Django Password Reset using Rest API

Question

Our team works on project with django-rest-api on back-end and angular-2 on front end. we have problem with password reset. Here urls:

from django.contrib.auth import views as auth_views
urlpatterns = patterns(
'',
url(r'^password_reset/$', auth_views.password_reset, name='password_reset'),

url(r'^password_reset/done/$', auth_views.password_reset_done, name='password_reset_done'),

url(r'^reset/(?P<uidb64>[0-9A-Za-z_\-]+)/(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/$',auth_views.password_reset_confirm, name='password_reset_confirm'),

url(r'^reset/done/$', auth_views.password_reset_complete, name='password_reset_complete'),
)

When request to password_reset is posted, user receives email with link contains password reset token. The token should have an expiration time within 24 hours.

want to make password reset api, so we can change the password using postman and also frontend developer use this api.

Answer 1

You can follow these basic steps -

1) UI - Press reset password
2) UI - Type Email Id for verify (token will go to this ID)
   a) Backend -  Get email and verify/authenticate it
   b) Generate a token [ you can use from drive.utils import 
      get_random_number ]
           1) Save in DB - Token code, Email , Date(+1 day)
   c) Send Email with Token
   d) render to new html with email id 
     return render(request, 'forgot_password.html', {'email': email})     
3) UI - GET token code from user  ( pass email (from above) along with 
   code)
   a) verify code and check if its expire (current date < code date)
   b) if verified render to change password page (pass email)
4) UI - GET New Password from user (email from above)
   a) change password