Django reset password
Prerequisites¶
Reset password intro¶
- Essential Security Feature: Resetting passwords is crucial for maintaining user account security in any web application.
- Django's Built-In Support: Django offers a built-in password reset functionality, making it easier for developers to implement this feature without extensive custom coding.
- User Convenience: Allows users to regain access to their accounts quickly and securely if they forget their passwords.
- Customizable Process: Django provides flexibility in customizing the password reset process, including form design and email templates.
- Straightforward Implementation: With Django’s robust authentication system, setting up a password reset feature is a straightforward task for developers.
Reset Password User Flow in Django¶
-
User Initiates Reset:
- The user visits the "Forgot Password" or "Reset Password" page.
- They enter their registered email address into a form.
-
System Sends Reset Email:
- Upon form submission, Django generates a unique, time-sensitive token.
- An email containing a password reset link (with the token) is sent to the user's email address.
-
User Receives Email:
- The user opens the password reset email.
- They click on the provided link, which directs them to a password reset page on the website.
-
User Resets Password:
- On the reset page, the user enters a new password.
- They confirm the new password by entering it again.
- The user submits the form.
-
System Confirms Reset:
- Django verifies the token's validity and updates the user's password.
- The user is redirected to a confirmation page or login page, indicating that the password reset was successful.
-
User Logs In:
- The user can now log in using their new password, regaining access to their account.
Coding - django reset password¶
Configure the django email settings¶
my_project/settings.py
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = 'smtp.example.com'
EMAIL_PORT = 587
EMAIL_USE_TLS = True
EMAIL_HOST_USER = '[email protected]'
EMAIL_HOST_PASSWORD = 'secret'
DEFAULT_FROM_EMAIL = '[email protected]'
- use
django.core.mail.backends.console.EmailBackend
for local testing, it shows the emails on the terminal/console.
Add Password Reset View¶
- Displays the form to input the email address for password reset.
- Django already has a built-in view
PasswordResetView
for this. - Let's add the below code to
my_app/views.py
my_app/views.py
from django.contrib.auth import views as auth_views
class UserPasswordResetView(auth_views.PasswordResetView):
template_name = "password_reset_form.html"
email_template_name = "password_reset_email.html"
subject_template_name = "password_reset_subject.txt"
Add Password Reset Templates¶
templates/password_reset_form.html
- It allows user to enter email to reset password.
<html>
<head>
<title>Password Reset</title>
</head>
<body>
<h1>Password Reset</h1>
<form method="post">
{% csrf_token %}
{{ form.as_p }}
<input type="submit" value="Reset my password">
</form>
</body>
</html>
templates/password_reset_email.html
- It's an email template used by django to send email that includes password reset instructions to the user.
- It send the user an email with a password reset link that includes user id and password reset token.
You're receiving this email because you requested a password reset for your user account.
Please go to the following page and choose a new password:"
{{ protocol }}://{{ domain }}{% url 'password_reset_confirm' uidb64=uid token=token %}
Your username, in case you've forgotten: {{ user.get_username }}
Thanks for using our site!
Regards
The Developer
templates/password_reset_subject.txt
- It's a text file template for password reset.
Reset Django Password - Developer
Add Password Reset Done View¶
- Password reset redirects the user to password reset done view after entering the email.
- Django already has a built-in view
PasswordResetDoneView
- Add the below code to
my_app/views.py
my_app/views.py
from django.contrib.auth import views as auth_views
class UserPasswordResetDoneView(auth_views.PasswordResetDoneView):
template_name = "password_reset_done.html"
Add Password Reset Done Template¶
- This template gives the info the user that how the user can reset the password.
templates/password_reset_done.html
<html>
<head>
<title>Password Reset Done</title>
</head>
<body>
<h1>Password Reset Done</h1>
<p>
We’ve emailed you instructions for setting your password, if an account exists with the email you entered. You should receive them shortly.
If you don’t receive an email, please make sure you’ve entered the address you registered with, and check your spam folder.
</p>
</body>
</html>
Add Password Reset Confirm View¶
- It's the view that allows the password reset.
- It validates the user id and password reset token for that user before resetting the passowrd.
- If the validation is successful then it loads the form that allows user to reset the password.
- Django already has built-in view
PasswordResetConfirmView
for this. - Add the below code to
my_app/views.py
my_app/views.py
from django.contrib.auth import views as auth_views
class UserPasswordResetConfirmView(auth_views.PasswordResetConfirmView):
template_name = "password_reset_confirm.html"
Add Password Reset Confirm Template¶
- Create the template
templates/password_reset_confirm.html
- Add the below content to it.
templates/password_reset_confirm.html
<html>
<head>
<title>Password Reset Confirm</title>
</head>
<body>
<h1>Password Reset Confirm</h1>
<form method="post">
{% csrf_token %}
{{ form.as_p }}
<input type="submit" value="change password">
</form>
</body>
</html>
Add Password Reset Complete View¶
- After resetting the password the user will be redirect to this view.
- It tells the user that the users password has been reset successfully and the user can login to his account.
- Add the below code to
my_app/views.py
my_app/views.py
from django.contrib.auth import views as auth_views
class UserPasswordResetCompleteView(auth_views.PasswordResetCompleteView):
template_name = "password_reset_complete.html"
Add Password Reset Complete Template¶
- Password reset complete view uses this template.
- Create the template
templates/password_reset_complete.html
- Add the below content to it.
templates/password_reset_complete.html
<html>
<head>Password Reset Complete</head>
<body>
<p>Your password has been set. You may go ahead and log in now.</p>
</body>
</html>
Configure Password Reset Views to urls.py¶
- Lets create the file
my_app/urls.py
and add below code to it.
my_app/urls.py
from django.urls import path
from . import views
urlpatterns = [
...
path("password_reset/", views.UserPasswordResetView.as_view(), name="password_reset"),
path('password_reset/done/', views.UserPasswordResetDoneView.as_view(), name='password_reset_done'),
path('reset/<uidb64>/<token>/', views.UserPasswordResetConfirmView.as_view(), name='password_reset_confirm'),
path('reset/done/', views.UserPasswordResetCompleteView.as_view(), name='password_reset_complete'),
...
]
Test the password reset feature¶
- Create/update the files mentioned above and run the development server using command
python manage.py runserver 8000
- Access url
http://127.0.0.1:8000/password_reset/
to reset the user's password.