misc: send password reset email even if no account (#47469)
This commit is contained in:
parent
1192ec0901
commit
1ae7ac6df7
|
@ -22,6 +22,7 @@ from django.core.exceptions import ValidationError
|
|||
from django.db.models import Q
|
||||
from django.forms import Form
|
||||
from django import forms
|
||||
from django.urls import reverse
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
from .. import models, hooks, app_settings, utils
|
||||
|
@ -45,10 +46,8 @@ class PasswordResetForm(forms.Form):
|
|||
user.
|
||||
"""
|
||||
email = self.cleaned_data["email"].strip()
|
||||
users = get_user_queryset()
|
||||
active_users = users.filter(
|
||||
Q(email__iexact=email) | Q(username__iexact=email),
|
||||
is_active=True)
|
||||
users = get_user_queryset().filter(Q(email__iexact=email) | Q(username__iexact=email))
|
||||
active_users = users.filter(is_active=True)
|
||||
for user in active_users:
|
||||
# we don't set the password to a random string, as some users should not have
|
||||
# a password
|
||||
|
@ -58,8 +57,10 @@ class PasswordResetForm(forms.Form):
|
|||
user,
|
||||
set_random_password=set_random_password,
|
||||
next_url=self.cleaned_data.get('next_url'))
|
||||
if not active_users:
|
||||
if not users.exists():
|
||||
logger.info(u'password reset request for "%s", no user found', email)
|
||||
ctx = {'registration_url': utils.make_url('registration_register', absolute=True)}
|
||||
utils.send_templated_mail(email, ['authentic2/password_reset_no_account'], context=ctx)
|
||||
hooks.call_hooks('event', name='password-reset', email=email, users=active_users)
|
||||
|
||||
|
||||
|
|
|
@ -0,0 +1,14 @@
|
|||
{% extends "emails/body_base.html" %}
|
||||
{% load i18n %}
|
||||
|
||||
{% block content %}
|
||||
<p>{% trans "Hi," %}</p>
|
||||
|
||||
<p>{% blocktrans trimmed with hostname=request.get_host %}
|
||||
You requested reset of your password on {{ hostname }}, but no account was found associated with this address.
|
||||
{% endblocktrans %}</p>
|
||||
|
||||
{% with _("Create an account") as button_label %}
|
||||
{% include "emails/button-link.html" with url=registration_url label=button_label %}
|
||||
{% endwith %}
|
||||
{% endblock %}
|
|
@ -0,0 +1,9 @@
|
|||
{% extends "emails/body_base.txt" %}
|
||||
{% load i18n %}
|
||||
|
||||
{% block content %}{% trans "Hi," %}
|
||||
{% blocktrans trimmed with hostname=request.get_host %}
|
||||
You requested reset of your password on {{ hostname }}, but no account was found associated with this address.
|
||||
{% endblocktrans %}
|
||||
{% trans "You can create an account here:" %} {{ registration_url }}.
|
||||
{% endblock %}
|
|
@ -0,0 +1,4 @@
|
|||
{% extends "emails/subject.txt" %}
|
||||
{% load i18n %}
|
||||
|
||||
{% block email-subject %}{% blocktrans with hostname=request.get_host %}Password reset on {{ hostname }}{% endblocktrans %}{% endblock %}
|
|
@ -0,0 +1,15 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
</head>
|
||||
<body>
|
||||
<div style="max-width: 60ex;">
|
||||
<div class="content">
|
||||
{% block content %}
|
||||
{{ content }}
|
||||
{% endblock %}
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1 @@
|
|||
{% block content %}{{ content }}{% endblock %}
|
|
@ -0,0 +1 @@
|
|||
<a href="{{url}}">{{label}}</a>
|
|
@ -0,0 +1 @@
|
|||
{% block email-subject %}{% endblock %}
|
|
@ -103,7 +103,7 @@ def test_user_filter(app, simple_user, mailoutbox, settings):
|
|||
resp.form.set('email', simple_user.email)
|
||||
assert len(mailoutbox) == 0
|
||||
resp = resp.form.submit()
|
||||
assert len(mailoutbox) == 0
|
||||
assert 'no account was found associated with this address' in mailoutbox[0].body
|
||||
|
||||
|
||||
def test_user_exclude(app, simple_user, mailoutbox, settings):
|
||||
|
@ -114,7 +114,7 @@ def test_user_exclude(app, simple_user, mailoutbox, settings):
|
|||
resp.form.set('email', simple_user.email)
|
||||
assert len(mailoutbox) == 0
|
||||
resp = resp.form.submit()
|
||||
assert len(mailoutbox) == 0
|
||||
assert 'no account was found associated with this address' in mailoutbox[0].body
|
||||
|
||||
|
||||
def test_old_url_redirect(app):
|
||||
|
@ -122,3 +122,16 @@ def test_old_url_redirect(app):
|
|||
assert response.location == '/accounts/password/reset/'
|
||||
response = response.follow()
|
||||
assert 'please reset your password again' in response
|
||||
|
||||
|
||||
def test_send_password_reset_email_no_account(app, db, mailoutbox):
|
||||
url = reverse('password_reset')
|
||||
resp = app.get(url, status=200)
|
||||
resp.form.set('email', 'test@entrouvert.com')
|
||||
resp = resp.form.submit()
|
||||
|
||||
mail = mailoutbox[0]
|
||||
assert mail.subject == 'Password reset on testserver'
|
||||
for body in (mail.body, mail.alternatives[0][0]):
|
||||
assert 'no account was found associated with this address' in body
|
||||
assert 'http://testserver/accounts/register/' in body
|
||||
|
|
Loading…
Reference in New Issue