To implement a phone number verification system with Django REST Framework (DRF), you can follow the following steps. This system will allow users to provide their phone number, receive a verification code by SMS (for example via Twilio), and validate this code to verify their number.
Main Steps:
- Install necessary dependencies
- Edit user template to include phone number
- Create a template to store verification codes
- Configure an SMS sending service (e.g. Twilio)
- Create DRF serializers
- Create views and API routes
- Manage verification logic and security
1. Install Necessary Dependencies
First, make sure you have installed the necessary libraries:
- Django REST Framework: If you haven't already.
- Twilio: For sending SMS.
- django-phonenumber-field: For validating and formatting phone numbers.
Install them via pip:
pip install djangorestframework twilio django-phonenumber-field
Add phonenumber_field and rest_framework to your INSTALLED_APPS in settings.py:
# settings.py INSTALLED_APPS = [ # ... 'rest_framework', 'phonenumber_field', # ... ]
2. Change User Template to Include Phone Number
If you are using a custom user template, add a field for the phone number and a verification flag.
# models.py from django.contrib.auth.models import AbstractBaseUser, BaseUserManager from django.db import models from phonenumber_field.modelfields import PhoneNumberField class UserManager(BaseUserManager): def create_user(self, email, username, phone_number, password=None): if not email: raise ValueError('Les utilisateurs doivent avoir une adresse email') if not phone_number: raise ValueError('Les utilisateurs doivent avoir un numéro de téléphone') user = self.model( email=self.normalize_email(email), username=username, phone_number=phone_number, ) user.set_password(password) user.save(using=self._db) return user def create_superuser(self, email, username, phone_number, password=None): user = self.create_user( email, username, phone_number, password=password, ) user.is_admin = True user.save(using=self._db) return user class CustomUser(AbstractBaseUser): email = models.EmailField(verbose_name='adresse email', max_length=255, unique=True) username = models.CharField(max_length=50, unique=True) phone_number = PhoneNumberField(unique=True, null=False, blank=False) is_active = models.BooleanField(default=True) is_admin = models.BooleanField(default=False) is_phone_verified = models.BooleanField(default=False) objects = UserManager() USERNAME_FIELD = 'email' REQUIRED_FIELDS = ['username', 'phone_number'] def __str__(self): return self.email @property def is_staff(self): return self.is_admin
Note: If you already have a user model, be sure to add the phone_number and is_phone_verified fields appropriately.
3. Create a Template to Store Verification Codes
This template will store verification codes sent to users.
# models.py import random import string from django.utils import timezone from datetime import timedelta class PhoneVerification(models.Model): user = models.ForeignKey(CustomUser, on_delete=models.CASCADE, related_name='phone_verifications') code = models.CharField(max_length=6) created_at = models.DateTimeField(auto_now_add=True) is_verified = models.BooleanField(default=False) def is_expired(self): return self.created_at < timezone.now() - timedelta(minutes=10) # Expire après 10 minutes def __str__(self): return f"Vérification de {self.user.email} - {'Validé' if self.is_verified else 'En attente'}"
4. Configure an SMS Sending Service (Ex. Twilio)
You can use Twilio to send text messages. Start by creating a Twilio account and obtaining the necessary credentials (ACCOUNT_SID, AUTH_TOKEN, FROM_NUMBER).
Add these configurations to your settings.py:
# settings.py TWILIO_ACCOUNT_SID = 'votre_account_sid' TWILIO_AUTH_TOKEN = 'votre_auth_token' TWILIO_FROM_NUMBER = '+1234567890' # Numéro Twilio
Create a utils.py file to manage sending SMS:
# utils.py from django.conf import settings from twilio.rest import Client def send_sms(to, message): client = Client(settings.TWILIO_ACCOUNT_SID, settings.TWILIO_AUTH_TOKEN) message = client.messages.create( body=message, from_=settings.TWILIO_FROM_NUMBER, to=str(to) ) return message.sid
5. Create DRF Serializers
