0001-Allow-users-to-provide-their-email-or-username-for-p.patch

     from django.contrib.auth import forms as auth_forms
     from django.core.exceptions import ValidationError
     from django.db.models import Q
     from django.forms import Form
     from django import forms
     from django.utils.translation import ugettext_lazy as _
-...
     class PasswordResetForm(forms.Form):
         next_url = forms.CharField(widget=forms.HiddenInput, required=False)
         email = ValidatedEmailField(
             label=_("Email"), max_length=254)
         email_or_username = forms.CharField(
             label=_("Email or username"), max_length=254)
         def save(self):
             """
             Generates a one-use only link for resetting password and sends to the
             user.
             """
             email = self.cleaned_data["email"].strip()
             email_or_username = self.cleaned_data["email_or_username"].strip()
             users = get_user_queryset()
             active_users = users.filter(email__iexact=email, is_active=True)
             active_users = users.filter(Q(email__iexact=email_or_username) | Q(username__iexact=email_or_username), is_active=True)
             for user in active_users:
                 # we don't set the password to a random string, as some users should not have
                 # a password
-...
                     set_random_password=set_random_password,
                     next_url=self.cleaned_data.get('next_url'))
             if not active_users:
                 logger.info(u'password reset request for "%s", no user found', email)
             hooks.call_hooks('event', name='password-reset', email=email, users=active_users)
                 logger.info(u'password reset request for "%s", no user found', email_or_username)
             hooks.call_hooks('event', name='password-reset', email_or_username=email_or_username, users=active_users)
     class PasswordResetMixin(Form):

         label = _('password reset failure')
         @classmethod
         def record(cls, email):
             super().record(data={'email': email})
         def record(cls, email_or_username):
             super().record(data={'email_or_username': email_or_username})
         @classmethod
         def get_message(cls, event, context):
             email = event.get_data('email')
             email_or_username = event.get_data('email_or_username')
             if email:
                 return _('password reset failure with email "%s"') % email
                 return _('password reset failure with email (or username) "%s"') % email_or_username
             return super().get_message(event, context)

