An extension of django rest framework, providing a password reset strategy
Project description
Django Rest Password Reset
This python package provides a simple password reset strategy for django rest framework, where users can request password reset tokens via their registered e-mail address.
The main idea behind this package is to not make any assumptions about how the token is delivered to the end-user (e-mail, text-message, etc...). Instead, this package provides a signal that can be reacted on (e.g., by sending an e-mail or a text message).
This package basically provides two REST endpoints:
- Request a token
- Verify (confirm) a token (and change the password)
Quickstart
- Install the package from pypi using pip:
pip install django-rest-passwordreset
- Add
django_rest_passwordreset
to yourINSTALLED_APPS
(afterrest_framework
) within your Django settings file:
INSTALLED_APPS = (
...
'django.contrib.auth',
...
'rest_framework',
...
'django_rest_passwordreset',
...
)
- This package provides two endpoints, which can be included by including
django_rest_passwordreset.urls
in yoururls.py
as follows:
from django.conf.urls import url, include
urlpatterns = [
...
url(r'^api/password_reset/', include('django_rest_passwordreset.urls', namespace='password_reset')),
...
]
Note: You can adapt the url to your needs.
Endpoints
The following endpoints are provided:
reset_password
- request a reset password token by using theemail
parameterreset_password/confirm
- using a validtoken
, the users password is set to the providedpassword
Signals
reset_password_token_created(reset_password_token)
Fired when a reset password token is generatedpre_password_reset(user)
- fired just before a password is being resetpost_password_reset(user)
- fired after a password has been reset
Example for sending an e-mail
-
Create two new django templates:
email/user_reset_password.html
andemail/user_reset_password.txt
. Those templates will contain the e-mail message sent to the user, aswell as the password reset link (or token). Within the templates, you can access the following context variables:current_user
,username
,email
,reset_password_url
. Feel free to adapt this to your needs. -
Add the following code, which contains a Django Signal, to your application (see this part of the django documentation for more information on where to put signals).
from django.dispatch import receiver
from django_rest_passwordreset.signals import reset_password_token_created
@receiver(reset_password_token_created)
def password_reset_token_created(sender, reset_password_token, *args, **kwargs):
"""
Handles password reset tokens
When a token is created, an e-mail needs to be sent to the user
:param sender:
:param reset_password_token:
:param args:
:param kwargs:
:return:
"""
# send an e-mail to the user
context = {
'current_user': reset_password_token.user,
'username': reset_password_token.user.username,
'email': reset_password_token.user.email,
# ToDo: The URL can (and should) be constructed using pythons built-in `reverse` method.
'reset_password_url': "http://some_url/reset/?token={token}".format(token=reset_password_token.key)
}
# render email text
email_html_message = render_to_string('email/user_reset_password.html', context)
email_plaintext_message = render_to_string('email/user_reset_password.txt', context)
msg = EmailMultiAlternatives(
# title:
_("Password Reset for {title}".format(title="Some website title")),
# message:
email_plaintext_message,
# from:
"noreply@somehost.local",
# to:
[reset_password_token.user.email]
)
msg.attach_alternative(email_html_message, "text/html")
msg.send()
- You should now be able to use the endpoints to request a password reset token via your e-mail address. If you want to test this locally, I recommend using some kind of fake mailserver (such as maildump).
Tests
See folder tests/. Basically, all endpoints are covered with multiple unit tests.
Use this code snippet to run tests:
pip install -r requirements_test.txt
python setup.py install
cd tests
python manage.py test
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file django2-rest-passwordreset-1.3.5.tar.gz
.
File metadata
- Download URL: django2-rest-passwordreset-1.3.5.tar.gz
- Upload date:
- Size: 15.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.1 importlib_metadata/4.0.1 pkginfo/1.5.0.1 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.31.1 CPython/3.6.5
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 03238dcd5e173cc13b6f96fcf63d7fac158d949602f2680b4d96cb07bf4b55b3 |
|
MD5 | 3db207eed3e2225bbe299f29344e163b |
|
BLAKE2b-256 | 5f05d9f36024449f559f6f2314a01bdc8b8947b3592afc5c73af1ccdfbfa46ec |