Custom User Authentication with Simple JWT in Django RESTful/

...

/

Password Reset View

Password Reset View

Learn how to reset passwords with views.

We'll cover the following...

This lesson focuses on implementing the reset view.

Create a view for validating the password reset token

When a user clicks on a password reset link, we need to validate the password reset token—checking to see whether it has already been used, if it’s been tampered with, or if it’s expired. Let’s create the class.

Python 3.8
# ....other imports
# updated imports
from django.utils.encoding import smart_bytes, smart_str, DjangoUnicodeDecodeError
from django.utils.http import urlsafe_base64_encode, urlsafe_base64_decode
# other views
class PasswordResetTokenValidationView(generics.GenericAPIView):
    
    def get(self, request, uidb64, token):
        
        try:
            id = smart_str(urlsafe_base64_decode(uidb64))
            user = User.objects.get(id=id)
            if not PasswordResetTokenGenerator().check_token(user, token):
                return Response({'Error': 'Password reset link is expired! Please request for a new one!'}, status=status.HTTP_401_UNAUTHORIZED)
            return Response({'Success':True, 'Message':'Valid Credentials','uidb64':uidb64, 'token': token}, status=status.HTTP_200_OK)
        except DjangoUnicodeDecodeError as exc:
            if not PasswordResetTokenGenerator().check_token(user):
                return Response({'Error': 'Token is not valid! Please request for a new one!'}, status=status.HTTP_401_UNAUTHORIZED)

In the code above:

  • We have the PasswordResetTokenValidationView class in line 10, which is responsible for the reset token validation.
  • The get() request method in line 12 takes an instance, the request, the base64-encoded user ID (uidb64), and the password reset token as
...