improve verification email

Author: ThatcherT

web/authapi/tasks.py

@@ -8,7 +8,7 @@
 
 
 @shared_task
-def send_verification_email(user_id):
+def send_verification_email(user_id, ip_address=None):
     """Send email verification link to user."""
     from .models import EmailVerificationToken
 
@@ -25,18 +25,27 @@ def send_verification_email(user_id):
     verify_url = f"{base_url}/verify-email/{token_obj.token}"
 
     subject = "Verify your email address"
-    message = f"""Hi,
 
-Please verify your email address by clicking the link below:
+    ip_line = ""
+    if ip_address:
+        ip_line = f"\nThe request for this verification originated from IP address {ip_address}\n"
+
+    message = f"""Verify your email address
+
+You need to verify your email address to continue using your account. Click the link below to verify your email address:
 
 {verify_url}
 
 This link will expire in 7 days.
+{ip_line}
+In case you did not sign up for this account and are seeing this email, please follow the instructions below:
 
-If you didn't create an account, you can ignore this email.
+- Reset your password: {base_url}/forgot-password
+- Check if any changes were made to your account settings. If yes, revert them immediately.
+- If you are unable to access your account, please contact us.
 
 Thanks,
-The Team
+Thatcher
 """
 
     send_mail(

web/authapi/views.py

@@ -8,6 +8,16 @@
 from rest_framework.views import APIView
 
 from .models import EmailVerificationToken, PasswordResetToken
+
+
+def get_client_ip(request):
+    """Extract client IP address from request, handling proxy headers."""
+    x_forwarded_for = request.META.get("HTTP_X_FORWARDED_FOR")
+    if x_forwarded_for:
+        return x_forwarded_for.split(",")[0].strip()
+    return request.META.get("REMOTE_ADDR")
+
+
 from .serializers import (
     ChangePasswordSerializer,
     DeleteAccountSerializer,
@@ -34,8 +44,8 @@ def post(self, request):
             password=serializer.validated_data["password"],
         )
 
-        # Send verification email asynchronously
-        send_verification_email.delay(user.id)
+        client_ip = get_client_ip(request)
+        send_verification_email.delay(user.id, ip_address=client_ip)
 
         # Log the user in
         login(request, user, backend="django.contrib.auth.backends.ModelBackend")
@@ -243,7 +253,8 @@ def post(self, request):
                 status=status.HTTP_400_BAD_REQUEST,
             )
 
-        send_verification_email.delay(user.id)
+        client_ip = get_client_ip(request)
+        send_verification_email.delay(user.id, ip_address=client_ip)
 
         return Response({"message": "Verification email sent."})