使用Django的密码重置通知用户电子邮件无效

I am using the built-in django password reset functionality. The documentation states:

我正在使用内置的django密码重置功能。文件说明：

If the email address provided does not exist in the system, this view won’t send an email, but the user won’t receive any error message either. This prevents information leaking to potential attackers. If you want to provide an error message in this case, you can subclass PasswordResetForm and use the password_reset_form argument.

如果系统中不存在提供的电子邮件地址，则此视图不会发送电子邮件，但用户也不会收到任何错误消息。这可以防止潜在攻击者泄露信息。如果要在这种情况下提供错误消息，可以继承PasswordResetForm并使用password_reset_form参数。

However, in my case it's more important to show an error message when a user tries to reset using the wrong username.

但是，在我的情况下，当用户尝试使用错误的用户名重置时显示错误消息更为重要。

I understand what I need to do but I don't know what to write in the form subclassing PasswordResetForm.

我理解我需要做什么，但我不知道在子类化PasswordResetForm的表单中写什么。

What should the form subclassing PasswordResetForm contain?

子类化PasswordResetForm包含的表单应该包含什么？

Thank you.

谢谢。

1 个解决方案

#1

So I finally figured it out myself. Here's my implementation:

所以我终于弄明白了。这是我的实现：

class EmailValidationOnForgotPassword(PasswordResetForm):
    def clean_email(self):
        email = self.cleaned_data['email']
        if not User.objects.filter(email__iexact=email, is_active=True).exists():
            raise ValidationError("There is no user registered with the specified email address!")

        return email

You also need to add {'password_reset_form': EmailValidationOnForgotPassword} to urls.py. Here's an example:

您还需要将{'password_reset_form'：EmailValidationOnForgotPassword}添加到urls.py.这是一个例子：

url(r'^user/password/reset/$',
    'django.contrib.auth.views.password_reset',
    {'post_reset_redirect': '/user/password/reset/done/',
     'html_email_template_name': 'registration/password_reset_email.html',
     'password_reset_form': EmailValidationOnForgotPassword},
    name="password_reset"),

#1