATION_METHOD = 'username_email'

ACCOUNT_EMAIL_VERIFICATION = 'mandatory'  

ACCOUNT_LOGIN_ON_EMAIL_CONFIRMATION = True

ACCOUNT_EMAIL_REQUIRED = True

ACCOUNT_LOGOUT_ON_GET = True


But still, when a user whose email is not yet verified (activated) tries to login, they are redirected to a page where it asks them to check their email and a verification email is sent (which is the correct behavior according to this) but the cooldown specified above (300 secs) is not respected. I can keep trying to log in continuously, and it just keeps re-sending the activation email. How can I fix this and make the cooldown work properly?



Version info:

Python 3.5

django-allauth 0.34






django email django-authentication django-allauth







share|improve this question
























  • django-rest-framework.org/api-guide/throttling Try this
    – Nitin Pawar
    4 hours ago










  • @NitinPawar Thanks for the suggestion, but django-allauth itself offers the exact feature I want - it's just that it doesn't work as indented in my server. Not sure why.
    – user1934283
    3 hours ago
















0














I have set up my django backend to send the activation email (with activation link) to the user's email address provided at registration. But recently, I have been getting spam attacks where the user (or bot or whatever) requests the activation link continuously and increases the load on my email server. To counter this, how can I add a time delay/interval between successive requests for an activation email to the same email address?



Should I create a custom view for this? if so, what view should I look at modifying and how can I add a time interval that say restricts the user from requesting 1 an activation link every 5 or 10 mins?



Edit:



I have found that django-allauth itself supports a feature to add a cooldown period, but I am not able to get this to work. An issue was raised regarding this and I've tried the solution in the issue thread by modifying my relevant app settings to the following:



ACCOUNT_EMAIL_CONFIRMATION_HMAC = False

ACCOUNT_EMAIL_CONFIRMATION_COOLDOWN = 300

ACCOUNT_AUTHENTICATION_METHOD = 'username_email'

ACCOUNT_EMAIL_VERIFICATION = 'mandatory'  

ACCOUNT_LOGIN_ON_EMAIL_CONFIRMATION = True

ACCOUNT_EMAIL_REQUIRED = True

ACCOUNT_LOGOUT_ON_GET = True


But still, when a user whose email is not yet verified (activated) tries to login, they are redirected to a page where it asks them to check their email and a verification email is sent (which is the correct behavior according to this) but the cooldown specified above (300 secs) is not respected. I can keep trying to log in continuously, and it just keeps re-sending the activation email. How can I fix this and make the cooldown work properly?



Version info:

Python 3.5

django-allauth 0.34






django email django-authentication django-allauth







share|improve this question
























  • django-rest-framework.org/api-guide/throttling Try this
    – Nitin Pawar
    4 hours ago










  • @NitinPawar Thanks for the suggestion, but django-allauth itself offers the exact feature I want - it's just that it doesn't work as indented in my server. Not sure why.
    – user1934283
    3 hours ago














0












0








0







I have set up my django backend to send the activation email (with activation link) to the user's email address provided at registration. But recently, I have been getting spam attacks where the user (or bot or whatever) requests the activation link continuously and increases the load on my email server. To counter this, how can I add a time delay/interval between successive requests for an activation email to the same email address?



Should I create a custom view for this? if so, what view should I look at modifying and how can I add a time interval that say restricts the user from requesting 1 an activation link every 5 or 10 mins?



