我正在使用django 1.6和django-registration 1.0。
我不得不修补 django 注册上的网址,因为他们截至 2014 年 2 月 19 日还没有发布更新。
除password_reset_confirm外,所有密码重置网址/视图都有效。
在我的主 urls.py 文件中,我有这个:
url(r'^accounts/', include('registration.backends.simple.urls')),
在注册/后端/简单/网址上.py我有这个:
from django.conf.urls import include
from django.conf.urls import patterns
from django.conf.urls import url
from django.views.generic.base import TemplateView
from registration.backends.simple.views import RegistrationView
urlpatterns = patterns('',
url(r'^register/$',
RegistrationView.as_view(),
name='registration_register'),
url(r'^register/closed/$',
TemplateView.as_view(template_name='registration/registration_closed.html'),
name='registration_disallowed'),
(r'', include('registration.auth_urls')),
)
from django.contrib.auth import views as auth_views
# THIS IS A PATCH added by me !!!
urlpatterns = patterns('',
# override the default urls
url(r'^password/change/$',
auth_views.password_change,
name='password_change'),
url(r'^password/change/done/$',
auth_views.password_change_done,
name='password_change_done'),
url(r'^password/reset/$',
auth_views.password_reset,
name='password_reset'),
url(r'^password/reset/done/$',
auth_views.password_reset_done,
name='password_reset_done'),
url(r'^password/reset/complete/$',
auth_views.password_reset_complete,
name='password_reset_complete'),
url(r'^password/reset/confirm/(?P<uidb64>[0-9A-Za-z]+)-(?P<token>.+)/$',
auth_views.password_reset_confirm,
name='password_reset_confirm'),
# and now add the registration urls
url(r'', include('registration.backends.default.urls')),
)
Django1.6 django/contrib/auth/views.py 具有password_reset_confirm的功能:
# Doesn't need csrf_protect since no-one can guess the URL
@sensitive_post_parameters()
@never_cache
def password_reset_confirm(request, uidb64=None, token=None,
template_name='registration/password_reset_confirm.html',
token_generator=default_token_generator,
set_password_form=SetPasswordForm,
post_reset_redirect=None,
current_app=None, extra_context=None):
"""
View that checks the hash in a password reset link and presents a
form for entering a new password.
"""
UserModel = get_user_model()
assert uidb64 is not None and token is not None # checked by URLconf
if post_reset_redirect is None:
post_reset_redirect = reverse('password_reset_complete')
else:
post_reset_redirect = resolve_url(post_reset_redirect)
try:
uid = urlsafe_base64_decode(uidb64)
user = UserModel._default_manager.get(pk=uid)
except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist):
user = None
if user is not None and token_generator.check_token(user, token):
validlink = True
if request.method == 'POST':
form = set_password_form(user, request.POST)
if form.is_valid():
form.save()
return HttpResponseRedirect(post_reset_redirect)
else:
form = set_password_form(None)
else:
validlink = False
form = None
context = {
'form': form,
'validlink': validlink,
}
if extra_context is not None:
context.update(extra_context)
return TemplateResponse(request, template_name, context,
current_app=current_app)
所以要么token_generator.check_token(user, token)返回False,要么user == None。
最大的痛苦是,这只会随机发生(在我看来)。所以调试很痛苦。有时它工作({{ form }}
渲染输入),经常失败({{ form }}
渲染"无"代替输入标记)
任何帮助将不胜感激。
出于某种原因,token_generator.check_token(user, token)
正在确定时间戳/uid 已被篡改。这意味着需要生成一个新的令牌。
从模板中,我将检测到{{ form }}
为"无"。如果是这种情况,我将放置一个链接来重新启动整个过程。
{% if form != None %}
<div class="modal-body">
<p>Type in a new password. Try not to forget this one!</p>
{{ form }}
</div>
<div class="modal-footer">
<button type="submit" class="btn btn-primary"><span>Continue</span></button>
</div>
{% else %}
<div class="modal-body">
<p>This link has expired. You'll need to click "Reset Password" again.</p>
<p><a class="btn btn-primary" href="{% url 'auth_password_reset' %}">Reset Password</a></p>
</div>
{% endif %}
这很重要,因为如果你没有这个,django-bootstrap-form 会阻塞并抛出 500 错误。