     msgstr ""
     "Project-Id-Version: Authentic\n"
     "Report-Msgid-Bugs-To: \n"
     "POT-Creation-Date: 2020-11-23 10:34+0100\n"
     "POT-Creation-Date: 2020-12-04 13:46+0100\n"
     "PO-Revision-Date: 2020-10-13 11:25+0200\n"
     "Last-Translator: Mikaël Ates <mates@entrouvert.com>\n"
     "Language-Team: None\n"
-...
     "Content-Transfer-Encoding: 8bit\n"
     "Plural-Forms: nplurals=2; plural=n>1;\n"
     #: debian/multitenant/debian_config.py:40 src/authentic2/forms/passwords.py:39
     #: debian/multitenant/debian_config.py:40
     #: src/authentic2/forms/registration.py:40 src/authentic2/manager/forms.py:644
     #: src/authentic2/manager/templates/authentic2/manager/user_create_registration_email_body.txt:4
     #: src/authentic2/saml/models.py:134
-...
     msgid "The image is not valid"
     msgstr "L’image n’est pas valide"
     #: src/authentic2/forms/passwords.py:95 src/authentic2/forms/passwords.py:108
     #: src/authentic2/forms/passwords.py:40
     msgid "Email or username"
     msgstr "Courriel ou nom d'utilisateur"
     #: src/authentic2/forms/passwords.py:96 src/authentic2/forms/passwords.py:109
     msgid "New password"
     msgstr "Nouveau mot de passe"
     #: src/authentic2/forms/passwords.py:96 src/authentic2/forms/passwords.py:109
     #: src/authentic2/forms/passwords.py:97 src/authentic2/forms/passwords.py:110
     msgid "New password confirmation"
     msgstr "Confirmation du nouveau mot de passe"
     #: src/authentic2/forms/passwords.py:101 src/authentic2/forms/passwords.py:115
     #: src/authentic2/forms/passwords.py:102 src/authentic2/forms/passwords.py:116
     msgid "New password must differ from old password"
     msgstr "Le nouveau mot de passe doit être différent de l’ancien."
     #: src/authentic2/forms/passwords.py:107
     #: src/authentic2/forms/passwords.py:108
     msgid "Old password"
     msgstr "Ancien mot de passe"
-...
     #: src/authentic2/journal_event_types.py:182
     #, python-format
     msgid "password reset failure with email \"%s\""
     msgid "password reset failure with email (or username) \"%s\""
     msgstr ""
     "échec de réinitialisation du mot de passe pour l’adresse de courriel « %s »"
     "échec de réinitialisation du mot de passe pour l’adresse de courriel (ou le "
     "nom d'utilisateur) « %s »"
     #: src/authentic2/journal_event_types.py:188
     msgid "password change"
-...
     msgstr "Déconnecté"
     #: src/authentic2/templates/registration/password_change_done.html:9
     #: src/authentic2/views.py:1302
     #: src/authentic2/views.py:1303
     msgid "Password changed"
     msgstr "Mot de passe modifié"
-...
     msgstr "Instructions de réinitialisation du mot de passe"
     #: src/authentic2/templates/registration/password_reset_instructions.html:10
     #, python-format
     msgid ""
     "\n"
     "    If your email address exists in our database, an email has been sent to "
     "%(email)s.\n"
     "    If a user account exists in our database with your email address (or "
     "your\n"
     "    username), an email has been sent to you.\n"
     "    "
     msgstr ""
     "\n"
     "    Si votre adresse électronique est présente dans notre base, un courriel "
     "a été envoyé à %(email)s.\n"
     "    Si un compte utilisateur est présent dans notre base avec votre adresse "
     "électronique (ou votre nom d'utilisateur), un courriel vous a été envoyé.\n"
     "    "
     #: src/authentic2/templates/registration/password_reset_instructions.html:15
     #: src/authentic2/templates/registration/password_reset_instructions.html:16
     msgid ""
     "\n"
     "    Follow the instructions in this email in order to choose a new "
-...
     "de passe.\n"
