Override django password reset url sent from email, and make it one time usable

Hello everyone

I created a project with django internal authentication system.
But with this system I have a problem, in the forgot password part of that, django create a link. But that link is multiple times usable.
I want make that one time usable and after that one time used that link I show “this link is already used.”
If anybody here could help me, please tell me how can I implement this feature.

It’s only usable multiple times if the password has not been changed. Once the password is changed, the token is no longer valid.

Thanks for your reply

Yes, you’re right. But after changing password in the specified time interval.
I want. It’s one time usable such as just work in the first click or opening the specified link. And after that, I want link expires.
More specific I want link expires after first opening not after password changing. :pray:t2:

Well, that may seem like a good idea, but you need to consider a few scenarios.
From what you described it seems that you would be modifying some data when the user opens the link, thus being a GET request, you shouldn’t change data on a GET request, because imagine if the user:

  • Hits the refresh button;
  • Some email services may do some link checks, and issue a GET/HEAD request to the link you provided.

In these scenarios your end-user would need to send another reset link, making a terrible UX and also going against some conventions.

1 Like