Ever needed to manually generate a password reset token?
For example, imagine this situation:
You create a user from a custom form, and you want the user to set his own password.
Solution: generate a password reset token, email him the link, and let him choose his own password.
Here’s how you implement this:
1 2 3 4 5 6 7 |
from django.contrib.auth.tokens import default_token_generator from django.utils.http import urlsafe_base64_encode from django.utils.encoding import force_bytes from django.db.models.signals import post_save |
1 2 3 |
post_save.connect(user_saved, User) |
1 2 3 4 5 6 7 8 9 10 |
def user_saved(sender, instance, created, *args, **kwargs): if created: context = { 'token': default_token_generator.make_token(instance), 'uid': urlsafe_base64_encode(force_bytes(instance.pk)), 'user': instance, } # here, send an email with this context |
To display the link in the email, you must set the password reset url, and display it:
1 2 3 |
{% url 'password_reset_confirm' uidb64=uid token=token %} |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
urlpatterns += patterns( 'django.contrib.auth.views', url(r'^password-change/done/$', 'password_change_done', name='password_change_done'), url(r'^password-reset/confirm/(?P<uidb64>[0-9A-Za-z_\-]+)/(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/$', 'password_reset_confirm', name='password_reset_confirm'), url(r'^password-reset/done/$', 'password_reset_done', name='password_reset_done'), url(r'^password-reset/complete/$', 'password_reset_complete', name='password_reset_complete'), ) |