我的 Django 应用程序遇到涉及密码重置功能的问题。当通过标准 Django 网站流程发送密码重置链接时,一切都会按预期进行:用户收到一封包含链接的电子邮件,单击该链接后,他们将进入一个包含重置密码表单的页面。
但是,当通过 Django Rest Framework (DRF) API(从 Flutter 应用程序触发)发送重置链接时,用户仍然会收到带有链接的电子邮件,但打开的页面不会显示密码重置表单。仅出现休息按钮,但缺少密码重置表单本身。
这是 Django 中我的 CustomPasswordResetConfirmView 的相关部分:
class CustomPasswordResetConfirmView(PasswordResetConfirmView):
form_class = SetPasswordForm
success_url = reverse_lazy('users:password_reset_complete')
template_name = 'users/password_reset_confirm.html'
@method_decorator(sensitive_post_parameters('new_password1', 'new_password2'))
@method_decorator(csrf_protect)
def dispatch(self, *args, **kwargs):
return super().dispatch(*args, **kwargs)
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
context['form'] = self.form_class(user=self.request.user)
return context
模板users/password_reset_confirm.html如下:
<main class="mt-5" >
<div class="container dark-grey-text mt-5">
<div class="content-section">
<form method="POST">
{% csrf_token %}
<fieldset class="form-group">
<legend class="border-bottom mb-4">Reset Password</legend>
{{ form|crispy }}
</fieldset>
<div class="form-group">
<button class="btn btn-outline-info" type="submit">Reset Password</button>
</div>
</form>
</div>
</div>
</main>
我不确定到底要寻找什么,要么是发送给用户进行重置的链接不正确,因为从网站收到电子邮件时显示的链接如下:
Subject: Password reset on [Displayname]
You're receiving this email because you requested a password reset for your user account at [Displayname].
Please go to the following page and choose a new password:
https://www.[Domain].com/password-reset-confirm/NTM/bxogt6-68772***************f41836/
Your username, in case you’ve forgotten: Username
Thanks for using our site!
The [Displayname]team
从 DRF API 来看,flutter 看起来像这样:
Subject: [Displayname] Password Reset E-mail
Hello from [Displayname]!
You're receiving this e-mail because you or someone else has requested a password for your user account.
It can be safely ignored if you did not request a password reset. Click the link below to reset your password.
https://www.[Domain].com/password-reset-confirm/1h/bxogub-7eebb4**************deaa0e/
In case you forgot, your username is Username.
Thank you for using [Displayname]!
www.[Domain].com
这里是 Django settings.py
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework.authentication.BasicAuthentication',
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.TokenAuthentication'
]
}
AUTH_USER_MODEL = 'auth.User'
REST_AUTH_SERIALIZERS = {
'PASSWORD_RESET_SERIALIZER':
'api.serializers.PasswordResetSerializer',
}
AUTHENTICATION_BACKENDS=['users.models.EmailBackend']
这里是 users/templates/users/password_reset_email.html 的模板
尽管我注意到由于设置根本没有使用它:
{% autoescape off %}
You're receiving this e-mail because you requested a password reset for your user account at {{ site_name }}.
Please go to the following page and choose a new password:
{% block reset_link %}
{{ protocol }}://{{ domain }}/api/{% url 'password_reset_confirm' uidb64=uid token=token %}
{% endblock %}
Your username, in case you've forgotten: {{ user.username }}
Thanks for using our site!
The {{ site_name }} team.
{% endautoescape %}
更新我注意到 DRF 使用默认方式重置密码,因为我已删除 CustomPasswordResetConfirmView 视图并从 url 中删除,并且显示相同的错误
您是否安装了与密码重置/身份验证相关的任何库/软件包?因为我认为这是图书馆的电子邮件模板。
对我来说,我认为如果我使用库来处理这个问题会更简单。例如,我通常使用 dj-rest-auth 来处理与身份验证、注册、忘记密码和重置密码相关的操作。
对于带有 Flutter 的 DRF。
流程应该是:
uid
、token
和 new password