I am working on password reset on django project, when the email address is sent i get
path is deprecated (django.contrib.auth.views.password_reset_confirm)
at the command prompt.
Here is my url.py
from django.conf.urls import patterns, include, url
from django.contrib import admin
from doreenselly import views
from django.conf import settings
from django.conf.urls.static import static
from django.contrib.auth.views import password_reset, password_reset_done, password_reset_confirm, password_reset_complete
from django.views.generic import TemplateView
urlpatterns = [
url(r'^admin/', admin.site.urls),
url(r'^$', 'selly.views.index', name="index"),
url(r'^selly/', include('selly.urls')),
url(r'^delete_item/(?P<item_id>[-\w]+)/$', views.delete_item, name='delete_item'),
url(r'^admin_delete_item/(?P<item_id>[-\w]+)/$', views.admin_delete_item, name='admin_delete_item'),
# Password reset urls
url(r'^reset/form/$', TemplateView.as_view(template_name = 'registration/password_reset_email.html')),
url(r'^resetpassword/passwordsent/$', password_reset_done, name="password_reset_done"),
url(r'^reset/password/$', password_reset, name="password_reset"),
url(r'^reset/(?P<uidb64>[0-9A-Za-z]+)-(?P<token>.+)/$', password_reset_confirm, name="password_reset_confirm"),
url(r'^reset/done/$', password_reset_complete, name="password_reset_complete"),
]
Your urls look OK, so my guess is the problem is in your template.
Look for
{% url 'django.contrib.auth.views.password_reset_confirm' uidb64=uid token=token %}
in your registration/password_reset_email.html template, and replace it with
{% url 'password_reset_confirm' uidb64=uid token=token %}
If that doesn't solve the problem, then you need to find out where the warning is coming from. You can run the dev server with the -W flag to turn warnings into exceptions.
python -W error manage.py runserver
When you send the password reset email, you will get a traceback which will show you where the problem is.
Related
My root urls.py
from django.contrib import admin
from django.conf import settings
from django.conf.urls.static import static
from django.urls import path,include
urlpatterns = [
path('admin/', admin.site.urls),
path('', include('pages.urls')), # new
]+static(settings.STATIC_URL,document_root=settings.STATIC_ROOT)
urlpatterns += static(settings.MEDIA_URL,document_root=settings.MEDIA_ROOT)
My pages app urls.py
from django.contrib import admin
from django.urls import path
from pages import views
urlpatterns = [
path('', views.home_page, name='home_page'),
path('<tab>', views.home,name='home'),
]
With this, I am able to access
127.0.0.1:8000/Home
127.0.0.1:8000/About
127.0.0.1:8000/Services
127.0.0.1:8000/Portfolio
All the tabs with url entry.
But, when I create an url entry in html template, {% url 'About' %}
getting NoReverseMatch
Very clever - I see you have 'short circuited' adding extra url patterns with your 'tab' path.
The issue is that django - specifically your templates - do not know what url 'About' refers to as you have not declared it as a name to any route in your url patterns.
i.e. something like:
path('/path/to/about', views.about_function, name='About')
What you can do in your template is hard code the path, for example:
<a href='/hardcode/this/path'> About </a>
Just note that if you change the 'About' page path, you'll need to replace it everywhere it's defined in any of your templates - plus possibly some other side effects.
I'm giving Python / Django a ago, going alright so far. I'm in the middle of setting up Django authentication, but I've hit a error;
Reverse for 'user_review_list' not found. 'user_review_list' is not a valid view function or pattern name.
Here are my views:
def user_review_list(request, username=None):
if not username:
username = request.user.username
latest_review_list = Review.objects.filter(user_name=username).order_by('-pub_date')
context = {'latest_review_list':latest_review_list, 'username':username}
return render(request, 'reviews/user_review_list.html', context)
In my base.html I call the following:
<li><a href="{% url 'reviews:user_review_list' user.username %}">Hello {{ user.username }}</li>
I've checked my other html templates and they all seem to be calling it correctly, is there anything I'm missing?
EDIT: URL's
from django.conf.urls import include, url
from django.contrib import admin
urlpatterns = [
url(r'^reviews/', include(('reviews.urls', 'reviews'), namespace='reviews')),
url(r'^admin/', admin.site.urls),
url(r'^accounts/', include('registration.backends.simple.urls')),
url(r'^accounts/', include('django.contrib.auth.urls')),
]
Apps URL's
from django.conf.urls import url
from . import views
app_name = 'reviews'
urlpatterns = [
# ex: /
url(r'^$', views.review_list, name='review_list'),
# ex: /product/5/
url(r'^review/(?P<review_id>[0-9]+)/$', views.review_detail, name='review_detail'),
# ex: /product/
url(r'^product$', views.product_list, name='product_list'),
# ex: /product/5/
url(r'^product/(?P<product_id>[0-9]+)/$', views.product_detail, name='product_detail'),
url(r'^product/(?P<product_id>[0-9]+)/add_review/$', views.add_review, name='add_review'),
]
Review.objects.filter() will return a list.
