Reset password
==============

API Views
---------

There are two views used in the login workflow:

.. _send-reset-password-link-view:

send-reset-password-link
~~~~~~~~~~~~~~~~~~~~~~~~

.. autofunction:: rest_registration.api.views.send_reset_password_link

.. _reset-password-view:

reset-password
~~~~~~~~~~~~~~

.. autofunction:: rest_registration.api.views.reset_password

Assuming that the Django REST registration views are served at
``https://backend-host/api/v1/accounts/``
then the ``send_reset_password_link``, ``reset_password`` views are served as:

*   ``https://backend-host/api/v1/accounts/send-reset-password-link/``
*   ``https://backend-host/api/v1/accounts/reset-password/``

accordingly.

.. _reset-password-verification-workflow:

Verification workflow
---------------------

Let's describe it by example.
We're assuming that:

-   the Django REST Registration views are served at
    ``https://backend-host/api/v1/accounts/``
-   you have :ref:`reset-password-verification-enabled-setting` set to ``True``
    (this by default)
-   you configured :ref:`reset-password-verification-url-setting` to be
    ``https://frontend-host/reset-password/``

Then the verification workflow looks as follows:

1.  The user who wants to reset his/her password sends AJAX POST request to
    ``https://backend-host/api/v1/accounts/send-reset-password-link/`` endpoint.
    Usually this happens via front-end aplication, which could be hosted
    on ``https://frontend-host/``.

2.  Assuming the registration was correct, The ``send_reset_password_link``
    endpoint will generate an e-mail which will contain an URL which the
    user should click to enter new password.
    the URL would be in a form:

    ``https://frontend-host/reset-password/?user_id=<user id>&timestamp=<timestamp>&signature=<signature>``

    (You can change the way the URL is generated by overriding
    :ref:`verification-url-builder-setting`)

3.  The frontend endpoint (which is not provided by Django REST Registration)
    ``https://frontend-host/reset-password/`` would receive following GET
    parameters:

    - ``user_id``
    - ``timestamp``
    - ``signature``

    and after obtaining the new password from the user
    it should perform AJAX request to
    ``https://backend-host/api/v1/accounts/reset-password/``
    via HTTP POST with following JSON payload:

    .. code:: javascript

        {
            "password": "<new password>",
            "user_id": "<user id>",
            "timestamp": "<timestamp>",
            "signature": "<signature>"
        }

    and then show a message to the user depending on the response from
    backend server.

Default serializers
-------------------

.. _default-send-reset-password-link-serializer:

DefaultSendResetPasswordLinkSerializer
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

.. autoclass:: rest_registration.api.serializers.DefaultSendResetPasswordLinkSerializer
   :members:

List of settings
----------------

These settings can be used to configure reset password workflow.
You should add them as keys (with values)
to your ``settings.REST_REGISTRATION`` dict.

.. jinja:: detailed_configuration__reset_password
   :file: detailed_configuration/settings_fields.j2