Edit:



I have found that django-allauth itself supports a feature to add a cooldown period, but I am not able to get this to work. An issue was raised regarding this and I've tried the solution in the issue thread by modifying my relevant app settings to the following:



ACCOUNT_EMAIL_CONFIRMATION_HMAC = False

ACCOUNT_EMAIL_CONFIRMATION_COOLDOWN = 300

ACCOUNT_AUTHENTICATION_METHOD = 'username_email'

ACCOUNT_EMAIL_VERIFICATION = 'mandatory'  

ACCOUNT_LOGIN_ON_EMAIL_CONFIRMATION = True

ACCOUNT_EMAIL_REQUIRED = True

ACCOUNT_LOGOUT_ON_GET = True


But still, when a user whose email is not yet verified (activated) tries to login, they are redirected to a page where it asks them to check their email and a verification email is sent (which is the correct behavior according to this) but the cooldown specified above (300 secs) is not respected. I can keep trying to log in continuously, and it just keeps re-sending the activation email. How can I fix this and make the cooldown work properly?



Version info:

Python 3.5

django-allauth 0.34






django email django-authentication django-allauth







share|improve this question















I have set up my django backend to send the activation email (with activation link) to the user's email address provided at registration. But recently, I have been getting spam attacks where the user (or bot or whatever) requests the activation link continuously and increases the load on my email server. To counter this, how can I add a time delay/interval between successive requests for an activation email to the same email address?



Should I create a custom view for this? if so, what view should I look at modifying and how can I add a time interval that say restricts the user from requesting 1 an activation link every 5 or 10 mins?



Edit:



I have found that django-allauth itself supports a feature to add a cooldown period, but I am not able to get this to work. An issue was raised regarding this and I've tried the solution in the issue thread by modifying my relevant app settings to the following:



ACCOUNT_EMAIL_CONFIRMATION_HMAC = False

ACCOUNT_EMAIL_CONFIRMATION_COOLDOWN = 300

ACCOUNT_AUTHENTICATION_METHOD = 'username_email'

ACCOUNT_EMAIL_VERIFICATION = 'mandatory'  

ACCOUNT_LOGIN_ON_EMAIL_CONFIRMATION = True

ACCOUNT_EMAIL_REQUIRED = True

ACCOUNT_LOGOUT_ON_GET = True


But still, when a user whose email is not yet verified (activated) tries to login, they are redirected to a page where it asks them to check their email and a verification email is sent (which is the correct behavior according to this) but the cooldown specified above (300 secs) is not respected. I can keep trying to log in continuously, and it just keeps re-sending the activation email. How can I fix this and make the cooldown work properly?



Version info:

Python 3.5

django-allauth 0.34






django email django-authentication django-allauth




django email django-authentication django-allauth






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 3 hours ago

























asked 5 hours ago









user1934283

3038




3038












  • django-rest-framework.org/api-guide/throttling Try this
    – Nitin Pawar
    4 hours ago










  • @NitinPawar Thanks for the suggestion, but django-allauth itself offers the exact feature I want - it's just that it doesn't work as indented in my server. Not sure why.
    – user1934283
    3 hours ago


















  • django-rest-framework.org/api-guide/throttling Try this
    – Nitin Pawar
    4 hours ago










  • @NitinPawar Thanks for the suggestion, but django-allauth itself offers the exact feature I want - it's just that it doesn't work as indented in my server. Not sure why.
    – user1934283
    3 hours ago
















django-rest-framework.org/api-guide/throttling Try this
– Nitin Pawar
4 hours ago




django-rest-framework.org/api-guide/throttling Try this
– Nitin Pawar
4 hours ago












@NitinPawar Thanks for the suggestion, but django-allauth itself offers the exact feature I want - it's just that it doesn't work as indented in my server. Not sure why.
– user1934283
3 hours ago




@NitinPawar Thanks for the suggestion, but django-allauth itself offers the exact feature I want - it's just that it doesn't work as indented in my server. Not sure why.
– user1934283
3 hours ago












1 Answer
1






active

oldest

votes


















0














Answering my own question:



The cooldown does work - it's just that even though it redirects me to the same page, the email from the server is only sent once and is not resent till the cooldown period is over.



The answer to my original question is the changes to the app settings in the edit in my original post.






share|improve this answer





















    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53942099%2fhow-to-add-resend-interval-to-django-activation-emails%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    Answering my own question:



    The cooldown does work - it's just that even though it redirects me to the same page, the email from the server is only sent once and is not resent till the cooldown period is over.