For a single user, you should use Review.objects.get() method
As #Exprator pointed out I was missing user_review_list from my app URL's.
I am about to make Django application available for production.
However, login using twitter account does not work.
I am using python-social-auth.
There should be no problem in setting.
But after being authenticated on twitter, it will be redirected to 127.0.0.1 instead of the domain I set up.
The twitter application settings are as follows.
Callback URL: http://example.com/
Callback URL Locked: No
Sign in with Twitter: Yes
the login button is as follows
<button type="button" onclick="location.href='{% url 'social:begin' 'twitter' %}'">Login</button>
urls.py of the django project is as follows
from django.conf import settings
from django.conf.urls import url, include
from django.contrib import admin, auth
import app.urls
urlpatterns = [
url(r'^admin/', admin.site.urls),
url(r'', include('social_django.urls', namespace = 'social')),
url(r'', include(app.urls)),
]
urls.py of app is as follows.
from django.conf.urls import url
from django.conf import settings
from app import views
from django.contrib.auth.views import logout
urlpatterns = [
url(r'^$', views.index, name='index'),
url(r'^home/', views.home, name='home'),
url(r'^logout/$', logout, {'template_name': 'logout.html'}, name='logout')
]
I can log in without problems in the local environment.
What is wrong?
For an extra little bit of security I want to change the default django admin url to the custom one, e.g. change mysite.com/admin/ to mysite.com/mysecretadmin/ so that admin is completely unaccessible via default url.
I tried some solutions from the internet, for example I changed urls.py like this:
from django.conf.urls import patterns, url, include
from django.contrib import admin
admin.autodiscover()
urlpatterns = patterns('api.views',
...,
...,
url(r'^secret-admin-url/', include(admin.site.urls)),
)
Nothing worked for me, sadly. Does anyone know the solution? I use django 1.5.4.
Refer to the section 'Hooking AdminSite instances into your URLconf' in the url
below
https://docs.djangoproject.com/en/dev/ref/contrib/admin/#hooking-adminsite-to-urlconf
For those who find this question in recent times. Based on the Django 3.1 docs:
register the default AdminSite instance django.contrib.admin.site at the URL /admin/:
# main project urls.py
from django.contrib import admin
from django.urls import path
urlpatterns = [
path("admin/", admin.site.urls),
]
you can simply change the admin/ url to anything you wish:
urlpatterns = [
path("my_custom_url/", admin.site.urls),
]
If you do not want to use the default page /admin you can add a secret key to admin. So in urls.py
urlpatterns = [
path('admin_eTiOmEthelInEwathbace/', admin.site.urls,),
]
If in your template you have a link
Admin
then this will reference to the above site with url: http://127.0.0.1:8000/admin_eTiOmEthelInEwathbace/
Now you do not want to publish this secret_key, therefore get it from an environment variable with for example decouple, so urls.py then becomes
from decouple import config
SECRET_ADMIN = config('SECRET_ADMIN')
urlpatterns = [
path(f'admin_{SECRET_ADMIN}/', admin.site.urls,),
]
If you want to prevent brute force or dictionary attack and your admin login page not accessible for unauthorized user,normal user. please follow this step:
First install django admin honeypot and signal
pip install django-admin-honeypot(inastall in settings.py)
pip install django-honeypot-signals(inastall in settings.py)
override this .txt file(because future tag is deprecated):
templates/honeypot_signals/notification.txt:
{% load i18n %}
{% blocktrans with site_name=site.name %}
{% endblocktrans %}
Invalid login attempt from your duplicate ADMIN panel..
• Review entry at http://{{ site.domain }}{% url "admin:admin_honeypot_loginattempt_change" object.id %}
Username: {{ object.username }}
IP: {{ object.ip_address }}
Timestamp: {{ object.timestamp }}
django-admin-honeypot make a fake admin login page and django honeypot signal send email to admin with credentials if any person try to access your fake admin login page.
