Django REST-Auth 密码重置
Posted
技术标签:
【中文标题】Django REST-Auth 密码重置【英文标题】:Django REST-Auth Password Reset 【发布时间】:2019-05-25 11:36:33 【问题描述】:我完全被可用的 django 中间件弄糊涂了:
我只是想让密码重置(以及后来的密码更改)功能运行,在后端使用 django 和 rest_auth 在前端使用 Vue。
第 1 步:通过邮件请求重置链接
观看次数
到目前为止我已经发了CustomPasswordResetView:
# project/accounts/views.py
from rest_auth.views import PasswordResetView
class CustomPasswordResetView(PasswordResetView):
pass
序列化器
还有一个CustomPasswordResetSerializer:
# project/accounts/serializers.py
from rest_auth.serializers import PasswordResetSerializer
class CustomPasswordResetSerializer(PasswordResetSerializer):
email = serializers.EmailField()
password_reset_form_class = ResetPasswordForm
def validate_email(self, value):
# Create PasswordResetForm with the serializer
self.reset_form = self.password_reset_form_class(data=self.initial_data)
if not self.reset_form.is_valid():
raise serializers.ValidationError(self.reset_form.errors)
###### FILTER YOUR USER MODEL ######
if not get_user_model().objects.filter(email=value).exists():
raise serializers.ValidationError(_('Invalid e-mail address'))
return value
def save(self):
request = self.context.get('request')
# Set some values to trigger the send_email method.
opts =
'use_https': request.is_secure(),
'from_email': getattr(settings, 'DEFAULT_FROM_EMAIL'),
'request': request,
opts.update(self.get_email_options())
self.reset_form.save(**opts)
Settings.py
在settings.py 我有这些字段,这些字段似乎与我的问题相关:
# project/vuedj/settings.py
REST_AUTH_SERIALIZERS =
"USER_DETAILS_SERIALIZER": "accounts.serializers.CustomUserDetailsSerializer",
"LOGIN_SERIALIZER": "accounts.serializers.CustomUserLoginSerializer",
"PASSWORD_RESET_SERIALIZER": "accounts.serializers.CustomPasswordResetSerializer"
(完整的settings.py附在底部)
网址格式
我的网址已经捕获了我的 API 请求,以便发送密码重置电子邮件:
# project/vuedj/urls.py
urlpatterns = [
path('admin/', admin.site.urls),
path('api/v1/', include('api.urls')),
path('accounts/', include('allauth.urls')),
path('', api_views.index, name='home')
]
# project/api/urls.py
urlpatterns = [
path('auth/', include('accounts.urls')),
# other paths...
]
# project/accounts/urls.py
urlpatterns = [
path('', acc_views.UserListView.as_view(), name='user-list'),
path('login/', acc_views.UserLoginView.as_view(), name='login'),
path('logout/', acc_views.UserLogoutView.as_view(), name='logout'),
path('register/', acc_views.CustomRegisterView.as_view(), name='register'),
path('reset-password/', acc_views.CustomPasswordResetView.as_view(), name='reset-password'),
path('reset-password-confirm/', acc_views.CustomPasswordResetConfirmView.as_view(), name='reset-password-confirm'),
path('<int:pk>/', acc_views.UserDetailView.as_view(), name='user-detail')
]
带有密码重置令牌生成器的电子邮件
CustomPasswordReset 视图最终会生成一封带有漂亮密码重置链接的漂亮电子邮件。链接有效,点击后可以通过allauth模板完美重置密码。
rest-auth(间接)使用此代码生成重置令牌:
# project/.venv/Lib/site-packages/allauth/account/forms.py
def save(self, request, **kwargs):
current_site = get_current_site(request)
email = self.cleaned_data["email"]
token_generator = kwargs.get("token_generator",
default_token_generator)
for user in self.users:
temp_key = token_generator.make_token(user)
# save it to the password reset model
# password_reset = PasswordReset(user=user, temp_key=temp_key)
# password_reset.save()
# send the password reset email
path = reverse("account_reset_password_from_key",
kwargs=dict(uidb36=user_pk_to_url_str(user),
key=temp_key))
url = build_absolute_uri(
request, path)
context = "current_site": current_site,
"user": user,
"password_reset_url": url,
"request": request
if app_settings.AUTHENTICATION_METHOD \
!= AuthenticationMethod.EMAIL:
context['username'] = user_username(user)
get_adapter(request).send_mail(
'account/email/password_reset_key',
email,
context)
return self.cleaned_data["email"]
上面的代码中使用了这个PasswordResetTokenGenerator:
# project/.venv/Lib/site-packages/django/contrib/auth/tokens.py
class PasswordResetTokenGenerator:
"""
Strategy object used to generate and check tokens for the password
reset mechanism.
