Hi! Ludovic, Melvyn, thank you for your responses. I could not make Melvyn's example work for me, but it put me on the right track.
Solution: right under the "reset the one time password" comment, add the line "user.backend = 'path.to.OneTimePasswordBackend' ", and everything works as it should be! Have a nice day! A. On Monday, June 5, 2017 at 1:33:28 PM UTC+2, Alison P wrote: > > Hi everyone, > > I have written a custom authentication backend, the code is below. It > allows a user to click "email me a one-time password" on the home page, > which is saved on the "Person" model (which extends User through a foreign > key) and then log in with that password. This backend verifies the password > and then erases it from the database. > This whole thing works when I put > SESSION_SERIALIZER='django.contrib.sessions.serializers.PickleSerializer' > in settings.py, but I don't want that since PickleSerializer is unsafe. > > If I use the default session serializer, I get the following error: > TypeError at /login/ > > <class 'OneTimePasswordBackend'> is not JSON serializable > > > how do I solve this? Do I need to write a custom serializer, and if yes, > how? Can I add serialize/deserialize methods on this class, and what > exactly do they need to do? Do they need to be classmethods or something? > > I would really appreciate some help with this. Thanks in advance! > > from django.contrib.auth.models import User > from allauth.account.models import EmailAddress > from passlib.hash import pbkdf2_sha256 > from api import models > from base.settings import ACCOUNT_PASSWORD_MIN_LENGTH > > class OneTimePasswordBackend(object): > def authenticate(self, email=None, one_time_password=None): > if len(one_time_password) < ACCOUNT_PASSWORD_MIN_LENGTH or > one_time_password==None: > return None > try: > email_obj = EmailAddress.objects.get(email=email) > except EmailAddress.DoesNotExist: > return None > user = email_obj.user > person = models.Person.objects.get(user_account=user) > saved_pw = person.one_time_password > try: > verify = pbkdf2_sha256.verify(one_time_password, saved_pw) > except Exception as e: > print(e) > verify = False > else: > """reset the one time password""" > person.one_time_password = "" > person.save() > return user > return None > > def get_user(self, user_id): > try: > return User.objects.get(pk=user_id) > except User.DoesNotExist: > return None > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/98447391-5986-4986-b025-1e1a0aa9e462%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
