Currently django-rest-passwordreset requires that a user has a usable password before they are able to reset their password because some users such as LDAP users shouldn't be able to change their password
I have run into a use case where users who are signed in via social media (eg Facebook or Google), may try and reset their password. They have a valid email and should be able to reset their password even if they don't have one set yet.
I am proposing to add a setting DJANGO_REST_MULTITOKENAUTH_REQUIRE_USABLE_PASSWORD which when set to False would allow users without a reusable password to reset their password
@anx-ckreuzberger, I hope you don't mind that I've made a PR for this as well. It's the other issue I ran into when using your library. Please let me know what you think.
Background
django-rest-passwordreset
requires that a user has a usable password before they are able to reset their password because some users such as LDAP users shouldn't be able to change their passwordDJANGO_REST_MULTITOKENAUTH_REQUIRE_USABLE_PASSWORD
which when set toFalse
would allow users without a reusable password to reset their passwordChanges
DJANGO_REST_MULTITOKENAUTH_REQUIRE_USABLE_PASSWORD
settingUser.eligible_for_reset()
rather than a long conditionalhas_usable_password()
whenDJANGO_REST_MULTITOKENAUTH_REQUIRE_USABLE_PASSWORD == True
(this is default behaviour)Testing