How to authenticate django user in my custom password reset system?-CodePudding

I building an password reset system for my users. An password reset code sending to user mail and now I want to authenticate user by this code. If user enter the right code then password will be change otherwise not.

I am also storing the verification code in my models fields.

models.py:

class UserProfile(models.Model):
  user = models.ForeignKey(settings.AUTH_USER_MODEL,on_delete=models.CASCADE,related_name="userprofile")
 
  forget_password_token = models.CharField(max_length=100,blank=True,null=True)

views.py I am sending the code to user mail and also storing the same code in my models fields

def ForgetPasswordSendCode(request):
    if request.method == "POST":
       email = request.POST["email"]
       User = get_user_model()
       if not User.objects.filter(email=email).first():
           messages.success(request, "Invalid mail")
           return redirect('members:reset-password') 
       user_obj = User.objects.get(email=email)
       
       reset_code = str(rand_number_mail()) #generating random code
      
       
       profile_obj = UserProfile.objects.get(user=user_obj)
       profile_obj.forget_password_token = reset_code 
       profile_obj.save()


       current_site = get_current_site(request)
       subject = 'Verification Code'
       context = {
                    'user_first_name':  user_obj.first_name ,
                    'user_last_name':  user_obj.last_name ,
                    'domain': current_site.domain,
                    'reset_code': reset_code
                 
                }
       html_body = render_to_string('mail/resetpassword-mail.html', context)
       to_email = request.POST["email"] 
       email = EmailMultiAlternatives(subject=subject,from_email='[email protected]',to=[to_email]) 
       email.attach_alternative(html_body, "text/html") 
       email.send(fail_silently=False)
      
       messages.success(request, "An password reset code sent to your email")
       return redirect('members:change-password')   #redirecting user to password reset page after submitting mail.  
    return render(request, 'members/password_reset_form.html')

Now I am stuck in password reset view where user insert the code and change his password. I am not undersealing how to authenticate user by verification code.

def ChangePassWordPage(request):
  
      
       
         
    return render(request,'members/password_change.html')

CodePudding user response：

This might helps

Step1: Send user your code and code must have a reference of your user so it will be easy to cross check

Step2: if your code match with your user (this case act as a authentication )

Step3: update your user model with new password (make_password)

UPDATE

def ChangePassWordPage(request):
    
    if request.method == "POST":
       email = request.POST["email"]
       user_token = request.POST["token"]
       User = get_user_model()
       if not User.objects.filter(email=email).first():
           messages.success(request, "Invalid mail")
           return redirect('members:reset-password')
           
       user_obj = User.objects.get(email=email)
       token = UserProfile.objects.filter(user = user_obj).first().forget_password_token
       if token == user_token:
           #update your user password
       else:
           return redirect('members:reset-password')
       
         
    return render(request,'members/password_change.html')

In step 2, your token will act as authentication means, token will just verify the user and token to match and if that matches then you just update the password. And this will authorized you to update your password

Yes Same as it is!!

You don't authenticate the user by the verification code. You get the matching user object by the code and chance the password. – 
Klaus D.