为什么密码重置可以在django中使用未注册的电子邮件? [英] why does password reset works with unregistered email in django?
问题描述
-
我有几个关于Django密码重设工作的问题。在开发阶段重置测试?
-
密码重置会将电子邮件成功发送到未注册的电子邮件地址(如屏幕上所示)。我认为应该显示没有找到这样的注册的电子邮件地址,而不是显示密码重置成功。
-
这是用于重置密码的形式。我从形式动作中感到困惑。它提交给自己,它是
http://127.0.0.1:8000/accounts/password/reset/
,但是如何将其重定向到http ://127.0.0.1:8000 / accounts / password / reset / done /
在提交后提交给自己。{%extendsregistration / registration_base.html%}
{%load i18n%}
{%block title%} {%trans重置密码%} {%endblock%}
{%block content%} {%blocktrans%}
忘记密码?在下面的表单中输入您的电子邮件,我们将向您发送
指令来创建新的。{%endblocktrans%}
< form method ='post'action =''> {%csrf_token %}
< table>
{{form}}
< tr>< td>< / td>< td>< input type ='submit'value ={%trans重置密码%} />< / td>< / tr>
< / table>
< / form>
{%endblock%}
-
我假设问题是你的开发环境没有设置发送电子邮件?在这种情况下,将其添加到您的
settings_local
(或等价物)中:EMAIL_BACKEND ='django.core.mail.backends.console.EmailBackend'
这将导致电子邮件显示在runserver终端中。您可以复制粘贴任何链接。
-
这是故意的,不允许外部用户戳注册表,看看是否有特定的电子邮件已注册或不注册一个隐私功能,我想我们可以称之为。
-
发布到同一个URL是Django的标准做法。这不是一个要求,但这样做是有道理的。这是有道理的,因为一个View可以处理创建
Form
并接收数据,请参见在视图中使用表单
并且重定向发生在视图,故意:def form_valid(self,request,form):
#blah blah ..
返回重定向(success_url)
POST之后的重定向也是一个标准的做法,而不仅仅是Django: http://en.wikipedia.org/wiki / Post /重定向/获取
I have a couple of questions regarding how the password reset works in Django.
How can I do testing on password reset testing during development phase?
The password reset sends email to unregistered email addresses successfully (as appears on screen). I thought it should display "no such registered email address is found" instead of displaying "password reset successful".
Here is the form used for password reset. I am confused from the form action. It submits to itself which is
http://127.0.0.1:8000/accounts/password/reset/
but how is that it is redirected tohttp://127.0.0.1:8000/accounts/password/reset/done/
after submission when it submits to itself.{% extends "registration/registration_base.html" %} {% load i18n %} {% block title %}{% trans "Reset password" %}{% endblock %} {% block content %}{% blocktrans %} Forgot your password? Enter your email in the form below and we'll send you instructions for creating a new one.{% endblocktrans %} <form method='post' action=''>{% csrf_token %} <table> {{ form }} <tr><td></td><td><input type='submit' value="{% trans "Reset password" %}" /></td></tr> </table> </form> {% endblock %}
I presume the problem is that your development environment isn't set up to send emails? In that case, add this in your
settings_local
(or equivalent):EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
This will cause emails to be displayed in the runserver terminal. You can copy-paste any links from there.
That is deliberate, to not-allow outside users to poke at the registration form and see whether a particular email has been registered or not. A "privacy feature", I guess we could call it.
POST-ing to the same URL is a standard practice in Django. It is not a requirement, but it just makes sense to do that. It makes sense because that way a single View handles both creating of the
Form
and receiving the data, see Using a form in a view
And the redirection happens from the View, deliberately:def form_valid(self, request, form): # blah blah... return redirect(success_url)
The redirection after a POST is also a standard practice, and not just in Django: http://en.wikipedia.org/wiki/Post/Redirect/Get
这篇关于为什么密码重置可以在django中使用未注册的电子邮件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!