misc: don't display password reset view when disabled (#27318)
This commit is contained in:
parent
3f409f099f
commit
cc8ec18ea4
|
@ -3,12 +3,13 @@ import logging
|
|||
from django.views.generic import FormView
|
||||
from django.contrib import messages
|
||||
from django.contrib.auth import get_user_model, REDIRECT_FIELD_NAME, authenticate
|
||||
from django.http import Http404
|
||||
from django.utils.translation import ugettext as _
|
||||
from django.utils.http import urlsafe_base64_decode
|
||||
|
||||
from .compat import default_token_generator
|
||||
from .registration_backend.forms import SetPasswordForm
|
||||
from . import cbv, profile_forms, utils, hooks
|
||||
from . import app_settings, cbv, profile_forms, utils, hooks
|
||||
|
||||
|
||||
class PasswordResetView(cbv.NextURLViewMixin, FormView):
|
||||
|
@ -30,6 +31,8 @@ class PasswordResetView(cbv.NextURLViewMixin, FormView):
|
|||
|
||||
def get_context_data(self, **kwargs):
|
||||
ctx = super(PasswordResetView, self).get_context_data(**kwargs)
|
||||
if app_settings.A2_USER_CAN_RESET_PASSWORD is False:
|
||||
raise Http404('Password reset is not allowed.')
|
||||
ctx['title'] = _('Password reset')
|
||||
return ctx
|
||||
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
from django.core.urlresolvers import reverse
|
||||
from django.test.utils import override_settings
|
||||
|
||||
import utils
|
||||
|
||||
|
@ -42,6 +43,9 @@ def test_view(app, simple_user, mailoutbox):
|
|||
# verify next_url was kept
|
||||
assert resp['Location'].endswith('/moncul/')
|
||||
|
||||
with override_settings(A2_USER_CAN_RESET_PASSWORD=False):
|
||||
url = reverse('password_reset') + '?next=/moncul/'
|
||||
app.get(url, status=404)
|
||||
|
||||
def test_user_filter(app, simple_user, mailoutbox, settings):
|
||||
settings.A2_USER_FILTER = {'username': 'xxx'} # will not match simple_user
|
||||
|
|
Loading…
Reference in New Issue