"""
key_salt = "django.contrib.auth.tokens.PasswordResetTokenGenerator"
secret = settings.SECRET_KEY
def make_token(self, user):
"""
Return a token that can be used once to do a password reset
for the given user.
"""
return self._make_token_with_timestamp(user, self._num_days(self._today()))
def check_token(self, user, token):
"""
Check that a password reset token is correct for a given user.
"""
if not (user and token):
return False
# Parse the token
try:
ts_b36, hash = token.split("-")
except ValueError:
return False
try:
ts = base36_to_int(ts_b36)
except ValueError:
return False
# Check that the timestamp/uid has not been tampered with
if not constant_time_compare(self._make_token_with_timestamp(user, ts), token):
return False
# Check the timestamp is within limit. Timestamps are rounded to
# midnight (server time) providing a resolution of only 1 day. If a
# link is generated 5 minutes before midnight and used 6 minutes later,
# that counts as 1 day. Therefore, PASSWORD_RESET_TIMEOUT_DAYS = 1 means
# "at least 1 day, could be up to 2."
if (self._num_days(self._today()) - ts) > settings.PASSWORD_RESET_TIMEOUT_DAYS:
return False
return True
上面的类会被rest_authPasswordResetView调用:
# project/.venv/Lib/site-packages/rest_auth/views.py
class PasswordResetView(GenericAPIView):
"""
Calls Django Auth PasswordResetForm save method.
Accepts the following POST parameters: email
Returns the success/fail message.
"""
serializer_class = PasswordResetSerializer
permission_classes = (AllowAny,)
def post(self, request, *args, **kwargs):
# Create a serializer with request.data
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
serializer.save() # <----- Code from above (TokenGenerator) will be called inside this .save() method
# Return the success message with OK HTTP status
return Response(
"detail": _("Password reset e-mail has been sent."),
status=status.HTTP_200_OK
)
如您所见,Tokengenerator 将返回带有令牌的uidb36。
当用户确认密码重置时,它还假定uidb36。
生成的令牌(例如生成的邮件中的完整链接)如下所示:
http://localhost:8000/accounts/password/reset/key/16-52h-42b222e6dc30690b2e91/
16 是基数为 36 的用户 ID (uidb36),我还不知道 52h 是什么意思,但我假设,令牌的第三部分是令牌本身 (42b222e6dc30690b2e91)
第 2 步:将令牌发送到后端(又名“用户点击链接”)
我被困在这里。 Rest-Auth-Framework 的 API-Endpoints 说:
/rest-auth/password/reset/confirm/ (POST)
uidtokennew_password1new_password2
当我发送一个对象时,例如:
uid: '16', // TODO maybe I have to convert it to base10...
token: '42b222e6dc30690b2e91',
new_password1: 'test123A$',
new_password2: 'test123A$'
通过我的 api 到 http://localhost:8000/api/v1/auth/reset-password/,上面的对象在 axios-post 请求的主体中,我的 CustomPasswordResetConfirmView 像预期的那样被触发,这也只是来自 rest_auth 的 PasswordResetConfirmView 的子类,所以这段代码被执行了:
# project/.venv/Lib/site-packages/rest_auth/views.py
class PasswordResetConfirmView(GenericAPIView):
"""
Password reset e-mail link is confirmed, therefore
this resets the user's password.
Accepts the following POST parameters: token, uid,
new_password1, new_password2
Returns the success/fail message.
"""
serializer_class = PasswordResetConfirmSerializer
permission_classes = (AllowAny,)
@sensitive_post_parameters_m
def dispatch(self, *args, **kwargs):
return super(PasswordResetConfirmView, self).dispatch(*args, **kwargs)
def post(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
serializer.save()
return Response(
"detail": _("Password has been reset with the new password.")
