Project

General

Profile

0001-misc-send-password-reset-email-even-if-no-account-47.patch

Valentin Deniaud, 02 March 2021 06:21 PM

Download (7.88 KB)

View differences:

Subject: [PATCH] misc: send password reset email even if no account (#47469)

 src/authentic2/forms/passwords.py               | 11 ++++++-----
 .../password_reset_no_account_body.html         | 14 ++++++++++++++
 .../password_reset_no_account_body.txt          |  9 +++++++++
 .../password_reset_no_account_subject.txt       |  4 ++++
 src/authentic2/templates/emails/body_base.html  | 15 +++++++++++++++
 src/authentic2/templates/emails/body_base.txt   |  1 +
 .../templates/emails/button-link.html           |  1 +
 src/authentic2/templates/emails/subject.txt     |  1 +
 tests/test_password_reset.py                    | 17 +++++++++++++++--
 9 files changed, 66 insertions(+), 7 deletions(-)
 create mode 100644 src/authentic2/templates/authentic2/password_reset_no_account_body.html
 create mode 100644 src/authentic2/templates/authentic2/password_reset_no_account_body.txt
 create mode 100644 src/authentic2/templates/authentic2/password_reset_no_account_subject.txt
 create mode 100644 src/authentic2/templates/emails/body_base.html
 create mode 100644 src/authentic2/templates/emails/body_base.txt
 create mode 100644 src/authentic2/templates/emails/button-link.html
 create mode 100644 src/authentic2/templates/emails/subject.txt
src/authentic2/forms/passwords.py
22 22
from django.db.models import Q
23 23
from django.forms import Form
24 24
from django import forms
25
from django.urls import reverse
25 26
from django.utils.translation import ugettext_lazy as _
26 27

  
27 28
from .. import models, hooks, app_settings, utils
......
45 46
        user.
46 47
        """
47 48
        email = self.cleaned_data["email"].strip()
48
        users = get_user_queryset()
49
        active_users = users.filter(
50
            Q(email__iexact=email) | Q(username__iexact=email),
51
            is_active=True)
49
        users = get_user_queryset().filter(Q(email__iexact=email) | Q(username__iexact=email))
50
        active_users = users.filter(is_active=True)
52 51
        for user in active_users:
53 52
            # we don't set the password to a random string, as some users should not have
54 53
            # a password
......
58 57
                user,
59 58
                set_random_password=set_random_password,
60 59
                next_url=self.cleaned_data.get('next_url'))
61
        if not active_users:
60
        if not users.exists():
62 61
            logger.info(u'password reset request for "%s", no user found', email)
62
            ctx = {'registration_url': utils.make_url('registration_register', absolute=True)}
63
            utils.send_templated_mail(email, ['authentic2/password_reset_no_account'], context=ctx)
63 64
        hooks.call_hooks('event', name='password-reset', email=email, users=active_users)
64 65

  
65 66

  
src/authentic2/templates/authentic2/password_reset_no_account_body.html
1
{% extends "emails/body_base.html" %}
2
{% load i18n %}
3

  
4
{% block content %}
5
<p>{% trans "Hi," %}</p>
6

  
7
<p>{% blocktrans trimmed with hostname=request.get_host %}
8
You requested reset of your password on {{ hostname }}, but no account was found associated with this address.
9
{% endblocktrans %}</p>
10

  
11
{% with _("Create an account") as button_label %}
12
{% include "emails/button-link.html" with url=registration_url label=button_label %}
13
{% endwith %}
14
{% endblock %}
src/authentic2/templates/authentic2/password_reset_no_account_body.txt
1
{% extends "emails/body_base.txt" %}
2
{% load i18n %}
3

  
4
{% block content %}{% trans "Hi," %}
5
{% blocktrans trimmed with hostname=request.get_host %}
6
You requested reset of your password on {{ hostname }}, but no account was found associated with this address.
7
{% endblocktrans %}
8
{% trans "You can create an account here:" %} {{ registration_url }}.
9
{% endblock %}
src/authentic2/templates/authentic2/password_reset_no_account_subject.txt
1
{% extends "emails/subject.txt" %}
2
{% load i18n %}
3

  
4
{% block email-subject %}{% blocktrans with hostname=request.get_host %}Password reset on {{ hostname }}{% endblocktrans %}{% endblock %}
src/authentic2/templates/emails/body_base.html
1
<!DOCTYPE html>
2
<html>
3
<head>
4
  <meta charset="utf-8">
5
</head>
6
<body>
7
  <div style="max-width: 60ex;">
8
    <div class="content">
9
      {% block content %}
10
      {{ content }}
11
      {% endblock %}
12
    </div>
13
  </div>
14
</body>
15
</html>
src/authentic2/templates/emails/body_base.txt
1
{% block content %}{{ content }}{% endblock %}
src/authentic2/templates/emails/button-link.html
1
<a href="{{url}}">{{label}}</a>
src/authentic2/templates/emails/subject.txt
1
{% block email-subject %}{% endblock %}
tests/test_password_reset.py
103 103
    resp.form.set('email', simple_user.email)
104 104
    assert len(mailoutbox) == 0
105 105
    resp = resp.form.submit()
106
    assert len(mailoutbox) == 0
106
    assert 'no account was found associated with this address' in mailoutbox[0].body
107 107

  
108 108

  
109 109
def test_user_exclude(app, simple_user, mailoutbox, settings):
......
114 114
    resp.form.set('email', simple_user.email)
115 115
    assert len(mailoutbox) == 0
116 116
    resp = resp.form.submit()
117
    assert len(mailoutbox) == 0
117
    assert 'no account was found associated with this address' in mailoutbox[0].body
118 118

  
119 119

  
120 120
def test_old_url_redirect(app):
......
122 122
    assert response.location == '/accounts/password/reset/'
123 123
    response = response.follow()
124 124
    assert 'please reset your password again' in response
125

  
126

  
127
def test_send_password_reset_email_no_account(app, db, mailoutbox):
128
    url = reverse('password_reset')
129
    resp = app.get(url, status=200)
130
    resp.form.set('email', 'test@entrouvert.com')
131
    resp = resp.form.submit()
132

  
133
    mail = mailoutbox[0]
134
    assert mail.subject == 'Password reset on testserver'
135
    for body in (mail.body, mail.alternatives[0][0]):
136
        assert 'no account was found associated with this address' in body
137
        assert 'http://testserver/accounts/register/' in body
125
-