To implement a phone number verification system with Django REST Framework (DRF), you can follow the following steps. This system will allow users to provide their phone number, receive a verification code by SMS (for example via Twilio), and validate this code to verify their number.
Main Steps:
- Install necessary dependencies
- Edit user template to include phone number
- Create a template to store verification codes
- Configure an SMS sending service (e.g. Twilio)
- Create DRF serializers
- Create views and API routes
- Manage verification logic and security
1. Install Necessary Dependencies
First, make sure you have installed the necessary libraries:
- Django REST Framework: If you haven't already.
- Twilio: For sending SMS.
- django-phonenumber-field: For validating and formatting phone numbers.
Install them via pip:
pip install djangorestframework twilio django-phonenumber-field
Add phonenumber_field and rest_framework to your INSTALLED_APPS in settings.py:
# settings.py
INSTALLED_APPS = [
# ...
'rest_framework',
'phonenumber_field',
# ...
]
2. Change User Template to Include Phone Number
If you are using a custom user template, add a field for the phone number and a verification flag.
# models.py
from django.contrib.auth.models import AbstractBaseUser, BaseUserManager
from django.db import models
from phonenumber_field.modelfields import PhoneNumberField
class UserManager(BaseUserManager):
def create_user(self, email, username, phone_number, password=None):
if not email:
raise ValueError('Les utilisateurs doivent avoir une adresse email')
if not phone_number:
raise ValueError('Les utilisateurs doivent avoir un numéro de téléphone')
user = self.model(
email=self.normalize_email(email),
username=username,
phone_number=phone_number,
)
user.set_password(password)
user.save(using=self._db)
return user
def create_superuser(self, email, username, phone_number, password=None):
user = self.create_user(
email,
username,
phone_number,
password=password,
)
user.is_admin = True
user.save(using=self._db)
return user
class CustomUser(AbstractBaseUser):
email = models.EmailField(verbose_name='adresse email', max_length=255, unique=True)
username = models.CharField(max_length=50, unique=True)
phone_number = PhoneNumberField(unique=True, null=False, blank=False)
is_active = models.BooleanField(default=True)
is_admin = models.BooleanField(default=False)
is_phone_verified = models.BooleanField(default=False)
objects = UserManager()
USERNAME_FIELD = 'email'
REQUIRED_FIELDS = ['username', 'phone_number']
def __str__(self):
return self.email
@property
def is_staff(self):
return self.is_admin
Note: If you already have a user model, be sure to add the phone_number and is_phone_verified fields appropriately.
3. Create a Template to Store Verification Codes
This template will store verification codes sent to users.
# models.py
import random
import string
from django.utils import timezone
from datetime import timedelta
class PhoneVerification(models.Model):
user = models.ForeignKey(CustomUser, on_delete=models.CASCADE, related_name='phone_verifications')
code = models.CharField(max_length=6)
created_at = models.DateTimeField(auto_now_add=True)
is_verified = models.BooleanField(default=False)
def is_expired(self):
return self.created_at < timezone.now() - timedelta(minutes=10) # Expire après 10 minutes
def __str__(self):
return f"Vérification de {self.user.email} - {'Validé' if self.is_verified else 'En attente'}"
4. Configure an SMS Sending Service (Ex. Twilio)
You can use Twilio to send text messages. Start by creating a Twilio account and obtaining the necessary credentials (ACCOUNT_SID, AUTH_TOKEN, FROM_NUMBER).
Add these configurations to your settings.py:
# settings.py TWILIO_ACCOUNT_SID = 'votre_account_sid' TWILIO_AUTH_TOKEN = 'votre_auth_token' TWILIO_FROM_NUMBER = '+1234567890' # Numéro Twilio
Create a utils.py file to manage sending SMS:
# utils.py
from django.conf import settings
from twilio.rest import Client
def send_sms(to, message):
client = Client(settings.TWILIO_ACCOUNT_SID, settings.TWILIO_AUTH_TOKEN)
message = client.messages.create(
body=message,
from_=settings.TWILIO_FROM_NUMBER,
to=str(to)
)
return message.sid
5. Create DRF Serializers
Create serializers to handle the verification request and code validation.
pip install djangorestframework twilio django-phonenumber-field
6. Create API Views and Routes
Create views to manage verification requests and code validation.
