0001-misc-send-password-reset-email-even-if-no-account-47.patch
| src/authentic2/forms/passwords.py | ||
|---|---|---|
| 22 | 22 |
from django.db.models import Q |
| 23 | 23 |
from django.forms import Form |
| 24 | 24 |
from django import forms |
| 25 |
from django.urls import reverse |
|
| 25 | 26 |
from django.utils.translation import ugettext_lazy as _ |
| 26 | 27 | |
| 27 | 28 |
from .. import models, hooks, app_settings, utils |
| ... | ... | |
| 45 | 46 |
user. |
| 46 | 47 |
""" |
| 47 | 48 |
email = self.cleaned_data["email"].strip() |
| 48 |
users = get_user_queryset() |
|
| 49 |
active_users = users.filter( |
|
| 50 |
Q(email__iexact=email) | Q(username__iexact=email), |
|
| 51 |
is_active=True) |
|
| 49 |
users = get_user_queryset().filter(Q(email__iexact=email) | Q(username__iexact=email)) |
|
| 50 |
active_users = users.filter(is_active=True) |
|
| 52 | 51 |
for user in active_users: |
| 53 | 52 |
# we don't set the password to a random string, as some users should not have |
| 54 | 53 |
# a password |
| ... | ... | |
| 58 | 57 |
user, |
| 59 | 58 |
set_random_password=set_random_password, |
| 60 | 59 |
next_url=self.cleaned_data.get('next_url'))
|
| 61 |
if not active_users:
|
|
| 60 |
if not users.exists():
|
|
| 62 | 61 |
logger.info(u'password reset request for "%s", no user found', email) |
| 62 |
ctx = {'registration_url': utils.make_url('registration_register', absolute=True)}
|
|
| 63 |
utils.send_templated_mail(email, ['authentic2/password_reset_no_account'], context=ctx) |
|
| 63 | 64 |
hooks.call_hooks('event', name='password-reset', email=email, users=active_users)
|
| 64 | 65 | |
| 65 | 66 | |
| src/authentic2/templates/authentic2/password_reset_no_account_body.html | ||
|---|---|---|
| 1 |
{% extends "emails/body_base.html" %}
|
|
| 2 |
{% load i18n %}
|
|
| 3 | ||
| 4 |
{% block content %}
|
|
| 5 |
<p>{% trans "Hi," %}</p>
|
|
| 6 | ||
| 7 |
<p>{% blocktrans trimmed with hostname=request.get_host %}
|
|
| 8 |
You requested reset of your password on {{ hostname }}, but no account was found associated with this address.
|
|
| 9 |
{% endblocktrans %}</p>
|
|
| 10 | ||
| 11 |
{% with _("Create an account") as button_label %}
|
|
| 12 |
{% include "emails/button-link.html" with url=registration_url label=button_label %}
|
|
| 13 |
{% endwith %}
|
|
| 14 |
{% endblock %}
|
|
| src/authentic2/templates/authentic2/password_reset_no_account_body.txt | ||
|---|---|---|
| 1 |
{% extends "emails/body_base.txt" %}
|
|
| 2 |
{% load i18n %}
|
|
| 3 | ||
| 4 |
{% block content %}{% trans "Hi," %}
|
|
| 5 |
{% blocktrans trimmed with hostname=request.get_host %}
|
|
| 6 |
You requested reset of your password on {{ hostname }}, but no account was found associated with this address.
|
|
| 7 |
{% endblocktrans %}
|
|
| 8 |
{% trans "You can create an account here:" %} {{ registration_url }}.
|
|
| 9 |
{% endblock %}
|
|
| src/authentic2/templates/authentic2/password_reset_no_account_subject.txt | ||
|---|---|---|
| 1 |
{% extends "emails/subject.txt" %}
|
|
| 2 |
{% load i18n %}
|
|
| 3 | ||
| 4 |
{% block email-subject %}{% blocktrans with hostname=request.get_host %}Password reset on {{ hostname }}{% endblocktrans %}{% endblock %}
|
|
| src/authentic2/templates/emails/body_base.html | ||
|---|---|---|
| 1 |
<!DOCTYPE html> |
|
| 2 |
<html> |
|
| 3 |
<head> |
|
| 4 |
<meta charset="utf-8"> |
|
| 5 |
</head> |
|
| 6 |
<body> |
|
| 7 |
<div style="max-width: 60ex;"> |
|
| 8 |
<div class="content"> |
|
| 9 |
{% block content %}
|
|
| 10 |
{{ content }}
|
|
| 11 |
{% endblock %}
|
|
| 12 |
</div> |
|
| 13 |
</div> |
|
| 14 |
</body> |
|
| 15 |
</html> |
|
| src/authentic2/templates/emails/body_base.txt | ||
|---|---|---|
| 1 |
{% block content %}{{ content }}{% endblock %}
|
|
| src/authentic2/templates/emails/button-link.html | ||
|---|---|---|
| 1 |
<a href="{{url}}">{{label}}</a>
|
|
| src/authentic2/templates/emails/subject.txt | ||
|---|---|---|
| 1 |
{% block email-subject %}{% endblock %}
|
|
| tests/test_password_reset.py | ||
|---|---|---|
| 103 | 103 |
resp.form.set('email', simple_user.email)
|
| 104 | 104 |
assert len(mailoutbox) == 0 |
| 105 | 105 |
resp = resp.form.submit() |
| 106 |
assert len(mailoutbox) == 0
|
|
| 106 |
assert 'no account was found associated with this address' in mailoutbox[0].body
|
|
| 107 | 107 | |
| 108 | 108 | |
| 109 | 109 |
def test_user_exclude(app, simple_user, mailoutbox, settings): |
| ... | ... | |
| 114 | 114 |
resp.form.set('email', simple_user.email)
|
| 115 | 115 |
assert len(mailoutbox) == 0 |
| 116 | 116 |
resp = resp.form.submit() |
| 117 |
assert len(mailoutbox) == 0
|
|
| 117 |
assert 'no account was found associated with this address' in mailoutbox[0].body
|
|
| 118 | 118 | |
| 119 | 119 | |
| 120 | 120 |
def test_old_url_redirect(app): |
| ... | ... | |
| 122 | 122 |
assert response.location == '/accounts/password/reset/' |
| 123 | 123 |
response = response.follow() |
| 124 | 124 |
assert 'please reset your password again' in response |
| 125 | ||
| 126 | ||
| 127 |
def test_send_password_reset_email_no_account(app, db, mailoutbox): |
|
| 128 |
url = reverse('password_reset')
|
|
| 129 |
resp = app.get(url, status=200) |
|
| 130 |
resp.form.set('email', 'test@entrouvert.com')
|
|
| 131 |
resp = resp.form.submit() |
|
| 132 | ||
| 133 |
mail = mailoutbox[0] |
|
| 134 |
assert mail.subject == 'Password reset on testserver' |
|
| 135 |
for body in (mail.body, mail.alternatives[0][0]): |
|
| 136 |
assert 'no account was found associated with this address' in body |
|
| 137 |
assert 'http://testserver/accounts/register/' in body |
|
| 125 |
- |
|