    The answer to my original question is the changes to the app settings in the edit in my original post.






    share|improve this answer


























      0














      Answering my own question:



      The cooldown does work - it's just that even though it redirects me to the same page, the email from the server is only sent once and is not resent till the cooldown period is over.



      The answer to my original question is the changes to the app settings in the edit in my original post.






      share|improve this answer
























        0












        0








        0






        Answering my own question:



        The cooldown does work - it's just that even though it redirects me to the same page, the email from the server is only sent once and is not resent till the cooldown period is over.



        The answer to my original question is the changes to the app settings in the edit in my original post.






        share|improve this answer












        Answering my own question:



        The cooldown does work - it's just that even though it redirects me to the same page, the email from the server is only sent once and is not resent till the cooldown period is over.



        The answer to my original question is the changes to the app settings in the edit in my original post.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered 2 hours ago









        user1934283

        3038




        3038






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.





            Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


            Please pay close attention to the following guidance:


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53942099%2fhow-to-add-resend-interval-to-django-activation-emails%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Mossoró

            Image
              Nota: Para outros significados, veja Mossoró (desambiguação). Município de Mossoró "Capital do Oeste Potiguar" [ 1 ] "Capital nacional do Semiárido" [ 2 ] [ 3 ] "Capital Cultural do Rio Grande do Norte" [ 1 ] "Terra de Santa Luzia" [ 4 ] "Terra do Sol, do Sal e do Petróleo" [ 5 ] "Terra da Liberdade [ 6 ] " Centro de Mossoró, com a Praça Vigário Antônio Joaquim e, ao fundo, a câmara municipal de vereadores (esquerda) e Catedral de Santa Luzia (direita) Bandeira Brasão Hino Fundação 15 de março de 1852 (166 anos) Gentílico mossoroense Padroeiro(a) Santa Luzia Prefeito(a) Rosalba Ciarlini Rosado (PP) (2017 – 2020 ) Localização Localização de Mossoró no Rio Grande do Norte Mossoró Localização de Mossoró no Brasil 05° 11' 16" S 37° 20' 38" O 05° 11' 16" S 37° 20' 38" O Unidade federativa Rio Grande do No...
            Read more

            Error while reading .h5 file using the rhdf5 package in R

            Image
            0 I'm importing a .h5 file into R by using the rhdf5 package. But a warning message showed and I found the DATE_TIME column of my data is NA when I view the imported file. Warning message: In H5Dread(h5dataset = h5dataset, h5spaceFile = h5spaceFile, h5spaceMem = h5spaceMem, : h5read for type 'TIME' not yet implemented. Values replaced by NA's. It's all normal when I use Vitables (Python) to open the .h5 file. But the DATE_TIME column is NA with HDFViewer open it. My code is: library(rhdf5) test <- h5read("mytestdata.h5", "/results") View(mydatatest) I want to use R to open .h5 file. Please give me some help! Thanks in advance! r hdf5 rhdf5 ...
            Read more

            Pushsharp Apns notification error: 'InvalidToken'

            Image
            1 1 I am currently working on automatic updates for Passbook (wallet) tickets and am experiencing some trouble using the Pushsharp library by Redth. I am using a Push notification certificate from the apple developer portal. I have tried to export my certificate as .p12, .pem and tried to use only the private key as .12 or .pem but nothing works. This is my full certificate (information is blanked out for security reasons): https://cdn.pbrd.co/images/HUJtb7b.png I dont have enough reputation to post images so a link is all i can provide. var succeeded = 0; var failed = 0; var attempted = 0; var config = new ApnsConfiguration(ApnsConfiguration.ApnsServerEnvironment.Sandbox, ConfigManager.CertPath + "PushCertificateV2.p12", ConfigManager.lvppass, fa...
            Read more