Note
The Recover
and Reset
views share a common attribute, salt
. This is the salt used for signing the password reset link, it is useful for avoiding collisions with values you may have signed elsewhere in your app. It doesn't need to be complicated, just distinct from other salts you're using in your code. More importantly, the salt must be the same on the Recover
and the Reset
views. The default salt is password_recovery
. If you're not already using this as a salt somewhere else in your app, you don't need to alter it.
Additionally, there is a url_salt
used for redirecting the user after he has entered his username or email. This salt must be different than the other one. Its default value is password_recovery_url
.
This is a FormView
that asks for a username or email, finds the corresponding user object and sends him an email.
case_sensitive
: whether to search case-sensitively based on the form data. Default:True
.form_class
: the form to use for validating the user. Default:password_reset.forms.PasswordRecoveryForm
.success_url_name
: the name of the URL to redirect to after sending the recovery email. Change it if you don't use the provided URLconf. Defaults topassword_reset_sent
.template_name
: defaults topassword_reset/recovery_form.html
.email_template_name
: the template to use for sending the reset link by email. Default:password_reset/recovery_email.txt
.email_subject_template_name
: the template to use for generating the email subject. Defaults topassword_reset/recovery_email_subject.txt
.search_fields
: the fields to search for on theUser
model. Default is['username', 'email']
, you can restrict it to['username']
or['email']
but no other fields are supported, at least not with the default form class.
send_notification()
: this builds the email context, loads the template and sends the password reset email.
This is a TemplateView
to confirm the user that an email was sent.
template_name
:password_reset/reset_sent.html
invalid
Set to True
if the URL signature isn't valid, which happens if you change your SECRET_KEY
, the url_salt
or if people try to reverse-engineer your URLs.
email
: the username or email of the user.
timestamp
: the time the signature was issues, which normally corresponds to the time the reset email was sent.
form_class
: defaults topassword_reset.forms.PasswordResetForm
.token_expires
: expiration time (in seconds) of the password reset token. Default is two days.template_name
: defaults topassword_reset/reset.html
.success_url
: the URL to redirect to after a successful password reset. Defaults toreverse_lazy('password_reset_done')
, change it if you don't use the provided URLconf.
invalid()
: this method builds the response returned when an invalid token is encountered.
This is a simple TemplateView
that displays a success message. Its default template_name
is password_reset/recovery_done.html
.