Password reset key is never valid

[John Dulaney]

Hi, there!

So, it seems that there are a few problems going on with password reset.

It seems that generating a key is just fine, but, when one attempts to use the key as supplied in the email, a few things fail:

   def dispatch(self, request, uidb36, key, **kwargs):
        self.request = request
        self.key = key

        if self.key == INTERNAL_RESET_URL_KEY:

This will always evaluate to false because self.key is actually <uidb36>-<INTERNAL_RESET_URL_KEY>.

If I work around that by:

if self.key == str('{0}-{1}').format(uidb36, INTERNAL_RESET_URL_KEY):

Eventually, I get a key that matches the originally generated key.

However, despite this, the actual reset form never displays.  The uri gets set to account/password/reset/key/4-set-password/ and we get:

{'action_url': '/account/password/reset/key/4-set-password/', 'form': <ResetPasswordKeyForm bound=False, valid=False, fields=(password1;password2)>, 'token_fail': True, 'view': <allauth.account.views.PasswordResetFromKeyView object at 0x7f7ca3f7f278>}

This is without me touching the PasswordResetFromKeyView at all from my own code.  In fact, I don't even touch the url there, instead relying on included urls (which seem to work otherwise)

Is this something that I may possibly be doing wrong, or is this truly a bug?