Tag Archives: reset

Forgotten password in Django

Turns out that there are plenty of useful features in the Django admin that I never thought about.

The other day I found the last task of a project of mine was adding the "Forgotten password" feature. It's basically a standard task included in every users-related project, but the whole process requires few interactions:

  1. clicking 'forgotten password' link
  2. writing user email where the password should be send to
  3. verifying email against users database
  4. sending confirmation link
  5. confirming link
  6. choosing password
  7. resetting password

The whole 7-steps list (with UI and backend communications) could be boring and time wasting (usually).

That's where Django's templates and integrated behavior comes as a super hero.

Copy all necessary templates from your Django installation

There are few templates that you need to copy from your Django installation. You can find them in your DJANGO_PATH/contrib/admin/templates/registration. You can copy all password-related templates to your templates directory in admin/registration folder.

Some URL paths have to be added to your urls.py file. That's a sample of mine urls.py with the following URLs:

 

  1. url(r'^registration/(?P<municipality_id>\d+)$', proposal, name='proposal'),
  2. url(r'^login_teacher$', 'django.contrib.auth.views.login', {'template_name': 'view_school_upload.html'}),
  3. url(r'^password_reset$', 'django.contrib.auth.views.password_reset', {'template_name': 'admin/registration/password_reset_form.html', 'email_template_name':'admin/registration/password_reset_email.html'}),
  4. url(r'^password_reset_done$', 'django.contrib.auth.views.password_reset_done', {'template_name': 'admin/registration/password_reset_done.html'}),
  5. url(r'^password_reset_confirm/(?P<uidb36>[0-9A-Za-z]+)-(?P<token>.+)$', 'django.contrib.auth.views.password_reset_confirm', {'template_name': 'admin/registration/password_reset_confirm.html'}),
  6. url(r'^password_reset_complete$', 'django.contrib.auth.views.password_reset_complete', {'template_name': 'admin/registration/password_reset_complete.html'}),
  7.  

 

The only one taking parameters is the reset confirm one. Most urls are paramless, but you need to pass the user ID and the hashed value for the confirmation link. 

After you've added all the templates with the right paths and set all urls, you could just navigate your forgotten password link:

  1. <a href="{% url django.contrib.auth.views.password_reset %}">{% trans 'forgot your password' %}</a>

P.S. The whole template pack supports multilingual behavior so after adding the templates, you can run makemessages in order to translate the strings in your language.

Note: in some versions (such as 1.1.1) of Django there is problem with the emailing template. At line 7, remove the named parameters when calling password_reset_confirm view and alter the call only passing values:

  1. {{ protocol }}://{{ domain }}{% url django.contrib.auth.views.password_reset_confirm uid, token %}

del.icio.us Digg DZone Facebook Google Google Reader Magnolia reddit SlashDot Technorati ReadMe.ru Dobavi.com Dao.bg Lubimi.com Ping.bg Pipe.bg Svejo.net Web-bg.com