Skip to main content

An extension of django rest framework, providing a password reset strategy

Project description

Django Rest Password Reset

This python package provides a simple password reset strategy for django rest framework, where users can request password reset tokens via their registered e-mail address.

The main idea behind this package is to not make any assumptions about how the token is delivered to the end-user (e-mail, text-message, etc...). Instead, this package provides a signal that can be reacted on (e.g., by sending an e-mail or a text message).

This package basically provides two REST endpoints:

  • Request a token
  • Verify (confirm) a token (and change the password)

Quickstart

  1. Install the package from pypi using pip:
pip install django-rest-passwordreset
  1. Add django_rest_passwordreset to your INSTALLED_APPS (after rest_framework) within your Django settings file:
INSTALLED_APPS = (
    ...
    'django.contrib.auth',
    ...
    'rest_framework',
    ...
    'django_rest_passwordreset',
    ...
)
  1. This package provides two endpoints, which can be included by including django_rest_passwordreset.urls in your urls.py as follows:
from django.conf.urls import url, include


urlpatterns = [
    ...
    url(r'^api/password_reset/', include('django_rest_passwordreset.urls', namespace='password_reset')),
    ...
]    

Note: You can adapt the url to your needs.

Endpoints

The following endpoints are provided:

  • reset_password - request a reset password token by using the email parameter
  • reset_password/confirm - using a valid token, the users password is set to the provided password

Signals

  • reset_password_token_created(reset_password_token) Fired when a reset password token is generated
  • pre_password_reset(user) - fired just before a password is being reset
  • post_password_reset(user) - fired after a password has been reset

Example for sending an e-mail

  1. Create two new django templates: email/user_reset_password.html and email/user_reset_password.txt. Those templates will contain the e-mail message sent to the user, aswell as the password reset link (or token). Within the templates, you can access the following context variables: current_user, username, email, reset_password_url. Feel free to adapt this to your needs.

  2. Add the following code, which contains a Django Signal, to your application (see this part of the django documentation for more information on where to put signals).

from django.dispatch import receiver
from django_rest_passwordreset.signals import reset_password_token_created


@receiver(reset_password_token_created)
def password_reset_token_created(sender, reset_password_token, *args, **kwargs):
    """
    Handles password reset tokens
    When a token is created, an e-mail needs to be sent to the user
    :param sender:
    :param reset_password_token:
    :param args:
    :param kwargs:
    :return:
    """
    # send an e-mail to the user
    context = {
        'current_user': reset_password_token.user,
        'username': reset_password_token.user.username,
        'email': reset_password_token.user.email,
        # ToDo: The URL can (and should) be constructed using pythons built-in `reverse` method.
        'reset_password_url': "http://some_url/reset/?token={token}".format(token=reset_password_token.key)
    }

    # render email text
    email_html_message = render_to_string('email/user_reset_password.html', context)
    email_plaintext_message = render_to_string('email/user_reset_password.txt', context)

    msg = EmailMultiAlternatives(
        # title:
        _("Password Reset for {title}".format(title="Some website title")),
        # message:
        email_plaintext_message,
        # from:
        "noreply@somehost.local",
        # to:
        [reset_password_token.user.email]
    )
    msg.attach_alternative(email_html_message, "text/html")
    msg.send()
  1. You should now be able to use the endpoints to request a password reset token via your e-mail address. If you want to test this locally, I recommend using some kind of fake mailserver (such as maildump).

Tests

See folder tests/. Basically, all endpoints are covered with multiple unit tests.

Use this code snippet to run tests:

pip install -r requirements_test.txt
python setup.py install
cd tests
python manage.py test

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django2-rest-passwordreset-1.3.5.tar.gz (15.2 kB view details)

Uploaded Source

File details

Details for the file django2-rest-passwordreset-1.3.5.tar.gz.

File metadata

  • Download URL: django2-rest-passwordreset-1.3.5.tar.gz
  • Upload date:
  • Size: 15.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.1 importlib_metadata/4.0.1 pkginfo/1.5.0.1 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.31.1 CPython/3.6.5

File hashes

Hashes for django2-rest-passwordreset-1.3.5.tar.gz
Algorithm Hash digest
SHA256 03238dcd5e173cc13b6f96fcf63d7fac158d949602f2680b4d96cb07bf4b55b3
MD5 3db207eed3e2225bbe299f29344e163b
BLAKE2b-256 5f05d9f36024449f559f6f2314a01bdc8b8947b3592afc5c73af1ccdfbfa46ec

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page