如何禁止使用 django-allauth 创建新帐户,但仍允许现有用户登录?
How could one disable new account creation with django-allauth, but still allow existing users to sign in?
我们 运行 网站使用 django-allauth 进行身份验证已经有一段时间了:
- 传统的基于电子邮件的注册
- Google 登录
- Twitter 登录
- Facebook 登录
...但是现在我们想阻止任何人创建新帐户,同时仍然允许以前使用这些方法中的任何一种创建帐户的人能够登录。是否有设置可以让我们这样做?我不清楚 these documented settings 是否允许我们进行配置。
当前与 django-allauth 相关的设置是:
INSTALLED_APPS = (
'django.contrib.auth',
...
'allauth',
'allauth.account',
'allauth.socialaccount',
'allauth.socialaccount.providers.google',
'allauth.socialaccount.providers.facebook',
'allauth.socialaccount.providers.twitter',
...
)
AUTHENTICATION_BACKENDS = (
# Needed to login by username in Django admin, regardless of `allauth`
"django.contrib.auth.backends.ModelBackend",
# `allauth` specific authentication methods, such as login by e-mail
"allauth.account.auth_backends.AuthenticationBackend",
)
SOCIALACCOUNT_PROVIDERS = {
'google': {'SCOPE': ['https://www.googleapis.com/auth/userinfo.profile'],
'AUTH_PARAMS': {'access_type': 'online'}},
'facebook': {'SCOPE': ['email',]},
}
LOGIN_REDIRECT_URL = '/'
ACCOUNT_EMAIL_VERIFICATION = "mandatory"
ACCOUNT_EMAIL_REQUIRED = True
ACCOUNT_USERNAME_REQUIRED = True
SOCIALACCOUNT_AUTO_SIGNUP = True
question rnevius linked to 帮我解决了这个问题。为了添加更多细节,我创建了一个文件 mysite/account_adapter.py,其中包含:
from allauth.account.adapter import DefaultAccountAdapter
class NoNewUsersAccountAdapter(DefaultAccountAdapter):
def is_open_for_signup(self, request):
"""
Checks whether or not the site is open for signups.
Next to simply returning True/False you can also intervene the
regular flow by raising an ImmediateHttpResponse
(Comment reproduced from the overridden method.)
"""
return False
然后将此添加到 mysite/settings.py:
ACCOUNT_ADAPTER = 'mysite.account_adapter.NoNewUsersAccountAdapter'
我们 运行 网站使用 django-allauth 进行身份验证已经有一段时间了:
- 传统的基于电子邮件的注册
- Google 登录
- Twitter 登录
- Facebook 登录
...但是现在我们想阻止任何人创建新帐户,同时仍然允许以前使用这些方法中的任何一种创建帐户的人能够登录。是否有设置可以让我们这样做?我不清楚 these documented settings 是否允许我们进行配置。
当前与 django-allauth 相关的设置是:
INSTALLED_APPS = (
'django.contrib.auth',
...
'allauth',
'allauth.account',
'allauth.socialaccount',
'allauth.socialaccount.providers.google',
'allauth.socialaccount.providers.facebook',
'allauth.socialaccount.providers.twitter',
...
)
AUTHENTICATION_BACKENDS = (
# Needed to login by username in Django admin, regardless of `allauth`
"django.contrib.auth.backends.ModelBackend",
# `allauth` specific authentication methods, such as login by e-mail
"allauth.account.auth_backends.AuthenticationBackend",
)
SOCIALACCOUNT_PROVIDERS = {
'google': {'SCOPE': ['https://www.googleapis.com/auth/userinfo.profile'],
'AUTH_PARAMS': {'access_type': 'online'}},
'facebook': {'SCOPE': ['email',]},
}
LOGIN_REDIRECT_URL = '/'
ACCOUNT_EMAIL_VERIFICATION = "mandatory"
ACCOUNT_EMAIL_REQUIRED = True
ACCOUNT_USERNAME_REQUIRED = True
SOCIALACCOUNT_AUTO_SIGNUP = True
question rnevius linked to 帮我解决了这个问题。为了添加更多细节,我创建了一个文件 mysite/account_adapter.py,其中包含:
from allauth.account.adapter import DefaultAccountAdapter
class NoNewUsersAccountAdapter(DefaultAccountAdapter):
def is_open_for_signup(self, request):
"""
Checks whether or not the site is open for signups.
Next to simply returning True/False you can also intervene the
regular flow by raising an ImmediateHttpResponse
(Comment reproduced from the overridden method.)
"""
return False
然后将此添加到 mysite/settings.py:
ACCOUNT_ADAPTER = 'mysite.account_adapter.NoNewUsersAccountAdapter'