Commit 7d71a9e4 authored by Carl Meyer's avatar Carl Meyer
Browse files

Fixed #9213 - Added check to prevent inactive users from resetting their... 

Fixed #9213 - Added check to prevent inactive users from resetting their password. Thanks to John Scott for report and draft patch, and Evgeny Fadeev for final patch with test.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15805 bcc190cf-cafb-0310-a4f2-bffc1f526a37
parent fd2f1800

django/contrib/auth/forms.py

+5 −2
Original line number Diff line number Diff line
@@ -109,10 +109,13 @@ class PasswordResetForm(forms.Form): 


    def clean_email(self):

        """

        Validates that a user exists with the given e-mail address.

        Validates that an active user exists with the given e-mail address.

        """

        email = self.cleaned_data["email"]

        self.users_cache = User.objects.filter(email__iexact=email)

        self.users_cache = User.objects.filter(

                                email__iexact=email,

                                is_active=True

                            )

        if len(self.users_cache) == 0:

            raise forms.ValidationError(_("That e-mail address doesn't have an associated user account. Are you sure you've registered?"))

        return email

django/contrib/auth/tests/forms.py

+21 −3
Original line number Diff line number Diff line
@@ -219,6 +219,15 @@ class PasswordResetFormTest(TestCase): 


    fixtures = ['authtestdata.json']



    def create_dummy_user(self):

        """creates a user and returns a tuple

        (user_object, username, email)

        """

        username = 'jsmith'

        email = 'jsmith@example.com'

        user = User.objects.create_user(username, email, 'test123')

        return (user, username, email)



    def test_invalid_email(self):

        data = {'email':'not valid'}

        form = PasswordResetForm(data)
@@ -236,11 +245,11 @@ class PasswordResetFormTest(TestCase): 


    def test_cleaned_data(self):

        # Regression test

        user = User.objects.create_user("jsmith3", "jsmith3@example.com", "test123")

        data = {'email':'jsmith3@example.com'}

        (user, username, email) = self.create_dummy_user()

        data = {'email': email}

        form = PasswordResetForm(data)

        self.assertTrue(form.is_valid())

        self.assertEqual(form.cleaned_data['email'], u'jsmith3@example.com')

        self.assertEqual(form.cleaned_data['email'], email)





    def test_bug_5605(self):
@@ -250,3 +259,12 @@ class PasswordResetFormTest(TestCase): 
        self.assertEqual(user.email, 'tesT@example.com')

        user = User.objects.create_user('forms_test3', 'tesT', 'test')

        self.assertEqual(user.email, 'tesT')



    def test_inactive_user(self):

        #tests that inactive user cannot

        #receive password reset email

        (user, username, email) = self.create_dummy_user()

        user.is_active = False

        user.save()

        form = PasswordResetForm({'email': email})

        self.assertFalse(form.is_valid())