Issue #46 Forgot password feature

[m-a-rahul]

Fixes: #46

Description

Built custom templates with UI features relating to the ClassDeck's classic structure, on top of django.contrib.auth.views which offers default authentication feature by also handling form errors.

Type of change

• [x] New feature (non-breaking change which adds functionality)

How Has This Been Tested?

The feature has been tested across multiple times and is completely error free as we have just customised the default django package.

Describe if there is any unusual behaviour of your code(Write NA if there isn't)

• There is a specific place where Django captures the protocol and domain by default in password_reset_email.html
• In the development environment, while running on localhost Django identifies the domain as example.com.
• So I had to make it statically as localhost:8000. I have also attached the code for the production environment in commented format.

password_reset_email.html

line no 5: {{ protocol }}://{{ domain }}{% url 'password_reset_confirm' uidb64=uid token=token %} <- Production (commented)
line no 6: http://localhost:8000{% url 'password_reset_confirm' uidb64=uid token=token %} <- Development (active)

Checklist:

• [x] Have you checked there aren't other open Pull Requests for the same update/change?
• [x] My submission doesn't break any existing feature.
• [x] My code follows the style guidelines of this project.
• [x] I have performed a self-review of my own code.

Screenshots

Successfull Testcase

Invalid token

(If an attacker tries with another token and access the URL or if the same token is used twice)

[yaswanthsaivendra]

@m-a-rahul Usually when we have differentiating stuff b/w development & prod code, its better make use of a simple if-else rather than commenting stuff. What we can do is just make use of DEBUG constant with if statement and check whether if its set to true then implement the dev. code else prod. code.

[m-a-rahul]

Ok cool, got your suggestions. Will write back asap on completion of the changes requested.

[m-a-rahul]

Fixes after the previous set of suggestions

Fix 1

Corresponding bug: Password Update Failure Description: Cause -> Since an AbstractUser model is configured on top of the default Users model the password update didn't work. Fix -> Built a custom form on top SetPasswordForm, which handles this functionality in the Django package

Fix 2

Corresponding bug: Email Check Description: Cause -> Django's default form doesn't inherit the functionality. Fix -> Built a custom form on top PasswordResetForm, which handles this functionality in the Django package

Screenshot:

Fix 3

Corresponding bug: Domain name in dev and prod env Description: Cause -> Django uses the sites framework to capture the domain Fix -> Wrote a condition to change the domain key value to,

• localhost:800 when DEBUG=True and
• classdeck.herokuapp.com when DEBUG=False

Screenshot: