Projet

Général

Profil

0001-views-better-display-password-reset-instructions-380.patch

Valentin Deniaud, 08 janvier 2020 12:07

Télécharger (6,7 ko)

Voir les différences: 

Subject: [PATCH] views: better display password reset instructions (#38054)


 .../password_reset_instructions.html          | 37 +++++++++++++++++++
 src/authentic2/urls.py                        |  3 ++
 src/authentic2/views.py                       | 20 ++++++----
 tests/test_password_reset.py                  | 14 +++----
 4 files changed, 58 insertions(+), 16 deletions(-)
 create mode 100644 src/authentic2/templates/registration/password_reset_instructions.html
src/authentic2/templates/registration/password_reset_instructions.html
1 
{% extends "authentic2/base-page.html" %}
2 
{% load i18n gadjo %}
3 

  		




  
  4
  
    
{% block page-title %}

  		




  
  5
  
    
  {% trans "Password reset instructions" %}

  		




  
  6
  
    
{% endblock %}

  		




  
  7
  
    

  		




  
  8
  
    
{% block content %}

  		




  
  9
  
    
  <p><strong>

  		




  
  10
  
    
    {% blocktrans with email=request.session.reset_email %}

  		




  
  11
  
    
      If your email address exists in ou database, an email has been sent to {{ email }}.

  		




  
  12
  
    
    {% endblocktrans %}

  		




  
  13
  
    
  </strong></p>

  		




  
  14
  
    
  <p><strong>

  		




  
  15
  
    
    {% blocktrans %}

  		




  
  16
  
    
      Follow the instructions in this email in order to choose a new password.

  		




  
  17
  
    
    {% endblocktrans %}

  		




  
  18
  
    
  </strong></p>

  		




  
  19
  
    
  {% block advice %}

  		




  
  20
  
    
    <p>

  		




  
  21
  
    
    {% blocktrans %}

  		




  
  22
  
    
      The email may take several minutes to be received. It can also be

  		




  
  23
  
    
      considered as spam: please look in your "junk mail" folder.

  		




  
  24
  
    
    {% endblocktrans %}

  		




  
  25
  
    
    </p>

  		




  
  26
  
    
    <p>

  		




  
  27
  
    
    {% blocktrans %}

  		




  
  28
  
    
      If you still have not received the instructions, add "{{from_email_address}}"

  		




  
  29
  
    
      to your address book or authorized sender list, and then repeat the

  		




  
  30
  
    
      registration process.

  		




  
  31
  
    
    {% endblocktrans %}

  		




  
  32
  
    
  {% endblock %}

  		




  
  33
  
    
    </p>

  		




  
  34
  
    
    {% block back %}

  		




  
  35
  
    
      <p><a href="{% url 'auth_login' %}">{% trans "Back to login" %}</a></p>

  		




  
  36
  
    
    {% endblock %}

  		




  
  37
  
    
{% endblock %}

  		












  

    
      src/authentic2/urls.py
    
  





  81
  81
  
    
    url(r'^password/reset/$',

  		




  82
  82
  
    
        views.password_reset,

  		




  83
  83
  
    
        name='password_reset'),

  		




  
  84
  
    
    url(r'^password/reset/instructions/$',

  		




  
  85
  
    
        views.password_reset_instructions,

  		




  
  86
  
    
        name='password_reset_instructions'),

  		




  84
  87
  
    

  		




  85
  88
  
    
    # Legacy, only there to provide old view names to resolver

  		




  86
  89
  
    
    url(r'^password/change/$',

  		












  

    
      src/authentic2/views.py
    
  





  626
  626
  
    
    return HttpResponseRedirect(request.get_full_path())

  		




  627
  627
  
    

  		




  628
  628
  
    

  		




  629
  
  
    
class PasswordResetView(cbv.NextURLViewMixin, FormView):

  		




  
  629
  
    
class PasswordResetView(FormView):

  		




  630
  630
  
    
    '''Ask for an email and send a password reset link by mail'''

  		




  631
  631
  
    
    form_class = passwords_forms.PasswordResetForm

  		




  632
  632
  
    
    title = _('Password Reset')

  		




  633
  
  
    
    next_url_default = '/'

  		




  
  633
  
    

  		




  
  634
  
    
    def get_success_url(self):

  		




  
  635
  
    
        return reverse('password_reset_instructions')

  		




  634
  636
  
    

  		




  635
  637
  
    
    def get_template_names(self):

  		




  636
  638
  
    
        return [

  		




  ......




  649
  651
  
    
        if app_settings.A2_USER_CAN_RESET_PASSWORD is False:

  		




  650
  652
  
    
            raise Http404('Password reset is not allowed.')

