Django registration and password reset on one page - django

Is there way to create just one page for login and reset password?
I tried to create two forms page with following code in template:
<form action="" method="post" id="formLoginIndex">
{% csrf_token %}
<div id="elogin">
<p><label for="id_username">Login</label>
{{ form.username }}</p>
<p><label for="id_password">Пароль</label>
{{ form.password }}</p>
</div>
<p class="submit">
<button type="submit" class="enter">Enter</button>
{% if next %}
<input type="hidden" name="next" value="{{ next }}" />
{% else %}
<input type="hidden" name="next" value="/electricity/" />
{% endif %}
<button class="forgot" type="button" onclick="$('#forgotten').toggle('normal');">Forgot password?</button>
</p>
</form>
<div id="forgotten">
<form action="/reset/done/" method="post" id="formForgot">
{% csrf_token %}
<p>
<label for="id_username_forgot">Login</label>
<input id="id_username_forgot" type="text" name="username" maxlength="30" />
</p>
<p>
<label for="id_email">e-mail</label>
<input id="id_email" type="text" name="email" maxlength="40" />
</p>
<p class="submit">
<button class="remember" type="submit">Reset</button>
</p>
</form>
</div>
And urls :
url(r'^login/$', 'django.contrib.auth.views.login'),
url(r'^reset/done/$', 'django.contrib.auth.views.password_reset_done'),
However works only login feature. Reset doesn't work. Obviously is that I'm just doing smth wrong.
So should I load somehow views.password_reset into the same page or even rewrite django in auth views or there is another common solution?

The point is that you need a form to show the PasswordResetForm and it's action should be set to point to reset/
when this form is submitted via method POST, it's redirected to where the argument post_change_redirect points to, and there you can show the user that the password has been changed.
( In case the form evaluates to be correct , else, it would re-render the form with errors shown )
url(r'^reset/$', password_reset,
{'template_name':'your_template',
'post_change_redirect':'/reset/done/',
'extra_context':{'argument':'to tempate'}}, name='some_name'),
url(r'^reset/done/', password_reset_done,
{'template_name':'the template to show a success message',
'extra_context':{'message':'your password is changed successfully'}},),
looking at the defaults for this function ,It gives some cool info about how it works and its defaults if not given:
password_reset (request, is_admin_site=False,
template_name='registration/password_reset_form.html',
email_template_name='registration/password_reset_email.html',
subject_template_name='registration/password_reset_subject.txt',
password_reset_form=PasswordResetForm,
token_generator=default_token_generator,
post_reset_redirect=None,
from_email=None,
current_app=None,
extra_context=None)

Related

Django: Trouble with logging user using Bootstrap login.html

I'm using Django 3.0.2 + Boostrap. I have created a registration/login.html page. The contents of this page are shown below.
The page renders correctly and most of it works OK. However, I am unable to login to my website through this page. I keep getting Your username and password did not match. Please try again. I can login to the admin website without any issues if I use the same username/password. I am not sure what is wrong with my login.html. Any ideas?
{% extends "base.html" %}
{% block content %}
{% if form.errors %}
<p>Your username and password did not match. Please try again.</p>
{% endif %}
{% if next %}
{% if user.is_authenticated %}
<p>Your account does nohave access to this page. To proceed,please login with an account that has access.</p>
{% else %}
<p>Please login to see this page.</p>
{% endif %}
{% endif %}
<div class="container-fluid">
<div class="row justify-content-center">
<div class="col-lg-6">
<div class="p-5">
<div class="text-center">
<h1 class="h4 text-gray-900 mb-4">Welcome Back!</h1>
</div>
<form class="user" method="post" action="{% url 'login' %}">
{% csrf_token %}
<div class="form-group">
<input type="text" class="form-control form-control-user" id="exampleInputUserName" placeholder="Username">
</div>
<div class="form-group">
<input type="password" class="form-control form-control-user" id="exampleInputPassword" placeholder="Password">
</div>
<input type="submit" class="btn btn-primary btn-user btn-block" value="Login">
<input type="hidden" name="next" value="{{ next }}">
</form>
<hr>
<div class="text-center">
<a class="small" href="forgot-password.html">Forgot Password?</a>
</div>
<div class="text-center">
<a class="small" href="register.html">Create an Account!</a>
</div>
</div>
</div>
</div>
</div>
{% endblock %}
Contents of views.py:
from django.contrib.auth import logout
def logout_view(request):
"""Log out user from the website."""
logout(request)
Your input types are missing the name attribute. As per the Mozilla docs:
A string specifying a name for the input control. This name is
submitted along with the control's value when the form data is
submitted.
So the name is submitted with the form. But what if there is no name attribute?
Same Documentation explains:
Consider the name a required attribute (even though it's not). If an
input has no name specified, or name is empty, the input's value is
not submitted with the form.
So your username and password are not sent to the backend.
You need to provide the name attributes to your input types.
<form class="user" method="post" action="{% url 'login' %}">
{% csrf_token %}
<div class="form-group">
<input type="text" class="form-control form-control-user" id="exampleInputUserName" placeholder="Username" `name="username"`>
</div>
<div class="form-group">
<input type="password" class="form-control form-control-user" id="exampleInputPassword" placeholder="Password" name="password">
</div>
<input type="submit" class="btn btn-primary btn-user btn-block" value="Login">
<input type="hidden" name="next" value="{{ next }}">
</form>
It is front-end issue, not particularly related to Django.