# settings.py
INSTALLED_APPS = [
# ...
'rest_framework',
'phonenumber_field',
# ...
]
Note: You may want to adjust these views as needed, such as if you want to create a user during verification or manage existing users differently.
7. Configure API Routes
Add the corresponding routes in your urls.py.
# models.py
from django.contrib.auth.models import AbstractBaseUser, BaseUserManager
from django.db import models
from phonenumber_field.modelfields import PhoneNumberField
class UserManager(BaseUserManager):
def create_user(self, email, username, phone_number, password=None):
if not email:
raise ValueError('Les utilisateurs doivent avoir une adresse email')
if not phone_number:
raise ValueError('Les utilisateurs doivent avoir un numéro de téléphone')
user = self.model(
email=self.normalize_email(email),
username=username,
phone_number=phone_number,
)
user.set_password(password)
user.save(using=self._db)
return user
def create_superuser(self, email, username, phone_number, password=None):
user = self.create_user(
email,
username,
phone_number,
password=password,
)
user.is_admin = True
user.save(using=self._db)
return user
class CustomUser(AbstractBaseUser):
email = models.EmailField(verbose_name='adresse email', max_length=255, unique=True)
username = models.CharField(max_length=50, unique=True)
phone_number = PhoneNumberField(unique=True, null=False, blank=False)
is_active = models.BooleanField(default=True)
is_admin = models.BooleanField(default=False)
is_phone_verified = models.BooleanField(default=False)
objects = UserManager()
USERNAME_FIELD = 'email'
REQUIRED_FIELDS = ['username', 'phone_number']
def __str__(self):
return self.email
@property
def is_staff(self):
return self.is_admin
8. Add Additional Logics (Optional)
has. Generation of Unique Code per User
Edit the request view to associate the code with a specific user or create a new user.
b. Limit the Number of Requests
To avoid abuse, limit the number of verification requests per user or phone number.
# models.py
import random
import string
from django.utils import timezone
from datetime import timedelta
class PhoneVerification(models.Model):
user = models.ForeignKey(CustomUser, on_delete=models.CASCADE, related_name='phone_verifications')
code = models.CharField(max_length=6)
created_at = models.DateTimeField(auto_now_add=True)
is_verified = models.BooleanField(default=False)
def is_expired(self):
return self.created_at < timezone.now() - timedelta(minutes=10) # Expire après 10 minutes
def __str__(self):
return f"Vérification de {self.user.email} - {'Validé' if self.is_verified else 'En attente'}"
c. User Management during Verification
You can decide to create a user after verification or associate the number with an existing user.
9. Tests and Validation
Be sure to test your system in a development environment before deploying it to production. Check that:
- SMS messages are sent correctly.
- Codes are generated and stored securely.
- Checks expire after the set time.
- Errors are correctly handled and communicated to the user.
Complete Implementation Example
To give you an overview, here is a complete example of the affected files.
models.py
# settings.py TWILIO_ACCOUNT_SID = 'votre_account_sid' TWILIO_AUTH_TOKEN = 'votre_auth_token' TWILIO_FROM_NUMBER = '+1234567890' # Numéro Twilio
serializers.py
# utils.py
from django.conf import settings
from twilio.rest import Client
def send_sms(to, message):
client = Client(settings.TWILIO_ACCOUNT_SID, settings.TWILIO_AUTH_TOKEN)
message = client.messages.create(
body=message,
from_=settings.TWILIO_FROM_NUMBER,
to=str(to)
)
return message.sid
views.py
# serializers.py
from rest_framework import serializers
from .models import CustomUser, PhoneVerification
from phonenumber_field.serializerfields import PhoneNumberField
class PhoneVerificationRequestSerializer(serializers.Serializer):
phone_number = PhoneNumberField()
def validate_phone_number(self, value):
if CustomUser.objects.filter(phone_number=value).exists():
raise serializers.ValidationError("Ce numéro de téléphone est déjà utilisé.")
return value
class PhoneVerificationCodeSerializer(serializers.Serializer):
phone_number = PhoneNumberField()
code = serializers.CharField(max_length=6)
def validate(self, data):
phone_number = data.get('phone_number')
code = data.get('code')
try:
user = CustomUser.objects.get(phone_number=phone_number)
except CustomUser.DoesNotExist:
raise serializers.ValidationError("Utilisateur non trouvé avec ce numéro de téléphone.")
