为什么密码重置可以在django中使用未注册的电子邮件？ [英] why does password reset works with unregistered email in django?

问题描述

1. 我有几个关于Django密码重设工作的问题。在开发阶段重置测试？




2. 密码重置会将电子邮件成功发送到未注册的电子邮件地址（如屏幕上所示）。我认为应该显示没有找到这样的注册的电子邮件地址，而不是显示密码重置成功。




3. 这是用于重置密码的形式。我从形式动作中感到困惑。它提交给自己，它是 http://127.0.0.1:8000/accounts/password/reset/ ，但是如何将其重定向到 http ：//127.0.0.1：8000 / accounts / password / reset / done / 在提交后提交给自己。

     {％extendsregistration / registration_base.html％} 
    {％load i18n％} 
    {％block title％} {％trans重置密码％} {％endblock％} 
    {％block content％} {％blocktrans％} 
   忘记密码？在下面的表单中输入您的电子邮件，我们将向您发送
   指令来创建新的。{％endblocktrans％} 
   < form method ='post'action =''> {％csrf_token ％} 
   < table> 
    {{form}} 
   < tr>< td>< / td>< td>< input type ='submit'value ={％trans重置密码％} />< / td>< / tr> 
   < / table> 
   < / form> 
    {％endblock％} 
     

解决方案

1. 我假设问题是你的开发环境没有设置发送电子邮件？在这种情况下，将其添加到您的 settings_local （或等价物）中：

     EMAIL_BACKEND ='django.core.mail.backends.console.EmailBackend'
     

   这将导致电子邮件显示在runserver终端中。您可以复制粘贴任何链接。




2. 这是故意的，不允许外部用户戳注册表，看看是否有特定的电子邮件已注册或不注册一个隐私功能，我想我们可以称之为。




3. 发布到同一个URL是Django的标准做法。这不是一个要求，但这样做是有道理的。这是有道理的，因为一个View可以处理创建 Form 并接收数据，请参见在视图中使用表单
   
   并且重定向发生在视图，故意：

     def form_valid（self，request，form）：
    
   ＃blah blah .. 
    
   返回重定向（success_url）
     

   POST之后的重定向也是一个标准的做法，而不仅仅是Django： http://en.wikipedia.org/wiki / Post /重定向/获取

I have a couple of questions regarding how the password reset works in Django.

1. How can I do testing on password reset testing during development phase?

2. The password reset sends email to unregistered email addresses successfully (as appears on screen). I thought it should display "no such registered email address is found" instead of displaying "password reset successful".

3. Here is the form used for password reset. I am confused from the form action. It submits to itself which is http://127.0.0.1:8000/accounts/password/reset/ but how is that it is redirected to http://127.0.0.1:8000/accounts/password/reset/done/ after submission when it submits to itself.

   {% extends "registration/registration_base.html" %}
   {% load i18n %}
   {% block title %}{% trans "Reset password" %}{% endblock %}
   {% block content %}{% blocktrans %}
   Forgot your password?  Enter your email in the form below and we'll send you
   instructions for creating a new one.{% endblocktrans %}
   <form method='post' action=''>{% csrf_token %}
   <table>
       {{ form }}
       <tr><td></td><td><input type='submit' value="{% trans "Reset password"  %}" /></td></tr>
   </table>
   </form>
   {% endblock %}
   

解决方案

1. I presume the problem is that your development environment isn't set up to send emails? In that case, add this in your settings_local(or equivalent):

   EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
   

   This will cause emails to be displayed in the runserver terminal. You can copy-paste any links from there.

2. That is deliberate, to not-allow outside users to poke at the registration form and see whether a particular email has been registered or not. A "privacy feature", I guess we could call it.

3. POST-ing to the same URL is a standard practice in Django. It is not a requirement, but it just makes sense to do that. It makes sense because that way a single View handles both creating of the Form and receiving the data, see Using a form in a view
   And the redirection happens from the View, deliberately:

   def form_valid(self, request, form):
   
       # blah blah...
   
       return redirect(success_url)
   

   The redirection after a POST is also a standard practice, and not just in Django: http://en.wikipedia.org/wiki/Post/Redirect/Get

这篇关于为什么密码重置可以在django中使用未注册的电子邮件？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！