     "    "
     #: src/authentic2/templates/registration/password_reset_instructions.html:21
     #: src/authentic2/templates/registration/password_reset_instructions.html:22
     #: src/authentic2/templates/registration/registration_complete.html:23
     msgid ""
     "\n"
-...
     "    également être considéré comme un pourriel (spam) : n’oubliez pas\n"
     "    de regarder dans votre dossier « courriers indésirables ».        "
     #: src/authentic2/templates/registration/password_reset_instructions.html:27
     #: src/authentic2/templates/registration/password_reset_instructions.html:28
     #, python-format
     msgid ""
     "\n"
-...
     "    puis recommencez la procédure de réinitialisation du mot de passe.\n"
     "    "
     #: src/authentic2/templates/registration/password_reset_instructions.html:35
     #: src/authentic2/templates/registration/password_reset_instructions.html:36
     msgid "Back to login"
     msgstr "Retour à la page de connexion"
-...
     #: src/authentic2/templates/registration/registration_completion_choose.html:5
     #: src/authentic2/templates/registration/registration_completion_form.html:5
     #: src/authentic2/templates/registration/registration_completion_form.html:10
     #: src/authentic2/views.py:800
     #: src/authentic2/views.py:801
     msgid "Registration"
     msgstr "Création d’un compte"
-...
     "Cette page est périmée car vous vous êtes connecté entretemps; nous l’avons "
     "rechargée pour vous."
     #: src/authentic2/views.py:645 src/authentic2/views.py:730
     #: src/authentic2/views.py:645 src/authentic2/views.py:731
     msgid "Password Reset"
     msgstr "Réinitialisation du mot de passe"
     #: src/authentic2/views.py:681 src/authentic2/views.py:834
     #, python-format
     #: src/authentic2/views.py:682
     msgid ""
     "An email has already been sent to %s. Click \"Validate\" again if you really "
     "want it to be sent again."
     "An email has already been sent to your address. Click \"Validate\" again if "
     "you really want it to be sent again."
     msgstr ""
     "Un courriel a déjà été envoyé à %s. Cliquez sur « Valider » si vous voulez "
     "vraiment qu’il soit réenvoyé."
     "Un courriel a déjà été envoyé à votre adresse. Cliquez sur « Valider » si "
     "vous voulez vraiment qu’il soit réenvoyé."
     #: src/authentic2/views.py:692 src/authentic2/views.py:844
     #: src/authentic2/views.py:693 src/authentic2/views.py:845
     msgid ""
     "Multiple emails have already been sent to this address. Further attempts are "
     "blocked, please check your spam folder or try again later."
-...
     "envois sont bloqués, vous devriez vérifier votre dossier d’indésirables "
     "(spams, pourriels) ou réessayer plus tard."
     #: src/authentic2/views.py:701
     #: src/authentic2/views.py:702
     msgid ""
     "Multiple password reset attempts have already been made from this IP "
     "address. No further email will be sent, please check your spam folder or try "
-...
     "devriez vérifier votre dossier d’indésirables (spams, pourriels) ou "
     "réessayer plus tard."
     #: src/authentic2/views.py:743
     #: src/authentic2/views.py:744
     msgid "Password reset token is unknown or expired"
     msgstr "Le jeton de réinitialisation de mot de passe est inconnu ou expiré"
     #: src/authentic2/views.py:746
     #: src/authentic2/views.py:747
     msgid "Password reset token is invalid"
     msgstr "Le jeton de réinitialisation de mot de passe est invalide"
     #: src/authentic2/views.py:754
     #: src/authentic2/views.py:755
     msgid "User not found"
     msgstr "Utilisateur introuvable"
     #: src/authentic2/views.py:763
