misc: send password reset email even if disabled account (#20830)

2021-03-03 09:59:43 +01:00 · 2021-03-03 09:59:43 +01:00 · 2c6c03a9c8
parent 1ae7ac6df7
commit 2c6c03a9c8
5 changed files with 39 additions and 0 deletions
--- a/src/authentic2/forms/passwords.py
+++ b/src/authentic2/forms/passwords.py
@ -57,6 +57,9 @@ class PasswordResetForm(forms.Form):
                user,
                set_random_password=set_random_password,
                next_url=self.cleaned_data.get('next_url'))
+        for user in users.filter(is_active=False):
+            logger.info('password reset failed for user "%r": account is disabled', user)
+            utils.send_templated_mail(user, ['authentic2/password_reset_refused'])
        if not users.exists():
            logger.info(u'password reset request for "%s", no user found', email)
            ctx = {'registration_url': utils.make_url('registration_register', absolute=True)}
--- a/src/authentic2/templates/authentic2/password_reset_refused_body.html
+++ b/src/authentic2/templates/authentic2/password_reset_refused_body.html
@ -0,0 +1,10 @@
+{% extends "emails/body_base.html" %}
+{% load i18n %}
+
+{% block content %}
+<p>{% trans "Hi," %}</p>
+
+<p>{% blocktrans trimmed with hostname=request.get_host %}
+You requested reset of your password on {{ hostname }}. Unfortunately, your account has been disabled on this server, thus your request can't succeed.
+{% endblocktrans %}</p>
+{% endblock %}
--- a/src/authentic2/templates/authentic2/password_reset_refused_body.txt
+++ b/src/authentic2/templates/authentic2/password_reset_refused_body.txt
@ -0,0 +1,8 @@
+{% extends "emails/body_base.txt" %}
+{% load i18n %}
+
+{% block content %}{% trans "Hi," %}
+{% blocktrans trimmed with hostname=request.get_host %}
+You requested reset of your password on {{ hostname }}. Unfortunately, your account has been disabled on this server, thus your request can't succeed.
+{% endblocktrans %}
+{% endblock %}
--- a/src/authentic2/templates/authentic2/password_reset_refused_subject.txt
+++ b/src/authentic2/templates/authentic2/password_reset_refused_subject.txt
@ -0,0 +1,4 @@
+{% extends "emails/subject.txt" %}
+{% load i18n %}
+
+{% block email-subject %}{% blocktrans with hostname=request.get_host %}Your account on {{ hostname }} is disabled{% endblocktrans %}{% endblock %}
--- a/tests/test_password_reset.py
+++ b/tests/test_password_reset.py
@ -135,3 +135,17 @@ def test_send_password_reset_email_no_account(app, db, mailoutbox):
    for body in (mail.body, mail.alternatives[0][0]):
        assert 'no account was found associated with this address' in body
        assert 'http://testserver/accounts/register/' in body
+
+
+def test_send_password_reset_email_disabled_account(app, simple_user, mailoutbox):
+    simple_user.is_active = False
+    simple_user.save()
+
+    url = reverse('password_reset')
+    resp = app.get(url, status=200)
+    resp.form.set('email', simple_user.email)
+    resp = resp.form.submit()
+
+    mail = mailoutbox[0]
+    assert mail.subject == 'Your account on testserver is disabled'
+    assert 'your account has been disabled on this server' in mail.body