Forgotten password in Django

Turns out that there are plenty of useful features in the Django admin that I never thought about.

The other day I found the last task of a project of mine was adding the "Forgotten password" feature. It's basically a standard task included in every users-related project, but the whole process requires few interactions:

  1. clicking 'forgotten password' link
  2. writing user email where the password should be send to
  3. verifying email against users database
  4. sending confirmation link
  5. confirming link
  6. choosing password
  7. resetting password

The whole 7-steps list (with UI and backend communications) could be boring and time wasting (usually).

That's where Django's templates and integrated behavior comes as a super hero.

Copy all necessary templates from your Django installation

There are few templates that you need to copy from your Django installation. You can find them in your DJANGO_PATH/contrib/admin/templates/registration. You can copy all password-related templates to your templates directory in admin/registration folder.

Some URL paths have to be added to your urls.py file. That's a sample of mine urls.py with the following URLs:

 

  1. url(r'^registration/(?P<municipality_id>\d+)$', proposal, name='proposal'),
  2. url(r'^login_teacher$', 'django.contrib.auth.views.login', {'template_name': 'view_school_upload.html'}),
  3. url(r'^password_reset$', 'django.contrib.auth.views.password_reset', {'template_name': 'admin/registration/password_reset_form.html', 'email_template_name':'admin/registration/password_reset_email.html'}),
  4. url(r'^password_reset_done$', 'django.contrib.auth.views.password_reset_done', {'template_name': 'admin/registration/password_reset_done.html'}),
  5. url(r'^password_reset_confirm/(?P<uidb36>[0-9A-Za-z]+)-(?P<token>.+)$', 'django.contrib.auth.views.password_reset_confirm', {'template_name': 'admin/registration/password_reset_confirm.html'}),
  6. url(r'^password_reset_complete$', 'django.contrib.auth.views.password_reset_complete', {'template_name': 'admin/registration/password_reset_complete.html'}),
  7.  

 

The only one taking parameters is the reset confirm one. Most urls are paramless, but you need to pass the user ID and the hashed value for the confirmation link. 

After you've added all the templates with the right paths and set all urls, you could just navigate your forgotten password link:

  1. <a href="{% url django.contrib.auth.views.password_reset %}">{% trans 'forgot your password' %}</a>

P.S. The whole template pack supports multilingual behavior so after adding the templates, you can run makemessages in order to translate the strings in your language.

Note: in some versions (such as 1.1.1) of Django there is problem with the emailing template. At line 7, remove the named parameters when calling password_reset_confirm view and alter the call only passing values:

  1. {{ protocol }}://{{ domain }}{% url django.contrib.auth.views.password_reset_confirm uid, token %}

Be Sociable, Share!
  • Twitter
  • Facebook
  • email
  • StumbleUpon
  • Delicious
  • Google Reader
  • LinkedIn
  • BlinkList
del.icio.us Digg DZone Facebook Google Google Reader Magnolia reddit SlashDot Technorati ReadMe.ru Dobavi.com Dao.bg Lubimi.com Ping.bg Pipe.bg Svejo.net Web-bg.com

2 thoughts on “Forgotten password in Django

  1. Luke Plant

    Is there a reason to copy the templates? It works for me without that step. If the admin templates are already in your template search path, and you’re not going to change them, it doesn’t make sense to just copy them.

  2. admin Post author

    The reason I copy the templates locally is the i18n feature – I use django-admin.py makemessages to create a list with static texts to be translated. My application is using 4 different languages so I need to crawl all the pages and translate when necessary.

    Also my email template has bug when talking about Django 1.1.1 and it needs a small modification.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>