dj-rest-auth icon indicating copy to clipboard operation
dj-rest-auth copied to clipboard

Published 20 hours ago verified publisher icon iMerica

Password Reset: Does it work?

Open psacawa opened this issue 3 years ago • 4 comments

Maybe I don't understand something, but when I look at the source code for the PasswordResetView, it seems to direct allauth to send the user an email prompting the user to visit a URL to reset their password: the url with name '"password_reset_confirm"'. However, grepping around, I see this is only supplied in django.contrib.auth, and not in allauth itself.

Further, when I try to do a password reset in the demo project, I get a routing error...

NoReverseMatch at /dj-rest-auth/password/reset/

Is password reset borked?

psacawa avatar Jul 27 '21 20:07 psacawa

I have had issues with this in my projects. I needed to create a path and view that matched the name it looked for, and then in that view i redirect to my web application. It does seem that password reset is in an incomplete state. Being that this is a rest framework package it should not be looking for a view in django. It would be nice if i could supply my own url for it to use that properly redirects to my web application, or a deep link to a mobile app.

bjsvedin avatar Jul 28 '21 22:07 bjsvedin

See #276 and the simple fix in #291.

psacawa avatar Jul 28 '21 22:07 psacawa

Regarding,

Being that this is a rest framework package it should not be looking for a view in django

they need at least some non-rest endpoints on account that password resets are clicked from a link in an email, and this is a plain GET request, not a e.g. fetch hitting the API. It must return either HTML with the reset form or a 302 or something. So, that view is necessarily out of the purview of rest_auth. If anything, their fault was not advertising the intended use, and leaving a bugged example.

psacawa avatar Jul 29 '21 03:07 psacawa

I disagree that it needs a non-rest end point inside of django. I have an entire application outside of django that handles inputing the new password and posting it to the server. That is the "non-rest end point" i want it to go to. That other application is why i am using the rest framework, I am not using django's templating. I think an option to provide the link for the email rather than it looking for a reverse would be a great solution to this problem.

bjsvedin avatar Jul 31 '21 01:07 bjsvedin

Right now you can customize the reset url by setting a template for the reset email (and using the context vars uid and token therein) by overriding the get_email_options method on the PasswordResetSerializer:

def get_email_options(self):
        request = self.context.get('request')
        absolute_uri_base = build_absolute_uri(request, '/')
        opts = {
            'email_template_name': 'email/registration/password_reset_email.txt',
            'html_email_template_name': 'email/registration/password_reset_email.html',
            'extra_email_context': { 'absolute_uri_base': absolute_uri_base }
        }
        return opts

No need to reverse a django URL.

steverecio avatar Aug 04 '21 20:08 steverecio