nittolese
commented
2 years ago Hey @nezhar , any update on this? Can I ask why you need to be logged in to request a reset password? Seems non-sense to me!
Thank you!
Closed nittolese closed 2 years ago
nittolese
commented
2 years ago Hey @nezhar , any update on this? Can I ask why you need to be logged in to request a reset password? Seems non-sense to me!
Thank you!
nezhar
commented
2 years ago Hi @nittolese,
Thanks for your contribution and sorry it took so long. Of course you don't need to be authenticated :smile:
There are no permission_classes defined, so I can only asume some custom authentication_classes lead to this behavior. Can you maybe provide your definition of DEFAULT_AUTHENTICATION_CLASSES so I may try to reproduce this also in a test case.
nittolese
commented
2 years ago Hey @nezhar , Here is my default authentication classes in settings.py
"DEFAULT_AUTHENTICATION_CLASSES": (
"rest_framework.authentication.SessionAuthentication",
"rest_framework.authentication.BasicAuthentication",
"rest_framework.authentication.TokenAuthentication",
"rest_framework_simplejwt.authentication.JWTAuthentication",
),Hey @nittolese,
I'm not able to reproduce this in a test, but at the same time I see no reason why we should allow any authentication_classes at this stage in the password reset, so I will add this in the next release.
Thanks again
Problem
Only authenticated users can request a password reset, as described here: https://github.com/anexia-it/django-rest-passwordreset/issues/67
Solution
Adding
authentication_classesto views.