Fixed #23409 -- Extract PasswordResetForm.get_users method.

Allows easier customization of policies regarding which users are allowed to reset their password. Thanks Aymeric for review.
2014-09-03 11:49:56 -06:00 · 2014-09-03 11:49:56 -06:00 · 89559bcfb0
parent 4db75925be
commit 89559bcfb0
1 changed files with 13 additions and 8 deletions
--- a/django/contrib/auth/forms.py
+++ b/django/contrib/auth/forms.py
@ -220,6 +220,18 @@ class PasswordResetForm(forms.Form):

        email_message.send()

+    def get_users(self, email):
+        """Given an email, return matching user(s) who should receive a reset.
+
+        This allows subclasses to more easily customize the default policies
+        that prevent inactive users and users with unusable passwords from
+        resetting their password.
+
+        """
+        active_users = get_user_model()._default_manager.filter(
+            email__iexact=email, is_active=True)
+        return (u for u in active_users if u.has_usable_password())
+
    def save(self, domain_override=None,
             subject_template_name='registration/password_reset_subject.txt',
             email_template_name='registration/password_reset_email.html',
@ -229,15 +241,8 @@ class PasswordResetForm(forms.Form):
        Generates a one-use only link for resetting password and sends to the
        user.
        """
-        UserModel = get_user_model()
        email = self.cleaned_data["email"]
-        active_users = UserModel._default_manager.filter(
-            email__iexact=email, is_active=True)
-        for user in active_users:
-            # Make sure that no email is sent to a user that actually has
-            # a password marked as unusable
-            if not user.has_usable_password():
-                continue
+        for user in self.get_users(email):
            if not domain_override:
                current_site = get_current_site(request)
                site_name = current_site.name