Closed nittolese closed 2 years ago
Hey @nezhar , any update on this? Can I ask why you need to be logged in to request a reset password? Seems non-sense to me!
Thank you!
Hi @nittolese,
Thanks for your contribution and sorry it took so long. Of course you don't need to be authenticated :smile:
There are no permission_classes
defined, so I can only asume some custom authentication_classes
lead to this behavior. Can you maybe provide your definition of DEFAULT_AUTHENTICATION_CLASSES
so I may try to reproduce this also in a test case.
Hey @nezhar , Here is my default authentication classes in settings.py
"DEFAULT_AUTHENTICATION_CLASSES": (
"rest_framework.authentication.SessionAuthentication",
"rest_framework.authentication.BasicAuthentication",
"rest_framework.authentication.TokenAuthentication",
"rest_framework_simplejwt.authentication.JWTAuthentication",
),
Hey @nittolese,
I'm not able to reproduce this in a test, but at the same time I see no reason why we should allow any authentication_classes
at this stage in the password reset, so I will add this in the next release.
Thanks again
Problem
Only authenticated users can request a password reset, as described here: https://github.com/anexia-it/django-rest-passwordreset/issues/67
Solution
Adding
authentication_classes
to views.