urls: remove legacy URL routing (#46151)

2020-08-28 09:27:41 +02:00 · 2020-08-28 09:27:41 +02:00 · 19d892f537
parent df4c10b06e
commit 19d892f537
4 changed files with 40 additions and 27 deletions
--- a/src/authentic2/urls.py
+++ b/src/authentic2/urls.py
@ -20,6 +20,7 @@ from django.contrib import admin
 from django.contrib.auth.decorators import login_required
 from django.contrib.auth import views as dj_auth_views
 from django.contrib.staticfiles.views import serve
+from django.utils.translation import ugettext_lazy as _
 from django.views.generic.base import TemplateView
 from django.views.static import serve as media_serve
 from django.views.decorators.clickjacking import xframe_options_deny
@ -94,27 +95,13 @@ accounts_urlpatterns = [
    url(r'^password/reset/instructions/$',
        views.password_reset_instructions,
        name='password_reset_instructions'),
-
-    # Legacy, only there to provide old view names to resolver
-    url(r'^password/change/$',
-        views.notimplemented_view,
-        name='auth_password_change'),
-    url(r'^password/change/done/$',
-        views.notimplemented_view,
-        name='auth_password_change_done'),
-
-    url(r'^password/reset/confirm/(?P<uidb36>[0-9A-Za-z_\-]+)/(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/$',
-        views.notimplemented_view,
-        name='auth_password_reset_confirm'),
-    url(r'^password/reset/$',
-        views.notimplemented_view,
-        name='auth_password_reset'),
-    url(r'^password/reset/complete/$',
-        views.notimplemented_view,
-        name='auth_password_reset_complete'),
-    url(r'^password/reset/done/$',
-        views.notimplemented_view,
-        name='auth_password_reset_done'),
+    url(r'^password/reset/.*',
+        views.old_view_redirect,
+        kwargs={
+            'to': 'password_reset',
+            'message': _('Your password reset link has become invalid, please reset your password again.'),
+        },
+        name='invalid-password-reset-urls'),
 ]

 urlpatterns = [
--- a/src/authentic2/views.py
+++ b/src/authentic2/views.py
@ -1302,10 +1302,6 @@ password_change = decorators.setting_enabled('A2_REGISTRATION_CAN_CHANGE_PASSWOR
    PasswordChangeView.as_view())


-def notimplemented_view(request):
-    raise NotImplementedError
-
-
 class SuView(View):
    def get(self, request, uuid):
        user = switch_user.resolve_token(uuid)
@ -1341,3 +1337,10 @@ class AuthorizedOauthServicesView(TemplateView):

 authorized_oauth_services = decorators.setting_enabled(
    'A2_PROFILE_CAN_MANAGE_SERVICE_AUTHORIZATIONS')(AuthorizedOauthServicesView.as_view())
+
+
+def old_view_redirect(request, to, message=None):
+    '''Redirect old URL to new URL, eventually showing a message.'''
+    if message:
+        messages.info(request, message)
+    return utils.redirect(request, to=to)
--- a/tests/test_password_reset.py
+++ b/tests/test_password_reset.py
@ -1,5 +1,5 @@
 # authentic2 - versatile identity manager
-# Copyright (C) 2010-2019 Entr'ouvert
+# Copyright (C) 2010-2020 Entr'ouvert
 #
 # This program is free software: you can redistribute it and/or modify it
 # under the terms of the GNU Affero General Public License as published
@ -13,6 +13,7 @@
 #
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
 from django.test.utils import override_settings
 from django.urls import reverse

@ -65,6 +66,7 @@ def test_view(app, simple_user, mailoutbox, settings):
        url = reverse('password_reset')
        app.get(url, status=404)

+
 def test_user_filter(app, simple_user, mailoutbox, settings):
    settings.A2_USER_FILTER = {'username': 'xxx'}  # will not match simple_user

@ -85,3 +87,10 @@ def test_user_exclude(app, simple_user, mailoutbox, settings):
    assert len(mailoutbox) == 0
    resp = resp.form.submit()
    assert len(mailoutbox) == 0
+
+
+def test_old_url_redirect(app):
+    response = app.get('/accounts/password/reset/whatever')
+    assert response.location == '/accounts/password/reset/'
+    response = response.follow()
+    assert 'please reset your password again' in response
--- a/tox.ini
+++ b/tox.ini
@ -47,7 +47,7 @@ passenv=
  PGHOST
  PGUSER
  PGPASSWORD
-usedevelop = true
+# usedevelop = true
 deps = 
  pip > 9
  dj111: django<2.0
@ -120,3 +120,17 @@ filterwarnings =
 # remind us later
  once:.*staticfiles.*::django\..*
 junit_family=xunit2
+
+[coverage:run]
+source =
+    authentic2
+    authentic2_auth_fc
+    authentic2_auth_oidc
+    authentic2_auth_saml
+    authentic2.egg-info
+    authentic2_idp_cas
+    authentic2_idp_oidc
+    authentic2_journal
+    authentic2_provisionning_ldap
+    django_rbac
+