I am thinking of a forum type system that will allow users to post/edit posts without an account but through e-mail verification.
So, you would fill out the form, supply email address, submit, and then receive a link in an email that would 'activate' your post. Same thing to edit. Click 'edit', receive email with link, link takes you to edit form.
I'm trying to understand the exact steps to securely do this. How do I create a link that will expire after some time period? How do I ensure it is coming from the email address and not just some bot cycling through potential url's?
Any help to get started in the right direction is appreciated.
Since you are using flask, you might want to look at this:
using the example from above link, the workflow could be something like:
itsdangerousmodule which can be tied to the specific email (explained in snipped above)