Fixed #23409 -- Extract PasswordResetForm.get_users method.

Allows easier customization of policies regarding which users are allowed to
reset their password.

Thanks Aymeric for review.
This commit is contained in:
Carl Meyer 2014-09-03 11:49:56 -06:00
parent 4db75925be
commit 89559bcfb0
1 changed files with 13 additions and 8 deletions

View File

@ -220,6 +220,18 @@ class PasswordResetForm(forms.Form):
email_message.send() email_message.send()
def get_users(self, email):
"""Given an email, return matching user(s) who should receive a reset.
This allows subclasses to more easily customize the default policies
that prevent inactive users and users with unusable passwords from
resetting their password.
"""
active_users = get_user_model()._default_manager.filter(
email__iexact=email, is_active=True)
return (u for u in active_users if u.has_usable_password())
def save(self, domain_override=None, def save(self, domain_override=None,
subject_template_name='registration/password_reset_subject.txt', subject_template_name='registration/password_reset_subject.txt',
email_template_name='registration/password_reset_email.html', email_template_name='registration/password_reset_email.html',
@ -229,15 +241,8 @@ class PasswordResetForm(forms.Form):
Generates a one-use only link for resetting password and sends to the Generates a one-use only link for resetting password and sends to the
user. user.
""" """
UserModel = get_user_model()
email = self.cleaned_data["email"] email = self.cleaned_data["email"]
active_users = UserModel._default_manager.filter( for user in self.get_users(email):
email__iexact=email, is_active=True)
for user in active_users:
# Make sure that no email is sent to a user that actually has
# a password marked as unusable
if not user.has_usable_password():
continue
if not domain_override: if not domain_override:
current_site = get_current_site(request) current_site = get_current_site(request)
site_name = current_site.name site_name = current_site.name