Django password reset email link redirects to login page
Question
I am using custom forms to override the Django templates but when a user clicks reset password and receives the email with the password reset link, etc (EDITED QUESTION TO CHANGE ORDER FROM reset-password to password-reset )
/reset/OA/50l-94673624f6b9fa5a060a/
When the link is clicked it redirects to
/account/login/
It should be directing them to
/password-reset/confirm/
and then to
/password-reset/complete/
The command line looks like this when reset link is clicked
GET /reset/OA/50l-94673624f6b9fa5a060a/ HTTP/1.1" 302 0
GET /account/login/ HTTP/1.1" 200 2237
LOGIN_EXEMPT_URLS
LOGIN_EXEMPT_URLS = {
r'^account/logout/$',
r'^account/register/$',
r'^account/password-reset/$',
r'^account/password-reset/done/$',
r'^account/password-reset/confirm/(?P<uidb64>[0-9A-Za-z]+)-(?P<token>,+)/$',
r'^account/password-reset/complete/$',
}
urls.py
app_name='accounts'
from django.conf.urls import url
from . import views
from django.contrib.auth.views import LoginView, LogoutView, PasswordResetView, PasswordResetDoneView, PasswordResetConfirmView, PasswordResetCompleteView
from django.conf import settings
from django.conf.urls.static import static
from django.urls import reverse_lazy
urlpatterns = [
url(r'^$', views.home, name='home'),
url(r'^login/$', LoginView.as_view(template_name='accounts/login.html'), name='login'),
url(r'^logout/$', LogoutView.as_view(template_name='accounts/logout.html'), name='logout'),
url(r'^register/$', views.register, name='register'),
url(r'^profile/$', views.view_profile, name='view_profile'),
url(r'^profile/edit$', views.edit_profile, name='edit_profile'),
url(r'^change-password/$', views.change_password, name='change_password'),
url(r'^password-reset/$',
PasswordResetView.as_view(template_name='accounts/password_reset.html',
success_url=reverse_lazy('accounts:password_reset_done')),
{'email_template_name': 'accounts/password_reset_email.html'},
name='password_reset'),
url(r'^password-reset/done/$',
PasswordResetDoneView.as_view(template_name='accounts/password_reset_done.html'),
name='password_reset_done'),
url(r'^password-reset/confirm/(?P<uidb64>[0-9A-Za-z]+)-(?P<token>,+)/$',
PasswordResetConfirmView.as_view(template_name='accounts/password_reset_confirm.html'),
name='password_reset_confirm'),
url(r'^password-reset/complete/$',
PasswordResetCompleteView.as_view(template_name='accounts/password_reset_complete.html'),
name='password_reset_complete'),
]
settings.py
INSTALLED_APPS = [
'accounts',
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
]
middleware.py
import re
from django.conf import settings
from django.urls import reverse
from django.shortcuts import redirect
from django.contrib.auth import logout
EXEMPT_URLS = [re.compile(settings.LOGIN_URL.lstrip('/'))]
if hasattr(settings, 'LOGIN_EXEMPT_URLS'):
EXEMPT_URLS += [re.compile(url) for url in settings.LOGIN_EXEMPT_URLS]
class LoginRequiredMiddleware:
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
response = self.get_response(request)
return response
def process_view(self, request, view_func, view_args, view_kwargs):
assert hasattr(request, 'user')
path = request.path_info.lstrip('/')
url_is_exempt = any(url.match(path) for url in EXEMPT_URLS)
if path == reverse('accounts:logout').lstrip('/'):
logout(request)
if request.user.is_authenticated and url_is_exempt:
return redirect(settings.LOGIN_REDIRECT_URL)
elif request.user.is_authenticated or url_is_exempt:
return None
else:
return redirect(settings.LOGIN_URL)
password_reset_email.html
{% load i18n %}{% autoescape off %}
{% blocktrans %} You're recieving this email because you requested a password reset
for your user account at {{ site_name }}.{% endblocktrans %}
{% trans "Please go to the following page and choose a new password:" %}
{% block reset_link %}
{{ protocol }}://{{ domain }}{% url 'password_reset_confirm' uidb64=uid token=token %}
{% endblock %}
{% trans "Your username, in case you've forgotten:" %} {{ user.get_username }}
{% trans "Thank you for using x!" %}
{% blocktrans %}The {{ site_name }} team{% endblocktrans %}
{% endautoescape %}
3 answers
solution1
3 2019-09-28 06:24:14
change in the settings seption the confirm part to just account/password-rest/confirm/ without dollar sign so everything after that url will be exempt aswell.
LOGIN_EXEMPT_URLS = {
r'^account/logout/$',
r'^account/register/$',
r'^account/password-reset/$',
r'^account/password-reset/done/$',
r'^account/password-reset/confirm/',
r'^account/password-reset/complete/$',
}
solution2
1 2018-10-20 14:50:48
You should change from PasswordResetConfirmView to PasswordResetCompleteView .
PasswordResetCompleteView presents a view which informs the user that password has been successfully changed. You don't need to write PasswordResetConfirmView twice.
Change to
url(r'^reset-password/complete/$',
PasswordResetCompleteView.as_view(template_name='accounts/reset_password_complete.html'),
name='reset_password_complete'),
For more detail, check django docs. ( https://docs.djangoproject.com/en/2.1/topics/auth/default/#django.contrib.auth.views.PasswordResetCompleteView )
solution3
0 2018-10-20 18:36:12
You have included your password reset URLs in a urls.py which has app_name = 'accounts' , therefore you need to include the accounts namespace when reversing the URLs.
{% url 'accounts:password_reset_confirm' uidb64=uid token=token %}
As an aside, I've seen several questions on Stack Overflow where namespacing the password reset URLs caused problems. In my opinion, it's simpler to include the password reset URLs in a urls.py that does not use a namespace.
The log line GET /reset/OA/50l-94673624f6b9fa5a060a/ suggests that you have included the password reset URLs in a second place. I would try to track down this extra include and remove it.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.