Implemented the possibility to return the username and email address when validating a token

.github/workflows/test-postgres.yml

@@ -26,22 +26,31 @@ jobs:
           - "3.8"
           - "3.9"
           - "3.10"
+          - "3.11"
         django-version:
           - "3.2"
           - "4.0"
           - "4.1"
+          - "4.2"
         drf-version:
           - "3.12"
           - "3.13"
+          - "3.14"
         exclude:
           - python-version: "3.7"
             django-version: "4.0"
           - python-version: "3.7"
             django-version: "4.1"
+          - python-version: "3.7"
+            django-version: "4.2"
           - drf-version: "3.12"
             django-version: "4.0"
           - drf-version: "3.12"
             django-version: "4.1"
+          - drf-version: "3.12"
+            django-version: "4.2"
+          - drf-version: "3.13"
+            django-version: "4.2"
 
     steps:
     - uses: actions/checkout@v3

.github/workflows/test.yml

@@ -12,10 +12,12 @@ jobs:
           - "3.8"
           - "3.9"
           - "3.10"
+          - "3.11"
         django-version:
           - "3.2"
           - "4.0"
           - "4.1"
+          - "4.2"
         drf-version:
           - "3.12"
           - "3.13"
@@ -25,10 +27,16 @@ jobs:
             django-version: "4.0"
           - python-version: "3.7"
             django-version: "4.1"
+          - python-version: "3.7"
+            django-version: "4.2"
           - drf-version: "3.12"
             django-version: "4.0"
           - drf-version: "3.12"
             django-version: "4.1"
+          - drf-version: "3.12"
+            django-version: "4.2"
+          - drf-version: "3.13"
+            django-version: "4.2"
 
     steps:
     - uses: actions/checkout@v3

README.md

@@ -262,13 +262,13 @@ class RandomStringTokenGenerator(BaseTokenGenerator):
 This library should be compatible with the latest Django and Django Rest Framework Versions. For reference, here is
 a matrix showing the guaranteed and tested compatibility.
 
-django-rest-passwordreset Version | Django Versions | Django Rest Framework Versions | Python |
---------------------------------- | --------------- | ------------------------------ | ------ |
+django-rest-passwordreset Version | Django Versions     | Django Rest Framework Versions | Python |
+--------------------------------- |---------------------| ------------------------------ | ------ |
 0.9.7 | 1.8, 1.11, 2.0, 2.1 | 3.6 - 3.9 | 2.7
-1.0 | 1.11, 2.0, 2.2 | 3.6 - 3.9 | 2.7
-1.1 | 1.11, 2.2 | 3.6 - 3.9 | 2.7
-1.2 | 2.2, 3.0, 3.1 | 3.10, 3.11 | 3.5 - 3.8
-1.3 | 3.2, 4.0, 4.1 | 3.12, 3.13, 3.14 | 3.7 - 3.10
+1.0 | 1.11, 2.0, 2.2      | 3.6 - 3.9 | 2.7
+1.1 | 1.11, 2.2           | 3.6 - 3.9 | 2.7
+1.2 | 2.2, 3.0, 3.1       | 3.10, 3.11 | 3.5 - 3.8
+1.3 | 3.2, 4.0, 4.1, 4.2  | 3.12, 3.13, 3.14 | 3.7 - 3.11
 
 
 ## Documentation / Browsable API

django_rest_passwordreset/views.py

@@ -59,7 +59,16 @@ class ResetPasswordValidateToken(GenericAPIView):
     def post(self, request, *args, **kwargs):
         serializer = self.serializer_class(data=request.data)
         serializer.is_valid(raise_exception=True)
-        return Response({'status': 'OK'})
+
+        return_data = {'status': 'OK'}
+
+        if getattr(settings, 'DJANGO_REST_PASSWORDRESET_USER_DETAILS_ON_VALIDATION', False):
+            token = ResetPasswordToken.objects.get(key=serializer.validated_data['token'])
+
+            return_data['username'] = token.user.username
+            return_data['email'] = token.user.email
+
+        return Response(return_data)
 
 
 class ResetPasswordConfirm(GenericAPIView):

setup.py

@@ -27,6 +27,7 @@
         'Framework :: Django :: 3.2',
         'Framework :: Django :: 4.0',
         'Framework :: Django :: 4.1',
+        'Framework :: Django :: 4.2',
         'Intended Audience :: Developers',
         'License :: OSI Approved :: BSD License',
         'Operating System :: OS Independent',
@@ -36,6 +37,7 @@
         'Programming Language :: Python :: 3.8',
         'Programming Language :: Python :: 3.9',
         'Programming Language :: Python :: 3.10',
+        'Programming Language :: Python :: 3.11',
         'Topic :: Internet :: WWW/HTTP',
         'Topic :: Internet :: WWW/HTTP :: Dynamic Content',
     ],

tests/test/test_auth_test_case.py

@@ -64,6 +64,10 @@ def test_validate_token(self, mock_reset_password_token_created):
         response = self.rest_do_validate_token(last_reset_password_token.key)
         self.assertEqual(response.status_code, status.HTTP_200_OK)
 
+        # there should be no user details in the response
+        self.assertEqual(response.data.get("username"), None)
+        self.assertEqual(response.data.get("email"), None)
+
         # there should be one token
         self.assertEqual(ResetPasswordToken.objects.all().count(), 1)
 
@@ -73,6 +77,31 @@ def test_validate_token(self, mock_reset_password_token_created):
             msg="User 1 should still be able to login with the old credentials"
         )
 
+    @patch('django_rest_passwordreset.signals.reset_password_token_created.send')
+    @override_settings(DJANGO_REST_PASSWORDRESET_USER_DETAILS_ON_VALIDATION=True)
+    def test_validate_token_with_user_details(self, mock_reset_password_token_created):
+        """ Tests validate token with user details in the response """
+
+        # there should be zero tokens
+        self.assertEqual(ResetPasswordToken.objects.all().count(), 0)
+
+        response = self.rest_do_request_reset_token(email="user1@mail.com")
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+
+        last_reset_password_token = mock_reset_password_token_created.call_args[1]['reset_password_token']
+        self.assertNotEqual(last_reset_password_token.key, "")
+
+        # there should be one token
+        self.assertEqual(ResetPasswordToken.objects.all().count(), 1)
+
+        # try to validate token
+        response = self.rest_do_validate_token(last_reset_password_token.key)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+
+        # there should be user details in the response
+        self.assertEqual(response.data.get("username"), "user1")
+        self.assertEqual(response.data.get("email"), "user1@mail.com")
+
     def test_validate_bad_token(self):
         """ Tests validate an invalid token """