     #: src/authentic2/views.py:764
     msgid ""
     "It's not possible to reset your password. Please contact an administrator."
     msgstr ""
     "Votre mot de passe n’a pas pu être réinitialisé. Veuillez contacter votre "
     "administrateur."
     #: src/authentic2/views.py:770
     #: src/authentic2/views.py:771
     msgid "Enter new password"
     msgstr "Entrez un nouveau mot de passe"
     #: src/authentic2/views.py:852
     #: src/authentic2/views.py:835
     #, python-format
     msgid ""
     "An email has already been sent to %s. Click \"Validate\" again if you really "
     "want it to be sent again."
     msgstr ""
     "Un courriel a déjà été envoyé à %s. Cliquez sur « Valider » si vous voulez "
     "vraiment qu’il soit réenvoyé."
     #: src/authentic2/views.py:853
     msgid ""
     "Multiple registration attempts have already been made from this IP address. "
     "No further email will be sent, please check your spam folder or try again "
-...
     "vérifier votre dossier d’indésirables (spams, pourriels) ou réessayer plus "
     "tard."
     #: src/authentic2/views.py:921
     #: src/authentic2/views.py:922
     msgid "Your activation key is unknown or expired"
     msgstr "Votre clé d’activation est inconnue ou a expiré"
     #: src/authentic2/views.py:924
     #: src/authentic2/views.py:925
     msgid "Activation failed"
     msgstr "Échec à l’activation du compte"
     #: src/authentic2/views.py:1186
     #: src/authentic2/views.py:1187
     msgid "Request account deletion"
     msgstr "Demande de suppression de compte"
     #: src/authentic2/views.py:1198
     #: src/authentic2/views.py:1199
     msgid ""
     "An account deletion validation email has been sent to your email address."
     msgstr ""
     "Un message pour valider la suppression du compte a été envoyé à votre "
     "adresse électronique."
     #: src/authentic2/views.py:1209
     #: src/authentic2/views.py:1210
     msgid "Confirm account deletion"
     msgstr "Confirmation de la suppression du compte"
     #: src/authentic2/views.py:1221 src/authentic2/views.py:1235
     #: src/authentic2/views.py:1222 src/authentic2/views.py:1236
     msgid "This account has previously been deleted."
     msgstr "Ce compte a déjà été supprimé."
     #: src/authentic2/views.py:1224
     #: src/authentic2/views.py:1225
     msgid "This account is inactive, it cannot be deleted."
     msgstr "Ce compte est désactivé, il ne peut plus être supprimé."
     #: src/authentic2/views.py:1227
     #: src/authentic2/views.py:1228
     msgid "The account deletion request is too old, try again"
     msgstr "La demande de suppression de compte est expirée."
     #: src/authentic2/views.py:1229
     #: src/authentic2/views.py:1230
     msgid "The account deletion request is invalid, try again"
     msgstr "La demande de suppression de compte n’est pas valide."
     #: src/authentic2/views.py:1231
     #: src/authentic2/views.py:1232
     msgid "The account deletion request was not on this site, try again"
     msgstr ""
     "Votre demande de suppression de compte vient d’un autre site que celui-ci."
     #: src/authentic2/views.py:1255
     #: src/authentic2/views.py:1256
     msgid "Deletion performed."
     msgstr "Suppression effectuée."
     #: src/authentic2/views.py:1280
     #: src/authentic2/views.py:1281
     msgid "Password Change"
     msgstr "Changement de mot de passe"
     #: src/authentic2/views.py:1291
     #: src/authentic2/views.py:1292
     msgid "Password change is forbidden"
     msgstr "Changement de mot de passe interdit"
     #: src/authentic2/views.py:1336
     #: src/authentic2/views.py:1337
     msgid "Consent Management"
     msgstr "Gestion des autorisations"

