🔖 Day9 - Change Password

2018 - 06 - 26
🔖 Day9 - Change Password
當用戶在已登入狀態下,也可以更改password。 利用Django 內建的django.contrib.auth.forms.PasswordChangeForm可以輕鬆地執行表格。 而backend部份是由兩個functions組成:
  • django.contrib.auth.views.password_change
  • django.contrib.auth.views.password_change_done
font-end則需要兩個HTML頁面:
  • templates/registration/password_change_form.html
  • templates/registration/password_change_done.html

1. [A schema to the steps] 開始前先了解一下整個更改密碼的程序:
  1. urls.py 收到要求打開django.contrib.auth.views.password_change function
  2. Django會以function decorators @login_required去確認用戶已登入,並執行下一步
  3. auth.views.password_change查核資料正確性,及render django.contrib.auth.password_change_done 但我們會自行寫另一個app.views.changepassworddone,讓更改密碼後自動送出email notification
2. [Set url] 第一步,先到urls.py加入urlspattern:
from django.contrib.auth import views as av
from <app> import views as myviews

urlspattern = [
    ....
    ....
    path('password_change/', av.password_change, name='password_change'),
    path('password_change/done/', myviews.changepassworddone, name='password_change_done'),
]

3. [Login_required decorator] @XXXXX 是Python裡面的function wrapper/decorator的意思,詳細內容可以到TheCodeShip參考。 因為password_change 以及password_change_done是需要用戶先登入,所以官方設定它們都有@login_required這個decorator。 詳細有關Password Change的official code,可以在Django Source Code For Auth.Views參考。 由於我們是用預設的auth.views去執行password_change,所以我們不用親自再寫,只需要配合用上@login_required就可以了。 到settings.py加上:
LOGIN_URL = 'login'

這樣就完成了第二步。
4. [Create template] 建立templatesregistration/password_change_form.html,以及registration/password_change_done.htmlpassword_change_form.html
{% extends 'base.html' %}
{% block content %}
<form method='POST'>
{% for field in form %}
    <label for={{ field.name }}>{{ field.label_tag }}</label> {{ field }}
    {% if {{ field.help_text }} %}
        {{ field.help_text }}
    {% endif %}
{% endfor %}
<input type='submit' value='Change Password'>
</form>
{% endblock %}
password_change_done.html
{% extends 'base.html' %}
{% block content %}
<span>Your password is changed successfully</span>
{% endblock %}

5. [View function for email notification] 如果step 1 的urlspattern是使用av.password_change_done,其實已經完成了。 但因為我們要做一個可以發送email的版本,該用戶知道密碼被更改了, 所以要到app.views.py建立function - changepassworddone以及修改sendmail
from django.contrib.auth.decorators import login_required
from django.template.loader import render_to_string
from django.core.mail import send_mail

@login_required
def changepassworddone(request):
    title = 'changepassword'
    sendmail(request, title)
    return render(request, 'registration/password_change_done.html', context=None)

def sendmail(request, title):
    email_title = title
    recipient = request.user.email
    if email_title = 'changepassword':
        email_content = render_to_string('registration/changepassword_email.txt', {'username':request.user.username})
    send_mail(
        email_title,
        ‘’,
        '<youremail@email.com>',
        [recipient,],
        html_message=email_content
    )


6. [Email template] 最後是建立一個email內容的template,registration/changepassword_email.txt
{% autoescape off %}
Hi {{ username }}! 
Your password is successfully changed recently!
If this is you, please ignore this email.
Otherwise, you are strongly recommended to reset your password on our site.

Thank you.
xxx Team
{% endautoescape %}

Done!

Comments

There is no comment yet

New Comment

Please Login to comment