Implement Variant of ResetPasswordConfirm that validates a token #59
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This looks good.
That's what a good PR looks like :) Anyway, personally I would have gone for a separate endpoint, e.g., I'm going to leave this open for a week or so, as I would like to see some opinions on whether the implemented endpoint logic within this PR is considered as okay or not. |
|
I agree with you about using separate endpoints. That way when the user gets a 200 from |
|
closed in favour of #60 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This implements #45
If the user sets
DJANGO_REST_PASSWORDRESET_ALLOW_TOKEN_VALIDATION = Truein settings,the password field becomes optional in
ResetPasswordConfirm. It will return a 200 if a valid token is provided without a password.If
DJANGO_REST_PASSWORDRESET_ALLOW_TOKEN_VALIDATIONis not set, or is set to False,ResetPasswordConfirmbehaves as it did before - returning a 400 if a password isn't given.I also added a couple of tests for this and updated the README.