Password Reset 是Django的built-in function,under
django.contrib.auth.views
。
因為是
auth.views,所以我們不需在
app/views.py
自建function,
只需設定
urls.py
以及建立HTML檔在
templates/registration/
裡面。
1.
[Set url]
先到
settings/urls.py
新增4條urlspattern:
- password_reset
- password_reset_done
- password_reset_confirm
- password_reset_complete
from django.urls import path
from django.contrib.auth.views import password_reset, password_reset_done, password_reset_confirm, password_reset_complete
urlspattern=[
...
...
path('resetpassword/', password_reset, name='password_reset'),
path('resetdone', password_reset_done, name='password_reset_done'),
path('reset/<uidb64>/<token>/',
password_reset_confirm, name='password_reset_confirm'),
path('reset/done/', password_reset_complete, name='password_reset_complete'),
]
或是簡單地:
from django.urls import path, include
urlspattern=[
...
...
path('', include('django.contrib.auth.urls')),
]
path()是Django2.0的新功能,收納在
django.urls
裡面。
在Django2.0,
django.urls.path
可謂取代了舊式的
django.conf.urls.url
,
往後會再有筆記。
這裡要知道的只是,
django.contrib.auth.urls
。
這套在auth底下的
urls.py包括了
- login
- logout
- password_reset
- password_reset_done
- password_reset_confirm
- password_reset_complete
- password_change
- password_change_done
所以只需一行
include('django.contrib.auth.urls'),就已經足夠了。
但要小心,因為它會override我們本來自設好的
app.views.login
以及
app.views.logout
功能,
而且在其他自設views function內,也不能直接用parameter
name來return
django.contrib.auth.views
內的function,如這篇提及的
django.contrib.auth.views.password_reset
也不例外。
/* include本來是收納在django.conf.urls
,在Django2.0,它改為收納在django.urls
,跟path, re_path一樣。 */
2.
[Create templates]
雖然urlspattern只有4項,但built-in password_reset 功能需要6個templates,放在
templates/registration/
裡面。
password_reset_form.html
Reset password頁面讓用戶輸入email address
password_reset_done.html
Submit Form後的頁面
password_reset_subject.txt
用戶收到的email title
password_reset_email.html
用戶收到的email內容
password_reset_confirm.html
從email點擊連結後,重置密碼的頁面
password_reset_complete.html
重置完成的頁面
3.
[password_reset_form.html]
registration/password_reset_form.html
的內容:
e.g.
{% extends 'base.html' %}
{% block content %}
<div>
<span>Please Enter Your Email Address To Reset Password</span>
{% for field in form %}
<label for='{{ field.name }}'>{{ field.label_tag }}</label> {{ field }}
{% endfor %}
</div>
{% endblock %}
4.
[password_reset_done.html]
registration/password_reset_done.html
的內容:
e.g.
{% extends 'base.html' %}
{% block content %}
<div>
<span>An email is sent to you to reset your password.</span>
<span>If it is not shown in your inbox, please also check if it falls into spam folder.</span>
</div>
{% endblock %}
form 是
auth.views.password_reset
內的parameter。
5.
[password_reset_subject.txt]
registration/password_reset_subject.txt
只是email的title:
e.g.
Request: Reset Your Password - from xxx website
6.
[password_reset_email.html]
registration/password_reset_email.html
的內容:
e.g.
{% autoescape off %}
We've received a request to reset your password.
If it was not you, please ignore this email and change your password on our site.
If you wish to proceed, please follow the link below:
{{ protocol }}://{{ domain }}{% url 'password_reset_confirm' uidb64=uid token=token %}
{% endautoescape %}
uidb64=uid 及
token 是
auth.views.password_reset_confirm
內需要的。
7.
[password_reset_comfirm.html]
registration/password_reset_comfirm.html
的內容:
e.g.
{% extends 'base.html' %}
{% block content %}
{% if validlink %}
<form method="POST">
{% for field in form %}
<label for={{ field.name }}>{{ field.label_tag }}</label>{{ field }}
{% endfor %}
<span>Your new password should not be the same as old.</span>
<span>And it should be consists of 8 alphanumeric characters</span>
<input type='submit' value='Reset'>
</form>
{% else %}
<span>Your link is invalid or it is already used.</span>
<span>Please make a new request if you wish to retry.</span>
{% endblock %}
validlink是由email回傳到
registration/password_reset_confirm.html
時的parameter。
/* 雖然整個頁面應該只有一格填寫email的 input box,但利用for loop可以custom 介面。 */
8.
[password_reset_complete.html]
registration/password_reset_complete.html
的內容:
e.g.
{% extends 'base.html' %}
{% block content %}
Your password is reset successfully!
{% endblock %}
就這樣,一個完整的password reset procedures完成了。
/* 可以把registration/password_reset_form.html
的連結,加到login頁面,方便用戶忘記密碼時使用。 */