     {% block content %}
       <p><strong>
         {% blocktrans with email=request.session.reset_email %}
         If your email address exists in our database, an email has been sent to {{ email }}.
         {% blocktrans %}
         If a user account exists in our database with your email address (or your
         username), an email has been sent to you.
         {% endblocktrans %}
       </strong></p>
       <p><strong>

             user.save()
         lifetime = settings.PASSWORD_RESET_TIMEOUT_DAYS * 3600 * 24
         # invalidate any token associated with this user
         Token.objects.filter(kind='pw-reset', content__user=user.pk, content__email=user.email).delete()
         token = Token.create('pw-reset', {'user': user.pk, 'email': user.email}, duration=lifetime)
         Token.objects.filter(kind='pw-reset', content__user=user.pk, content__email=user.email, content__username=user.username).delete()
         token = Token.create('pw-reset', {'user': user.pk, 'email': user.email, 'username': user.username}, duration=lifetime)
         reset_url = make_url(
             'password_reset_confirm',
             kwargs={'token': token.uuid_b64url},

             return ctx
         def form_valid(self, form):
             email = form.cleaned_data['email']
             email_or_username = form.cleaned_data['email_or_username']
             # if an email has already been sent, warn once before allowing resend
             token = models.Token.objects.filter(
                 kind='pw-reset', content__email=email, expires__gt=timezone.now()
                 Q(content__email=email_or_username) | Q(content__username=email_or_username),
                 kind='pw-reset', expires__gt=timezone.now()
             ).exists()
             resend_key = 'pw-reset-allow-resend'
             if app_settings.A2_TOKEN_EXISTS_WARNING and token and not self.request.session.get(resend_key):
                 self.request.session[resend_key] = True
                 form.add_error(
                     'email',
                     _('An email has already been sent to %s. Click "Validate" again if '
                       'you really want it to be sent again.') % email
                     'email_or_username',
                     _('An email has already been sent to your address. Click "Validate" again if '
                       'you really want it to be sent again.')
+                )
                 return self.form_invalid(form)
             self.request.session[resend_key] = False
             if is_ratelimited(self.request, key='post:email', group='pw-reset-email',
             if is_ratelimited(self.request, key='post:email_or_username', group='pw-reset-email-or-username',
                               rate=app_settings.A2_EMAILS_ADDRESS_RATELIMIT, increment=True):
                 self.request.journal.record('user.password.reset.failure', email=email)
                 self.request.journal.record('user.password.reset.failure', email_or_username=email_or_username)
                 form.add_error(
                     'email',
                     'email_or_username',
                     _('Multiple emails have already been sent to this address. Further attempts are '
                       'blocked, please check your spam folder or try again later.')
+                )
                 return self.form_invalid(form)
             if is_ratelimited(self.request, key='ip', group='pw-reset-email',
             if is_ratelimited(self.request, key='ip', group='pw-reset-email-or-username',
                               rate=app_settings.A2_EMAILS_IP_RATELIMIT, increment=True):
                 self.request.journal.record('user.password.reset.failure', email=email)
                 self.request.journal.record('user.password.reset.failure', email_or_username=email_or_username)
                 form.add_error(
                     'email',
                     'email_or_username',
                     _('Multiple password reset attempts have already been made from this IP address. No '
                       'further email will be sent, please check your spam folder or try again later.')
+                )
                 return self.form_invalid(form)
             form.save()
             self.request.session['reset_email'] = email
             self.request.session['reset_email_or_username'] = email_or_username
             return super(PasswordResetView, self).form_valid(form)
     password_reset = PasswordResetView.as_view()

         # No FC account, forbidden to set a password
         response = app.get('/login/')
         response = response.click('Reset it!').maybe_follow()
         response.form['email'] = user.email
         response.form['email_or_username'] = user.email
         assert len(mailoutbox) == 0
         response = response.form.submit()
         assert len(mailoutbox) == 1
-...
         models.FcAccount.objects.create(user=user, sub='xxx', token='aaa')
         response = app.get('/login/')
         response = response.click('Reset it!').maybe_follow()
         response.form['email'] = user.email
         response.form['email_or_username'] = user.email
         assert len(mailoutbox) == 1
         response = response.form.submit()
         assert len(mailoutbox) == 2

         else:
             response = response.maybe_follow()
         response = response.click('Reset it!')
         response.form['email'] = EMAIL
         response.form['email_or_username'] = EMAIL
         assert len(mail.outbox) == 0
         response = response.form.submit().maybe_follow()
         assert len(mail.outbox) == 1

         utils.assert_event('user.password.reset', user=simple_user, session=app.session)
     def test_view(app, simple_user, mailoutbox, settings):
     def test_view_with_email(app, simple_user, mailoutbox, settings):
         url = reverse('password_reset')
         resp = app.get(url, status=200)
         resp.form.set('email', simple_user.email)
         resp.form.set('email_or_username', simple_user.email)
         assert len(mailoutbox) == 0
         settings.DEFAULT_FROM_EMAIL = 'show only addr <noreply@example.net>'
         resp = resp.form.submit()
         utils.assert_event('user.password.reset.request', user=simple_user, email=simple_user.email)
         assert resp['Location'].endswith('/instructions/')
         resp = resp.follow()
         assert '"noreply@example.net"' in resp.text
         assert 'show only addr' not in resp.text
         assert len(mailoutbox) == 1
         url = utils.get_link_from_mail(mailoutbox[0])
         relative_url = url.split('testserver')[1]
         resp = app.get(relative_url, status=200)
         resp.form.set('new_password1', '1234==aA')
         resp.form.set('new_password2', '1234==aA')
         resp = resp.form.submit()
         # verify user is logged
         assert str(app.session['_auth_user_id']) == str(simple_user.pk)
         with override_settings(A2_USER_CAN_RESET_PASSWORD=False):
             url = reverse('password_reset')
             app.get(url, status=404)
     def test_view_with_username(app, simple_user, mailoutbox, settings):
         url = reverse('password_reset')
         resp = app.get(url, status=200)
         resp.form.set('email_or_username', simple_user.username)
         assert len(mailoutbox) == 0
         settings.DEFAULT_FROM_EMAIL = 'show only addr <noreply@example.net>'
         resp = resp.form.submit()
         utils.assert_event('user.password.reset.request', user=simple_user, email=simple_user.email)
         assert resp['Location'].endswith('/instructions/')
         resp = resp.follow()
         assert simple_user.email in resp.text
         assert '"noreply@example.net"' in resp.text
         assert 'show only addr' not in resp.text
         assert len(mailoutbox) == 1
-...
         url = reverse('password_reset')
         resp = app.get(url, status=200)
         resp.form.set('email', simple_user.email)
         resp.form.set('email_or_username', simple_user.email)
         assert len(mailoutbox) == 0
         resp = resp.form.submit()
         assert len(mailoutbox) == 0
-...
         url = reverse('password_reset')
         resp = app.get(url, status=200)
         resp.form.set('email', simple_user.email)
         resp.form.set('email_or_username', simple_user.email)
         assert len(mailoutbox) == 0
         resp = resp.form.submit()
         assert len(mailoutbox) == 0

