Is there a way to use Django's default password reset without sending reset link via email?

Question

Is there a way to use django's inbuilt password reset function without sending reset links via email or without the email option. I am currently developing a simple system with a few number of users on which sending emails are not needed.Thanks in advance

Answer 1

You can change password with forms and in the views.py use the function

make_password()

if passwordForm.is_valid():
    password = passwordForm.cleaned_data['password']
    request.user.password = make_password(password)
    request.user.save()

[make_password][1]https://docs.djangoproject.com/en/1.11/topics/auth/passwords/

Answer 2

I'm not familiar with django but I've worked on other apps before where access was gained for any user, even the initial admin, via password reset. In all those cases the method of working has been similar - the reset link is formed from some URL stub plus a unique key that is found in some database table somewhere. Manually assembling the link and using it worked out just fine, though one system used an emailsentdate column and refused to do anything unless it was populated , so check for anything similar if you don't get success with a simple approach

If you absolutely have to have an email server, there do exist simple ones intended for dev use like smtpdev, they behave like an smtp server to fool an app that demands one, but they don't send the emails onto anywhere, they just display them. Intended for debugging but might help you if django insists on one being configured that looks like a real mail server

Answer 3

There are some options in django.contrib.auth that allows you to change the password without needing to send an email:

• PasswordChangeForm: A form that lets a user change their password by entering their old password.
• SetPasswordForm: A form that lets a user change set their password without entering the old password

You can implement one of them in your view to change the users password.