How to access main admin login page?:
pip install django-decorator-include
Your main urls.py:
from django.contrib import admin
from django.urls import path
from django.urls.conf import include
from . import settings
from decorator_include import decorator_include
from django.contrib.auth.decorators import login_required, user_passes_test
from django.core.exceptions import PermissionDenied
from django.core.mail.message import EmailMessage
from datetime import datetime
from django.views.generic.base import RedirectView
def only_user():
def check(user):
if user.is_authenticated and user.is_superuser or user.is_staff:
return True
time = datetime.now()
message = f'----------------------------------\nName: {user.username}\nEmail: {user.email}\nTime: {time}.\n----------------------------------\n • {user.username} is not a staff user or admin.For some security reasons..Please block this user from your admin panel(Blacklist).'
email = EmailMessage(
f'📛📛📛Alert!! {user.username} is try to accessing your admin panel!!',
message,
settings.EMAIL_HOST_USER,
[settings.EMAIL_HOST_USER],
)
email.fail_silently = False
email.send()
raise PermissionDenied
return user_passes_test(check)
urlpatterns = [
path('', include('product.urls')),
#This is all fake admin urls...
path('admin/', include('admin_honeypot.urls',
namespace='admin_honeypot')),
path('site/admin/',RedirectView.as_view(url='/admin')),
path('user/admin/',RedirectView.as_view(url='/admin')),
path('secure/admin/',RedirectView.as_view(url='/admin')),
path('mysite/admin/',RedirectView.as_view(url='/admin')),
path('admin/secure',RedirectView.as_view(url='/admin')),
path('real/admin/',RedirectView.as_view(url='/admin')),
#This is real admin login page url
path('custom_url/',
decorator_include([login_required, only_user()],
admin.site.urls)),
]
For this way you can not access directly your admin login page.. first you need to login your website and then accessible your admin panel..
How to protect website's login page from the attackers?:
- Use django defender (https://django-defender.readthedocs.io/en/latest/)
---------------------OR-------------------------
- Use google hidden(ReCaptchaV2Invisible) recaptcha field
(https://pypi.org/project/django-recaptcha/)
If any unauthorized users terrible activity detected.You block their IP address or username by using this django package:
pip install django-blacklist
Read docs : django-blacklist
•sorry for my English
I successfully run the example from The missing django-allauth tutorial to login with facebook, but now I have this error when I try to install django-allauth from scratch:
Given URL is not allowed by the Application configuration
In facebook, my site URL is set to http://127.0.0.1:8000/, this works for the example but not my app.
Where can the error come from?
I also don't understand the "sites" field in Django administration: Home › Socialaccount › Social apps › AppName. It is set to example.com by default, I don't know what to set here, although it works fine with example.com for the example...
Just for info, here is the example's main urls.py
from django.conf.urls import patterns, include, url
from django.contrib import admin
admin.autodiscover()
urlpatterns = patterns(
'',
# prevent the extra are-you-sure-you-want-to-logout step on logout
(r'^accounts/logout/$', 'django.contrib.auth.views.logout', {'next_page': '/'}),
url(r'^', include('larb.urls')),
url(r'^accounts/', include('allauth.urls')),
url(r'^admin/', include(admin.site.urls)),
)
and urls.py for larb:
from django.conf.urls import patterns, url
from larb import views
urlpatterns = patterns('',
url(r'^$', views.index, name='index')
)
and my unique main urls.py
from django.conf.urls import patterns, include, url
from django.contrib import admin
from django.views.generic.base import TemplateView
from django.conf.urls.static import static
from django.contrib.staticfiles.urls import staticfiles_urlpatterns
from Romanesco import settings
admin.autodiscover()
urlpatterns = patterns('',
url(r'^$', 'draw.views.index'),
url(r'^accounts/', include('allauth.urls')),
url(r'^admin/', include(admin.site.urls)),
)
I have noticed a difference, in the example the facebook button links to href="/accounts/facebook/login/" ; whereas in the default login page (when it fails) it's href="javascript:allauth.facebook.login('', 'authenticate', 'login')".
If I go to http://127.0.0.1:8000/accounts/facebook/login/ manually it works!
In your browser, change http://127.0.0.1:8000/ to localhost:8000/
That should fix the problem.
Still under platform website, change site URL to http://localhost:8000/
In parameter of your Facebook application (https://developers.facebook.com/x/apps/.../settings/advanced/) be sure to add a platform Website and add url: http://127.0.0.1:8000/
And after in advanced (still on parameter) put "Embedded browser OAuth Login" and "Client OAuth Login" on !
EDIT:
Ok so you need to add http://127.0.0.1:8000 in your admin site and after you go on each social app and add localhost on site field and not to example.