时间戳

首页 > 解决方案 > 密码重置激活链接

python - 密码重置激活链接

问题描述

我有 2 个意见。1) 用于用户注册。2) 用于密码重置。生成两个任务的激活链接并发送到邮件。我的第一次注册激活链接工作正常。当我为密码重置创建激活链接时,使用后不会过期。

@csrf_protect
def changing_password_confirmation(request, uidb64, token):
    try:
        uid = force_bytes(urlsafe_base64_decode(uidb64))
        user = User.objects.get(pk=uid)
    except(TypeError, ValueError, OverflowError, User.DoesNotExist):
        user = None
    if user is not None and passord_reset_token.check_token(user, token):
        print('user is not None and passord_reset_token.check_token(user, token)')
        if request.method == 'POST':
            password1 = request.POST.get('password1')
            password2 = request.POST.get('password2')
            if password1 == password2:
                user.set_password(password1)
                user.save()
                return render(request=request, template_name='website/password_reset_complete.html')
            else:
                return HttpResponse('<h1>Password doesnt match</h1>')
        return render(request=request, template_name='website/password_reset_confirm.html')
    else:
        print('User', user)
        result = 'Activation link is invalid!'
        return render(request=request, template_name='website/password_reset_confirm.html', context={'result': result})

from django.contrib.auth.tokens import PasswordResetTokenGenerator
from django.utils import six


class TokenGenerator(PasswordResetTokenGenerator):
    def _make_hash_value(self, user, timestamp):
        return (
                six.text_type(user.pk) + six.text_type(timestamp) +
                six.text_type(user.is_active)
        )


class PasswordTokenGenerator(PasswordResetTokenGenerator):
    def _make_hash_value(self, user, timestamp):
        return (
                six.text_type(user.pk) + six.text_type(timestamp) +
                six.text_type(user.is_active)
        )
account_activation_token = TokenGenerator()
passord_reset_token = PasswordTokenGenerator()

重置密码模板

{% extends "website/header.html" %}

{% block title %}Enter new password{% endblock %}

{% block content %}

{% if validlink %}
<h1>Set a new password!</h1>
<form method="POST">
    {% csrf_token %}
    <div class="form-group">
        Password: <input type="text" class="form-control" name='password1' placeholder="password" value=""/>
    </div>
    <div class="form-group">
        Repeat Password: <input type="text" class="form-control" name='password2' placeholder="confirm" value=""/>
    </div>
    <input type="submit" value="Change my password">
</form>

{% else %}
{{ result }}
{% endif %}

{% endblock %}```

标签: pythondjango

解决方案

首先,Django带有重置密码的视图。我建议您使用它们而不是自己编写。

您的哈希仅随用户的pkis_active字段而变化,并且在用户重置密码后这些不会更改。

    return (
            six.text_type(user.pk) + six.text_type(timestamp) +
            six.text_type(user.is_active)
    )

Django通过在哈希中包含用户的和来解决这个问题,以便在密码重置后它会更改。passwordlast_login

推荐阅读