{"id":7175,"library":"django-rest-passwordreset","title":"Django REST Password Reset","description":"django-rest-passwordreset is an extension for Django REST Framework that provides a configurable password reset strategy. It handles token generation, validation, and password setting endpoints. The current version is 1.5.0, and it maintains an active release cadence, frequently updating to support newer Django and DRF versions.","status":"active","version":"1.5.0","language":"en","source_language":"en","source_url":"https://github.com/anexia-it/django-rest-passwordreset","tags":["django","drf","password reset","authentication","api"],"install":[{"cmd":"pip install django-rest-passwordreset","lang":"bash","label":"Install stable version"}],"dependencies":[{"reason":"Core framework requirement, typically >=3.2, <5.0 for v1.5.0.","package":"Django","optional":false},{"reason":"Extension for DRF, typically >=3.10, <4.0 for v1.5.0.","package":"djangorestframework","optional":false}],"imports":[{"note":"Required in Django settings.py for app discovery.","symbol":"INSTALLED_APPS","correct":"'django_rest_passwordreset'"},{"note":"Must be included in your project's main urls.py to expose the API endpoints.","symbol":"urls","correct":"from django.urls import path, include\n\nurlpatterns = [\n    path('api/password_reset/', include('django_rest_passwordreset.urls', namespace='password_reset')),\n]"},{"note":"Used to send the password reset email; requires a custom receiver function.","symbol":"reset_password_token_created signal","correct":"from django_rest_passwordreset.signals import reset_password_token_created\nfrom django.dispatch import receiver"}],"quickstart":{"code":"# settings.py\nINSTALLED_APPS = [\n    # ...\n    'rest_framework',\n    'django_rest_passwordreset',\n]\n\n# urls.py\nfrom django.urls import path, include\nfrom django.dispatch import receiver\nfrom django.template.loader import render_to_string\nfrom django.core.mail import EmailMultiAlternatives\nfrom django_rest_passwordreset.signals import reset_password_token_created\n\nurlpatterns = [\n    # ...\n    path('api/password_reset/', include('django_rest_passwordreset.urls', namespace='password_reset')),\n]\n\n# signals.py (or anywhere appropriate in your app)\n@receiver(reset_password_token_created)\ndef password_reset_token_created(sender, instance, reset_password_token, *args, **kwargs):\n    \"\"\" \n    Handles password reset tokens\n    When a token is created, an e-mail needs to be sent to the user\n    \"\"\"\n    # Example: Render HTML email content and send\n    context = {\n        'current_user': reset_password_token.user,\n        'username': reset_password_token.user.username,\n        'email': reset_password_token.user.email,\n        'reset_password_url': \"{}?token={}\".format(\n            instance.request.build_absolute_uri('/reset-password/confirm/'),\n            reset_password_token.key\n        )\n    }\n\n    # In a real app, you'd render a proper template\n    email_html_message = render_to_string('email/user_reset_password.html', context)\n    email_plaintext_message = render_to_string('email/user_reset_password.txt', context)\n\n    msg = EmailMultiAlternatives(\n        # title:\n        f\"Password Reset for {reset_password_token.user.username}\",\n        # message:\n        email_plaintext_message,\n        # from:\n        os.environ.get('DEFAULT_FROM_EMAIL', 'noreply@example.com'), \n        # to:\n        [reset_password_token.user.email]\n    )\n    msg.attach_alternative(email_html_message, \"text/html\")\n    msg.send()\n\n# Example template content for 'email/user_reset_password.html' and '.txt' would be required.\n# For running this quickstart example, ensure you have an SMTP server configured for Django.","lang":"python","description":"To set up django-rest-passwordreset, you need to add it to your `INSTALLED_APPS`, include its URLs in your project's `urls.py`, and crucially, implement a receiver function for the `reset_password_token_created` signal to send the password reset email. Without this signal handler, no emails will be sent, and users won't receive their reset links. Replace the example URL and email content with your actual frontend reset page URL and email templates."},"warnings":[{"fix":"Upgrade your Python, Django, and Django REST Framework versions to meet or exceed the requirements: Python >= 3.6, Django >= 2.2, DRF >= 3.10. Then upgrade django-rest-passwordreset.","message":"Version 1.2.0 introduced significant breaking changes by dropping support for Python 2.7, Python 3.4, Django < 2.2, and Django REST Framework < 3.10. Ensure your project meets these minimum requirements.","severity":"breaking","affected_versions":"<1.2.0"},{"fix":"Create a `signals.py` file in one of your Django apps (or similar location) and register a function to listen for the `reset_password_token_created` signal. This function will be responsible for composing and sending the email with the reset token. Refer to the quickstart example.","message":"The library does not send password reset emails by default. You MUST implement a signal receiver for `reset_password_token_created` to handle email sending.","severity":"gotcha","affected_versions":"All versions"},{"fix":"If you require a different behavior (e.g., returning a 400 or 404 for non-existent emails), you can configure this in your Django settings using `DJANGO_REST_PASSWORDRESET_ANONYMOUS_VIEWS_RETURN_200_FOR_INVALID_USER_EMAIL = False`. Be aware of the security implications.","message":"By default, requests to the password reset endpoint with an unknown email address will still return a 200 OK response to prevent information leakage (i.e., revealing valid user emails).","severity":"gotcha","affected_versions":"All versions (configurable since 1.1.0rc2)"},{"fix":"Upgrade to version 1.5.0 or later, which includes specific test cases and fixes to ensure compatibility with UUID primary keys for the User model.","message":"Projects using UUIDs as the primary key for their User model might encounter issues in versions prior to 1.5.0.","severity":"gotcha","affected_versions":"<1.5.0"}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"Add 'django_rest_passwordreset' to the `INSTALLED_APPS` list in your `settings.py` file.","cause":"The 'django_rest_passwordreset' app is not added to your Django project's INSTALLED_APPS.","error":"ModuleNotFoundError: No module named 'django_rest_passwordreset'"},{"fix":"Ensure your project's main `urls.py` includes `path('api/password_reset/', include('django_rest_passwordreset.urls', namespace='password_reset'))` and that the namespace matches 'password_reset'.","cause":"The django-rest-passwordreset URLs are not included in your project's `urls.py` or are included with an incorrect namespace.","error":"NoReverseMatch at /api/password_reset/confirm/ Reverse for 'password_reset:reset-password-confirm' not found. 'password_reset' is not a registered namespace."},{"fix":"Implement a Python function that uses `@receiver(reset_password_token_created)` to listen for the signal and send the password reset email. This function should contain your email sending logic. Refer to the quickstart example and ensure your `EMAIL_BACKEND` is configured in `settings.py`.","cause":"The signal receiver for `reset_password_token_created` has not been implemented or is not correctly registered, meaning the email sending logic is missing.","error":"User is not receiving password reset emails."}]}