Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add an example of using the package without allauth to the documentation #239

Open
ivanov17 opened this issue Jan 16, 2024 · 2 comments
Open

Add an example of using the package without allauth to the documentation #239

ivanov17 opened this issue Jan 16, 2024 · 2 comments

Comments

@ivanov17
Copy link

ivanov17 commented Jan 16, 2024
edited
Loading

Hello,

I want to use django-invitations package to allow current website users to invite new ones. But at the same time, I want to allow access to the registration form only to those visitors who follow the invitation link. Other visitors (registered or unregistered) should not have access to the registration form page. In short, it should be something like a private club.

The first thing that comes to mind is to use Django sessions for this. But it looks like django-invitations does not create any session variable when accepting an invitation unless the adapter for django-allauth is used.

I think sending a session variable with a known name when the corresponding settings variable is set or even by default could be a very useful feature for cases like mine.

Or maybe there is a more obvious solution to this problem?

Thank you.
@Flimm
Copy link
Contributor

Flimm commented Jun 14, 2024

You can do this with the setting INVITATIONS_INVITATION_ONLY, which depends on django-allauth. Are you saying that you need a solution that works without allauth?

@ivanov17
Copy link
Author

ivanov17 commented Jun 16, 2024
edited
Loading

Sorry, I solved this issue but forgot to write about it. Yes, I needed a solution that works without the allauth package.

A session variable named account_verified_email is created when the invitation is accepted:

django-invitations/invitations/views.py

Line 195 in 5945342

get_invitations_adapter().stash_verified_email(self.request, invitation.email)

django-invitations/invitations/adapters.py

Lines 13 to 15 in 5945342

class BaseInvitationsAdapter:
def stash_verified_email(self, request, email):
request.session["account_verified_email"] = email

So, there is no dependency on adapter provided by allauth. And I can use the following method to check the variable:

django-invitations/invitations/adapters.py

Lines 71 to 81 in 5945342

def is_open_for_signup(self, request):
if hasattr(request, "session") and request.session.get(
"account_verified_email",
):
return True
elif app_settings.INVITATION_ONLY is True:
# Site is ONLY open for invites
return False
else:
# Site is open to signup
return True

Before this I also check that the user is not authenticated and registration is allowed. If the checks fail, I simply redirect the user to the login page.

So, there is no problem, and we can close this topic. But I think it would be useful to somehow reflect this in the documentation.

@ivanov17 ivanov17 changed the title Feature Request: Send a session variable when accepting an invitation Add an example of using the package without allauth to the documentation Jun 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Flimm @ivanov17