)
serializer.is_valid(raise_exception=True) 行将调用Serializer(BaseSerializer) 和rest_framework 中的run_validation。
这将进一步使用rest_auth的PasswordResetConfirmSerializer:
# project/.venv/Lib/site-packages/rest_auth/serializers.py
class PasswordResetConfirmSerializer(serializers.Serializer):
"""
Serializer for requesting a password reset e-mail.
"""
new_password1 = serializers.CharField(max_length=128)
new_password2 = serializers.CharField(max_length=128)
uid = serializers.CharField()
token = serializers.CharField()
set_password_form_class = SetPasswordForm
def custom_validation(self, attrs):
pass
def validate(self, attrs):
self._errors =
# Decode the uidb64 to uid to get User object
try:
uid = force_text(uid_decoder(attrs['uid']))
self.user = UserModel._default_manager.get(pk=uid)
except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist):
raise ValidationError('uid': ['Invalid value'])
self.custom_validation(attrs)
# Construct SetPasswordForm instance
self.set_password_form = self.set_password_form_class(
user=self.user, data=attrs
)
if not self.set_password_form.is_valid():
raise serializers.ValidationError(self.set_password_form.errors)
if not default_token_generator.check_token(self.user, attrs['token']):
raise ValidationError('token': ['Invalid value'])
return attrs
正如您最终看到的那样,这个类期望用户 id 使用 uidb64 而不是 uidb36,我什至不想知道令牌格式是否与此处的预期匹配。
我真的找不到关于如何为完整的密码重置过程正确设置 rest_auth 的好文档:我的电子邮件正常工作,但对我来说,rest_auth 似乎会生成错误的令牌/重置链接它实际上期望从用户那里得到什么。
总结
我相信,密码重置确认过程以正确的后端代码结束,而电子邮件/令牌生成却一团糟。
我想要的只是检索一个 uid 和一个 token,我可以将它们发送回 django rest-auth 以便让用户重置他们的密码。 目前,这些 uid 和令牌似乎是由一个库创建并由另一个库使用,它们都期望并创建不同格式的令牌和 uid?
提前致谢!
已满settings.py
这是我完整的settings.py:
# project/vuedj/settings.py
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
PROJECT_PATH = os.path.realpath(os.path.dirname(__file__))
SECRET_KEY = persisted_settings.SECRET_KEY
DEBUG = True
ALLOWED_HOSTS = ['127.0.0.1', 'localhost']
CORS_ORIGIN_ALLOW_ALL = True
CORS_URLS_REGEX = r'^/api/.*$'
CORS_ALLOW_CREDENTIALS = True
# Application definition
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'django.contrib.sites',
'rest_framework',
'rest_framework.authtoken',
'corsheaders',
'allauth',
'allauth.account',
'allauth.socialaccount',
'allauth.socialaccount.providers.github',
'rest_auth',
'rest_auth.registration',
'sceneries',
'accounts',
'api',
'app',
]
EMAIL_BACKEND = 'django.core.mail.backends.filebased.EmailBackend'
EMAIL_FILE_PATH = 'app-messages'
SITE_ID = 1
AUTH_USER_MODEL = 'accounts.User'
ACCOUNT_USER_MODEL_USERNAME_FIELD = 'username'
ACCOUNT_AUTHENTICATION_METHOD = 'username_email'
ACCOUNT_EMAIL_REQUIRED = True
ACCOUNT_EMAIL_VERIFICATION = 'none'
ACCOUNT_UNIQUE_EMAIL = True
ACCOUNT_USERNAME_REQUIRED = True
ACCOUNT_USER_EMAIL_FIELD = 'email'
ACCOUNT_LOGOUT_ON_GET = True
ACCOUNT_FORMS = "login": "accounts.forms.UserLoginForm"
LOGIN_REDIRECT_URL = 'home'
LOGIN_URL = 'api/v1/accounts/login/'
CSRF_COOKIE_NAME = "csrftoken"
REST_AUTH_SERIALIZERS =
"USER_DETAILS_SERIALIZER": "accounts.serializers.CustomUserDetailsSerializer",
"LOGIN_SERIALIZER": "accounts.serializers.CustomUserLoginSerializer",
"PASSWORD_RESET_SERIALIZER": "accounts.serializers.CustomPasswordResetSerializer"
REST_AUTH_REGISTER_SERIALIZERS =
"REGISTER_SERIALIZER": "accounts.serializers.CustomRegisterSerializer",
# Following is added to enable registration with email instead of username
AUTHENTICATION_BACKENDS = (
# Needed to login by username in Django admin, regardless of `allauth`
"django.contrib.auth.backends.ModelBackend",
# `allauth` specific authentication methods, such as login by e-mail
"allauth.account.auth_backends.AuthenticationBackend",