Create serializers to handle the verification request and code validation.
pip install djangorestframework twilio django-phonenumber-field
6. Create API Views and Routes
Create views to manage verification requests and code validation.
# settings.py INSTALLED_APPS = [ # ... 'rest_framework', 'phonenumber_field', # ... ]
Note: You may want to adjust these views as needed, such as if you want to create a user during verification or manage existing users differently.
7. Configure API Routes
Add the corresponding routes in your urls.py.
# models.py from django.contrib.auth.models import AbstractBaseUser, BaseUserManager from django.db import models from phonenumber_field.modelfields import PhoneNumberField class UserManager(BaseUserManager): def create_user(self, email, username, phone_number, password=None): if not email: raise ValueError('Les utilisateurs doivent avoir une adresse email') if not phone_number: raise ValueError('Les utilisateurs doivent avoir un numéro de téléphone') user = self.model( email=self.normalize_email(email), username=username, phone_number=phone_number, ) user.set_password(password) user.save(using=self._db) return user def create_superuser(self, email, username, phone_number, password=None): user = self.create_user( email, username, phone_number, password=password, ) user.is_admin = True user.save(using=self._db) return user class CustomUser(AbstractBaseUser): email = models.EmailField(verbose_name='adresse email', max_length=255, unique=True) username = models.CharField(max_length=50, unique=True) phone_number = PhoneNumberField(unique=True, null=False, blank=False) is_active = models.BooleanField(default=True) is_admin = models.BooleanField(default=False) is_phone_verified = models.BooleanField(default=False) objects = UserManager() USERNAME_FIELD = 'email' REQUIRED_FIELDS = ['username', 'phone_number'] def __str__(self): return self.email @property def is_staff(self): return self.is_admin
8. Add Additional Logics (Optional)
has. Generation of Unique Code per User
Edit the request view to associate the code with a specific user or create a new user.
b. Limit the Number of Requests
To avoid abuse, limit the number of verification requests per user or phone number.
# models.py import random import string from django.utils import timezone from datetime import timedelta class PhoneVerification(models.Model): user = models.ForeignKey(CustomUser, on_delete=models.CASCADE, related_name='phone_verifications') code = models.CharField(max_length=6) created_at = models.DateTimeField(auto_now_add=True) is_verified = models.BooleanField(default=False) def is_expired(self): return self.created_at < timezone.now() - timedelta(minutes=10) # Expire après 10 minutes def __str__(self): return f"Vérification de {self.user.email} - {'Validé' if self.is_verified else 'En attente'}"
c. User Management during Verification
You can decide to create a user after verification or associate the number with an existing user.
9. Tests and Validation
Be sure to test your system in a development environment before deploying it to production. Check that:
- SMS messages are sent correctly.
- Codes are generated and stored securely.
- Checks expire after the set time.
- Errors are correctly handled and communicated to the user.
Complete Implementation Example
To give you an overview, here is a complete example of the affected files.
models.py
# settings.py TWILIO_ACCOUNT_SID = 'votre_account_sid' TWILIO_AUTH_TOKEN = 'votre_auth_token' TWILIO_FROM_NUMBER = '+1234567890' # Numéro Twilio
serializers.py
# utils.py from django.conf import settings from twilio.rest import Client def send_sms(to, message): client = Client(settings.TWILIO_ACCOUNT_SID, settings.TWILIO_AUTH_TOKEN) message = client.messages.create( body=message, from_=settings.TWILIO_FROM_NUMBER, to=str(to) ) return message.sid
views.py
