Django Rest Authentication (Reset password by Email). Django rest framework project tutorial[13]

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
welcome back everyone its grace and in this one we are going to start resetting a user's password after this point when it comes over the indication we basically can register and begin a user and maybe refresh they are talking when their access token expires so what we're gonna do in this one is see how we can provide them a way that they can set a new password if they ever forget their own so we will be setting up the endpoints that will be required to do this so the first thing I'm going to need to do is create an end points that can allow a user to submit their email and then we send them a password reset link to that email okay so going back if we go to our views dot py here we basically need to set up another class so here we are gonna set up a class called password resets behavior so class actually to make it more to me to make it more mean what it's doing I'm gonna put it request password reset email okay so this is going to be inheriting from generics generic a behavior because we want to handle methods do we want so right here basically want to handle a post request cause the U is going to be submitting in the image so here it's outpost takes in self and requesting entry in a class all right so the first thing I want to first do now is set up a syriza 200 ease just so I can expose the fields to 12 of you so here you know I realized sorry arises that py we are gonna need set up another one so class requests say really erisa so this is gonna be inheriting from syriza closer ERISA since we are not dealing with a modern now so now what we want to do is define the fields so also we're gonna have the email stream a is gonna be Sri rises email field so this will give us the validations that it has to be an email so if we ever want so if you ever want it to be validated against they mean the max length and min length we can do is here but this will do it so if want to make sure it's it's very dated that is to be required we can add min length to mean underscore length so you say that on something like two that will ensure that the user has to provide it and then email field will make sure that what they provide will be an email okay so down here I'm gonna define a class meta so class neat huh and then define the fields to export so this is gonna be huge so now we can hug email here okay so this bring this one up two of you so this is it our cereal eggs a class because that one very young we probably could do better on that one anyway that's a very big deal so once we have that now we need to under the what happens when a user since the big data to us so basically what we want to do is pick the data and send it to this area Raisa and then the series I will do the job of validating bed data to know if we have that user and then we already have a utility you remember that sends an email and then send it back so here we are going to do serializer because of let's serialize a class and then we want to give it the data so you can give it the data using the key data this will be the data that they use a sense to request the data alright so if want to run the validations in this erisa we have to call is valid so here we can do serializer what is right and then read exception to trace exception true alright so this was saying let's say I submitted an email this will send it to the savior ASA so here in this area we have to implement a very 8 method so very good so in here the data that comes will be accessible in address where of course could be named beta but doesn't matter so here I'm gonna have a try-catch block here just so we can we don't run into errors when he's a submitting an email that doesn't exist but you can also under that situation so here I'm gonna do emails email equals a trust to get email alright you may have before but so now that you have this now we can query the database see if we have this image so what you can do you can do something like if user objects put filter you want to filter by email so it may will be able to email and then we can call exists on it so right here if this exists then it means the user actually has an accounts on our app and we can send them an email so if they don't so here they may actually add a pass so if they don't then we basically will also tell them that we sent you an email so actually we can do that one real quick so we can return the address themselves really doesn't matter but here so here what we want to do now is send an email to this to this user that contains the token the token that that contains the token so here we want to send them an email that contains a reset password token so for us to be able to construct a reset password token we are going to need to input some utilities from Jango so from Django here contribute off-road tokens import password reset generator so I'm also going to import some utilities to make sure that we are sending data that can be easily understood on the network so I'm going to import some stuff from YouTube so from Django what you choose as URLs to choose encoding import so we are going to import some at STR and also we are going to be importing force STR and then we will be bringing in smart bytes also we want to import in jungle clinical decoder so we'll use this one we're decoding the token same except this one this one's actually used to make sure that we are sending conventional data so it enables us to enforce Unicode all right so once we have those I'm also going to be bringing in some other utilities to include the user token so from jungle go to you choose the HTTP input URL safe base64 encode and here is safe base64 encode right here we need to create two things one will be the idea of a user but of course hashed so I'm gonna put it UID b64 it's gonna be based except for encoded so here so what we do is we use your sa URL save base64 encode and then we give it the string to encode so at this point we are going to be encoding the user ID so for us to get the user ID actually I'm gonna copy this and then create a user here please that will be this so this is gonna be gate so get returns s1 so this is gonna be user ID all right so that will do the encoding of the user ID now we need to create a token so for us to be able to create a token I'm gonna set the variable good ok then we are going to use the password reset generator crest then what it does is you call it a func a method called neck token and then you give it a user so