Django allauth 无效令牌错误未显示
Django allauth invalid token error not showing
我在我的 Django 项目中使用 allauth 进行身份验证。
在 PasswordResetFromKeyView 中,无论出于何种原因,我无法弄清楚为什么当密码重置令牌无效时没有显示错误。
相反,令牌被捕获为无效,但页面只是重新加载而没有向用户发送任何消息。
allauth.account.views.PasswordResetFromKeyView
class PasswordResetFromKeyView(AjaxCapableProcessFormViewMixin, FormView):
template_name = (
"account/password_reset_from_key." + app_settings.TEMPLATE_EXTENSION)
form_class = ResetPasswordKeyForm
success_url = reverse_lazy("account_reset_password_from_key_done")
def get_form_class(self):
return get_form_class(app_settings.FORMS,
'reset_password_from_key',
self.form_class)
def dispatch(self, request, uidb36, key, **kwargs):
self.request = request
self.key = key
if self.key == INTERNAL_RESET_URL_KEY:
self.key = self.request.session.get(INTERNAL_RESET_SESSION_KEY, '')
# (Ab)using forms here to be able to handle errors in XHR #890
token_form = UserTokenForm(
data={'uidb36': uidb36, 'key': self.key})
if token_form.is_valid():
self.reset_user = token_form.reset_user
return super(PasswordResetFromKeyView, self).dispatch(request,
uidb36,
self.key,
**kwargs)
else:
token_form = UserTokenForm(
data={'uidb36': uidb36, 'key': self.key})
if token_form.is_valid():
# Store the key in the session and redirect to the
# password reset form at a URL without the key. That
# avoids the possibility of leaking the key in the
# HTTP Referer header.
self.request.session[INTERNAL_RESET_SESSION_KEY] = self.key
redirect_url = self.request.path.replace(
self.key, INTERNAL_RESET_URL_KEY)
return redirect(redirect_url)
self.reset_user = None
response = self.render_to_response(
self.get_context_data(token_fail=True)
)
return _ajax_response(self.request, response, form=token_form)
def get_context_data(self, **kwargs):
ret = super(PasswordResetFromKeyView, self).get_context_data(**kwargs)
ret['action_url'] = reverse(
'account_reset_password_from_key',
kwargs={'uidb36': self.kwargs['uidb36'],
'key': self.kwargs['key']})
return ret
查看
class PasswordResetConfirmView(PasswordResetFromKeyView):
form_class = PasswordResetConfirmForm
template_name = 'users/password_reset_confirm.html'
def get_success_url(self):
return reverse('account_login')
模板
{% load crispy_forms_tags %}
<div class="content-section">
<form method="POST">
{% csrf_token %}
<fieldset class="form-group">
<legend class="border-bottom mb-4">Confirm New Password</legend>
{{ form|crispy }}
</fieldset>
<div class="form-group">
<button class="btn btn-outline-info" type="submit">Save password</button>
</div>
</form>
</div>
allauth 视图使用模板 "account/password_reset_from_key.html"。您应该检查一下,因为它包含一个 if/else 语句,如果令牌无效则显示错误:
<h1>{% if token_fail %}{% trans "Bad Token" %}{% else %}{% trans "Change Password" %}{% endif %}</h1>
{% if token_fail %}
Some error message
{% else %}
<form> ... </form>
{% endif %}
因此,当您覆盖模板时,请确保您在 token_fail 为 True 的情况下执行某些操作。
我在我的 Django 项目中使用 allauth 进行身份验证。
在 PasswordResetFromKeyView 中,无论出于何种原因,我无法弄清楚为什么当密码重置令牌无效时没有显示错误。
相反,令牌被捕获为无效,但页面只是重新加载而没有向用户发送任何消息。
allauth.account.views.PasswordResetFromKeyView
class PasswordResetFromKeyView(AjaxCapableProcessFormViewMixin, FormView):
template_name = (
"account/password_reset_from_key." + app_settings.TEMPLATE_EXTENSION)
form_class = ResetPasswordKeyForm
success_url = reverse_lazy("account_reset_password_from_key_done")
def get_form_class(self):
return get_form_class(app_settings.FORMS,
'reset_password_from_key',
self.form_class)
def dispatch(self, request, uidb36, key, **kwargs):
self.request = request
self.key = key
if self.key == INTERNAL_RESET_URL_KEY:
self.key = self.request.session.get(INTERNAL_RESET_SESSION_KEY, '')
# (Ab)using forms here to be able to handle errors in XHR #890
token_form = UserTokenForm(
data={'uidb36': uidb36, 'key': self.key})
if token_form.is_valid():
self.reset_user = token_form.reset_user
return super(PasswordResetFromKeyView, self).dispatch(request,
uidb36,
self.key,
**kwargs)
else:
token_form = UserTokenForm(
data={'uidb36': uidb36, 'key': self.key})
if token_form.is_valid():
# Store the key in the session and redirect to the
# password reset form at a URL without the key. That
# avoids the possibility of leaking the key in the
# HTTP Referer header.
self.request.session[INTERNAL_RESET_SESSION_KEY] = self.key
redirect_url = self.request.path.replace(
self.key, INTERNAL_RESET_URL_KEY)
return redirect(redirect_url)
self.reset_user = None
response = self.render_to_response(
self.get_context_data(token_fail=True)
)
return _ajax_response(self.request, response, form=token_form)
def get_context_data(self, **kwargs):
ret = super(PasswordResetFromKeyView, self).get_context_data(**kwargs)
ret['action_url'] = reverse(
'account_reset_password_from_key',
kwargs={'uidb36': self.kwargs['uidb36'],
'key': self.kwargs['key']})
return ret
查看
class PasswordResetConfirmView(PasswordResetFromKeyView):
form_class = PasswordResetConfirmForm
template_name = 'users/password_reset_confirm.html'
def get_success_url(self):
return reverse('account_login')
模板
{% load crispy_forms_tags %}
<div class="content-section">
<form method="POST">
{% csrf_token %}
<fieldset class="form-group">
<legend class="border-bottom mb-4">Confirm New Password</legend>
{{ form|crispy }}
</fieldset>
<div class="form-group">
<button class="btn btn-outline-info" type="submit">Save password</button>
</div>
</form>
</div>
allauth 视图使用模板 "account/password_reset_from_key.html"。您应该检查一下,因为它包含一个 if/else 语句,如果令牌无效则显示错误:
<h1>{% if token_fail %}{% trans "Bad Token" %}{% else %}{% trans "Change Password" %}{% endif %}</h1>
{% if token_fail %}
Some error message
{% else %}
<form> ... </form>
{% endif %}
因此,当您覆盖模板时,请确保您在 token_fail 为 True 的情况下执行某些操作。