try:
verification = PhoneVerification.objects.filter(user=user, code=code, is_verified=False).latest('created_at')
except PhoneVerification.DoesNotExist:
raise serializers.ValidationError("Code de vérification invalide.")
if verification.is_expired():
raise serializers.ValidationError("Le code de vérification a expiré.")
data['user'] = user
data['verification'] = verification
return data
urls.py
# views.py
from rest_framework import generics, status
from rest_framework.response import Response
from .serializers import PhoneVerificationRequestSerializer, PhoneVerificationCodeSerializer
from .models import CustomUser, PhoneVerification
from .utils import send_sms
import random
import string
from django.utils import timezone
from rest_framework.permissions import AllowAny
class PhoneVerificationRequestView(generics.GenericAPIView):
serializer_class = PhoneVerificationRequestSerializer
permission_classes = [AllowAny]
def post(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
phone_number = serializer.validated_data['phone_number']
# Générer un code de 6 chiffres
code = ''.join(random.choices(string.digits, k=6))
try:
user = CustomUser.objects.get(phone_number=phone_number)
# Si l'utilisateur existe déjà, ne pas permettre la création d'un nouveau
return Response({"detail": "Ce numéro de téléphone est déjà associé à un utilisateur."}, status=status.HTTP_400_BAD_REQUEST)
except CustomUser.DoesNotExist:
pass # Permettre la création si nécessaire
# Créer une instance de PhoneVerification
verification = PhoneVerification.objects.create(user=None, code=code) # user=None pour l'instant
# Envoyer le code par SMS
try:
send_sms(phone_number, f"Votre code de vérification est : {code}")
except Exception as e:
return Response({"detail": "Erreur lors de l'envoi du SMS."}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
return Response({"detail": "Code de vérification envoyé."}, status=status.HTTP_200_OK)
class PhoneVerificationCodeView(generics.GenericAPIView):
serializer_class = PhoneVerificationCodeSerializer
permission_classes = [AllowAny]
def post(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = serializer.validated_data['user']
verification = serializer.validated_data['verification']
# Marquer la vérification comme validée
verification.is_verified = True
verification.save()
# Mettre à jour l'utilisateur
user.is_phone_verified = True
user.save()
return Response({"detail": "Numéro de téléphone vérifié avec succès."}, status=status.HTTP_200_OK)
utils.py
# urls.py
from django.urls import path
from .views import PhoneVerificationRequestView, PhoneVerificationCodeView
urlpatterns = [
path('api/verify-phone/request/', PhoneVerificationRequestView.as_view(), name='phone-verification-request'),
path('api/verify-phone/verify/', PhoneVerificationCodeView.as_view(), name='phone-verification-verify'),
]
10. Secure and Optimize
Limit Verification Attempts: Implement a system to limit the number of verification attempts to avoid brute force attacks.
Encrypt Codes: For added security, you can encrypt the verification codes in the database.
Use Asynchronous Tasks: To improve performance, use asynchronous tasks (for example with Celery) to send SMS without blocking API requests.
Configure HTTPS: Make sure your API is accessible via HTTPS to secure communications.
The above is the detailed content of Implementing phone number verification in a drf project. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How does Python's unittest or pytest framework facilitate automated testing?
Jun 19, 2025 am 01:10 AM
Python's unittest and pytest are two widely used testing frameworks that simplify the writing, organizing and running of automated tests. 1. Both support automatic discovery of test cases and provide a clear test structure: unittest defines tests by inheriting the TestCase class and starting with test\_; pytest is more concise, just need a function starting with test\_. 2. They all have built-in assertion support: unittest provides assertEqual, assertTrue and other methods, while pytest uses an enhanced assert statement to automatically display the failure details. 3. All have mechanisms for handling test preparation and cleaning: un
How can Python be used for data analysis and manipulation with libraries like NumPy and Pandas?
Jun 19, 2025 am 01:04 AM
PythonisidealfordataanalysisduetoNumPyandPandas.1)NumPyexcelsatnumericalcomputationswithfast,multi-dimensionalarraysandvectorizedoperationslikenp.sqrt().2)PandashandlesstructureddatawithSeriesandDataFrames,supportingtaskslikeloading,cleaning,filterin
What are dynamic programming techniques, and how do I use them in Python?
