More changes for Microsoft Safe link protection

[jkirkcaldy]

So, after testing my site internally, the previous fix of just checking for a HEAD request was fine. As I was accessing my site with a private IP address. However, after deploying the site, it turns out that Microsoft actually checks the link before it even sends the email. So the link is always invalid when the user finally gets it.

My solution here is to add a page where the user must click a button for the verification to actually be processed. The pros of this approach is that it doesn't matter what checks Microsoft, or anyone does on the email link, as the user must press the verify button for the verification to proceed.

The cons are that it adds another step in for the end user and the link in the email remains valid no matter how many times the user click on it, it is only used once they click the verify button.

I added a template that matches the rest of the templates and can be swapped out with a custom template like all the others.

This is potentially only an issue when using the mail.protection.outlook.com email provider

Also, the verification email would not send without error unless I removed inactive_user=None, from

...

    # Private :
    def __send_email(self, msg, useremail):
        subject = self.settings.get('subject')
        send_mail(
            subject, strip_tags(msg),
            from_email=self.settings.get('from_alias'),
            recipient_list=[useremail], html_message=msg
        )

    # Public :
    def send_verification_link(self, request, form=None):
        
        if form:
            inactive_user = form.save(commit=False)
        
        inactive_user.is_active = False
        inactive_user.save()

...

[bvermeulen]

My suggestion is just a check for a HEAD request in views.py and ignore the response. If request.method == ‘HEAD’ return HttpResponse(‘ok’)