使用 Django 的密码重置通知用户电子邮件无效 [英] Inform user that email is invalid using Django's Password Reset

问题描述

我正在使用内置的 django 密码重置功能.文档 指出:

I am using the built-in django password reset functionality. The documentation states:

如果系统中不存在提供的电子邮件地址，则此视图不会发送电子邮件，但用户也不会收到任何错误消息.这可以防止信息泄露给潜在的攻击者.如果您想在这种情况下提供错误消息，您可以将 PasswordResetForm 子类化并使用 password_reset_form 参数.

If the email address provided does not exist in the system, this view won’t send an email, but the user won’t receive any error message either. This prevents information leaking to potential attackers. If you want to provide an error message in this case, you can subclass PasswordResetForm and use the password_reset_form argument.

但是，就我而言，当用户尝试使用错误的用户名进行重置时显示错误消息更为重要.

However, in my case it's more important to show an error message when a user tries to reset using the wrong username.

我明白我需要做什么，但我不知道在子类化 PasswordResetForm 的表单中写什么.

I understand what I need to do but I don't know what to write in the form subclassing PasswordResetForm.

子类化 PasswordResetForm 的表单应该包含哪些内容?

谢谢.

推荐答案

所以我终于自己弄明白了.这是我的实现:

So I finally figured it out myself. Here's my implementation:

class EmailValidationOnForgotPassword(PasswordResetForm):
    def clean_email(self):
        email = self.cleaned_data['email']
        if not User.objects.filter(email__iexact=email, is_active=True).exists():
            raise ValidationError("There is no user registered with the specified email address!")

        return email

您还需要将 {'password_reset_form': EmailValidationOnForgotPassword} 添加到 urls.py.举个例子:

You also need to add {'password_reset_form': EmailValidationOnForgotPassword} to urls.py. Here's an example:

url(r'^user/password/reset/$',
    'django.contrib.auth.views.password_reset',
    {'post_reset_redirect': '/user/password/reset/done/',
     'html_email_template_name': 'registration/password_reset_email.html',
     'password_reset_form': EmailValidationOnForgotPassword},
    name="password_reset"),

这篇关于使用 Django 的密码重置通知用户电子邮件无效的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！