Skip to content

Latest commit

 

History

History
108 lines (75 loc) · 3.14 KB

reset_password.rst

File metadata and controls

108 lines (75 loc) · 3.14 KB
Raw

Reset password

API Views

There are two views used in the login workflow:

send-reset-password-link

rest_registration.api.views.send_reset_password_link

reset-password

rest_registration.api.views.reset_password

Assuming that the Django REST registration views are served at https://backend-host/api/v1/accounts/ then the send_reset_password_link, reset_password views are served as:

  • https://backend-host/api/v1/accounts/send-reset-password-link/
  • https://backend-host/api/v1/accounts/reset-password/

accordingly.

Verification workflow

Let's describe it by example. We're assuming that:

  • the Django REST Registration views are served at https://backend-host/api/v1/accounts/
  • you have reset-password-verification-enabled-setting set to True (this by default)
  • you configured reset-password-verification-url-setting to be https://frontend-host/reset-password/

Then the verification workflow looks as follows:

  1. The user who wants to reset his/her password sends AJAX POST request to https://backend-host/api/v1/accounts/send-reset-password-link/ endpoint. Usually this happens via front-end aplication, which could be hosted on https://frontend-host/.

  2. Assuming the registration was correct, The send_reset_password_link endpoint will generate an e-mail which will contain an URL which the user should click to enter new password. the URL would be in a form:

    https://frontend-host/reset-password/?user_id=<user id>&timestamp=<timestamp>&signature=<signature>

    (You can change the way the URL is generated by overriding verification-url-builder-setting)

  3. The frontend endpoint (which is not provided by Django REST Registration) https://frontend-host/reset-password/ would receive following GET parameters:

    • user_id
    • timestamp
    • signature

    and after obtaining the new password from the user it should perform AJAX request to https://backend-host/api/v1/accounts/reset-password/ via HTTP POST with following JSON payload:

    {
    "password": "<new password>",
    "user_id": "<user id>",
    "timestamp": "<timestamp>",
    "signature": "<signature>"
}

    and then show a message to the user depending on the response from backend server.

Default serializers

DefaultSendResetPasswordLinkSerializer

rest_registration.api.serializers.DefaultSendResetPasswordLinkSerializer

List of settings

These settings can be used to configure reset password workflow. You should add them as keys (with values) to your settings.REST_REGISTRATION dict.

detailed_configuration__reset_password