-
Notifications
You must be signed in to change notification settings - Fork 303
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix allauth reset password bug #276
Conversation
When the project uses allauth, the reset password email will generate an incorrect token(because allauth use it self token_generator), which prevents the user from resetting the password. This is a serious problem, please merge as soon as possible. Thanks! |
And, I provide a temporary workaround: from dj_rest_auth.serializers import \
PasswordResetSerializer as DefaultPasswordResetSerializer
...
class PasswordResetSerializer(DefaultPasswordResetSerializer):
'''Workaround'''
def save(self):
if 'allauth' in settings.INSTALLED_APPS:
from allauth.account.forms import default_token_generator
else:
from django.contrib.auth.tokens import default_token_generator
request = self.context.get('request')
# Set some values to trigger the send_email method.
opts = {
'use_https': request.is_secure(),
'from_email': getattr(settings, 'DEFAULT_FROM_EMAIL'),
'request': request,
'token_generator': default_token_generator,
}
opts.update(self.get_email_options())
self.reset_form.save(**opts) Then add in REST_AUTH_SERIALIZERS = {
...
# workaround
'PASSWORD_RESET_SERIALIZER': 'ucenter.serializers.PasswordResetSerializer',
...
} |
I found another problem. Because allauth uses base36 to encrypt uid, but django uses base64 by default, it will prompt |
Fix allauth verify url not match Fix unit test: test_password_reset_with_invalid_email
This change is in the latest release |
Which version of allauth was this tested against? Running dj-rest-auth==2.1.9 and django-allauth==0.45.0 gives me the following error on this line:
|
Please see faq no.2 first: https://dj-rest-auth.readthedocs.io/en/latest/faq.html |
This is broken, at least in the demo project. When I try to reset a password in the demo, I get the follow stacktrace
The same when I implement the instuction of the FAQ in my own project |
Indeed the generated reset token has a form like |
This causes ``` path = reverse( 'password_reset_confirm', args=[user_pk_to_url_str(user), temp_key], ) ``` in `AllAuthPasswordResetForm` to fail and return `django.urls.exceptions.NoReverseMatch`. See: iMerica#276 (comment)
This causes ``` path = reverse( 'password_reset_confirm', args=[user_pk_to_url_str(user), temp_key], ) ``` in `AllAuthPasswordResetForm` to fail and return `django.urls.exceptions.NoReverseMatch`. See: #276 (comment)
This causes ``` path = reverse( 'password_reset_confirm', args=[user_pk_to_url_str(user), temp_key], ) ``` in `AllAuthPasswordResetForm` to fail and return `django.urls.exceptions.NoReverseMatch`. See: iMerica/dj-rest-auth#276 (comment)
No description provided.