our user now would be the user you already have okay so this class will take care of knowing if you use as change the password so that it can invalidate this token and in that way a user doesn't another user doesn't come and use the same reset password talking to change the user's password in the future so yeah so once we have this now of course we need to send them to our send email utility so if we talk about it if you go to a Tools you can see that it receives the data which I should have a subject and then the body and then the to email all right so let's see how we can is deconstruct that if we go to or if we go here we should be able to see this so this is what we did when we were very friendly user so right now I'm going to copy everything here up to data and then even up to the eto will hold a two so I'm gonna copy everything come to this area right here bring them in then of course I need to take this one over up to there so now this edited so we need import car insights from the sides frame lock so from jungle let's contribute both sides shortcuts import get current side so that will give us the site we are running on we need to import reverse because we want to get the the link of the view where the user will be going this is gonna be coming in from Django that's very important verse all right once we have that now here we need to have access to the request okay so I believe we can do that so here where we bring in address we should be able to do something like serve do its request oh we don't have request here damn alright so for us to add a trance here you can actually do that so if we go to so first add a request in this to have the context here you can actually do it in several ways but what I want to do now is here when we send this I also want to send a request so I want to set a variable called data here this is gonna be I'm gonna have request and then I'm gonna set it to request of course this should be a dictionary and then we can bring in this yeah so put a comma and then bring it in so now we are going to be passing data equals data and of course this now should be data okay so this actually changes our out quite a bit so this should be a full colon and this should be a full color all right so once we sent this now in here for us to access their trust it will be in a key data and then we'll have the request in the key request so down here it should be atrás the data let's take a look again so it is a dictionary so it will be atrás data let's gate that we need to get the request we will have to do with it so right yeah good current site so right here will have to do across the data then we need to pass of course the request games or request equals then dot request so I can do that gate then request all right so once we do that now we need to create the view where the user will be going when they are going to to verify the token so what you're going to do is we about to have a simple view and they wrote for that you will be to check in what the user is sending from their email and then do the validations for it so I'm going to come back to this but this first set this one up then we will come back yeah so I'm gonna set up another view so class this is gonna be let's call this one password token check API view this is gonna be importing from same thing generics generic API view and now in this one we basically are going to be handling a gate request because if you think of it when the user clicks a link in the email the browser has to do a get request to violate those links so here we're gonna liftgate Texan area itself and then request and then we are going to be expecting some more information from that from that request so one of them is gonna be the UID b64 so we can use this information again to forget which user it Wells so another one is gonna be the token of course so now in here so now I'm going to have a pass but we'll get to this so now this is the link that we need to construct and also send in the in the email so let's set up the URL for it so this is going to be going to wanna buy it password reset and then we are going to be expecting two things so here we are going to expect au ID bb6 phone and then we are also going to expect it okay alright so now this is gonna be going to the our view the last view created which I believe is that so this is also bring it in and record as you as you know then we need to give it a name now pay attention to the name because we are going to use it to create the link that we use so I'm gonna call this one password reset I'm gonna call it con fun okay so now that you have the name we can go in our savior eyes and then use this name in the reverse like that so you're going to use the reverse and then provide the other arguments that we will be submitting so for us to provide the arguments basically you can see that it expects them here text fix is two so we need to construct this so the way we can do that is right here in the reverse we can pass in another parameter and pass in clubs so here and person clubs which will be a dictionary with key and value so one will be the UID be 64 so let's set that one to the UID be successful we already have and the next one will be the token reset the token so we set that one to the token we already have right that we'll be able to create for us a link that we want alright so right here we will not want to append this so we can as well remove it then of course we donate this so let me bring the relative link here okay and that should create absolute URL so now we can say I use a bit username but in this one we want to be saying their name because it could be lying to us so it's gonna be hello I'll put a comma and then on the new line I will say use this link to reset your password we said you password believe this yes here and then we give them the link and then we construct our data which has a body and in the two email which is the user email and then they the subject will be reset you are it you are password all right so right here now we need to send the email so you can do you two need to we need to import it so up here you can do that you choose the board a way to class so now we can say YouTube widget send email then we'll give you the data so that should do the job so I'm gonna top this ones inside and then here in our try so now we can we are going to be catching exceptions so here the exception that we think can happen basically we will be actually I think everything is good because we are actually making sure this doesn't exist we are not using the gate when