Hi! Ludovic, Melvyn, thank you for your responses. I could not make Melvyn's example work for me, but it put me on the right track.
Solution: right under the "reset the one time password" comment, add the line "user.backend = 'path.to.OneTimePasswordBackend' ", and everything works as it should be! Have a nice day! A. On Monday, June 5, 2017 at 1:33:28 PM UTC+2, Alison P wrote: > > Hi everyone, > > I have written a custom authentication backend, the code is below. It > allows a user to click "email me a one-time password" on the home page, > which is saved on the "Person" model (which extends User through a foreign > key) and then log in with that password. This backend verifies the password > and then erases it from the database. > This whole thing works when I put > SESSION_SERIALIZER='django.contrib.sessions.serializers.PickleSerializer' > in settings.py, but I don't want that since PickleSerializer is unsafe. > > If I use the default session serializer, I get the following error: > TypeError at /login/ > > <class 'OneTimePasswordBackend'> is not JSON serializable > > > how do I solve this? Do I need to write a custom serializer, and if yes, > how? Can I add serialize/deserialize methods on this class, and what > exactly do they need to do? Do they need to be classmethods or something? > > I would really appreciate some help with this. Thanks in advance! > > from django.contrib.auth.models import User > from allauth.account.models import EmailAddress > from passlib.hash import pbkdf2_sha256 > from api import models > from base.settings import ACCOUNT_PASSWORD_MIN_LENGTH > > class OneTimePasswordBackend(object): > def authenticate(self, email=None, one_time_password=None): > if len(one_time_password) < ACCOUNT_PASSWORD_MIN_LENGTH or > one_time_password==None: > return None > try: > email_obj = EmailAddress.objects.get(email=email) > except EmailAddress.DoesNotExist: > return None > user = email_obj.user > person = models.Person.objects.get(user_account=user) > saved_pw = person.one_time_password > try: > verify = pbkdf2_sha256.verify(one_time_password, saved_pw) > except Exception as e: > print(e) > verify = False > else: > """reset the one time password""" > person.one_time_password = "" > person.save() > return user > return None > > def get_user(self, user_id): > try: > return User.objects.get(pk=user_id) > except User.DoesNotExist: > return None > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/98447391-5986-4986-b025-1e1a0aa9e462%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
