Menu
I have a web application Django 1.4.3. We allow users to book shows as guests; such users are created with email and unusable password ( using set_unusable_password() ). Now, we want to allow them to reset password. But, the Django's built-in reset form disallows to reset for user's with unusable password. Do I have to create my own form? What are the alternatives? Or Should I use make_random_password?
Relevant Code from auth project -
if any((user.password == UNUSABLE_PASSWORD)
for user in self.users_cache):
raise forms.ValidationError(self.error_messages['unusable'])
thanks
220
To change a user's password, you have several options: manage.py changepassword *username* offers a method of changing a user's password from the command line. It prompts you to change the password of a given user which you must enter twice. If they both match, the new password will be changed immediately.
With Django, you can create groups to class users and assign permissions to each group so when creating users, you can just assign the user to a group and, in turn, the user has all the permissions from that group. To create a group, you need the Group model from django. contrib. auth.
Here we will use a library called django-rest-passwordreset for creating Reset or Forgot Password API using Django Rest Framework. In models.py add following signal for sending email. Now copy that token which comes in email and and post token and password to /api/password_reset/confirm/ api url.
The default PasswordResetForm does not allow users to reset their password if their current password is unusable. However you can subclass the form and override the method that does this check.
For Django 1.8+, override the get_users method.
In your case, for Django 1.4, override the clean_email method.
Then include your custom form in your password_reset url pattern, as the kwarg password_reset_form.
174
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
