Allow password reset without being authenticated

[nittolese]

Problem

Only authenticated users can request a password reset, as described here: #67

Solution

Adding authentication_classes to views.

[nittolese]

Hey @nezhar , any update on this?
Can I ask why you need to be logged in to request a reset password? Seems non-sense to me!

Thank you!

[nezhar]

Hi @nittolese,

Thanks for your contribution and sorry it took so long. Of course you don't need to be authenticated 😄

There are no permission_classes defined, so I can only asume some custom authentication_classes lead to this behavior. Can you maybe provide your definition of DEFAULT_AUTHENTICATION_CLASSES so I may try to reproduce this also in a test case.

[nittolese]

Hey @nezhar ,
Here is my default authentication classes in settings.py

"DEFAULT_AUTHENTICATION_CLASSES": (
    "rest_framework.authentication.SessionAuthentication",
    "rest_framework.authentication.BasicAuthentication",
    "rest_framework.authentication.TokenAuthentication",
    "rest_framework_simplejwt.authentication.JWTAuthentication",
),

[nezhar]

Hey @nittolese,

I'm not able to reproduce this in a test, but at the same time I see no reason why we should allow any authentication_classes at this stage in the password reset, so I will add this in the next release.

Thanks again