we we haven't checked the exists so everything is okay so we will work outside they will work outside they try catch it or remove it yeah and then let's see so we'll work outside the try catch and then we are going to be returning super here so I'm going to tap this one over let me remove the try and now I need format this guy so this will do for the case where the user exists so we also want to return even when they don't exist so that should do so now in our view which is here so if it's valid then we want to tell the user to send you a password reset email so here we can return this place and this will be something like success then we said something like we have sent you a link to reset your password all right so let's send back the status so you can do something like status we should be outside status equals status 200 ok ok so it's such a you test that the user knows that we sent them an email and they can check it out so for now I'm going to save this and then we can test it out if we come back to our view and reload you see how creation is there and then you should be able to see that we have we basically have one endpoint added which is this one and this one is sending get replaced but you also want the one for 200 ' so let's take a look ok so we have this one here so we need to make sure that this one also appears in the in our cellular ranges so let's take a look at our URLs which is here so we set that one up actually thought we had but no so we are gonna have a part so this one is gonna be something like request request reset email so this is gonna be going to this as view as underscore view we need to import it then the name will be can actually be anything so we first import it is run in here and then the name will be the same name as they clear of course you need a trading slash at the end alright so have that one India don't forget to add a comma also this name shouldn't be exited how did it get to be a middle name is to this so it's actually chick because this has to be the same name that you use for for the reverse so here the reverse yeah it should be reset password confirm you know how that's changed so in your HP why come over here and make sure that you have beat like that okay so if you come up to the application and revert you should notice that now we have this one that takes a post request so let's try to see what we can provide so you see we need to provide an email okay so if we go to try it out just try to execute it and then you can see that we have we can supply an email already actually did oh so we need to it's not catching they our validations so we need to make sure it in the view so let's take a look at our view and see what we are doing so we are passing data to address when it comes here she'd run validate huh so it's not even getting here so let's see let's see let's first try to see what's here these are the PDB and then reload it so let's try again we said right st. data yeah so it's not even getting to validate so this is means this is one is about getting this up front okay so since we are unable to get our the requests from here at least for now I'm going to move everything into the view just so we can do our variations there and then when I find a better way maybe I will show you how to do that so right now I'm going to bring everything here let's see what is here okay so I'm going to remove the cellulite that is right so we can varied it from here so basically we will do the check and then we want to be checking for the email so we can get that one from request the data you get the data then email so here let me set up key but it may a variable for email this is gonna be requested data than email okay so now we can use that this let me bring the inputs we ship them back so we're gonna need all this stuff up to here even up to the action so bring them in here okay so once you have those now you can see that we are able to construct this 20s comes with a request who want to be passing a request that you already have and then the reverse everything here is okay and now we can try this thing out again so if you come back to the application revert its go to post click try it out so when you click execute so you can see that we are having quite an issue so reverse for this with these keywords the token and this was not met so need to check our URLs and our view name and see what we actually have so right now when we do a reverse for this this should be a unique name unique view name and then the clogs we need to make sure this one is it this one is being expected and this one is being expected so when you go to our or URLs and then look at the name for this so we want to assure the name is the same and then this so the problem is here we need to wrap this in these pots let's try again come back to post try it out click send and now it's taking some time I hope it's sending the email most probably so still when you take a look at our view yeah you see we are handling only the case for when the user has an email so when they don't oh yeah so here we under in the case for Vanessa has an account so if they don't we can we are going to still be sending them a success message I believe okay so you can see that now after a while we get the success success message being sent but when I use an email it doesn't exist let's say like that should come very fast so you can see we also get the same thing so this can prevent people this can prevent us from people who would be sending us like a lot of requests to check if if some users exist in our database but now let me use a real one just so we can see if we get our link so we use mine you made that one but I don't need the other good corn so if we click execute me so check my email to see if a male pin so now if I check my email you can see that I have a new email that has the link where I can reset my password so it has our encoded token and then it has our ID so when I click on it you can see that it goes basically to the view that we created but then the view is not doing anything so this this is the view it's doing nothing so right now let's go ahead and very dates the tokens and then see how we can provide the username points where they can supply a new password after they pass this step from which we will check if that token is still varied and and all that stuff so here what we first do is try to get the user ID so I'm actually going to be doing everything in a try-catch so I'm going to have a try except try except block so in here we are going to first try to get which is IDs and