pennersr
commented
4 months ago Can you reproduce the issue e.g. using the demo over at https://django.demo.allauth.org/ ? If not, what are the differences in what you are doing compared to the example app? Again, this issue is not actionable on this side.
Enabling CSRF protection in our Django app causes the value self.request.session[INTERNAL_RESET_SESSION_KEY] is "lost"
PasswordResetFromKeyView.dispatch method is entered twice first time self.request.session[INTERNAL_RESET_SESSION_KEY] = self.key is run
second time self.key = self.request.session.get(INTERNAL_RESET_SESSION_KEY, "") has no value form is invalid and Bad Token is displayed