change-password

I don't want to have the security question and answer feature that ASP.Net Membership Provider gives, but I DO want to enable a lost/forgotten password page. This page would be where a user would enter his/her email address and an email would be sent to that address if the user was registered for them to reset their password via a link sent to that registered email address I've created the custom table to track such requests, the random key assigned to the request as well as an expiry date on the request. However in writing the code to actually reset the password, I realised that there doesn't

Right now, this is how the password is changed within a user profile. What is the best way of converting this to a class based view knowing that there is no model involved? This is the view for changing the password @login_required def profile_change_password(request): """ Change password of user. """ user = get_object_or_404(User, username__iexact=request.user.username) if request.method == 'POST': form = PasswordChangeFormPrivate(user=user, data=request.POST) if form.is_valid(): form.save() messages.add_message (request, messages.INFO, _('password changed')) return HttpResponseRedirect

What would be the most elegant way of implementing a force password change upon user's initial login using Spring Security? I tried implementing a custom AuthenticationSuccessHandler as mentioned here , but as mentioned by rodrigoap , if a user manually inputs the URL at the address bar, the user will still be able to proceed to that page even if he didn't change his password. I did this with a filter ForceChangePasswordFilter. Because if the user types the url by hand they can bypass the change password form. With the filter the request always get intercepted. As such, I proceeded with