From 834d4447193dc60ae5d8c685a3fa3c396344709b Mon Sep 17 00:00:00 2001 From: Valentin Deniaud Date: Wed, 5 May 2021 15:21:12 +0200 Subject: [PATCH] utils: remove global recording of password resets (#53653) --- src/authentic2/forms/passwords.py | 3 +++ src/authentic2/utils/__init__.py | 3 --- tests/test_manager.py | 6 +++++- tests/test_password_reset.py | 1 - 4 files changed, 8 insertions(+), 5 deletions(-) diff --git a/src/authentic2/forms/passwords.py b/src/authentic2/forms/passwords.py index 6a32869a..e4ada5bc 100644 --- a/src/authentic2/forms/passwords.py +++ b/src/authentic2/forms/passwords.py @@ -23,6 +23,8 @@ from django.core.exceptions import ValidationError from django.forms import Form from django.utils.translation import ugettext_lazy as _ +from authentic2.journal import journal + from .. import app_settings, hooks, models, utils, validators from ..backends import get_user_queryset from .fields import CheckPasswordField, NewPasswordField, PasswordField, ValidatedEmailField @@ -79,6 +81,7 @@ class PasswordResetForm(HoneypotForm): utils.send_password_reset_mail( user, set_random_password=set_random_password, next_url=self.cleaned_data.get('next_url') ) + journal.record('user.password.reset.request', email=user.email, user=user) for user in self.users.filter(is_active=False): logger.info('password reset failed for user "%r": account is disabled', user) utils.send_templated_mail(user, ['authentic2/password_reset_refused']) diff --git a/src/authentic2/utils/__init__.py b/src/authentic2/utils/__init__.py index c38337d4..a138010c 100644 --- a/src/authentic2/utils/__init__.py +++ b/src/authentic2/utils/__init__.py @@ -903,8 +903,6 @@ def send_password_reset_mail( sign_next_url=True, **kwargs, ): - from authentic2.journal import journal - from .. import middleware if not user.email: @@ -948,7 +946,6 @@ def send_password_reset_mail( logger.info( 'password reset request for user %s, email sent to %s ' 'with token %s', user, user.email, token.uuid ) - journal.record('user.password.reset.request', email=user.email, user=user) def batch(iterable, size): diff --git a/tests/test_manager.py b/tests/test_manager.py index 62c7ba08..3c51f17c 100644 --- a/tests/test_manager.py +++ b/tests/test_manager.py @@ -30,11 +30,12 @@ from webtest import Upload from authentic2.a2_rbac.models import MANAGE_MEMBERS_OP from authentic2.a2_rbac.utils import get_default_ou +from authentic2.apps.journal.models import Event from authentic2.validators import EmailValidator from django_rbac.models import VIEW_OP from django_rbac.utils import get_operation, get_ou_model, get_permission_model, get_role_model -from .utils import get_link_from_mail, login, request_select2 +from .utils import assert_event, get_link_from_mail, login, request_select2 pytestmark = pytest.mark.django_db @@ -131,6 +132,9 @@ def test_manager_user_password_reset(app, superuser, simple_user): resp = resp.forms['object-actions'].submit('password_reset') assert 'A mail was sent to' in resp assert len(mail.outbox) == 1 + assert_event('manager.user.password.reset.request', user=superuser, session=app.session) + assert not Event.objects.filter(type__name='user.password.reset.request').exists() + url = get_link_from_mail(mail.outbox[0]) relative_url = url.split('testserver')[1] resp = app.get('/logout/').maybe_follow() diff --git a/tests/test_password_reset.py b/tests/test_password_reset.py index f01cbffc..d544c8b4 100644 --- a/tests/test_password_reset.py +++ b/tests/test_password_reset.py @@ -31,7 +31,6 @@ def test_send_password_reset_email(app, simple_user, mailoutbox): legacy_body_templates=['registration/password_reset_email.html'], ) assert len(mailoutbox) == 1 - utils.assert_event('user.password.reset.request', user=simple_user, email=simple_user.email) url = utils.get_link_from_mail(mailoutbox[0]) relative_url = url.split('testserver')[1] resp = app.get(relative_url, status=200) -- 2.20.1