Reregistration Flows

djoser/conf.py

@@ -15,6 +15,7 @@
     'USE_HTML_EMAIL_TEMPLATES': False,
     'SEND_ACTIVATION_EMAIL': False,
     'SEND_CONFIRMATION_EMAIL': False,
+    'RESEND_REGISTRATION_EMAIL': False,
     'SET_PASSWORD_RETYPE': False,
     'SET_USERNAME_RETYPE': False,
     'PASSWORD_RESET_CONFIRM_RETYPE': False,
@@ -38,6 +39,7 @@
     },
     'LOGOUT_ON_PASSWORD_CHANGE': False,
     'USER_EMAIL_FIELD_NAME': 'email',
+    'REGISTRATION_SHOW_EMAIL_FOUND': True,
 }
 
 SETTINGS_TO_IMPORT = ['TOKEN_MODEL']

djoser/serializers.py

@@ -72,7 +72,6 @@ def perform_create(self, validated_data):
         return user
 
 
-
 class LoginSerializer(serializers.Serializer):
     password = serializers.CharField(
         required=False, style={'input_type': 'password'}

djoser/templates/reregistration_email_body.html

@@ -0,0 +1,17 @@
+{% load i18n %}{% autoescape off %}
+<html>
+<body>
+<p>
+{% blocktrans %}You're receiving this email because someone tried to reregister a user account with this email at {{ site_name }}.{% endblocktrans %}</p>
+
+<p>{% trans "If this wasn't you, please go to the following page and choose a new password:" %}</p>
+<p>{% block reset_link %}
+<a href="{{ protocol }}://{{ domain }}/{{ url }}">{{ protocol }}://{{ domain }}/{{ url }}</a>
+{% endblock %}</p>
+<p>{% trans "Your username, in case you've forgotten:" %} <b>{{ user.get_username }}</b></p>
+
+<p>{% trans "Thanks for using our site!" %}</p>
+
+<p>{% blocktrans %}The {{ site_name }} team{% endblocktrans %}</p>
+</body></html>
+{% endautoescape %}

djoser/templates/reregistration_email_body.txt

@@ -0,0 +1,14 @@
+{% load i18n %}{% autoescape off %}
+{% blocktrans %}You're receiving this email because someone tried to reregister a user account with this email at {{ site_name }}.{% endblocktrans %}
+
+{% trans "If this wasn't you, please go to the following page and choose a new password:" %}
+{% block reset_link %}
+{{ protocol }}://{{ domain }}/{{ url }}
+{% endblock %}
+{% trans "Your username, in case you've forgotten:" %} {{ user.get_username }}
+
+{% trans "Thanks for using our site!" %}
+
+{% blocktrans %}The {{ site_name }} team{% endblocktrans %}
+
+{% endautoescape %}

djoser/templates/reregistration_email_subject.txt

@@ -0,0 +1,3 @@
+{% load i18n %}{% autoescape off %}
+{% blocktrans %}Reregistration requested on {{ site_name }}{% endblocktrans %}
+{% endautoescape %}

djoser/templates/reregistration_inactive_email_body.html

@@ -0,0 +1,14 @@
+{% load i18n %}{% autoescape off %}
+<html>
+<body>
+<p>
+{% blocktrans %}You're receiving this email because someone tried to reregister your user account at {{ site_name }}.{% endblocktrans %}</p>
+{% blocktrans %}Please find the previously sent activation email, or request a new one to properly set this account up{% endblocktrans %}
+
+<p>{% trans "Your username, in case you've forgotten:" %} <b>{{ user.get_username }}</b></p>
+
+<p>{% trans "Thanks for using our site!" %}</p>
+
+<p>{% blocktrans %}The {{ site_name }} team{% endblocktrans %}</p>
+</body></html>
+{% endautoescape %}

djoser/templates/reregistration_inactive_email_body.txt

@@ -0,0 +1,11 @@
+{% load i18n %}{% autoescape off %}
+{% blocktrans %}You're receiving this email because someone tried to reregister your user account at {{ site_name }}.{% endblocktrans %}
+{% blocktrans %}Please find the previously sent activation email, or request a new one to properly set this account up{% endblocktrans %}
+
+{% trans "Your username, in case you've forgotten:" %} {{ user.get_username }}
+
+{% trans "Thanks for using our site!" %}
+
+{% blocktrans %}The {{ site_name }} team{% endblocktrans %}
+
+{% endautoescape %}

