views: do not link to registration when it is closed (#52770)

License: MIT

src/authentic2/forms/passwords.py

@@ -18,6 +18,7 @@ import logging
 from collections import OrderedDict
 
 from django import forms
+from django.conf import settings
 from django.contrib.auth import forms as auth_forms
 from django.core.exceptions import ValidationError
 from django.forms import Form
@@ -87,7 +88,12 @@ class PasswordResetForm(HoneypotForm):
             utils.send_templated_mail(user, ['authentic2/password_reset_refused'])
         if not self.users.exists() and email:
             logger.info(u'password reset request for "%s", no user found', email)
-            ctx = {'registration_url': utils.make_url('registration_register', absolute=True)}
+            if getattr(settings, 'REGISTRATION_OPEN', True):
+                ctx = {
+                    'registration_url': utils.make_url('registration_register', absolute=True),
+                }
+            else:
+                ctx = {}
             utils.send_templated_mail(email, ['authentic2/password_reset_no_account'], context=ctx)
         hooks.call_hooks('event', name='password-reset', email=email or email_or_username, users=active_users)
 

src/authentic2/templates/authentic2/password_reset_no_account_body.html

@@ -7,8 +7,9 @@
 <p>{% blocktrans trimmed with hostname=request.get_host %}
 You requested reset of your password on {{ hostname }}, but no account was found associated with this address.
 {% endblocktrans %}</p>
-
+{% if registration_url %}
 {% with _("Create an account") as button_label %}
 {% include "emails/button-link.html" with url=registration_url label=button_label %}
 {% endwith %}
+{% endif %}
 {% endblock %}

src/authentic2/templates/authentic2/password_reset_no_account_body.txt

@@ -5,5 +5,5 @@
 {% blocktrans trimmed with hostname=request.get_host %}
 You requested reset of your password on {{ hostname }}, but no account was found associated with this address.
 {% endblocktrans %}
-{% trans "You can create an account here:" %} {{ registration_url }}.
+{% if registration_url %}{% trans "You can create an account here:" %} {{ registration_url }}.{% endif %}
 {% endblock %}

tests/test_password_reset.py

@@ -13,7 +13,7 @@
 #
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
+import pytest
 from django.test.utils import override_settings
 from django.urls import reverse
 
@@ -149,7 +149,12 @@ def test_old_url_redirect(app):
     assert 'please reset your password again' in response
 
 
-def test_send_password_reset_email_no_account(app, db, mailoutbox):
+@pytest.mark.parametrize(
+    'registration_open',
+    [True, False],
+)
+def test_send_password_reset_email_no_account(app, db, mailoutbox, settings, registration_open):
+    settings.REGISTRATION_OPEN = registration_open
     url = reverse('password_reset')
     resp = app.get(url, status=200)
     resp.form.set('email', 'test@entrouvert.com')
@@ -159,7 +164,10 @@ def test_send_password_reset_email_no_account(app, db, mailoutbox):
     assert mail.subject == 'Password reset on testserver'
     for body in (mail.body, mail.alternatives[0][0]):
         assert 'no account was found associated with this address' in body
-        assert 'http://testserver/accounts/register/' in body
+        if settings.REGISTRATION_OPEN:
+            assert 'http://testserver/accounts/register/' in body
+        else:
+            assert 'http://testserver/accounts/register/' not in body
 
 
 def test_send_password_reset_email_disabled_account(app, simple_user, mailoutbox):