From 68590123ef0506567eaf0b697a674d027e479b7f Mon Sep 17 00:00:00 2001 From: Paul Marillonnet Date: Fri, 22 Dec 2017 14:42:19 +0100 Subject: [PATCH] WIP send notification emails for unauthorized password reset requests (#20830) --- src/authentic2/profile_forms.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/authentic2/profile_forms.py b/src/authentic2/profile_forms.py index 540591d5..d1149d0d 100644 --- a/src/authentic2/profile_forms.py +++ b/src/authentic2/profile_forms.py @@ -5,7 +5,7 @@ from django.utils.translation import ugettext as _ from django.contrib.auth import get_user_model from .backends import get_user_queryset -from .utils import send_password_reset_mail +from .utils import send_password_reset_mail, send_templated_mail from . import hooks, app_settings @@ -26,6 +26,7 @@ class PasswordResetForm(forms.Form): email = self.cleaned_data["email"].strip() users = get_user_queryset() active_users = users.filter(email__iexact=email, is_active=True) + inactive_users = users.filter(email__iexact=email, is_active=False) for user in active_users: # we don't set the password to a random string, as some users should not have # a password @@ -33,6 +34,9 @@ class PasswordResetForm(forms.Form): and app_settings.A2_SET_RANDOM_PASSWORD_ON_RESET) send_password_reset_mail(user, set_random_password=set_random_password, next_url=self.cleaned_data.get('next_url')) - if not active_users: + for user in inactive_users: + send_templated_mail(user_or_email=user, template_names="registration/password_reset_refused") + + if not active_users and not inactive_users: logger.info(u'password reset requests for "%s", no user found') hooks.call_hooks('event', name='password-reset', email=email, users=active_users) -- 2.11.0