)
MIDDLEWARE = [
'corsheaders.middleware.CorsMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
ROOT_URLCONF = 'vuedj.urls'
TEMPLATES = [
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': [
'templates/',
'templates/emails/'
],
'APP_DIRS': True,
'OPTIONS':
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
],
,
,
]
WSGI_APPLICATION = 'vuedj.wsgi.application'
try:
DATABASES = persisted_settings.DATABASES
except AttributeError:
DATABASES =
'default':
'ENGINE': 'django.db.backends.sqlite3',
'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
REST_FRAMEWORK =
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework.authentication.TokenAuthentication',
],
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.IsAuthenticated',
]
AUTH_PASSWORD_VALIDATORS = [
'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
,
'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
,
'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
,
'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
,
]
LANGUAGE_CODE = 'en-us'
TIME_ZONE = 'UTC'
USE_I18N = True
USE_L10N = True
USE_TZ = True
STATICFILES_DIRS = (
os.path.join(BASE_DIR, 'static'),
)
STATIC_ROOT = os.path.join(BASE_DIR, '../staticfiles/static')
MEDIA_ROOT = os.path.join(BASE_DIR, '../staticfiles/mediafiles')
STATIC_URL = '/static/'
MEDIA_URL = '/media/'
TEST_RUNNER = 'django_nose.NoseTestSuiteRunner'
NOSE_ARGS = [
'--with-coverage',
'--cover-package=app', # For multiple apps use '--cover-package=foo, bar'
]
【问题讨论】:
【参考方案1】:幸运的是,我找到了一个不错的图书馆,让我今天的生活变得如此轻松:
https://github.com/anx-ckreuzberger/django-rest-passwordreset
pip install django-rest-passwordreset
像这样工作:
-
按照他们网站上的说明进行操作。
我的 accounts/urls.py 现在有以下路径:
# project/accounts/urls.py
from django.urls import path, include
from . import views as acc_views
app_name = 'accounts'
urlpatterns = [
path('', acc_views.UserListView.as_view(), name='user-list'),
path('login/', acc_views.UserLoginView.as_view(), name='login'),
path('logout/', acc_views.UserLogoutView.as_view(), name='logout'),
path('register/', acc_views.CustomRegisterView.as_view(), name='register'),
# NEW: custom verify-token view which is not included in django-rest-passwordreset
path('reset-password/verify-token/', acc_views.CustomPasswordTokenVerificationView.as_view(), name='password_reset_verify_token'),
# NEW: The django-rest-passwordreset urls to request a token and confirm pw-reset
path('reset-password/', include('django_rest_passwordreset.urls', namespace='password_reset')),
path('<int:pk>/', acc_views.UserDetailView.as_view(), name='user-detail')
]
然后我还为我的 CustomTokenVerification 添加了一个小 TokenSerializer:
# project/accounts/serializers.py
from rest_framework import serializers
class CustomTokenSerializer(serializers.Serializer):
token = serializers.CharField()
然后我在之前派生的CustomPasswordResetView中添加了一个信号接收器,现在不再派生自rest_auth.views.PasswordResetView AND添加了一个新视图@ 987654330@:
# project/accounts/views.py
from django.dispatch import receiver
from django_rest_passwordreset.signals import reset_password_token_created
from django.core.mail import EmailMultiAlternatives
from django.template.loader import render_to_string
from vuedj.constants import site_url, site_full_name, site_shortcut_name
from rest_framework.views import APIView
from rest_framework import parsers, renderers, status
from rest_framework.response import Response
from .serializers import CustomTokenSerializer
from django_rest_passwordreset.models import ResetPasswordToken
from django_rest_passwordreset.views import get_password_reset_token_expiry_time
from django.utils import timezone
