From 04449000e848e4a1ec499abc43232befb6d30905 Mon Sep 17 00:00:00 2001
From: Valentin Deniaud <vdeniaud@entrouvert.com>
Date: Wed, 5 May 2021 15:21:12 +0200
Subject: [PATCH] utils: remove global recording of password resets (#53653)

---
 src/authentic2/forms/passwords.py | 1 +
 src/authentic2/utils/__init__.py  | 1 -
 tests/test_manager.py             | 5 ++++-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/authentic2/forms/passwords.py b/src/authentic2/forms/passwords.py
index 6a32869a..868e1df0 100644
--- a/src/authentic2/forms/passwords.py
+++ b/src/authentic2/forms/passwords.py
@@ -79,6 +79,7 @@ class PasswordResetForm(HoneypotForm):
             utils.send_password_reset_mail(
                 user, set_random_password=set_random_password, next_url=self.cleaned_data.get('next_url')
             )
+            journal.record('user.password.reset.request', email=user.email, user=user)
         for user in self.users.filter(is_active=False):
             logger.info('password reset failed for user "%r": account is disabled', user)
             utils.send_templated_mail(user, ['authentic2/password_reset_refused'])
diff --git a/src/authentic2/utils/__init__.py b/src/authentic2/utils/__init__.py
index c38337d4..9e7afc3e 100644
--- a/src/authentic2/utils/__init__.py
+++ b/src/authentic2/utils/__init__.py
@@ -948,7 +948,6 @@ def send_password_reset_mail(
     logger.info(
         'password reset request for user %s, email sent to %s ' 'with token %s', user, user.email, token.uuid
     )
-    journal.record('user.password.reset.request', email=user.email, user=user)
 
 
 def batch(iterable, size):
diff --git a/tests/test_manager.py b/tests/test_manager.py
index 62c7ba08..df9e9ea3 100644
--- a/tests/test_manager.py
+++ b/tests/test_manager.py
@@ -30,11 +30,12 @@ from webtest import Upload
 
 from authentic2.a2_rbac.models import MANAGE_MEMBERS_OP
 from authentic2.a2_rbac.utils import get_default_ou
+from authentic2.apps.journal.models import Event
 from authentic2.validators import EmailValidator
 from django_rbac.models import VIEW_OP
 from django_rbac.utils import get_operation, get_ou_model, get_permission_model, get_role_model
 
-from .utils import get_link_from_mail, login, request_select2
+from .utils import assert_event, get_link_from_mail, login, request_select2
 
 pytestmark = pytest.mark.django_db
 
@@ -139,6 +140,8 @@ def test_manager_user_password_reset(app, superuser, simple_user):
     resp.form.set('new_password2', '1234==aA')
     resp = resp.form.submit().follow()
     assert str(app.session['_auth_user_id']) == str(simple_user.pk)
+    utils.assert_event('manager.password.reset.request', user=simple_user, email=simple_user.email)
+    assert not Event.objects.filter(type__name='user.password.reset.request').exists()
 
 
 def test_manager_user_detail_by_uuid(app, superuser, simple_user, simple_role):
-- 
2.20.1