Проверка телефона в django в целях безопасности
я пытаюсь проверить номер телефона пользователя на моем сайте, используя twilio и django.
но по некоторым причинам я очень беспокоюсь о риске безопасности. Поэтому мой вопрос:
- What is the best to use cookie or session ?(i want to code validation to expire after 5 minutes)
- Will my code below will need some improvement for security reason ?
views.py
@login_required
def show_phone_verification(request):
form = NumberForm()
if request.method == 'POST':
form = NumberForm(request.POST)
if form.is_valid():
request.session['number'] = form.cleaned_data.get('telephone')
request.session['code'] = generate_code()
return redirect('send_verify_code')
return render(request,request.session['is_mobile']+'profile/phone_show.html',{'form':form})
@login_required
def send_verify_code(request):
form = CodeForm(request.POST or None)
code = request.session.get('code',None)
number_verify = request.session.get('number',None)
if number_verify and code:
if not request.POST:
send_sms(number_verify,code)
if form.is_valid():
del request.session['code']
del request.session['number']
number = form.cleaned_data.get('number')
if number == code:
obj, created = Phone.objects.update_or_create(
user=request.user,is_verified=True,
defaults={'phone': number_verify},)
messages.success(request,'Your Number Has been verified.')
return redirect('news')
else:
messages.success(request,'Your Number Has not been verified.Tried again.')
return redirect('show_phone_verification')
return render(request,request.session['is_mobile']+'profile/verify_code.html',{'form':form})
else:
messages.success(request,'Access Refused')
return redirect('news')
Спасибо.