from datetime import timedelta
class CustomPasswordResetView:
@receiver(reset_password_token_created)
def password_reset_token_created(sender, reset_password_token, *args, **kwargs):
"""
Handles password reset tokens
When a token is created, an e-mail needs to be sent to the user
"""
# send an e-mail to the user
context =
'current_user': reset_password_token.user,
'username': reset_password_token.user.username,
'email': reset_password_token.user.email,
'reset_password_url': "/password-reset/".format(site_url, reset_password_token.key),
'site_name': site_shortcut_name,
'site_domain': site_url
# render email text
email_html_message = render_to_string('email/user_reset_password.html', context)
email_plaintext_message = render_to_string('email/user_reset_password.txt', context)
msg = EmailMultiAlternatives(
# title:
"Password Reset for ".format(site_full_name),
# message:
email_plaintext_message,
# from:
"noreply@".format(site_url),
# to:
[reset_password_token.user.email]
)
msg.attach_alternative(email_html_message, "text/html")
msg.send()
class CustomPasswordTokenVerificationView(APIView):
"""
An Api View which provides a method to verifiy that a given pw-reset token is valid before actually confirming the
reset.
"""
throttle_classes = ()
permission_classes = ()
parser_classes = (parsers.FormParser, parsers.MultiPartParser, parsers.JSONParser,)
renderer_classes = (renderers.JSONRenderer,)
serializer_class = CustomTokenSerializer
def post(self, request, *args, **kwargs):
serializer = self.serializer_class(data=request.data)
serializer.is_valid(raise_exception=True)
token = serializer.validated_data['token']
# get token validation time
password_reset_token_validation_time = get_password_reset_token_expiry_time()
# find token
reset_password_token = ResetPasswordToken.objects.filter(key=token).first()
if reset_password_token is None:
return Response('status': 'invalid', status=status.HTTP_404_NOT_FOUND)
# check expiry date
expiry_date = reset_password_token.created_at + timedelta(hours=password_reset_token_validation_time)
if timezone.now() > expiry_date:
# delete expired token
reset_password_token.delete()
return Response('status': 'expired', status=status.HTTP_404_NOT_FOUND)
# check if user has password to change
if not reset_password_token.user.has_usable_password():
return Response('status': 'irrelevant')
return Response('status': 'OK')
现在我的前端将提供一个请求 pw-reset 链接的选项,因此前端将向 django 发送一个 post 请求,如下所示:
// urls.js
const SERVER_URL = 'http://localhost:8000/' // FIXME: change at production (https and correct IP and port)
const API_URL = 'api/v1/'
const API_AUTH = 'auth/'
API_AUTH_PASSWORD_RESET = API_AUTH + 'reset-password/'
// api.js
import axios from 'axios'
import urls from './urls'
axios.defaults.baseURL = urls.SERVER_URL + urls.API_URL
axios.defaults.headers.post['Content-Type'] = 'application/json'
axios.defaults.xsrfHeaderName = 'X-CSRFToken'
axios.defaults.xsrfCookieName = 'csrftoken'
const api =
get,
post,
patch,
put,
head,
delete: _delete
function post (url, request)
return axios.post(url, request)
.then((response) => Promise.resolve(response))
.catch((error) => Promise.reject(error))
// user.service.js
import api from '@/_api/api'
import urls from '@/_api/urls'
api.post(`$urls.API_AUTH_PASSWORD_RESET`, email)
.then( /* handle success */ )
.catch( /* handle error */ )
创建的电子邮件将包含这样的链接:
Click the link below to reset your password.
localhost:8000/password-reset/4873759c229f17a94546a63eb7c3d482e73983495fa40c7ec2a3d9ca1adcf017
... 没有在 django-urls 中定义的意图! Django 将让每个未知的 url 通过,vue 路由器将决定该 url 是否有意义。 然后我让前端发送令牌,看看它是否有效,这样用户就已经可以看到令牌是否已经被使用、过期或其他...
