An extension of django rest framework, providing a password reset strategy
Project description
Django Rest Password Reset
This python package provides a simple password reset strategy for django rest framework, where users can request password reset tokens via their registered e-mail address.
The main idea behind this package is to not make any assumptions about how the token is delivered to the end-user (e-mail, text-message, etc...). Instead, this package provides a signal that can be reacted on (e.g., by sending an e-mail or a text message).
This package basically provides two REST endpoints:
- Request a token
- Verify (confirm) a token (and change the password)
Quickstart
- Install the package from pypi using pip:
pip install django-rest-passwordreset
- Add
django_rest_passwordreset
to yourINSTALLED_APPS
(afterrest_framework
) within your Django settings file:
INSTALLED_APPS = ( ... 'django.contrib.auth', ... 'rest_framework', ... 'django_rest_passwordreset', ... )
- This package provides two endpoints, which can be included by including
django_rest_passwordreset.urls
in yoururls.py
as follows:
from django.conf.urls import url, include urlpatterns = [ ... url(r'^api/password_reset/', include('django_rest_passwordreset.urls', namespace='password_reset')), ... ]
Note: You can adapt the url to your needs.
Endpoints
The following endpoints are provided:
reset_password
- request a reset password token by using theemail
parameterreset_password/confirm
- using a validtoken
, the users password is set to the providedpassword
Signals
reset_password_token_created(reset_password_token)
Fired when a reset password token is generatedpre_password_reset(user)
- fired just before a password is being resetpost_password_reset(user)
- fired after a password has been reset
Example for sending an e-mail
-
Create two new django templates:
email/user_reset_password.html
andemail/user_reset_password.txt
. Those templates will contain the e-mail message sent to the user, aswell as the password reset link (or token). Within the templates, you can access the following context variables:current_user
,username
,email
,reset_password_url
. Feel free to adapt this to your needs. -
Add the following code, which contains a Django Signal, to your application (see this part of the django documentation for more information on where to put signals).
from django.dispatch import receiver from django_rest_passwordreset.signals import reset_password_token_created @receiver(reset_password_token_created) def password_reset_token_created(sender, reset_password_token, *args, **kwargs): """ Handles password reset tokens When a token is created, an e-mail needs to be sent to the user :param sender: :param reset_password_token: :param args: :param kwargs: :return: """ # send an e-mail to the user context = { 'current_user': reset_password_token.user, 'username': reset_password_token.user.username, 'email': reset_password_token.user.email, # ToDo: The URL can (and should) be constructed using pythons built-in `reverse` method. 'reset_password_url': "http://some_url/reset/?token={token}".format(token=reset_password_token.key) } # render email text email_html_message = render_to_string('email/user_reset_password.html', context) email_plaintext_message = render_to_string('email/user_reset_password.txt', context) msg = EmailMultiAlternatives( # title: _("Password Reset for {title}".format(title="Some website title")), # message: email_plaintext_message, # from: "noreply@somehost.local", # to: [reset_password_token.user.email] ) msg.attach_alternative(email_html_message, "text/html") msg.send()
- You should now be able to use the endpoints to request a password reset token via your e-mail address. If you want to test this locally, I recommend using some kind of fake mailserver (such as maildump).
Tests
See folder tests/. Basically, all endpoints are covered with multiple unit tests.
Use this code snippet to run tests:
pip install -r requirements_test.txt python setup.py install cd tests python manage.py test
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Hashes for django2-rest-passwordreset-1.3.5.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 03238dcd5e173cc13b6f96fcf63d7fac158d949602f2680b4d96cb07bf4b55b3 |
|
MD5 | 3db207eed3e2225bbe299f29344e163b |
|
BLAKE2-256 | 5f05d9f36024449f559f6f2314a01bdc8b8947b3592afc5c73af1ccdfbfa46ec |