# serializers.py from rest_framework import serializers from .models import CustomUser, PhoneVerification from phonenumber_field.serializerfields import PhoneNumberField class PhoneVerificationRequestSerializer(serializers.Serializer): phone_number = PhoneNumberField() def validate_phone_number(self, value): if CustomUser.objects.filter(phone_number=value).exists(): raise serializers.ValidationError("Ce numéro de téléphone est déjà utilisé.") return value class PhoneVerificationCodeSerializer(serializers.Serializer): phone_number = PhoneNumberField() code = serializers.CharField(max_length=6) def validate(self, data): phone_number = data.get('phone_number') code = data.get('code') try: user = CustomUser.objects.get(phone_number=phone_number) except CustomUser.DoesNotExist: raise serializers.ValidationError("Utilisateur non trouvé avec ce numéro de téléphone.") try: verification = PhoneVerification.objects.filter(user=user, code=code, is_verified=False).latest('created_at') except PhoneVerification.DoesNotExist: raise serializers.ValidationError("Code de vérification invalide.") if verification.is_expired(): raise serializers.ValidationError("Le code de vérification a expiré.") data['user'] = user data['verification'] = verification return data
urls.py
# views.py from rest_framework import generics, status from rest_framework.response import Response from .serializers import PhoneVerificationRequestSerializer, PhoneVerificationCodeSerializer from .models import CustomUser, PhoneVerification from .utils import send_sms import random import string from django.utils import timezone from rest_framework.permissions import AllowAny class PhoneVerificationRequestView(generics.GenericAPIView): serializer_class = PhoneVerificationRequestSerializer permission_classes = [AllowAny] def post(self, request, *args, **kwargs): serializer = self.get_serializer(data=request.data) serializer.is_valid(raise_exception=True) phone_number = serializer.validated_data['phone_number'] # Générer un code de 6 chiffres code = ''.join(random.choices(string.digits, k=6)) try: user = CustomUser.objects.get(phone_number=phone_number) # Si l'utilisateur existe déjà, ne pas permettre la création d'un nouveau return Response({"detail": "Ce numéro de téléphone est déjà associé à un utilisateur."}, status=status.HTTP_400_BAD_REQUEST) except CustomUser.DoesNotExist: pass # Permettre la création si nécessaire # Créer une instance de PhoneVerification verification = PhoneVerification.objects.create(user=None, code=code) # user=None pour l'instant # Envoyer le code par SMS try: send_sms(phone_number, f"Votre code de vérification est : {code}") except Exception as e: return Response({"detail": "Erreur lors de l'envoi du SMS."}, status=status.HTTP_500_INTERNAL_SERVER_ERROR) return Response({"detail": "Code de vérification envoyé."}, status=status.HTTP_200_OK) class PhoneVerificationCodeView(generics.GenericAPIView): serializer_class = PhoneVerificationCodeSerializer permission_classes = [AllowAny] def post(self, request, *args, **kwargs): serializer = self.get_serializer(data=request.data) serializer.is_valid(raise_exception=True) user = serializer.validated_data['user'] verification = serializer.validated_data['verification'] # Marquer la vérification comme validée verification.is_verified = True verification.save() # Mettre à jour l'utilisateur user.is_phone_verified = True user.save() return Response({"detail": "Numéro de téléphone vérifié avec succès."}, status=status.HTTP_200_OK)
utils.py
# urls.py from django.urls import path from .views import PhoneVerificationRequestView, PhoneVerificationCodeView urlpatterns = [ path('api/verify-phone/request/', PhoneVerificationRequestView.as_view(), name='phone-verification-request'), path('api/verify-phone/verify/', PhoneVerificationCodeView.as_view(), name='phone-verification-verify'), ]
10. Secure and Optimize
Limit Verification Attempts: Implement a system to limit the number of verification attempts to avoid brute force attacks.
Encrypt Codes: For added security, you can encrypt the verification codes in the database.
Use Asynchronous Tasks: To improve performance, use asynchronous tasks (for example with Celery) to send SMS without blocking API requests.
Configure HTTPS: Make sure your API is accessible via HTTPS to secure communications.
The above is the detailed content of Implementing phone number verification in a drf project. For more information, please follow other related articles on the PHP Chinese website!

