當用戶在已登入狀態下,也可以更改password。
利用Django 內建的
django.contrib.auth.forms.PasswordChangeForm
可以輕鬆地執行表格。
而backend部份是由兩個functions組成:
django.contrib.auth.views.password_change
django.contrib.auth.views.password_change_done
font-end則需要兩個HTML頁面:
templates/registration/password_change_form.html
templates/registration/password_change_done.html
1.
[A schema to the steps]
開始前先了解一下整個更改密碼的程序:
urls.py
收到要求打開django.contrib.auth.views.password_change
function
- Django會以function decorators
@login_required
去確認用戶已登入,並執行下一步
auth.views.password_change
查核資料正確性,及render django.contrib.auth.password_change_done
但我們會自行寫另一個app.views.changepassworddone
,讓更改密碼後自動送出email notification
2.
[Set url]
第一步,先到
urls.py
加入urlspattern:
from django.contrib.auth import views as av
from <app> import views as myviews
urlspattern = [
....
....
path('password_change/', av.password_change, name='password_change'),
path('password_change/done/', myviews.changepassworddone, name='password_change_done'),
]
3.
[Login_required decorator]
@XXXXX 是Python裡面的function wrapper/decorator的意思,詳細內容可以到
TheCodeShip參考。
因為
password_change
以及
password_change_done
是需要用戶先登入,所以官方設定它們都有
@login_required
這個decorator。
詳細有關
Password Change的official code,可以在
Django Source Code For Auth.Views參考。
由於我們是用預設的
auth.views
去執行
password_change,所以我們不用親自再寫,只需要配合用上
@login_required就可以了。
到
settings.py
加上:
LOGIN_URL = 'login'
這樣就完成了第二步。
4.
[Create template]
建立templates
registration/password_change_form.html
,以及
registration/password_change_done.html
。
password_change_form.html
:
{% extends 'base.html' %}
{% block content %}
<form method='POST'>
{% for field in form %}
<label for={{ field.name }}>{{ field.label_tag }}</label> {{ field }}
{% if {{ field.help_text }} %}
{{ field.help_text }}
{% endif %}
{% endfor %}
<input type='submit' value='Change Password'>
</form>
{% endblock %}
password_change_done.html
:
{% extends 'base.html' %}
{% block content %}
<span>Your password is changed successfully</span>
{% endblock %}
5.
[View function for email notification]
如果step 1 的urlspattern是使用
av.password_change_done
,其實已經完成了。
但因為我們要做一個可以發送email的版本,該用戶知道密碼被更改了,
所以要到
app.views.py
建立function -
changepassworddone以及修改
sendmail:
from django.contrib.auth.decorators import login_required
from django.template.loader import render_to_string
from django.core.mail import send_mail
@login_required
def changepassworddone(request):
title = 'changepassword'
sendmail(request, title)
return render(request, 'registration/password_change_done.html', context=None)
def sendmail(request, title):
email_title = title
recipient = request.user.email
if email_title = 'changepassword':
email_content = render_to_string('registration/changepassword_email.txt', {'username':request.user.username})
send_mail(
email_title,
‘’,
'<youremail@email.com>',
[recipient,],
html_message=email_content
)
6.
[Email template]
最後是建立一個email內容的template,
registration/changepassword_email.txt
:
{% autoescape off %}
Hi {{ username }}!
Your password is successfully changed recently!
If this is you, please ignore this email.
Otherwise, you are strongly recommended to reset your password on our site.
Thank you.
xxx Team
{% endautoescape %}
Done!