  		




  651
  653
  
    
        ctx['title'] = _('Password reset')

  		




  
  654
  
    
        ctx['from_email_address'] = parseaddr(settings.DEFAULT_FROM_EMAIL)[1]

  		




  652
  655
  
    
        return ctx

  		




  653
  656
  
    

  		




  654
  657
  
    
    def form_valid(self, form):

  		




  655
  658
  
    
        form.save()

  		




  656
  
  
    
        # return to next URL

  		




  657
  
  
    
        messages.info(self.request, _('If your email address exists in our '

  		




  658
  
  
    
                                      'database, you will receive an email '

  		




  659
  
  
    
                                      'containing instructions to reset '

  		




  660
  
  
    
                                      'your password'))

  		




  
  659
  
    
        self.request.session['reset_email'] = form.cleaned_data['email']

  		




  661
  660
  
    
        return super(PasswordResetView, self).form_valid(form)

  		




  662
  661
  
    

  		




  663
  662
  
    
password_reset = PasswordResetView.as_view()

  		




  664
  663
  
    

  		




  665
  664
  
    

  		




  
  665
  
    
class PasswordResetInstructionsView(TemplateView):

  		




  
  666
  
    
    template_name = 'registration/password_reset_instructions.html'

  		




  
  667
  
    

  		




  
  668
  
    

  		




  
  669
  
    
password_reset_instructions = PasswordResetInstructionsView.as_view()

  		




  
  670
  
    

  		




  
  671
  
    

  		




  666
  672
  
    
class PasswordResetConfirmView(cbv.RedirectToNextURLViewMixin, FormView):

  		




  667
  673
  
    
    '''Validate password reset link, show a set password form and login

  		




  668
  674
  
    
       the user.

  		












  

    
      tests/test_password_reset.py
    
  





  40
  40
  
    

  		




  41
  41
  
    

  		




  42
  42
  
    
def test_view(app, simple_user, mailoutbox):

  		




  43
  
  
    
    url = reverse('password_reset') + '?next=/moncul/'

  		




  
  43
  
    
    url = reverse('password_reset')

  		




  44
  44
  
    
    resp = app.get(url, status=200)

  		




  45
  45
  
    
    resp.form.set('email', simple_user.email)

  		




  46
  46
  
    
    assert len(mailoutbox) == 0

  		




  47
  47
  
    
    resp = resp.form.submit()

  		




  48
  
  
    
    assert resp['Location'].endswith('/moncul/')

  		




  
  48
  
    
    assert resp['Location'].endswith('/instructions/')

  		




  49
  49
  
    
    assert len(mailoutbox) == 1

  		




  50
  50
  
    
    url = utils.get_link_from_mail(mailoutbox[0])

  		




  51
  51
  
    
    relative_url = url.split('testserver')[1]

  		




  ......




  55
  55
  
    
    resp = resp.form.submit()

  		




  56
  56
  
    
    # verify user is logged

  		




  57
  57
  
    
    assert str(app.session['_auth_user_id']) == str(simple_user.pk)

  		




  58
  
  
    
    # verify next_url was kept

  		




  59
  
  
    
    assert resp['Location'].endswith('/moncul/')

  		




  60
  58
  
    

  		




  61
  59
  
    
    with override_settings(A2_USER_CAN_RESET_PASSWORD=False):

  		




  62
  
  
    
        url = reverse('password_reset') + '?next=/moncul/'

  		




  
  60
  
    
        url = reverse('password_reset')

  		




  63
  61
  
    
        app.get(url, status=404)

  		




  64
  62
  
    

  		




  65
  63
  
    
def test_user_filter(app, simple_user, mailoutbox, settings):

  		




  66
  64
  
    
    settings.A2_USER_FILTER = {'username': 'xxx'}  # will not match simple_user

  		




  67
  65
  
    

  		




  68
  
  
    
    url = reverse('password_reset') + '?next=/moncul/'

  		




  
  66
  
    
    url = reverse('password_reset')

  		




  69
  67
  
    
    resp = app.get(url, status=200)

  		




  70
  68
  
    
    resp.form.set('email', simple_user.email)

  		




  71
  69
  
    
    assert len(mailoutbox) == 0

  		




  72
  70
  
    
    resp = resp.form.submit()

  		




  73
  
  
    
    assert resp['Location'].endswith('/moncul/')

  		




  74
  71
  
    
    assert len(mailoutbox) == 0

  		




  75
  72
  
    

  		




  76
  73
  
    

  		




  77
  74
  
    
def test_user_exclude(app, simple_user, mailoutbox, settings):

  		




  78
  75
  
    
    settings.A2_USER_EXCLUDE = {'username': simple_user.username}  # will not match simple_user

  		




  79
  76
  
    

  		




  80
  
  
    
    url = reverse('password_reset') + '?next=/moncul/'

  		




  
  77
  
    
    url = reverse('password_reset')

  		




  81
  78
  
    
    resp = app.get(url, status=200)

  		




  82
  79
  
    
    resp.form.set('email', simple_user.email)

  		




  83
  80
  
    
    assert len(mailoutbox) == 0

  		




  84
  81
  
    
    resp = resp.form.submit()

  		




  85
  
  
    
    assert resp['Location'].endswith('/moncul/')

  		




  86
  82
  
    
    assert len(mailoutbox) == 0

  		




  87
  
  
    
-