Hot AI Tools

Undress AI Tool
Undress images for free

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Clothoff.io
AI clothes remover

Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Hot Tools

Notepad++7.3.1
Easy-to-use and free code editor

SublimeText3 Chinese version
Chinese version, very easy to use

Zend Studio 13.0.1
Powerful PHP integrated development environment

Dreamweaver CS6
Visual web development tools

SublimeText3 Mac version
God-level code editing software (SublimeText3)

Hot Topics











Polymorphism is a core concept in Python object-oriented programming, referring to "one interface, multiple implementations", allowing for unified processing of different types of objects. 1. Polymorphism is implemented through method rewriting. Subclasses can redefine parent class methods. For example, the spoke() method of Animal class has different implementations in Dog and Cat subclasses. 2. The practical uses of polymorphism include simplifying the code structure and enhancing scalability, such as calling the draw() method uniformly in the graphical drawing program, or handling the common behavior of different characters in game development. 3. Python implementation polymorphism needs to satisfy: the parent class defines a method, and the child class overrides the method, but does not require inheritance of the same parent class. As long as the object implements the same method, this is called the "duck type". 4. Things to note include the maintenance

ListslicinginPythonextractsaportionofalistusingindices.1.Itusesthesyntaxlist[start:end:step],wherestartisinclusive,endisexclusive,andstepdefinestheinterval.2.Ifstartorendareomitted,Pythondefaultstothebeginningorendofthelist.3.Commonusesincludegetting

A class method is a method defined in Python through the @classmethod decorator. Its first parameter is the class itself (cls), which is used to access or modify the class state. It can be called through a class or instance, which affects the entire class rather than a specific instance; for example, in the Person class, the show_count() method counts the number of objects created; when defining a class method, you need to use the @classmethod decorator and name the first parameter cls, such as the change_var(new_value) method to modify class variables; the class method is different from the instance method (self parameter) and static method (no automatic parameters), and is suitable for factory methods, alternative constructors, and management of class variables. Common uses include:

Parameters are placeholders when defining a function, while arguments are specific values ??passed in when calling. 1. Position parameters need to be passed in order, and incorrect order will lead to errors in the result; 2. Keyword parameters are specified by parameter names, which can change the order and improve readability; 3. Default parameter values ??are assigned when defined to avoid duplicate code, but variable objects should be avoided as default values; 4. args and *kwargs can handle uncertain number of parameters and are suitable for general interfaces or decorators, but should be used with caution to maintain readability.

Python's csv module provides an easy way to read and write CSV files. 1. When reading a CSV file, you can use csv.reader() to read line by line and return each line of data as a string list; if you need to access the data through column names, you can use csv.DictReader() to map each line into a dictionary. 2. When writing to a CSV file, use csv.writer() and call writerow() or writerows() methods to write single or multiple rows of data; if you want to write dictionary data, use csv.DictWriter(), you need to define the column name first and write the header through writeheader(). 3. When handling edge cases, the module automatically handles them

Iterators are objects that implement __iter__() and __next__() methods. The generator is a simplified version of iterators, which automatically implement these methods through the yield keyword. 1. The iterator returns an element every time he calls next() and throws a StopIteration exception when there are no more elements. 2. The generator uses function definition to generate data on demand, saving memory and supporting infinite sequences. 3. Use iterators when processing existing sets, use a generator when dynamically generating big data or lazy evaluation, such as loading line by line when reading large files. Note: Iterable objects such as lists are not iterators. They need to be recreated after the iterator reaches its end, and the generator can only traverse it once.

There are many ways to merge two lists, and choosing the right way can improve efficiency. 1. Use number splicing to generate a new list, such as list1 list2; 2. Use = to modify the original list, such as list1 =list2; 3. Use extend() method to operate on the original list, such as list1.extend(list2); 4. Use number to unpack and merge (Python3.5), such as [list1,*list2], which supports flexible combination of multiple lists or adding elements. Different methods are suitable for different scenarios, and you need to choose based on whether to modify the original list and Python version.

The key to dealing with API authentication is to understand and use the authentication method correctly. 1. APIKey is the simplest authentication method, usually placed in the request header or URL parameters; 2. BasicAuth uses username and password for Base64 encoding transmission, which is suitable for internal systems; 3. OAuth2 needs to obtain the token first through client_id and client_secret, and then bring the BearerToken in the request header; 4. In order to deal with the token expiration, the token management class can be encapsulated and automatically refreshed the token; in short, selecting the appropriate method according to the document and safely storing the key information is the key.
