Djoser password reset implementation

1.2k views Asked by At

I am using djosers for my authentication on django backend which eventually i'll be connecting to flutter frontend and i am having trouble implementing the password reset functionality... from what i have understood, first i need to hit the /users/reset_password/ with email body which will eventually give me the token of authentication which will be used further on confirm reset but the first thing i dont understand is PASSWORD_RESET_CONFIRM_URL field in the settings, like it needs a front end link with uid and token placeholders but what is this token field and what is this PASSWORD_RESET_CONFIRM_URL but i managed to look over a stack overflow question and filled it but now when i hit /users/reset_password/ i get this error:

[WinError 10013] An attempt was made to access a socket in a way forbidden by its access permissions

settings:

    DJOSER = {
        'PASSWORD_RESET_CONFIRM_URL':'reset/password/reset/confirm/{uid}/{token}',
        'LOGIN_FIELD' : 'email',
        'USER_CREATE_PASSWORD_RETYPE' : True,
        'SERIALIZERS': {
            'user_create': 'auth_app.serializers.UseriCreateSerializer',
            'user': 'auth_app.serializers.UserCreateSerializer',
        }
    }

urls.py:


    urlpatterns = [
        path('',home,name='home'),
        path('addInForum/',addInForum,name='addInForum'),
        path('addInDiscussion/',addInDiscussion,name='addInDiscussion'),
        path('<str:forum_id>/getDiscussion/',getDiscussion,name='getDiscussion'),
        path('getDate/',getDate,name='getDate'),
        path('reset/password/reset/confirm/<str:uid>/<str:token>/',PasswordResetView,name='PasswordResetView'),
       # url(r'^reset/password/reset/confirm/(?P<uid>[\w-]+)/(?P<token>[\w-]+)/$', PasswordResetView.as_view(),),
    ]

views.py

    @api_view(['GET'])
    def PasswordResetView(request,uid,token):
        post_data = {'uid': uid, 'token': token}
        return Response(post_data)

1

There are 1 answers

6
minder On

Please remember that djoser should be part of your REST API based on Django REST Framework. You also need to think differently about the url routing in regard of your frontend app..

Usually urls in the form mydomain.com/some_url/whatever are considered "frontend urls" and parsed by routing of your frontend app. On the other hand urls in the form mydomain.com/api/something are considered API urls that are routed via Django's urls.py. I will refer to them as Fronted_URL and API_URL respectively.

So: resetting password works like this. The user that forgot their password and wants to reset it, surely needs to fill some king of form. This form needs to be sent to APIURL returned by resolve('user-reset-password') (by default this returns something like /users/reset_password/)

Here comes PASSWORD_RESET_CONFIRM_URL setting. Because after the body is accepted by the APIURL mentioned above, a mail will be sent to the user with a link that will point to URL entered in that setting. And it has to be FrontendURL! It should be routed by your frontend APP and preferably display some screen. But in the background your frontend app should send the values of uid and token fields to APIURL returned by resolve("user-reset-password-confirm").

This flow allows your frontend app to properly handle the response and display appropriate message to the user and then maybe redirect them to some other screen.

If you don't have a routed frontend app (probably written using REACT, ANGULAR or VUE) then you probably don't need a REST API and should just stick to django-allauth.