Custom manager for the ``RegistrationProfile`` model.
The methods defined here provide shortcuts for account creation
and activation (including generation and emailing of activation
keys), and for cleaning out expired inactive accounts.
def activate_user(self, activation_key):
Validate an activation key and activate the corresponding
If the key is valid and has not expired, return the ``User``
If the key is not valid or has expired, return ``False``.
If the key is valid but the ``User`` is already active,
To prevent reactivation of an account which has been
deactivated by site administrators, the activation key is
reset to the string constant ``RegistrationProfile.ACTIVATED``
def create_inactive_user(self, username, email, password,
By default, an activation email will be sent to the new
user. To disable this, pass ``send_email=False``.
new_user = User.objects.create_user(username, email, password)
new_user.is_active = False
Create a ``RegistrationProfile`` for a given
``User``, and return the ``RegistrationProfile``.
The activation key for the ``RegistrationProfile`` will be a
SHA1 hash, generated from a combination of the ``User``'s
username and a random salt.
salt = hashlib.sha1(str(random.random())).hexdigest()[:5]
username = getattr(user, get_username_field_name())
if isinstance(username, unicode):
username = username.encode('utf-8')
- activation_key = hashlib.sha1(salt+username).hexdigest()
+ activation_key = hashlib.sha1(saltusername).hexdigest()
Remove expired instances of ``RegistrationProfile`` and their
Accounts to be deleted are identified by searching for
instances of ``RegistrationProfile`` with expired activation
keys, and then checking to see if their associated ``User``
instances have the field ``is_active`` set to ``False``; any
``User`` who is both inactive and has an expired activation
It is recommended that this method be executed regularly as
part of your routine site maintenance; this application
provides a custom management command which will call this
method, accessible as ``manage.py cleanupregistration``.
Regularly clearing out accounts which have never been
activated serves two useful purposes:
1. It alleviates the ocasional need to reset a
``RegistrationProfile`` and/or re-send an activation email
when a user does not receive or does not act upon the
initial activation email; since the account will be
deleted, the user will be able to simply re-register and
receive a new activation key.
2. It prevents the possibility of a malicious user registering
one or more accounts and never activating them (thus
denying the use of those usernames to anyone else); since
those accounts will be deleted, the usernames will become
If you have a troublesome ``User`` and wish to disable their
account while keeping it in the database, simply delete the
associated ``RegistrationProfile``; an inactive ``User`` which
does not have an associated ``RegistrationProfile`` will not
for profile in self.all():
A simple profile which stores an activation key for use during
user account registration.
Generally, you will not want to interact directly with instances
of this model; the provided manager includes methods
for creating and activating new accounts, as well as for cleaning
out accounts which have never been activated.
While it is possible to use this model as the value of the
``AUTH_PROFILE_MODULE`` setting, it's not recommended that you do
so. This model's sole purpose is to store data temporarily during
account registration and activation.
ACTIVATED = u"ALREADY_ACTIVATED"
- user = models.ForeignKey(settings.AUTH_USER_MODEL, unique=True,
+ user = models.ForeignKey(get_user_model(), unique=True,
activation_key = models.CharField(_('activation key'), max_length=40)
objects = RegistrationManager()
verbose_name = _('registration profile')
verbose_name_plural = _('registration profiles')
return u"Registration information for %s" % self.user
Determine whether this ``RegistrationProfile``'s activation
key has expired, returning a boolean -- ``True`` if the key
Key expiration is determined by a two-step process:
1. If the user has already activated, the key will have been
reset to the string constant ``ACTIVATED``. Re-activating
is not permitted, and so this method returns ``True`` in
activate their account); if the result is less than or
equal to the current date, the key has expired and this
expiration_date = datetime.timedelta(days=settings.ACCOUNT_ACTIVATION_DAYS)
return self.activation_key == self.ACTIVATED or \
Send an activation email to the user associated with this
The activation email will make use of two templates:
# Email subject *must not* contain newlines
subject = ''.join(subject.splitlines())
message = render_to_string('registration/activation_email.txt',
self.user.email_user(subject, message, settings.DEFAULT_FROM_EMAIL)