仅在回答了安全性问题之后，才将用户保存在数据库上（使用ModelForm）？

Question

I am trying to develop a website,where in the signup flow after entering the user credentials and successfully validating Google reCaptcha, the user has to be directed to a page, displaying a list of security questions,the user has to answer one of the question to successfully signup on the website.

My forms.py file is here.

import re
from django import forms 
from django.contrib.auth.forms import AuthenticationForm, PasswordResetForm, SetPasswordForm
from .models import CustomUser
from django.conf import settings
from django.utils.translation import ugettext as _
import urllib
import urllib.request as urllib2
import json

class SignUpForm(forms.ModelForm):
    """
    A form that creates a user, with no privileges, from the given username and
    password.
    """
    password1=  forms.CharField(label='Password',widget=forms.PasswordInput)
    password2=forms.CharField(label='Confirm Password', widget=forms.PasswordInput)

class Meta:
    #model to be used
    model = CustomUser

    #fields that have to be populated
    fields=['username']


def __init__(self,*args,**kwargs):
    self.request=kwargs.pop('requestObject',None)
    super(SignUpForm,self).__init__(*args,**kwargs)
    self.fields['username'].required=True
    self.fields['password1'].required=True
    self.fields['password2'].required=True


def clean(self):
    super(SignUpForm,self).clean()

    '''
    Test the Google Recaptcha
    '''
    #url at which request will be sent
    url='https://www.google.com/recaptcha/api/siteverify'

    #dictionary of values to be sent for validation
    values={
         'secret': settings.GOOGLE_RECAPTCHA_SECRET_KEY,
        'response': self.request.POST.get(u'g-recaptcha-response', None),
        'remoteip': self.request.META.get("REMOTE_ADDR", None),
    }

    #making request
    data=urlllib.parse.urlencode(values)
    binary_data=data.encode('utf-8')
    req= urllib.request.Request(url, binary_data)
    response= urllib.request.urlopen(req)
    result = json.loads(response.read().decode('utf-8'))

    # result["success"] will be True on a success
    if not result["success"]:
        raise forms.ValidationError("Only humans are allowed to submit this form.")

        return self.cleaned_data

def clean_password2(self):
    #checking whether the passwords match or not
    password1=self.cleaned_data.get('password1');
    password2=self.cleaned_data.get('password2');

    if password1 and password2 and password1!=password2:
        raise forms.ValidationError("Passwords don't match!");

    return password2;

def save(self, commit=True):
    #overriding the default save method for ModelForm
    user = super(UserCreationForm, self).save(commit=False)
    user.set_password(self.cleaned_data["password1"])
    if commit:
        user.save()
    return user

The models.py file is here

 from django.db import models
 from django.conf import settings
 from django.contrib.auth.models import AbstractUser

# Create your models here. 

#Choices of questions
SECRET_QUESTION_CHOICES = (
        ('WCPM', "In which city did your parents meet?"),
        ('WCN', "What was your childhood nickname?"),
        ('WPN', "What is your pet's name?"),
)


#Secret Questions
class SecretQuestion(models.Model):
    id=models.AutoField(primary_key=True)
    secret_question = models.CharField(max_length = 100, choices =     SECRET_QUESTION_CHOICES, default = SECRET_QUESTION_CHOICES[0],null=False, blank=False)

class Meta:
    db_table='Security Questions'


class CustomUser(AbstractUser):
    profile_pic = models.ImageField(upload_to = 'profile_pics/', blank = True, null = True)
    following = models.ManyToManyField('self', symmetrical = False, related_name = 'followers', blank = True)
    ques_followed = models.ManyToManyField('question.Question', related_name = 'questions_followed', blank = True)
    topic_followed = models.ManyToManyField('topic.Topic', related_name = 'topic_followed', blank = True)
    security_questions = models.ManyToManyField(SecretQuestion, related_name = 'secret_question_user', through = "SecretQuestionAnswer")

    class Meta:
        db_table = 'User'  

    def __str__(self):
        return self.username

class SecretQuestionAnswer(models.Model):
    user = models.ForeignKey(CustomUser)
    secret_question = models.ForeignKey(SecretQuestion)
    answer = models.CharField(max_length = 100,blank=False, null=False)

    class Meta:
        db_table='SecretQuestionAnswer'    

Now, after successfully submitting the SignUpForm, the user should only be registered(means saved on the database) if he answers one of the questions given above successfully. How should work on this problem? Please help.

I have been banging my head on this problem for the past two days.

Can somebody help.

Answer 1

Normaly you need to have a boolean field which will indicate if the user was finished will all steps. By default this field will be False , and when ready set it to True . You can allow login only when field is set to True .

Another approach is using a wizard http://django-formtools.readthedocs.org/en/latest/ . With this approach you need to protect user's password somehow because it's not a good idea to stay in the session.