Projet

Général

Profil

0001-utils-remove-global-recording-of-password-resets-536.patch

Valentin Deniaud, 05 mai 2021 15:24

Télécharger (2,83 ko)

Voir les différences:

Subject: [PATCH] utils: remove global recording of password resets (#53653)

 src/authentic2/forms/passwords.py | 1 +
 src/authentic2/utils/__init__.py  | 1 -
 tests/test_manager.py             | 5 ++++-
 3 files changed, 5 insertions(+), 2 deletions(-)
src/authentic2/forms/passwords.py
79 79
            utils.send_password_reset_mail(
80 80
                user, set_random_password=set_random_password, next_url=self.cleaned_data.get('next_url')
81 81
            )
82
            journal.record('user.password.reset.request', email=user.email, user=user)
82 83
        for user in self.users.filter(is_active=False):
83 84
            logger.info('password reset failed for user "%r": account is disabled', user)
84 85
            utils.send_templated_mail(user, ['authentic2/password_reset_refused'])
src/authentic2/utils/__init__.py
948 948
    logger.info(
949 949
        'password reset request for user %s, email sent to %s ' 'with token %s', user, user.email, token.uuid
950 950
    )
951
    journal.record('user.password.reset.request', email=user.email, user=user)
952 951

  
953 952

  
954 953
def batch(iterable, size):
tests/test_manager.py
30 30

  
31 31
from authentic2.a2_rbac.models import MANAGE_MEMBERS_OP
32 32
from authentic2.a2_rbac.utils import get_default_ou
33
from authentic2.apps.journal.models import Event
33 34
from authentic2.validators import EmailValidator
34 35
from django_rbac.models import VIEW_OP
35 36
from django_rbac.utils import get_operation, get_ou_model, get_permission_model, get_role_model
36 37

  
37
from .utils import get_link_from_mail, login, request_select2
38
from .utils import assert_event, get_link_from_mail, login, request_select2
38 39

  
39 40
pytestmark = pytest.mark.django_db
40 41

  
......
139 140
    resp.form.set('new_password2', '1234==aA')
140 141
    resp = resp.form.submit().follow()
141 142
    assert str(app.session['_auth_user_id']) == str(simple_user.pk)
143
    utils.assert_event('manager.password.reset.request', user=simple_user, email=simple_user.email)
144
    assert not Event.objects.filter(type__name='user.password.reset.request').exists()
142 145

  
143 146

  
144 147
def test_manager_user_detail_by_uuid(app, superuser, simple_user, simple_role):
145
-