django allauth: redirecting for invalid passwords

I have a custom page which calls allauth signup view (custom_passcheck.html)
<form action="{% url 'account_signup' %}" method="post" class="form">
{% csrf_token %}
<BR>
<BR>
<BR>
<center>
<div class=signuponepage>
<div class=sign-up>
<div class=signup-box>
<div class="form-element email-address">
<label id="email-address-label">
<strong>
Create a password (it must be 6 characters long)
</strong>
<input type="hidden" name="username" value="{{ pemail }}">
<input type="hidden" name="email" value="{{ email }}">
<input type="text" maxlength="19" name="password1" value="" placeholder="Password">
<input type="text" maxlength="19" name="password2" value="" placeholder="Password (again)">
</label>
</div>
<div class="form-element nextstep-button">
{% buttons %}
<button type="submit" class="btn btn-primary btn-sm">
Finish {% bootstrap_icon "chevron-right" %}
</button>
{% endbuttons %}
</div>
</div>
</div>
</div>
</center>
</form>
Now, if a user puts in password less than 6 chars, it will raise an error and redirect the user to allauth signup page (/account/signup)
Question: instead of redirecting to (/account/signup), how can i redirect to the custom page (custom_passcheck.html) while preserving POST data

Django next redirect with default view

I'm trying to enter the page while I'm not logged in and app redirect me to login page and getting the next parameter is working (ex.
localhost:8000/login/?next=/blog/add/
but when I enter login and password and click login button it redirect me to home page, not that one that is in the next parameter
localhost:8000, not localhost:8000/blog/add/
I'm using default django login view so it is possible to do this without changing anything in login view?
Everything is default by django, I added only next parameter while redirecting to login page (with using #login_required(login_url='login')), I heard that Django has built in feature for redirecting after login with next parameter and nothing more is required?
urls.py
url(r'^login/$',
django.contrib.auth.views.login,
{
'template_name': 'user/login.html',
'authentication_form': user.forms.BootstrapAuthenticationForm,
'extra_context':
{
'title': 'Logowanie',
'year': datetime.now().year,
}
},
name='login'),
login.html
<form action="" method="post" class="form-horizontal">
{% csrf_token %}
<h4>Uzyj konta LDAP zeby sie zalogowac</h4>
<hr />
<div class="form-group">
<div class="col-md-10">
{{ form.username }}
</div>
</div>
<div class="form-group">
<div class="col-md-10">
{{ form.password }}
</div>
</div>
<div class="form-group">
<div class="col-md-10">
<input type="hidden" name="next" value="/" />
<input type="submit" value="Zaloguj" class="btn btn-primary btn-block btn-pb" />
</div>
</div>
{% if form.errors %}
<p class="validation-summary-errors">Please enter a correct user name and password.</p>
{% endif %}
</form>
The problem is that you have hardcoded the next variable as / in your template:
<input type="hidden" name="next" value="/" />
You should change it to use {{ next }}:
<input type="hidden" name="next" value="{{ next }}" />

Django only submitting csrf token in forms?

So, I have this in my template:
<form action="./validate_code/" method="POST">
{% if error %}
<p>Sorry, that wasn't right.</p>
{% endif %}
<label for="class_code">Your class code: </label>
<input type='text' id='class_code'/>
<input type="color" id="color"/>
{% csrf_token %}
<input type="submit" value="submit">
</form>
Which compiles to:
<form action="./validate_code/" method="POST">
<label for="class_code">Your class code: </label>
<input type='text' id='class_code'/>
<input type="color" id="color"/>
<input type='hidden' name='csrfmiddlewaretoken' value='tGA4jKF1pd1QFC6NSAM9eNFvZqss0r4m' />
<input type="submit" value="submit">
</form>
And when I click submit, firefox sends this parameter:
csrfmiddlewaretoken:"tGA4jKF1pd1QFC6NSAM9eNFvZqs60r4m"
That's it. No text, no color. I have no idea what's going on.
None of your fields have a name attribute, so the browser sends no data.
You should really be using Django's forms framework for this, though.
As mentioned above, you need to specify a "name" attribute in your input fields. You don't need to use Django forms, but if you are submitting the form normally, any fields you are expecting to be sent need to have a name.
<form action="./validate_code/" method="POST">
{% if error %}
<p>Sorry, that wasn't right.</p>
{% endif %}
<label for="class_code">Your class code: </label>
<input type="text" name="class_code" id="class_code">
<input type="color" name="color">
{% csrf_token %}
<button type="submit">Submit</button>
</form>

Django-rest-framework: rewrite default form validaiton

I have recently started to use django-rest-framework in my projects and I have faced a problem.
Here is a simple auth form I have:
<form action="{% url 'rest_framework:login' %}" method="post">
{% csrf_token %}
<input type="e-mail" name="username" value="" placeholder="Логин" maxlength="100" required="required">
<input type="password" name="password" value="" placeholder="Пароль" maxlength="100" required="required">
<button type="submit" class="lightbluebtn">Войти</button>
</form>
I can't really figure out how to validate it. I just need the error to be shown on the form.
Every time I submit my form with invalid data I redirected to rest-framework login page.
Also I have django-rest-framework default urls:
url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
Is there any way to use it with django default forms?
Can you guys help me to fix it?
I will be very grateful for the help.
if for the api you are using a session authentication then you don't need the rest_framework login page, that page is useful usually in the dev environment, you can just point to the {% url 'login' %} page (that uses django.contrib.auth.views.login view), and override that template by naming yours registration/login.html , for outputting form errors just use {{ form.error }}, like for example:
{# file registration/login.html #}
{% if form.errors %}
<div class="alert alert-danger">
<p>Your email and password didn't match. Please try again.</p>
</div>
{% endif %}
<form action="{% url 'login' %}" method="post">
{% csrf_token %}
<input type="e-mail" name="username" value="" placeholder="Логин" maxlength="100" required="required">
<input type="password" name="password" value="" placeholder="Пароль" maxlength="100" required="required">
<button type="submit" class="lightbluebtn">Войти</button>
</form>