I have a reset password procedure, here are the codes:
Password Reset Request:
<form method="POST">
{% csrf_token %}
<div data-bs-validate="Format email valide requis: [email protected]">
<a >
<i aria-hidden="true"></i>
</a>
<input id="id_email" type="email" placeholder="Email" name="email" autocomplete="email" maxlength="254">
</div>
<button type="submit">Envoyer le lien de réinitialisation</button>
</form>
Password Reset Confirmation:
<form method="POST">
{% csrf_token %}
<div id="Password-toggle">
<a >
<i aria-hidden="true"></i>
</a>
<input type="password" placeholder="Nouveau mot de passe" id="id_new_password1" name="new_password1">
</div>
<div id="Password-toggle">
<a >
<i aria-hidden="true"></i>
</a>
<input type="password" placeholder="Confirmation du nouveau mot de passe" id="id_new_password2" name="new_password2">
</div>
<div >
<button type='submit'>Réinitialiser</button>
</div>
</form>
Password Reset View:
def password_reset_request(request):
if request.method == "POST":
password_reset_form = PasswordResetForm(request.POST)
if password_reset_form.is_valid():
data = password_reset_form.cleaned_data["email"]
associated_users = Account.objects.filter(Q(email=data))
if associated_users.exists():
for user in associated_users:
subject = "Demande de changement de mot de passe"
email_template_name = "core/email/password_reset_email.txt"
c = {
"email": user.email,
"domain": EMAIL_DOMAIN,
"site_name": "XXXXXX.XXXX",
"uid": urlsafe_base64_encode(force_bytes(user.pk)),
"user": user,
"token": account_activation_token.make_token(user),
"protocol": EMAIL_PROTOCOL,
}
email = render_to_string(email_template_name, c)
try:
send_mail(
subject,
email,
"[email protected]",
[user.email],
fail_silently=False,
)
except BadHeaderError:
return HttpResponse("Invalid header found.")
return redirect("password_reset_done")
password_reset_form = PasswordResetForm()
return render(
request=request,
template_name="core/pwdreset/password_reset.html",
context={"password_reset_form": password_reset_form},
)
Password Reset URLs:
path("password_reset/", password_reset_request, name="password_reset"),
path(
"password_reset/done/",
auth_views.PasswordResetDoneView.as_view(
template_name="core/pwdreset/password_reset_done.html"
),
name="password_reset_done",
),
path(
"reset/<uidb64>/<token>/",
auth_views.PasswordResetConfirmView.as_view(
template_name="core/pwdreset/password_reset_confirm.html"
),
name="password_reset_confirm",
),
path(
"reset/done/",
auth_views.PasswordResetCompleteView.as_view(
template_name="core/pwdreset/password_reset_complete.html"
),
name="password_reset_complete",
),
Settings:
[...]
AUTH_USER_MODEL = "core.Account"
LOGIN_REDIRECT_URL = "dashboard"
LOGOUT_REDIRECT_URL = "index"
LOGIN_URL = "login"
LOGOUT_URL = None
[...]
When I enter the new password and the confirmation, the page resets, and it does not redirect to any other page nor confirm whether the password was changed or not?
I followed many tutorials that use the django.contrib.auth
and this does not seem to work.
CodePudding user response:
You redirect when the email is sent successfully. But immediatly after that you rerender the empty form and return render(..) again. So your code does exactly what you wrote, but thats not what you want.
CodePudding user response:
You have not prescribed a redirect for if password_reset_form.is_valid()
:
def password_reset_request(request):
if request.method == "POST":
password_reset_form = PasswordResetForm(request.POST)
if password_reset_form.is_valid():
data = password_reset_form.cleaned_data["email"]
associated_users = Account.objects.filter(Q(email=data))
if associated_users.exists():
for user in associated_users:
subject = "Demande de changement de mot de passe"
email_template_name = "core/email/password_reset_email.txt"
c = {
"email": user.email,
"domain": EMAIL_DOMAIN,
"site_name": "XXXXXX.XXXX",
"uid": urlsafe_base64_encode(force_bytes(user.pk)),
"user": user,
"token": account_activation_token.make_token(user),
"protocol": EMAIL_PROTOCOL,
}
email = render_to_string(email_template_name, c)
try:
send_mail(
subject,
email,
"[email protected]",
[user.email],
fail_silently=False,
)
except BadHeaderError:
return HttpResponse("Invalid header found.")
return redirect("password_reset_done")
else:
password_reset_form = PasswordResetForm()
return render(
request=request,
template_name="core/pwdreset/password_reset.html",
context={"password_reset_form": password_reset_form},
)