when I use a key ID so this is gonna be I'm going to use the Smart STR utility that we brought in so STR Robo used cemaat bytes alia to create byte strings so now we need to create two put it into human readable string so we can do that by using some a test here and then we use your real so what is this guy so this should be URL base64 decode let's see if we're importing it which I think we yeah decode yeah this is the one alright so down here we need to bring in that and then we'll be recording our UID be 64 all right so we should give us which is I it is so once we have the user now we can click get the user from user and close use the user objects do it get you're going to get by the ID because ID okay so once we have this now we want to make sure that the user whatever the user is not using this this resetting for the second time so right now what I'm going to do is I'm going to add an if statement here and we use the password reset generator class which already imported and then for us to know if a user had used this we record a method or check token and then this takes in a user of course so we pass a user so if the user has used it this will return false so we can check for false so if not this is false then we can send them a response so we can return that something like something like token is not valid anymore please request a new one yeah so 401 should do so it should be HTTP 401 authorized so that should do and now here we need to basically so in here if we're able to do all this we need to cut some errors for example if a user temples would pay with a token let's say the temple with a this token it would not to be able to be decoded so I'm going to be able to are going to handle yeah so here we are going to handle each angle unicode decode token Unicode a good error so now if the example that then we are also going to send them a response that it's invalid okay so otherwise we are going to now send a response that is token is still valid decide that on the front end we can have a way that we can turn the front end we know that token is valid and we can expect the next request to be from a very accuser so from and now we want to return a dictionary it's gonna be here I'm gonna have something like success I'm gonna say that one to true so I can also have like a message so yeah I can have something like credentials very eight and then I want to send back the two the two talking so one of them is gonna be this so I'm also gonna send it so it's gonna be that another is gonna read it's okay let me copy the token to so this will be the token okay so once you have this window comma here alright so let's enter status so you can add status status 200 HTTP 200 okay all right so we need to move this one up we need to move this one before there is console here we can first check if it's already news then we do that otherwise we send a response and this should be a crap to think okay so this should do the job of verifying that this again is valid so I'm going to now come to the documentation and I will rewrite this so I can see check token is missing one so we are going check token we need to pass the token to it is pass it okay so let's reload I know you can see that the token is valid everything is looking good so now if this token is used this should not be able to be displayed so so we can keep it to this so now let's create an endpoint that will enable a user to set a new password for us to do that we actually going to have another view that will manage picking the users new password and then setting it so right here so when it's gonna actually be quick so class I'm gonna be recording it set new password we are going to first have a savior riser so I can set it up here so serialize class so I'm gonna pull this one something like setting u plus YC realiza then you create it in a bit so we also need to define our we want to pass the data to this area right to this area Raisa so we need to define our methods or Dave and since we are going to be changing games as password then we can make this method patch so def patch and now this one we're taking the serve and then they request okay so in here now we can sit down sir ERISA data so sorry Rosa equals self dot area is a class and now we can pass in our data so the data would be the requested data of course okay so let's create this but before we do that we want to run the the sea rises by date method so we can do so do Raisa that is why it is underscore varied and then we run raise exception because true okay so this will make sure the very get method in this array that is run and that's we are gonna do all our when you change it so once it's run and the errors of course they are going to be wrong and now we can return a response to use a salt and return response then you can say something like success can I'd like true true and then we need to define a custom message so you can do something like password reset success okay so it's same day 200 once we have this now this guide and work on our Syria Raisa we will do most of our logic 3 sets so this should stop here and at the end we don't really need +1 all right so now I'm going to import the serializer and then we create it so if you're going our steady raises those py which is here at the end I'm gonna define a new one it's gonna be set new password set ERISA so this way inherit from Syria raises but save your Raisa to down here we can define the fields we expect to get so you notice that in this endpoint this one you can see that we have the token and then we have the days as ID encoded so we are going to need to require them then when they are changing the even when they are setting a new password so here in this area Raisa we are going to set that we need a password this when you're gonna be sorry raises chaptered now we can define our and now we can define no validation so we can do something like mingling this will be X 6 then you can find your max length which can be like 68 and now since we don't want to be sending back the passwords you can add it right only to true alright so once you have this now we are going to duplicate it for the other two so this one is going to be for the token this one's gonna be for the UI db6 floor okay so now this validation is supposed to change the token we actually don't need much I'm gonna keep them to the bare minimum just so you can get the validations to come through but so can keep them endings just so it keeps required and then when it comes with this token you can keep them in link to be one and that should do the job so