Django reset password

Prerequisites¶

Reset password intro¶

Essential Security Feature: Resetting passwords is crucial for maintaining user account security in any web application.
Django's Built-In Support: Django offers a built-in password reset functionality, making it easier for developers to implement this feature without extensive custom coding.
User Convenience: Allows users to regain access to their accounts quickly and securely if they forget their passwords.
Customizable Process: Django provides flexibility in customizing the password reset process, including form design and email templates.
Straightforward Implementation: With Django’s robust authentication system, setting up a password reset feature is a straightforward task for developers.

Reset Password User Flow in Django¶

User Initiates Reset:
- The user visits the "Forgot Password" or "Reset Password" page.
- They enter their registered email address into a form.
System Sends Reset Email:
- Upon form submission, Django generates a unique, time-sensitive token.
- An email containing a password reset link (with the token) is sent to the user's email address.
User Receives Email:
- The user opens the password reset email.
- They click on the provided link, which directs them to a password reset page on the website.
User Resets Password:
- On the reset page, the user enters a new password.
- They confirm the new password by entering it again.
- The user submits the form.
System Confirms Reset:
- Django verifies the token's validity and updates the user's password.
- The user is redirected to a confirmation page or login page, indicating that the password reset was successful.
User Logs In:
- The user can now log in using their new password, regaining access to their account.

Coding - django reset password¶

Configure the django email settings¶

Get your email settings from email providers like mailgun, Postmark, SendGrid, MailChimp, etc.

my_project/settings.py

EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = 'smtp.example.com'
EMAIL_PORT = 587
EMAIL_USE_TLS = True
EMAIL_HOST_USER = '[email protected]'
EMAIL_HOST_PASSWORD = 'secret'
DEFAULT_FROM_EMAIL = '[email protected]'

use django.core.mail.backends.console.EmailBackend for local testing, it shows the emails on the terminal/console.

Add Password Reset View¶

Displays the form to input the email address for password reset.
Django already has a built-in view PasswordResetView for this.
Let's add the below code to my_app/views.py

my_app/views.py

from django.contrib.auth import views as auth_views

class UserPasswordResetView(auth_views.PasswordResetView):
    template_name = "password_reset_form.html"
    email_template_name = "password_reset_email.html"
    subject_template_name = "password_reset_subject.txt"

Add Password Reset Templates¶

templates/password_reset_form.html

It allows user to enter email to reset password.

<html>
<head>
  <title>Password Reset</title>
</head>
<body>
  <h1>Password Reset</h1>
  <form method="post">
    {% csrf_token %}
    {{ form.as_p }}
    <input type="submit" value="Reset my password">
  </form>
</body>
</html>

templates/password_reset_email.html

It's an email template used by django to send email that includes password reset instructions to the user.
It send the user an email with a password reset link that includes user id and password reset token.

You're receiving this email because you requested a password reset for your user account.

Please go to the following page and choose a new password:"

{{ protocol }}://{{ domain }}{% url 'password_reset_confirm' uidb64=uid token=token %}

Your username, in case you've forgotten: {{ user.get_username }}

Thanks for using our site!

Regards
The Developer

templates/password_reset_subject.txt

It's a text file template for password reset.

Reset Django Password - Developer

Add Password Reset Done View¶

Password reset redirects the user to password reset done view after entering the email.
Django already has a built-in view PasswordResetDoneView
Add the below code to my_app/views.py

my_app/views.py

from django.contrib.auth import views as auth_views

class UserPasswordResetDoneView(auth_views.PasswordResetDoneView):
    template_name = "password_reset_done.html"

Add Password Reset Done Template¶

This template gives the info the user that how the user can reset the password.

templates/password_reset_done.html

<html>
    <head>
        <title>Password Reset Done</title>
    </head>
    <body>
        <h1>Password Reset Done</h1>
        <p>
            We’ve emailed you instructions for setting your password, if an account exists with the email you entered. You should receive them shortly.
If you don’t receive an email, please make sure you’ve entered the address you registered with, and check your spam folder.
        </p>
    </body>
</html>

Add Password Reset Confirm View¶

It's the view that allows the password reset.
It validates the user id and password reset token for that user before resetting the passowrd.
If the validation is successful then it loads the form that allows user to reset the password.
Django already has built-in view PasswordResetConfirmView for this.
Add the below code to my_app/views.py

my_app/views.py

from django.contrib.auth import views as auth_views

class UserPasswordResetConfirmView(auth_views.PasswordResetConfirmView):
    template_name = "password_reset_confirm.html"

Add Password Reset Confirm Template¶

Create the template templates/password_reset_confirm.html
Add the below content to it.

templates/password_reset_confirm.html

<html>
<head>
  <title>Password Reset Confirm</title>
</head>
<body>
  <h1>Password Reset Confirm</h1>
  <form method="post">
    {% csrf_token %}
    {{ form.as_p }}
    <input type="submit" value="change password">
  </form>
</body>
</html>

Add Password Reset Complete View¶

After resetting the password the user will be redirect to this view.
It tells the user that the users password has been reset successfully and the user can login to his account.
Add the below code to my_app/views.py

my_app/views.py

from django.contrib.auth import views as auth_views

class UserPasswordResetCompleteView(auth_views.PasswordResetCompleteView):
    template_name = "password_reset_complete.html"

Add Password Reset Complete Template¶

Password reset complete view uses this template.
Create the template templates/password_reset_complete.html
Add the below content to it.

templates/password_reset_complete.html

<html>
<head>Password Reset Complete</head>
<body>
  <p>Your password has been set. You may go ahead and log in now.</p>
</body>
</html>

Configure Password Reset Views to urls.py¶

Lets create the file my_app/urls.py and add below code to it.

my_app/urls.py

from django.urls import path
from . import views

urlpatterns = [
    ...
    path("password_reset/", views.UserPasswordResetView.as_view(), name="password_reset"),
    path('password_reset/done/', views.UserPasswordResetDoneView.as_view(), name='password_reset_done'),
    path('reset/<uidb64>/<token>/', views.UserPasswordResetConfirmView.as_view(), name='password_reset_confirm'),
    path('reset/done/', views.UserPasswordResetCompleteView.as_view(), name='password_reset_complete'),
    ...
]

Test the password reset feature¶

Create/update the files mentioned above and run the development server using command python manage.py runserver 8000
Access url http://127.0.0.1:8000/password_reset/ to reset the user's password.

Django reset password

Prerequisites¶

Reset password intro¶

Reset Password User Flow in Django¶

Coding - django reset password¶

Configure the django email settings¶

Add Password Reset View¶

Add Password Reset Templates¶

Add Password Reset Done View¶

Add Password Reset Done Template¶

Add Password Reset Confirm View¶

Add Password Reset Confirm Template¶

Add Password Reset Complete View¶

Add Password Reset Complete Template¶

Configure Password Reset Views to urls.py¶

Test the password reset feature¶

We noticed you're using an ad blocker!