Projet

Général

Profil

0001-utils-remove-global-recording-of-password-resets-536.patch

Valentin Deniaud, 05 mai 2021 17:34

Télécharger (4,1 ko)

Voir les différences:

Subject: [PATCH] utils: remove global recording of password resets (#53653)

 src/authentic2/forms/passwords.py | 3 +++
 src/authentic2/utils/__init__.py  | 3 ---
 tests/test_manager.py             | 6 +++++-
 tests/test_password_reset.py      | 1 -
 4 files changed, 8 insertions(+), 5 deletions(-)
src/authentic2/forms/passwords.py
23 23
from django.forms import Form
24 24
from django.utils.translation import ugettext_lazy as _
25 25

  
26
from authentic2.journal import journal
27

  
26 28
from .. import app_settings, hooks, models, utils, validators
27 29
from ..backends import get_user_queryset
28 30
from .fields import CheckPasswordField, NewPasswordField, PasswordField, ValidatedEmailField
......
79 81
            utils.send_password_reset_mail(
80 82
                user, set_random_password=set_random_password, next_url=self.cleaned_data.get('next_url')
81 83
            )
84
            journal.record('user.password.reset.request', email=user.email, user=user)
82 85
        for user in self.users.filter(is_active=False):
83 86
            logger.info('password reset failed for user "%r": account is disabled', user)
84 87
            utils.send_templated_mail(user, ['authentic2/password_reset_refused'])
src/authentic2/utils/__init__.py
903 903
    sign_next_url=True,
904 904
    **kwargs,
905 905
):
906
    from authentic2.journal import journal
907

  
908 906
    from .. import middleware
909 907

  
910 908
    if not user.email:
......
948 946
    logger.info(
949 947
        'password reset request for user %s, email sent to %s ' 'with token %s', user, user.email, token.uuid
950 948
    )
951
    journal.record('user.password.reset.request', email=user.email, user=user)
952 949

  
953 950

  
954 951
def batch(iterable, size):
tests/test_manager.py
30 30

  
31 31
from authentic2.a2_rbac.models import MANAGE_MEMBERS_OP
32 32
from authentic2.a2_rbac.utils import get_default_ou
33
from authentic2.apps.journal.models import Event
33 34
from authentic2.validators import EmailValidator
34 35
from django_rbac.models import VIEW_OP
35 36
from django_rbac.utils import get_operation, get_ou_model, get_permission_model, get_role_model
36 37

  
37
from .utils import get_link_from_mail, login, request_select2
38
from .utils import assert_event, get_link_from_mail, login, request_select2
38 39

  
39 40
pytestmark = pytest.mark.django_db
40 41

  
......
131 132
    resp = resp.forms['object-actions'].submit('password_reset')
132 133
    assert 'A mail was sent to' in resp
133 134
    assert len(mail.outbox) == 1
135
    assert_event('manager.user.password.reset.request', user=superuser, session=app.session)
136
    assert not Event.objects.filter(type__name='user.password.reset.request').exists()
137

  
134 138
    url = get_link_from_mail(mail.outbox[0])
135 139
    relative_url = url.split('testserver')[1]
136 140
    resp = app.get('/logout/').maybe_follow()
tests/test_password_reset.py
31 31
            legacy_body_templates=['registration/password_reset_email.html'],
32 32
        )
33 33
    assert len(mailoutbox) == 1
34
    utils.assert_event('user.password.reset.request', user=simple_user, email=simple_user.email)
35 34
    url = utils.get_link_from_mail(mailoutbox[0])
36 35
    relative_url = url.split('testserver')[1]
37 36
    resp = app.get(relative_url, status=200)
38
-