There are two views used in the login workflow:
rest_registration.api.views.send_reset_password_link
rest_registration.api.views.reset_password
Assuming that the Django REST registration views are served at https://backend-host/api/v1/accounts/
then the send_reset_password_link
, reset_password
views are served as:
https://backend-host/api/v1/accounts/send-reset-password-link/
https://backend-host/api/v1/accounts/reset-password/
accordingly.
Let's describe it by example. We're assuming that:
- the Django REST Registration views are served at
https://backend-host/api/v1/accounts/
- you have
reset-password-verification-enabled-setting
set toTrue
(this by default) - you configured
reset-password-verification-url-setting
to behttps://frontend-host/reset-password/
Then the verification workflow looks as follows:
- The user who wants to reset his/her password sends AJAX POST request to
https://backend-host/api/v1/accounts/send-reset-password-link/
endpoint. Usually this happens via front-end aplication, which could be hosted onhttps://frontend-host/
. Assuming the registration was correct, The
send_reset_password_link
endpoint will generate an e-mail which will contain an URL which the user should click to enter new password. the URL would be in a form:https://frontend-host/reset-password/?user_id=<user id>×tamp=<timestamp>&signature=<signature>
(You can change the way the URL is generated by overriding
verification-url-builder-setting
)The frontend endpoint (which is not provided by Django REST Registration)
https://frontend-host/reset-password/
would receive following GET parameters:user_id
timestamp
signature
and after obtaining the new password from the user it should perform AJAX request to
https://backend-host/api/v1/accounts/reset-password/
via HTTP POST with following JSON payload:{ "password": "<new password>", "user_id": "<user id>", "timestamp": "<timestamp>", "signature": "<signature>" }
and then show a message to the user depending on the response from backend server.
rest_registration.api.serializers.DefaultSendResetPasswordLinkSerializer
These settings can be used to configure reset password workflow. You should add them as keys (with values) to your settings.REST_REGISTRATION
dict.
detailed_configuration__reset_password