once we have that now we can go ahead and work on our on our class meter so in here class mixer also need to define the fields so this is gonna be our fields up here so password next thing is gonna be the token it some kind of the UID be 600 all right so once we have those we need to work on the validate because yet in the view when we call is valid it has to run the validate so down here we need to run to over a drug debt and in here now we can get the details get the editor that they use a sense and then we see if we can set a user's name password so right here I'm going to have a try-catch because you're going to be decoding this UID which is yeah this is your ID be 64 and normal throws an arrow penny is a stat a user tampered with it so we need to have it in a we want to be catching it's gonna be cold let me bring in the inputs again so up here I'm gonna be bringing in this up to here so here let me bring them in so we are bringing in the password reset token generator this is gonna be for checking if the token is valid because we need to redo that so also we are bringing in like we want first st error because we want to be able to get a human readable ID from this and then is an exception we are going to be crashing and then we want to post decode the token so if we come back here now we can first get the values so you can do password equals address get password so the token will be addressed gate okay this UID physics for the same we can now try to decode this token again whether you get the user so you can direct ID this one is gonna be URL the 64 decode and then you're gonna be decoding the string so in this case it's this one and we want to make sure that this is human readable so now can wrap it into was STR okay so once we are there now you can get which use ideas from user equals user objects get so I'm gonna be getting the user by the idea the idea would be put this ID and then here it's cultural exceptions exact exception doesn't matter now but we have a user we can go ahead and set a new password but before we do that we want to check if this was not used before so you know to return that before so you can give not password reset generate possibly set in return check token and we're gonna be checking for this user then texting their token of course which we have here from the user so once we check this and the token has been used now we can raise an exception so here we can do race we already imported identification failed so raise the authentication field and then here we can say something like they reset the rest to reset link is invalid and then you can access a prior an optional parameter for this legal squad was 401 would would be suitable so if we have exceptions so down here so try accept so here you can accept exception as a and then you're kind of shall return the same error but the cases can be different so please dig down to see how you can can vary get it but for the most part they are going to be linking to the error to the reset link pin you buy it once we have this and we have checked that it's it's valid now we can go ahead and set it as password click under some track user puts it under first word of course we passed the same password we have and of course but the password will be very data against is yours so I realize you have to birth date against to do so now we need to run user save and then we need to return the user we need to adjust our view in our users so I'm gonna go to our URLs so down here I'm gonna put a comma then I'm gonna have a path so this one will be going to password reset and then we need to bring in a class import it up yeah springy teen as view set a name so name will be I'm gonna use the same name as erode alright so once we have this let's take a look at our view and then take a look here see we have a patch and then once you get a patch then we go to our serial raises so what it does is it will run the very date they need to do the job of everything okay to find it we'll set a new password and then if not to raise the thing was invalid okay just come back here and reload all right so when you come back you should see that we have a reset if a patch to complete so no click on it you can see that we are cut past the password they took an ad in the UID so how do we get this so if you look at our email we will be sending a user an email with this so much you are going to copy this so if we come back to our documentation you can see that we have this endpoint where we can check our token so I'm going to bring them in here so up here we need separate O'Kane so let me copy the token copy this bring it up and then keep this one in that field click execute and then you can see that they are valid so I'm going to now copy them to copy the token that we get back so in the complete which is here now I can supply the token and then when it comes to the UID I should be having it see ya so if you also bring it in so you can pass it here so now you see we have our we are now supposed to supply password so I'm gonna put fake password so like pass only so if we try to submit this not that you get a bad request we can see that step by getting it here so if we don't supply any of this so let's say we don't supply this and then try to do this so you get more error so all this stuff are required so this undo and actually supply a password that is longer so password 1 2 3 click execute now you can start to get password reset success so good so let's try to do it again to check if the token is actually invalidated or not so yeah if I do execute you can see that to see that they took anything varied because it was used before so yeah so this will do it so sometimes there might be some modifications you need to do depending on the structure of your front ends for example when you have a mobile app it can be different to it or to register a user so you will be digging into things like how to work with deep linking but if it's like a front-end then you're going to need to instead of returning these responses you might be returning like a redirect to the front end or something like that but the back end this is generally all you have to do to make sure that the users can reset their passwords so thanks guys for watching consider subscribing to the channel give the video a thumbs up and I'll see you in the next video bye
Info
Channel: Cryce Truly
Views: 39,455
Rating: undefined out of 5
Keywords:
Id: 2kKwPk5qPUs
Channel Id: undefined
Length: 45min 20sec (2720 seconds)
Published: Sun Jun 21 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.