Reputation: 4008
In case the user forgot the password, how can I send him a reset link?
In case the user forgot the password, how can I send him a reset link?
Django's PasswordChangeView, requests the old password, not resetting password.
Upvotes: 1
Views: 36
Answers (1)
Reputation: 477210
The PasswordChangeView indeed asks for the old password, since this is the case where a user wants to change the password manually, and then we want to avoid the overhead of a user having to inspect their email, etc. It is however better to ask for the old password, since it could happen that a user has logged in, and now somebody else with (physical) access to their computer want to change the credentials to "take over" the account.
Another related view is the PasswordResetView this will email the user a link to a one-time URL where the user can set a new password. This is still - to some extent - secure since we typically assume the user is the only one with access to their email.
Upvotes: 3
Related Questions
- How can I send a reset password email on Django?
- Send email to user after password reset in django
- How to send reset password token via a single link
- Resetting Password in Django
- How do i send email to user to reset password without explicitly filling PasswordResetForm?
- How to send password reset mail from custom Django views?
- How to use the built-in 'password_reset' view in Django?
- How to allow a new user to reset password?
- How to include a link to reset password and register in Django views?
- Forgot Password function, django