Fixed #9213 - Added check to prevent inactive users from resetting their password. Thanks to John Scott for report and draft patch, and Evgeny Fadeev for final patch with test.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15805 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Carl Meyer
parent
fd2f18008c
commit
7d71a9e45f
|
|
@ -109,10 +109,13 @@ class PasswordResetForm(forms.Form):
|
||||||
|
|
||||||
def clean_email(self):
|
def clean_email(self):
|
||||||
"""
|
"""
|
||||||
Validates that a user exists with the given e-mail address.
|
Validates that an active user exists with the given e-mail address.
|
||||||
"""
|
"""
|
||||||
email = self.cleaned_data["email"]
|
email = self.cleaned_data["email"]
|
||||||
self.users_cache = User.objects.filter(email__iexact=email)
|
self.users_cache = User.objects.filter(
|
||||||
|
email__iexact=email,
|
||||||
|
is_active=True
|
||||||
|
)
|
||||||
if len(self.users_cache) == 0:
|
if len(self.users_cache) == 0:
|
||||||
raise forms.ValidationError(_("That e-mail address doesn't have an associated user account. Are you sure you've registered?"))
|
raise forms.ValidationError(_("That e-mail address doesn't have an associated user account. Are you sure you've registered?"))
|
||||||
return email
|
return email
|
||||||
|
|
|
||||||
|
|
@ -219,6 +219,15 @@ class PasswordResetFormTest(TestCase):
|
||||||
|
|
||||||
fixtures = ['authtestdata.json']
|
fixtures = ['authtestdata.json']
|
||||||
|
|
||||||
|
def create_dummy_user(self):
|
||||||
|
"""creates a user and returns a tuple
|
||||||
|
(user_object, username, email)
|
||||||
|
"""
|
||||||
|
username = 'jsmith'
|
||||||
|
email = 'jsmith@example.com'
|
||||||
|
user = User.objects.create_user(username, email, 'test123')
|
||||||
|
return (user, username, email)
|
||||||
|
|
||||||
def test_invalid_email(self):
|
def test_invalid_email(self):
|
||||||
data = {'email':'not valid'}
|
data = {'email':'not valid'}
|
||||||
form = PasswordResetForm(data)
|
form = PasswordResetForm(data)
|
||||||
|
|
@ -236,11 +245,11 @@ class PasswordResetFormTest(TestCase):
|
||||||
|
|
||||||
def test_cleaned_data(self):
|
def test_cleaned_data(self):
|
||||||
# Regression test
|
# Regression test
|
||||||
user = User.objects.create_user("jsmith3", "jsmith3@example.com", "test123")
|
(user, username, email) = self.create_dummy_user()
|
||||||
data = {'email':'jsmith3@example.com'}
|
data = {'email': email}
|
||||||
form = PasswordResetForm(data)
|
form = PasswordResetForm(data)
|
||||||
self.assertTrue(form.is_valid())
|
self.assertTrue(form.is_valid())
|
||||||
self.assertEqual(form.cleaned_data['email'], u'jsmith3@example.com')
|
self.assertEqual(form.cleaned_data['email'], email)
|
||||||
|
|
||||||
|
|
||||||
def test_bug_5605(self):
|
def test_bug_5605(self):
|
||||||
|
|
@ -250,3 +259,12 @@ class PasswordResetFormTest(TestCase):
|
||||||
self.assertEqual(user.email, 'tesT@example.com')
|
self.assertEqual(user.email, 'tesT@example.com')
|
||||||
user = User.objects.create_user('forms_test3', 'tesT', 'test')
|
user = User.objects.create_user('forms_test3', 'tesT', 'test')
|
||||||
self.assertEqual(user.email, 'tesT')
|
self.assertEqual(user.email, 'tesT')
|
||||||
|
|
||||||
|
def test_inactive_user(self):
|
||||||
|
#tests that inactive user cannot
|
||||||
|
#receive password reset email
|
||||||
|
(user, username, email) = self.create_dummy_user()
|
||||||
|
user.is_active = False
|
||||||
|
user.save()
|
||||||
|
form = PasswordResetForm({'email': email})
|
||||||
|
self.assertFalse(form.is_valid())
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue