Password Reset 是Django的built-in function，under django.contrib.auth.views。 因為是auth.views，所以我們不需在app/views.py自建function， 只需設定urls.py以及建立HTML檔在templates/registration/裡面。 1. [Set url] 先到settings/urls.py新增4條urlspattern：

• password_reset
• password_reset_done
• password_reset_confirm
• password_reset_complete

from django.urls import path
from django.contrib.auth.views import password_reset, password_reset_done, password_reset_confirm, password_reset_complete

urlspattern=[
...
...
    path('resetpassword/', password_reset, name='password_reset'),
    path('resetdone', password_reset_done, name='password_reset_done'),
    path('reset/<uidb64>/<token>/',
        password_reset_confirm, name='password_reset_confirm'),
    path('reset/done/', password_reset_complete, name='password_reset_complete'),
]

或是簡單地：

from django.urls import path, include

urlspattern=[
...
...
    path('', include('django.contrib.auth.urls')),
]

path()是Django2.0的新功能，收納在django.urls裡面。 在Django2.0，django.urls.path可謂取代了舊式的django.conf.urls.url， 往後會再有筆記。 這裡要知道的只是，django.contrib.auth.urls。 這套在auth底下的urls.py包括了

• login
• logout
• password_reset
• password_reset_done
• password_reset_confirm
• password_reset_complete
• password_change
• password_change_done

所以只需一行include('django.contrib.auth.urls')，就已經足夠了。 但要小心，因為它會override我們本來自設好的app.views.login以及app.views.logout功能， 而且在其他自設views function內，也不能直接用parameter name來returndjango.contrib.auth.views內的function，如這篇提及的django.contrib.auth.views.password_reset也不例外。 /* include本來是收納在django.conf.urls，在Django2.0，它改為收納在django.urls，跟path, re_path一樣。 */

---

2. [Create templates] 雖然urlspattern只有4項，但built-in password_reset 功能需要6個templates，放在templates/registration/裡面。

• password_reset_form.htmlReset password頁面讓用戶輸入email address
• password_reset_done.htmlSubmit Form後的頁面
• password_reset_subject.txt用戶收到的email title
• password_reset_email.html用戶收到的email內容
• password_reset_confirm.html從email點擊連結後，重置密碼的頁面
• password_reset_complete.html重置完成的頁面

---

3. [password_reset_form.html] registration/password_reset_form.html的內容： e.g.

{% extends 'base.html' %}
{% block content %}

<div>
<span>Please Enter Your Email Address To Reset Password</span>
{% for field in form %}
    <label for='{{ field.name }}'>{{ field.label_tag }}</label> {{ field }}
{% endfor %}
</div>

{% endblock %}

---

4. [password_reset_done.html] registration/password_reset_done.html的內容： e.g.

{% extends 'base.html' %}
{% block content %}

<div>
<span>An email is sent to you to reset your password.</span>
<span>If it is not shown in your inbox, please also check if it falls into spam folder.</span>
</div>

{% endblock %}

form 是auth.views.password_reset內的parameter。

---

5. [password_reset_subject.txt] registration/password_reset_subject.txt只是email的title： e.g. Request: Reset Your Password - from xxx website

---

6. [password_reset_email.html] registration/password_reset_email.html的內容： e.g.

{% autoescape off %}

We've received a request to reset your password.
If it was not you, please ignore this email and change your password on our site.
If you wish to proceed, please follow the link below:

{{ protocol }}://{{ domain }}{% url 'password_reset_confirm' uidb64=uid token=token %}

{% endautoescape %}

uidb64=uid 及 token 是auth.views.password_reset_confirm內需要的。

---

7. [password_reset_comfirm.html] registration/password_reset_comfirm.html的內容： e.g.

{% extends 'base.html' %}
{% block content %}

{% if validlink %}
<form method="POST">
    {% for field in form %}
        <label for={{ field.name }}>{{ field.label_tag }}</label>{{ field }}
    {% endfor %}
    <span>Your new password should not be the same as old.</span>
    <span>And it should be consists of 8 alphanumeric characters</span>
    <input type='submit' value='Reset'>
</form>
{% else %}
<span>Your link is invalid or it is already used.</span>
<span>Please make a new request if you wish to retry.</span>

{% endblock %}

validlink是由email回傳到registration/password_reset_confirm.html時的parameter。 /* 雖然整個頁面應該只有一格填寫email的 input box，但利用for loop可以custom 介面。 */

---

8. [password_reset_complete.html] registration/password_reset_complete.html的內容： e.g.

{% extends 'base.html' %}
{% block content %}

Your password is reset successfully!

{% endblock %}

---

就這樣，一個完整的password reset procedures完成了。 /* 可以把registration/password_reset_form.html的連結，加到login頁面，方便用戶忘記密碼時使用。 */