From ad229a8c1d6b188400a5812f89d033a839bb0f7e Mon Sep 17 00:00:00 2001 From: Valentin Deniaud Date: Wed, 3 Mar 2021 09:59:43 +0100 Subject: [PATCH] misc: send password reset email even if disabled account (#20830) --- src/authentic2/forms/passwords.py | 3 +++ .../authentic2/password_reset_refused_body.html | 10 ++++++++++ .../authentic2/password_reset_refused_body.txt | 8 ++++++++ .../authentic2/password_reset_refused_subject.txt | 4 ++++ tests/test_password_reset.py | 14 ++++++++++++++ 5 files changed, 39 insertions(+) create mode 100644 src/authentic2/templates/authentic2/password_reset_refused_body.html create mode 100644 src/authentic2/templates/authentic2/password_reset_refused_body.txt create mode 100644 src/authentic2/templates/authentic2/password_reset_refused_subject.txt diff --git a/src/authentic2/forms/passwords.py b/src/authentic2/forms/passwords.py index 7e26d767..8d62b400 100644 --- a/src/authentic2/forms/passwords.py +++ b/src/authentic2/forms/passwords.py @@ -57,6 +57,9 @@ class PasswordResetForm(forms.Form): user, set_random_password=set_random_password, next_url=self.cleaned_data.get('next_url')) + for user in users.filter(is_active=False): + logger.info('password reset failed for user "%r": account is disabled', user) + utils.send_templated_mail(user, ['authentic2/password_reset_refused']) if not users.exists(): logger.info(u'password reset request for "%s", no user found', email) ctx = {'registration_url': utils.make_url('registration_register', absolute=True)} diff --git a/src/authentic2/templates/authentic2/password_reset_refused_body.html b/src/authentic2/templates/authentic2/password_reset_refused_body.html new file mode 100644 index 00000000..37509027 --- /dev/null +++ b/src/authentic2/templates/authentic2/password_reset_refused_body.html @@ -0,0 +1,10 @@ +{% extends "emails/body_base.html" %} +{% load i18n %} + +{% block content %} +

{% trans "Hi," %}

+ +

{% blocktrans trimmed with hostname=request.get_host %} +You requested reset of your password on {{ hostname }}. Unfortunately, your account has been disabled on this server, thus your request can't succeed. +{% endblocktrans %}

+{% endblock %} diff --git a/src/authentic2/templates/authentic2/password_reset_refused_body.txt b/src/authentic2/templates/authentic2/password_reset_refused_body.txt new file mode 100644 index 00000000..aa436a46 --- /dev/null +++ b/src/authentic2/templates/authentic2/password_reset_refused_body.txt @@ -0,0 +1,8 @@ +{% extends "emails/body_base.txt" %} +{% load i18n %} + +{% block content %}{% trans "Hi," %} +{% blocktrans trimmed with hostname=request.get_host %} +You requested reset of your password on {{ hostname }}. Unfortunately, your account has been disabled on this server, thus your request can't succeed. +{% endblocktrans %} +{% endblock %} diff --git a/src/authentic2/templates/authentic2/password_reset_refused_subject.txt b/src/authentic2/templates/authentic2/password_reset_refused_subject.txt new file mode 100644 index 00000000..38c807d3 --- /dev/null +++ b/src/authentic2/templates/authentic2/password_reset_refused_subject.txt @@ -0,0 +1,4 @@ +{% extends "emails/subject.txt" %} +{% load i18n %} + +{% block email-subject %}{% blocktrans with hostname=request.get_host %}Your account on {{ hostname }} is disabled{% endblocktrans %}{% endblock %} diff --git a/tests/test_password_reset.py b/tests/test_password_reset.py index 350a1d84..71fada84 100644 --- a/tests/test_password_reset.py +++ b/tests/test_password_reset.py @@ -135,3 +135,17 @@ def test_send_password_reset_email_no_account(app, db, mailoutbox): for body in (mail.body, mail.alternatives[0][0]): assert 'no account was found associated with this address' in body assert 'http://testserver/accounts/register/' in body + + +def test_send_password_reset_email_disabled_account(app, simple_user, mailoutbox): + simple_user.is_active = False + simple_user.save() + + url = reverse('password_reset') + resp = app.get(url, status=200) + resp.form.set('email', simple_user.email) + resp = resp.form.submit() + + mail = mailoutbox[0] + assert mail.subject == 'Your account on testserver is disabled' + assert 'your account has been disabled on this server' in mail.body -- 2.20.1