Opened 12 days ago

Last modified 8 days ago

#28780 assigned New feature

Allow customizing PasswordResetConfirmView's INTERNAL_RESET_URL_TOKEN

Reported by: Meiyer Owned by: Tim G.
Component: contrib.auth Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: yes

Description

Since this parameter appears in the URL of the forgotten password reset request (= part of the public interface of the website), it would be nice if websites could customize the value.

Change History (7)

comment:1 Changed 12 days ago by Tim Graham

Component: Uncategorizedcontrib.auth
Summary: Ability to customize INTERNAL_RESET_URL_TOKENAllow customizing PasswordResetConfirmView's INTERNAL_RESET_URL_TOKEN
Triage Stage: UnreviewedAccepted

comment:2 Changed 11 days ago by Tim G.

Owner: changed from nobody to Tim G.
Status: newassigned

comment:3 Changed 11 days ago by Tim G.

How this parameter should be customizable? Settings?

comment:4 Changed 10 days ago by Tim Graham

It could be a class attribute on the view.

comment:5 Changed 10 days ago by Meiyer

I think the configuration that will allow the easiest customization is a class attribute such as:

class PasswordResetConfirmView(PasswordContextMixin, FormView):
    reset_token_placeholder = INTERNAL_RESET_URL_TOKEN

Then it can be used in urls.py with

url('<pattern>',
    PasswordResetConfirmView.as_view(reset_token_placeholder='wachtwoord-aanduiding'),
    name='password_reset_confirm')

Because of the format limitations on the <token> parameter (two alphanumeric strings separated by a hyphen), it will be useful to add instructions to the documentation so that developers do not accidentally break their password reset functionality.

comment:7 Changed 8 days ago by Claude Paroz

Has patch: set
Version: 1.11master
Note: See TracTickets for help on using tickets.
Back to Top