// urls.js
const API_AUTH_PASSWORD_RESET_VERIFY_TOKEN = API_AUTH + 'reset-password/verify-token/'
// users.service.js
api.post(`$urls.API_AUTH_PASSWORD_RESET_VERIFY_TOKEN`, pwResetToken)
.then( /* handle success */ )
.catch( /* handle error */ )
现在用户将通过 Vue 或密码输入字段收到错误消息,他们最终可以在此处重置密码,该密码将由前端发送,如下所示:
// urls.js
const API_AUTH_PASSWORD_RESET_CONFIRM = API_AUTH + 'reset-password/confirm/'
// users.service.js
api.post(`$urls.API_AUTH_PASSWORD_RESET_CONFIRM`,
token: state[token], // (vuex state)
password: state[password] // (vuex state)
)
.then( /* handle success */ )
.catch( /* handle error */ )
这是主要代码。我使用自定义 vue 路由将 django 休息端点与前端可见路由分离。其余的都是通过 api 请求和处理它们的响应来完成的。
希望这对将来会像我一样挣扎的人有所帮助。
【讨论】:
你提到向reset-password/confirm/发送一个post请求,但它没有在你的Django urls文件中指定为路径,这是故意的吗?
@superdee73 我认为它包含在依赖项中:include('django_rest_passwordreset.urls', namespace='password_reset') 编辑:是的,刚才确认了,您请求的 url 是 django_rest_passwordreset 库的子 url(至少在我写答案的时间和我当地的回购)。您只需要在 django 中包含 parent-url 和上面的行,就可以隐含库中的所有 url。
如果您对后请求有问题,例如,如果 Django Url 解析器未找到该请求,请仔细检查拼写。例如,网址末尾必须有斜杠/!
@alkadelik 邮件中的 url(例如/password-reset/4873759c229f17a94546a63eb7c3d482e73983495fa40c7ec2a3d9ca1adcf017)由 vue-router 捕获/定义,而不是由 django url 设置。因此,vue 将执行您在 vue-router 设置中定义的任何操作。我会将令牌传递给模态组件或类似的东西。另外,我调用了一个user-service 函数,其中放置了api.post($urls.API_AUTH_PASSWORD_RESET_VERIFY_TOKEN...,我直接从路由器设置或从模式组件中执行此操作,比如说mounted() 函数或beforeRouteUpdate
见router.vuejs.org/guide/essentials/…和router.vuejs.org/guide/essentials/…【参考方案2】:
我们有相同的设置,我可以告诉你它可以工作,但我无法帮助你处理基数 36,除非Django documentation 说它是基数 64!
但是,您已经写道,这个理论部分对您来说并不那么重要,让我们找出您遗漏的地方。设置有点混乱,因为您不需要 allauth 的所有内容。我不明白你到底卡在哪里。因此,我想告诉你我是怎么做到的:
我为 Django/allauth 定义了密码重置 URL,以便在电子邮件中创建链接时找到它:
from django.views.generic import TemplateView
PASSWORD_RESET = (
r'^auth/password-reset-confirmation/'
r'(?P<uidb64>[0-9A-Za-z_\-]+)/'
r'(?P<token>[0-9A-Za-z]1,13-[0-9A-Za-z]1,20)$'
)
urlpatterns += [
re_path(
PASSWORD_RESET,
TemplateView.as_view(),
name='password_reset_confirm',
),
]
您不必这样做(因为您是include('allauth.urls'),实际上您是don't need these URLs),但我想明确指出,此 URL 不指向后端!也就是说,让您的前端使用表单提供此 URL 以输入新密码,然后使用 axios 或 POST uid、token、new_password1 和 new_password2 到您的端点。
在您的情况下,端点是
path(
'reset-password-confirm/',
acc_views.CustomPasswordResetConfirmView.as_view(),
name='reset-password-confirm'
),
这对您有帮助吗?否则,请告诉我。
【讨论】:
感谢您的帮助,但您所说的都是我已经理解的内容:/ 幸运的是,我找到了一个替代解决方案,我现在正在运行 :) @ElectRocnic 请告诉我们您的解决方案 @ImanSadrian 看到我已经检查为正确的答案。以上是关于Django REST-Auth 密码重置的主要内容,如果未能解决你的问题,请参考以下文章