0001-misc-don-t-display-password-reset-view-when-disabled.patch
| src/authentic2/profile_views.py | ||
|---|---|---|
| 3 | 3 |
from django.views.generic import FormView |
| 4 | 4 |
from django.contrib import messages |
| 5 | 5 |
from django.contrib.auth import get_user_model, REDIRECT_FIELD_NAME, authenticate |
| 6 |
from django.http import Http404 |
|
| 6 | 7 |
from django.utils.translation import ugettext as _ |
| 7 | 8 |
from django.utils.http import urlsafe_base64_decode |
| 8 | 9 | |
| 9 | 10 |
from .compat import default_token_generator |
| 10 | 11 |
from .registration_backend.forms import SetPasswordForm |
| 11 |
from . import cbv, profile_forms, utils, hooks |
|
| 12 |
from . import app_settings, cbv, profile_forms, utils, hooks
|
|
| 12 | 13 | |
| 13 | 14 | |
| 14 | 15 |
class PasswordResetView(cbv.NextURLViewMixin, FormView): |
| ... | ... | |
| 30 | 31 | |
| 31 | 32 |
def get_context_data(self, **kwargs): |
| 32 | 33 |
ctx = super(PasswordResetView, self).get_context_data(**kwargs) |
| 34 |
if app_settings.A2_USER_CAN_RESET_PASSWORD is False: |
|
| 35 |
raise Http404('Password reset is not allowed.')
|
|
| 33 | 36 |
ctx['title'] = _('Password reset')
|
| 34 | 37 |
return ctx |
| 35 | 38 | |
| tests/test_password_reset.py | ||
|---|---|---|
| 1 | 1 |
from django.core.urlresolvers import reverse |
| 2 |
from django.test.utils import override_settings |
|
| 2 | 3 | |
| 3 | 4 |
import utils |
| 4 | 5 | |
| ... | ... | |
| 42 | 43 |
# verify next_url was kept |
| 43 | 44 |
assert resp['Location'].endswith('/moncul/')
|
| 44 | 45 | |
| 46 |
with override_settings(A2_USER_CAN_RESET_PASSWORD=False): |
|
| 47 |
url = reverse('password_reset') + '?next=/moncul/'
|
|
| 48 |
app.get(url, status=404) |
|
| 45 | 49 | |
| 46 | 50 |
def test_user_filter(app, simple_user, mailoutbox, settings): |
| 47 | 51 |
settings.A2_USER_FILTER = {'username': 'xxx'} # will not match simple_user
|
| 48 |
- |
|