From f0cd72193058b312a221e10f52d8bca61e3480b2 Mon Sep 17 00:00:00 2001 From: Valentin Deniaud Date: Tue, 7 Jan 2020 15:11:57 +0100 Subject: [PATCH] views: better display password reset instructions (#38054) --- .../password_reset_instructions.html | 25 +++++++++++++++++++ src/authentic2/urls.py | 3 +++ src/authentic2/views.py | 19 ++++++++------ tests/test_password_reset.py | 14 ++++------- 4 files changed, 45 insertions(+), 16 deletions(-) create mode 100644 src/authentic2/templates/registration/password_reset_instructions.html diff --git a/src/authentic2/templates/registration/password_reset_instructions.html b/src/authentic2/templates/registration/password_reset_instructions.html new file mode 100644 index 00000000..52b2498e --- /dev/null +++ b/src/authentic2/templates/registration/password_reset_instructions.html @@ -0,0 +1,25 @@ +{% extends "authentic2/base-page.html" %} +{% load i18n gadjo %} + +{% block page-title %} + {% trans "Password reset instructions" %} +{% endblock %} + +{% block content %} +

+ {% blocktrans with email=request.session.reset_email %} + If your email address exists in ou database, an email has been sent to {{ email }}. + {% endblocktrans %} +

+

+ {% blocktrans %} + Follow the instructions in this email in order to choose a new password. + {% endblocktrans %} +

+

+ {% blocktrans %} + Note that it can take several minutes to be delivered. Please check your spam folder if you haven't received it by then. + {% endblocktrans %} +

+ {% trans "Back to login" %} +{% endblock %} diff --git a/src/authentic2/urls.py b/src/authentic2/urls.py index b953046c..0ca463ee 100644 --- a/src/authentic2/urls.py +++ b/src/authentic2/urls.py @@ -81,6 +81,9 @@ accounts_urlpatterns = [ url(r'^password/reset/$', views.password_reset, name='password_reset'), + url(r'^password/reset/instructions/$', + views.password_reset_instructions, + name='password_reset_instructions'), # Legacy, only there to provide old view names to resolver url(r'^password/change/$', diff --git a/src/authentic2/views.py b/src/authentic2/views.py index f714c51d..a847f15c 100644 --- a/src/authentic2/views.py +++ b/src/authentic2/views.py @@ -626,11 +626,13 @@ def csrf_failure_view(request, reason=""): return HttpResponseRedirect(request.get_full_path()) -class PasswordResetView(cbv.NextURLViewMixin, FormView): +class PasswordResetView(FormView): '''Ask for an email and send a password reset link by mail''' form_class = passwords_forms.PasswordResetForm title = _('Password Reset') - next_url_default = '/' + + def get_success_url(self): + return reverse('password_reset_instructions') def get_template_names(self): return [ @@ -653,16 +655,19 @@ class PasswordResetView(cbv.NextURLViewMixin, FormView): def form_valid(self, form): form.save() - # return to next URL - messages.info(self.request, _('If your email address exists in our ' - 'database, you will receive an email ' - 'containing instructions to reset ' - 'your password')) + self.request.session['reset_email'] = form.cleaned_data['email'] return super(PasswordResetView, self).form_valid(form) password_reset = PasswordResetView.as_view() +class PasswordResetInstructionsView(TemplateView): + template_name = 'registration/password_reset_instructions.html' + + +password_reset_instructions = PasswordResetInstructionsView.as_view() + + class PasswordResetConfirmView(cbv.RedirectToNextURLViewMixin, FormView): '''Validate password reset link, show a set password form and login the user. diff --git a/tests/test_password_reset.py b/tests/test_password_reset.py index 362452f9..4bbbe04a 100644 --- a/tests/test_password_reset.py +++ b/tests/test_password_reset.py @@ -40,12 +40,12 @@ def test_send_password_reset_email(app, simple_user, mailoutbox): def test_view(app, simple_user, mailoutbox): - url = reverse('password_reset') + '?next=/moncul/' + url = reverse('password_reset') resp = app.get(url, status=200) resp.form.set('email', simple_user.email) assert len(mailoutbox) == 0 resp = resp.form.submit() - assert resp['Location'].endswith('/moncul/') + assert resp['Location'].endswith('/instructions/') assert len(mailoutbox) == 1 url = utils.get_link_from_mail(mailoutbox[0]) relative_url = url.split('testserver')[1] @@ -55,32 +55,28 @@ def test_view(app, simple_user, mailoutbox): resp = resp.form.submit() # verify user is logged assert str(app.session['_auth_user_id']) == str(simple_user.pk) - # verify next_url was kept - assert resp['Location'].endswith('/moncul/') with override_settings(A2_USER_CAN_RESET_PASSWORD=False): - url = reverse('password_reset') + '?next=/moncul/' + url = reverse('password_reset') app.get(url, status=404) def test_user_filter(app, simple_user, mailoutbox, settings): settings.A2_USER_FILTER = {'username': 'xxx'} # will not match simple_user - url = reverse('password_reset') + '?next=/moncul/' + url = reverse('password_reset') resp = app.get(url, status=200) resp.form.set('email', simple_user.email) assert len(mailoutbox) == 0 resp = resp.form.submit() - assert resp['Location'].endswith('/moncul/') assert len(mailoutbox) == 0 def test_user_exclude(app, simple_user, mailoutbox, settings): settings.A2_USER_EXCLUDE = {'username': simple_user.username} # will not match simple_user - url = reverse('password_reset') + '?next=/moncul/' + url = reverse('password_reset') resp = app.get(url, status=200) resp.form.set('email', simple_user.email) assert len(mailoutbox) == 0 resp = resp.form.submit() - assert resp['Location'].endswith('/moncul/') assert len(mailoutbox) == 0 -- 2.20.1