djoser/utils.py

@@ -143,6 +143,34 @@ def get_context(self):
         return context
 
 
+class UserReregistrationEmailFactory(UserEmailFactoryBase):
+    subject_template_name = 'reregistration_email_subject.txt'
+    plain_body_template_name = 'reregistration_email_body.txt'
+    if settings.USE_HTML_EMAIL_TEMPLATES:
+        html_body_template_name = 'reregistration_email_body.html'
+
+    def get_context(self):
+        context = super(UserReregistrationEmailFactory, self).get_context()
+        context['url'] = settings.PASSWORD_RESET_CONFIRM_URL.format(
+            **context
+        )
+        return context
+
+
+class UserReregistrationInactiveEmailFactory(UserEmailFactoryBase):
+    subject_template_name = 'reregistration_email_subject.txt'
+    plain_body_template_name = 'reregistration_inactive_email_body.txt'
+    if settings.USE_HTML_EMAIL_TEMPLATES:
+        html_body_template_name = 'reregistration_inactive_email_body.html'
+
+    def get_context(self):
+        context = super(UserReregistrationInactiveEmailFactory, self).get_context()
+        context['url'] = settings.PASSWORD_RESET_CONFIRM_URL.format(
+            **context
+        )
+        return context
+
+
 class UserConfirmationEmailFactory(UserEmailFactoryBase):
     subject_template_name = 'confirmation_email_subject.txt'
     plain_body_template_name = 'confirmation_email_body.txt'

djoser/views.py

@@ -54,6 +54,23 @@ class RegistrationView(generics.CreateAPIView):
     permission_classes = (
         permissions.AllowAny,
     )
+    _users = None
+
+    def create(self, request, *args, **kwargs):
+        try:
+            email_field_name = get_user_email_field_name(User)
+            users = self.get_email_users(request.data.get(email_field_name))
+            for user in users:
+                serializer = self.get_serializer(instance=user)
+                if settings.RESEND_REGISTRATION_EMAIL:
+                    self.resend_registration_email(user)
+                headers = self.get_success_headers(serializer.data)
+            if not settings.REGISTRATION_SHOW_EMAIL_FOUND and users:
+                return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)
+        except User.DoesNotExist:
+            pass
+        response = super(RegistrationView, self).create(request, *args, **kwargs)
+        return response
 
     def perform_create(self, serializer):
         user = serializer.save()
@@ -79,6 +96,28 @@ def send_confirmation_email(self, user):
         email = email_factory.create()
         email.send()
 
+    def resend_registration_email(self, user):
+        if user.is_active:
+            email_factory = utils.UserReregistrationEmailFactory.from_request(
+                self.request, user=user
+            )
+        else:
+            email_factory = utils.UserReregistrationInactiveEmailFactory.from_request(
+                self.request, user=user
+            )
+        email = email_factory.create()
+        email.send()
+
+    def get_email_users(self, email):
+        if self._users is None:
+            email_field_name = get_user_email_field_name(User)
+            email_users_kwargs = {
+                email_field_name + '__iexact': email,
+            }
+            email_users = User._default_manager.filter(**email_users_kwargs)
+            self._users = [u for u in email_users if u.has_usable_password()]
+        return self._users
+
 
 class LoginView(utils.ActionViewMixin, generics.GenericAPIView):
     """

docs/source/settings.rst

@@ -56,6 +56,26 @@ If ``True``, register or activation endpoint will send confirmation email to use
 
 **Default**: ``False``
 
+RESEND_REGISTRATION_EMAIL
+-------------------------
+
+If ``True``, register endpoint will send warning and reminder email to user. 
+Only active users are able to reset their passwords (User.is_active is True).
+The email will ask the User to reset their password since someone is trying to
+re-register their account.
+If User.is_active is False, will send a warning
+
+**Default**: ``False``
+
+REGISTRATION_SHOW_EMAIL_FOUND
+----------------------------
+
+If ``True`` (default), the ``/register/`` endpoint will always return
+a ``HTTP_201_CREATED`` response, as well as the UserSerializer serializer.data response 
+of one of those users, so that it makes it difficult to distinguish if a User has this email
+
+**Default**: ``True``
+
 ACTIVATION_URL
 --------------