Unable to access verify_token and confirm endpoints

anexia-it / django-rest-passwordreset

An extension of django rest framework, providing a configurable password reset strategy

BSD 3-Clause "New" or "Revised" License

419 stars 148 forks source link

Unable to access verify_token and confirm endpoints #79

Closed kashgo22 closed 4 years ago

kashgo22 commented 4 years ago

Hello,

I am probably doing something silly wrong, but I've been unable to use the /reset_password/confirm/ and /reset_password/validate_token/ endpoints.

I am able to post to /reset_password/, generate the token, receive the signal and send the email.

path('api/password_reset/', include('django_rest_passwordreset.urls', namespace='password_reset')),

I have the above in my urls.py

When I go to: http://127.0.0.1:8000/api/password_reset/reset_password/ I can post an email to request a token.

When I go to: http://127.0.0.1:8000/api/password_reset/reset_password/validate_token/ or http://127.0.0.1:8000/api/password_reset/reset_password/confirm/ there is no change from http://127.0.0.1:8000/api/password_reset/reset_password/, this is what I see:

Any idea why this is the case?

Thanks!

jc-aguilera commented 4 years ago

If you downloaded this from PyPI, that may be the reason. It appears those additional endpoints were added later, but the updated package has not yet been published.

I just ended up adding those endpoints manually.

kashgo22 commented 4 years ago

That makes sense, how can I add those endpoints manually?

Thanks!

jc-aguilera commented 4 years ago

Honestly, I just copied and pasted the necessary code from this repo and added it to a views.py file :rofl:

kashgo22 commented 4 years ago

Worked! Thanks so much ( :

Hall-Erik commented 4 years ago

You can also get those through PyPi, you just need to specify you want the latest release candidate.

pip install django-rest-passwordreset==1.1.0rc3

kashgo22 commented 4 years ago

I tried installing the latest release as you described for a different project, but still experienced the same issue I originally described, not sure why?

pmabres commented 4 years ago

I don't know if you still have the same issues but for django-rest-passwordreset==1.1.0rc3 the urls didn't change at that point and you should call them like this: {API_URL}/ (is the default reset password request) {API_URL}/confirm/ (is the confirmation url) {API_URL}/validate_token/ (is to validate your token)

so if you defined your custom url as: path('api/password_reset/' ...

then your urls would be:

api/password_reset/ api/password_reset/confirm/ api/password_reset/validate_token/

ghost commented 4 years ago

We have just released 1.1.0 on pypi. Please check if the issue persists.

GMikk commented 4 years ago

We have just released 1.1.0 on pypi. Please check if the issue persists.

yes issues still exsists, I just installed through pip and i still see same endpoints for all urls

GMikk commented 4 years ago

I don't know if you still have the same issues but for django-rest-passwordreset==1.1.0rc3 the urls didn't change at that point and you should call them like this: {API_URL}/ (is the default reset password request) {API_URL}/confirm/ (is the confirmation url) {API_URL}/validate_token/ (is to validate your token)

so if you defined your custom url as: path('api/password_reset/' ...

then your urls would be:

api/password_reset/ api/password_reset/confirm/ api/password_reset/validate_token/

tried this, but still got same issue

GMikk commented 4 years ago

Sorry that's was my bad i forgot to put backslash on my path. used this: /forgot should be like this: /forgot/

joshuakoh1 commented 4 years ago

I have this issue on 1.10 and 1.10-rc3 from pip install. The endpoints are missing.

SethThoburn commented 4 years ago

I had the same problem, but I think I have fixed it. It may just be inaccurate documentation. If you do not use the "password_reset" prefix, they work fine.

I have the following line in my url conf: path('password-reset/', include('django_rest_passwordreset.urls', namespace='password_reset')),

I can then access the endpoints: Generate token: http://127.0.0.1:8000/may-app/password-reset/ Confirm token: http://127.0.0.1:8000/my-app/password-reset/confirm Validate token: http://127.0.0.1:8000/my-app/password-reset/validate_token

It seems that generate token actually works for any url that doesn't match any others.

Hope this helps.

HymanZHAN commented 4 years ago

+1 for @SethThoburn

If you look closer, django_rest_passwordreset.urls does not include any reset_password prefix:

""" URL Configuration for core auth
"""
from django.conf.urls import url, include
from django_rest_passwordreset.views import reset_password_request_token, reset_password_confirm, reset_password_validate_token

app_name = 'password_reset'

urlpatterns = [
    url(r'^validate_token/', reset_password_validate_token, name="reset-password-validate"),
    url(r'^confirm/', reset_password_confirm, name="reset-password-confirm"),
    url(r'^', reset_password_request_token, name="reset-password-request"),
]

The documentation is quite misleading and should be updated. I can create a quick PR if there isn't an existing one.

Update: I created a PR just now #101.