Skip to Content
FeaturesBundled ExtensionsUser ManagementAccountsLogin Alerts

Login Alerts

Apple-style login notification emails sent when users log in from new devices or IPs. Detects potentially unauthorized access while suppressing false alarms with intelligent deduplication.

Features

  • Device detection — browser, OS, and device type parsed from User-Agent
  • IP tracking — real client IP via RealIPMiddleware
  • Non-blocking — all work deferred to background thread
  • Smart suppression — avoids alert fatigue with dedup rules
  • Telegram integration — optional admin notifications for staff logins

Usage

Call send_login_alert after issuing JWT tokens in your login view:

from django_cfg.apps.system.accounts.services.login_alert_service import send_login_alert @action(detail=False, methods=['post']) def login(self, request): user = authenticate(...) tokens = issue_tokens(user) # Trigger login alert (deferred, non-blocking) send_login_alert(user, request) return Response({"access": tokens.access, ...})

Suppression Rules

Alerts are suppressed in these cases (applied in order):

RuleDescription
Test accountsuser.is_test_account=True — never alerted
Registration graceFirst 24h after signup — no alerts
Recent same-deviceSame IP + browser fingerprint seen in past 24h — no repeat

Configuration

SettingDefaultDescription
Registration grace period24 hoursSuppress alerts for new users
Dedup window24 hoursSame IP+browser won’t trigger repeat alerts

Email Template

Template: emails/login_alert_email

Context variables:

VariableDescription
userCustomUser instance
deviceFriendly label (e.g., “Chrome on Windows (mobile)“)
ip_addressClient IP address
login_timeFormatted timestamp (“April 03, 2026 at 14:32 UTC”)
project_nameFrom DjangoConfig
button_urlSite URL for “review activity” button

How It Works

  1. send_login_alert(user, request) builds a LoginContext from the request (IP, User-Agent, fingerprint)
  2. Suppression rules are evaluated in order
  3. If not suppressed, an email is sent via DjangoEmailService
  4. Login activity is recorded with fingerprint for future dedup
  5. All steps run in a background thread — auth response is never delayed
Last updated on