search

anexia-it / django-rest-passwordreset

An extension of django rest framework, providing a configurable password reset strategy
BSD 3-Clause "New" or "Revised" License
419 stars 148 forks source link

Variant of ResetPasswordConfirm that validates a token #45

Closed bctiemann closed 2 years ago

bctiemann commented 5 years ago

Idea for an enhancement: it would be great to have an endpoint where a token could be checked for validity, without submitting a new password.

This would fit into the SPA architecture by allowing the app to present an error page instead of a password-reset form if the page is loaded with an invalid token. Otherwise the user has to try submitting the password change request before getting a rejection.

This might be done with an additional param on ResetPasswordConfirm, or a separate view altogether.

anx-ckreuzberger commented 5 years ago

This would definately improve UX!

If anyone is up, I'll accept a merge request for this. It basically only means to adapt the code here to allow the token to be verified without a password: https://github.com/anx-ckreuzberger/django-rest-passwordreset/blob/7118d430d4b21f78a23530c88a33390c9b6a4f95/django_rest_passwordreset/views.py#L26-L47

anx-ckreuzberger commented 5 years ago

Thanks to the help of @Hall-Erik and MR #60 we just released this feature on PyPi in version 1.1.0rc3.

You should be able install and test it using

pip install django-rest-passwordreset==1.1.0rc3
bctiemann commented 5 years ago

Looks/works great. Thank you!

rafaelcascalho commented 5 years ago

Hey guys! Is this issue still open?

nezhar commented 2 years ago

This has already been released with 1.1.0