Jun 20, 2025 am 12:57 AM
Dynamic programming (DP) optimizes the solution process by breaking down complex problems into simpler subproblems and storing their results to avoid repeated calculations. There are two main methods: 1. Top-down (memorization): recursively decompose the problem and use cache to store intermediate results; 2. Bottom-up (table): Iteratively build solutions from the basic situation. Suitable for scenarios where maximum/minimum values, optimal solutions or overlapping subproblems are required, such as Fibonacci sequences, backpacking problems, etc. In Python, it can be implemented through decorators or arrays, and attention should be paid to identifying recursive relationships, defining the benchmark situation, and optimizing the complexity of space.
How can you implement custom iterators in Python using __iter__ and __next__?
Jun 19, 2025 am 01:12 AM
To implement a custom iterator, you need to define the __iter__ and __next__ methods in the class. ① The __iter__ method returns the iterator object itself, usually self, to be compatible with iterative environments such as for loops; ② The __next__ method controls the value of each iteration, returns the next element in the sequence, and when there are no more items, StopIteration exception should be thrown; ③ The status must be tracked correctly and the termination conditions must be set to avoid infinite loops; ④ Complex logic such as file line filtering, and pay attention to resource cleaning and memory management; ⑤ For simple logic, you can consider using the generator function yield instead, but you need to choose a suitable method based on the specific scenario.
What are the emerging trends or future directions in the Python programming language and its ecosystem?
Jun 19, 2025 am 01:09 AM
Future trends in Python include performance optimization, stronger type prompts, the rise of alternative runtimes, and the continued growth of the AI/ML field. First, CPython continues to optimize, improving performance through faster startup time, function call optimization and proposed integer operations; second, type prompts are deeply integrated into languages ??and toolchains to enhance code security and development experience; third, alternative runtimes such as PyScript and Nuitka provide new functions and performance advantages; finally, the fields of AI and data science continue to expand, and emerging libraries promote more efficient development and integration. These trends indicate that Python is constantly adapting to technological changes and maintaining its leading position.
How do I perform network programming in Python using sockets?
Jun 20, 2025 am 12:56 AM
Python's socket module is the basis of network programming, providing low-level network communication functions, suitable for building client and server applications. To set up a basic TCP server, you need to use socket.socket() to create objects, bind addresses and ports, call .listen() to listen for connections, and accept client connections through .accept(). To build a TCP client, you need to create a socket object and call .connect() to connect to the server, then use .sendall() to send data and .recv() to receive responses. To handle multiple clients, you can use 1. Threads: start a new thread every time you connect; 2. Asynchronous I/O: For example, the asyncio library can achieve non-blocking communication. Things to note
Polymorphism in python classes
Jul 05, 2025 am 02:58 AM
Polymorphism is a core concept in Python object-oriented programming, referring to "one interface, multiple implementations", allowing for unified processing of different types of objects. 1. Polymorphism is implemented through method rewriting. Subclasses can redefine parent class methods. For example, the spoke() method of Animal class has different implementations in Dog and Cat subclasses. 2. The practical uses of polymorphism include simplifying the code structure and enhancing scalability, such as calling the draw() method uniformly in the graphical drawing program, or handling the common behavior of different characters in game development. 3. Python implementation polymorphism needs to satisfy: the parent class defines a method, and the child class overrides the method, but does not require inheritance of the same parent class. As long as the object implements the same method, this is called the "duck type". 4. Things to note include the maintenance
How do I slice a list in Python?
Jun 20, 2025 am 12:51 AM
The core answer to Python list slicing is to master the [start:end:step] syntax and understand its behavior. 1. The basic format of list slicing is list[start:end:step], where start is the starting index (included), end is the end index (not included), and step is the step size; 2. Omit start by default start from 0, omit end by default to the end, omit step by default to 1; 3. Use my_list[:n] to get the first n items, and use my_list[-n:] to get the last n items; 4. Use step to skip elements, such as my_list[::2] to get even digits, and negative step values ??can invert the list; 5. Common misunderstandings include the end index not
