Commit e5f49f8c authored by Carl Meyer's avatar Carl Meyer
Browse files

[1.2.X] Fixed #9213 - Added check to prevent inactive users from resetting... 

[1.2.X] Fixed #9213 - Added check to prevent inactive users from resetting their password. Thanks to John Scott for report and draft patch, and Evgeny Fadeev for final patch with test.

Backport of r15805 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15808 bcc190cf-cafb-0310-a4f2-bffc1f526a37
parent f10dae51

django/contrib/auth/forms.py

+5 −2
Original line number Diff line number Diff line
@@ -108,10 +108,13 @@ class PasswordResetForm(forms.Form): 


    def clean_email(self):

        """

        Validates that a user exists with the given e-mail address.

        Validates that an active user exists with the given e-mail address.

        """

        email = self.cleaned_data["email"]

        self.users_cache = User.objects.filter(email__iexact=email)

        self.users_cache = User.objects.filter(

                                email__iexact=email,

                                is_active=True

                            )

        if len(self.users_cache) == 0:

            raise forms.ValidationError(_("That e-mail address doesn't have an associated user account. Are you sure you've registered?"))

        return email

django/contrib/auth/tests/forms.py

+21 −3
Original line number Diff line number Diff line
@@ -219,6 +219,15 @@ class PasswordResetFormTest(TestCase): 


    fixtures = ['authtestdata.json']



    def create_dummy_user(self):

        """creates a user and returns a tuple

        (user_object, username, email)

        """

        username = 'jsmith'

        email = 'jsmith@example.com'

        user = User.objects.create_user(username, email, 'test123')

        return (user, username, email)



    def test_invalid_email(self):

        data = {'email':'not valid'}

        form = PasswordResetForm(data)
@@ -236,11 +245,11 @@ class PasswordResetFormTest(TestCase): 


    def test_cleaned_data(self):

        # Regression test

        user = User.objects.create_user("jsmith3", "jsmith3@example.com", "test123")

        data = {'email':'jsmith3@example.com'}

        (user, username, email) = self.create_dummy_user()

        data = {'email': email}

        form = PasswordResetForm(data)

        self.assertTrue(form.is_valid())

        self.assertEqual(form.cleaned_data['email'], u'jsmith3@example.com')

        self.assertEqual(form.cleaned_data['email'], email)





    def test_bug_5605(self):
@@ -250,3 +259,12 @@ class PasswordResetFormTest(TestCase): 
        self.assertEqual(user.email, 'tesT@example.com')

        user = User.objects.create_user('forms_test3', 'tesT', 'test')

        self.assertEqual(user.email, 'tesT')



    def test_inactive_user(self):

        #tests that inactive user cannot

        #receive password reset email

        (user, username, email) = self.create_dummy_user()

        user.is_active = False

        user.save()

        form = PasswordResetForm({'email': email})

        self.assertFalse(form.is_valid())