基本上这种技术在电子邮件验证使用。这是你应该看的地方。
比方说,你有模型,名为请求,它有像用户名字段来标识请求访问的人,数据库名称,以及一切。但它也会有两个“类似密码”的字段,用于确定请求是否被拒绝。
class Request(models.Model):
user = models.ForeignKey ...
databasename =
date =
...
access_granted = models.BooleanField(default=False)
deny_token = models.CharField()
allow_token = models.CharField()
的一点是要对在查看节省请求时,产生这些令牌:
if request.method == POST:
form = RequestForm(request.POST)
if form.is_valid():
data['user'] = form.cleaned_data['user'])
data['databasename'] = form.cleaned_data['databasename'])
...
data['access_token'] = GENERATE_USING_HASH_FUNCTION()
data['deny_token'] = GENERATE_USING_HASH_FUNCTION()
form.save(data)
然后你可以使用模块EmailMultiAlternatives
发送HTML电子邮件,像这样:
subject, from_email, to = 'Request', '[email protected]', form.cleaned_data['manager_email']
html_content = render_to_string(HTML_TEMPLATE, CONTEXT) # Just as any regular templates
text_content = strip_tags(html_content)
msg = EmailMultiAlternatives(subject, text_content, from_email, [to], reply_to=["[email protected]"])
msg.attach_alternative(html_content, "text/html")
msg.send()
并在该模板中构建反向链接:
{% url 'app:grant_access' allow_token=token %} # "token" you get from context
{% url 'app:deny_access' deny_token=token %} # will become example.com/deny_access/7ea3c95, where 7ea3c95 is token
然后加线的urls.py您的应用程序那样的:
url(r'^allow_access/(?P<allow_token>[0-9]+)$', CheckAcessView.as_view(), name="app:grant_access"),
url(r'^deny_access/(?P<deny_token>[0-9]+)$', CheckAcessView.as_view(), name="app:deny_access"),]
然后创建CheckAcessView
视图。在哪里访问存储在数据库中的请求,并检查例如url“allow_token”的参数是否等于存储的allow_token。如果是,请将请求状态更改为允许。