auth.views.password_reset()

password_reset(request, template_name='registration/password_reset_form.html', email_template_name='registration/password_reset_email.html', subject_template_name='registration/password_reset_subject.txt', password_reset_form=PasswordResetForm, token_generator=default_token_generator, post_reset_redirect=None, from_email=None, current_app=None, extra_context=None, html_email_template_name=None, extra_email_context=None)

Allows a user to reset their password by generating a one-time use link that can be used to reset the password, and sending that link to the user’s registered email address.

If the email address provided does not exist in the system, this view won’t send an email, but the user won’t receive any error message either. This prevents information leaking to potential attackers. If you want to provide an error message in this case, you can subclass PasswordResetForm and use the password_reset_form argument.

Users flagged with an unusable password (see set_unusable_password() aren’t allowed to request a password reset to prevent misuse when using an external authentication source like LDAP. Note that they won’t receive any error message since this would expose their account’s existence but no mail will be sent either.

URL name: password_reset

Optional arguments:

• template_name: The full name of a template to use for displaying the password reset form. Defaults to registration/password_reset_form.html if not supplied.
• email_template_name: The full name of a template to use for generating the email with the reset password link. Defaults to registration/password_reset_email.html if not supplied.
• subject_template_name: The full name of a template to use for the subject of the email with the reset password link. Defaults to registration/password_reset_subject.txt if not supplied.
• password_reset_form: Form that will be used to get the email of the user to reset the password for. Defaults to PasswordResetForm.
• token_generator: Instance of the class to check the one time link. This will default to default_token_generator, it’s an instance of django.contrib.auth.tokens.PasswordResetTokenGenerator.
• post_reset_redirect: The URL to redirect to after a successful password reset request.
• from_email: A valid email address. By default Django uses the DEFAULT_FROM_EMAIL.
• current_app: A hint indicating which application contains the current view. See the namespaced URL resolution strategy for more information.
• extra_context: A dictionary of context data that will be added to the default context data passed to the template.
• html_email_template_name: The full name of a template to use for generating a text/html multipart email with the password reset link. By default, HTML email is not sent.
• extra_email_context: A dictionary of context data that will be available in the email template.

Template context:

• form: The form (see password_reset_form above) for resetting the user’s password.

Email template context:

• email: An alias for user.email
• user: The current User, according to the email form field. Only active users are able to reset their passwords (User.is_active is True).
• site_name: An alias for site.name. If you don’t have the site framework installed, this will be set to the value of request.META['SERVER_NAME']. For more on sites, see The “sites” framework.
• domain: An alias for site.domain. If you don’t have the site framework installed, this will be set to the value of request.get_host().
• protocol: http or https
• uid: The user’s primary key encoded in base 64.
• token: Token to check that the reset link is valid.

Sample registration/password_reset_email.html (email body template):

Someone asked for password reset for email {{ email }}. Follow the link below:
{{ protocol}}://{{ domain }}{% url 'password_reset_confirm' uidb64=uid token=token %}

The same template context is used for subject template. Subject must be single line plain text string.