         settings.A2_EMAILS_ADDRESS_RATELIMIT = '3/d'
         users = [User.objects.create(email='test%s@test.com' % i) for i in range(8)]
         email_field = 'email_or_username' if view_name == 'password_reset' else 'email'
         # reach email limit
         for _ in range(3):
             response = app.get(reverse(view_name))
             response.form.set('email', simple_user.email)
             response.form.set(email_field, simple_user.email)
             response = response.form.submit()
         assert len(mailoutbox) == 3
         response = app.get(reverse(view_name))
         response.form.set('email', simple_user.email)
         response.form.set(email_field, simple_user.email)
         response = response.form.submit()
         assert len(mailoutbox) == 3
         assert 'try again later' in response.text
         if view_name == 'password_reset':
             assert_event('user.password.reset.failure', email=simple_user.email)
             assert_event('user.password.reset.failure', email_or_username=simple_user.email)
         # reach ip limit
         for i in range(7):
             response = app.get(reverse(view_name))
             response.form.set('email', users[i].email)
             response.form.set(email_field, users[i].email)
             response = response.form.submit()
         assert len(mailoutbox) == 10
         response = app.get(reverse(view_name))
         response.form.set('email', users[i + 1].email)
         response.form.set(email_field, users[i + 1].email)
         response = response.form.submit()
         assert len(mailoutbox) == 10
         assert 'try again later' in response.text
-...
         # ip ratelimits are lifted after an hour
         freezer.tick(datetime.timedelta(hours=1))
         response = app.get(reverse(view_name))
         response.form.set('email', users[0].email)
         response.form.set(email_field, users[0].email)
         response = response.form.submit()
         assert len(mailoutbox) == 11
         # email ratelimits are lifted after a day
         response = app.get(reverse(view_name))
         response.form.set('email', simple_user.email)
         response.form.set(email_field, simple_user.email)
         response = response.form.submit()
         assert len(mailoutbox) == 11
         assert 'try again later' in response.text
         freezer.tick(datetime.timedelta(days=1))
         response = app.get(reverse(view_name))
         response.form.set('email', simple_user.email)
         response.form.set(email_field, simple_user.email)
         response = response.form.submit()
         assert len(mailoutbox) == 12
-...
     def test_views_email_token_resend(app, simple_user, settings, mailoutbox, view_name):
         settings.A2_TOKEN_EXISTS_WARNING = True
         email_field = 'email_or_username' if view_name == 'password_reset' else 'email'
         response = app.get(reverse(view_name))
         response.form.set('email', simple_user.email)
         response.form.set(email_field, simple_user.email)
         response = response.form.submit()
         assert len(mailoutbox) == 1
         # warn user token has already been sent
         response = app.get(reverse(view_name))
         response.form.set('email', simple_user.email)
         response.form.set(email_field, simple_user.email)
         response = response.form.submit()
         assert 'email has already been sent' in response.text
         assert len(mailoutbox) == 1
+    -

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2