The joy of simple

Stuff that...probably...won't get me fired

Posted by Art Mills

April 16, 2024

After three hours of hard

Users sometimes forget their passwords. I mean, I don't, but I have the same password for everything. Wait, no I don't. That's silly. Stop lying.

Anyway, I've never specifically done that so I wanted to. Using Django there's lots of free power and templates and ease to do this. So I hooked up my mail service and started to rock and roll.

Django provides this functionality. There are 4 common steps.

  1. Go to a password reset form asking for a tokenized mail to be sent to your email.
  2. Submission takes you to a confirmation page that the email has been sent and is on the way.
  3. In your email, you are given a tokenized link to click which takes you back to your site and to a form to change your password, typing it twice.
  4. Submission takes you to a confirmation page that you are just the best and did it all by yourself.

Leaving this completely untouched takes you to the Django Admin app, removing you from the aesthetic of the site. No one, and I mean no one can live without randomized hamsters.

This works, but looks tacky. So I just want it to stay within my site, as I do for my registration and login pages, also provided by Django for free.

This takes me on a path of three hours of it just not working.

Very quickly I get part one working with a custom html template. But parts 2, 3 and 4 are done completely within the Django Admin.

This is ignoring my views, as I configured several override classes, as follows:

class CustomPasswordResetView(PasswordResetView):
    template_name = 'registration/password_reset.html'
    email_template_name = 'registration/password_reset_email.html'

class CustomPasswordResetDoneView(PasswordResetDoneView):
    template_name = 'registration/password_reset_done.html'

class CustomPasswordResetConfirmView(PasswordResetConfirmView):
    template_name = 'registration/password_reset_confirm.html'

class CustomPasswordResetCompleteView(PasswordResetCompleteView):
    template_name = 'registration/password_reset_complete.html'

This changes my urls.py file to this:

    # path to built-in password reset views
    path('password_reset/', CustomPasswordResetView.as_view(), name='password_reset'),
    path('password_reset/done/', CustomPasswordResetDoneView.as_view(), name='password_reset_done'),
    path('reset/<uidb64>/<token>/', CustomPasswordResetConfirmView.as_view(), name='password_reset_confirm'),
    path('reset/done/', CustomPasswordResetCompleteView.as_view(), name='password_reset_complete'),

All of this is easy. It should just work.

But it doesn't

This is now a cautionary tale.

MODERN hobbyists go immediately to ChatGPT, Github CoPilot and Gemini to figure this sort of thing out. Each is eager to help. Each has very different ideas on how to help. Each takes you down a wide and winding road of differing reasons I can't keep the forms inside my site. Each enters a circular loop where it pretends we've never talked before and starts randomly asking for information it had a moment ago.

As a clue, when AI gets to this point (and I got three to this point tonight) it's AI's way of saying...

I love ya, but I have no clue and really want to stop talking but am not allowed to say, I've given you every idea I have, no go away.

Knowing this would get you to where I got faster.

Can you guess where I went?

Uh. Hey. Google. You used to be a search engine once, right? Django override password reset done.

The very first link from some obscure site named Stack Overflow has the answer.

INSTALLED_APPS = [
'your_app_name',

'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.sites',
'django.contrib.staticfiles',
]

That's it. That's really it. You don't have to namespace your auth_app. You don't have to move the templates. You don't have to add various extensions of the base directory to search for templates. You don't have to write your own email templates. Just move my app above the default Django apps and money.

Goes to show no matter how much AI can help and improve productivity, there's a point of starkly diminishing returns where old school still pays.

So, if you are ever trying to make a portal full authentication app you can port around to other Django projects easily, just make sure it's first in your list.

And prosper.