Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

[1.2.X] Fixed #9213 - Added check to prevent inactive users from rese…

…tting their password. Thanks to John Scott for report and draft patch, and Evgeny Fadeev for final patch with test.

Backport of r15805 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15808 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit e5f49f8c064e70159d40841defbf603aabb6739d 1 parent f10dae5
@carljm carljm authored
Showing with 26 additions and 5 deletions.
  1. +5 −2 django/contrib/auth/forms.py
  2. +21 −3 django/contrib/auth/tests/forms.py
View
7 django/contrib/auth/forms.py
@@ -108,10 +108,13 @@ class PasswordResetForm(forms.Form):
def clean_email(self):
"""
- Validates that a user exists with the given e-mail address.
+ Validates that an active user exists with the given e-mail address.
"""
email = self.cleaned_data["email"]
- self.users_cache = User.objects.filter(email__iexact=email)
+ self.users_cache = User.objects.filter(
+ email__iexact=email,
+ is_active=True
+ )
if len(self.users_cache) == 0:
raise forms.ValidationError(_("That e-mail address doesn't have an associated user account. Are you sure you've registered?"))
return email
View
24 django/contrib/auth/tests/forms.py
@@ -219,6 +219,15 @@ class PasswordResetFormTest(TestCase):
fixtures = ['authtestdata.json']
+ def create_dummy_user(self):
+ """creates a user and returns a tuple
+ (user_object, username, email)
+ """
+ username = 'jsmith'
+ email = 'jsmith@example.com'
+ user = User.objects.create_user(username, email, 'test123')
+ return (user, username, email)
+
def test_invalid_email(self):
data = {'email':'not valid'}
form = PasswordResetForm(data)
@@ -236,11 +245,11 @@ def test_nonexistant_email(self):
def test_cleaned_data(self):
# Regression test
- user = User.objects.create_user("jsmith3", "jsmith3@example.com", "test123")
- data = {'email':'jsmith3@example.com'}
+ (user, username, email) = self.create_dummy_user()
+ data = {'email': email}
form = PasswordResetForm(data)
self.assertTrue(form.is_valid())
- self.assertEqual(form.cleaned_data['email'], u'jsmith3@example.com')
+ self.assertEqual(form.cleaned_data['email'], email)
def test_bug_5605(self):
@@ -250,3 +259,12 @@ def test_bug_5605(self):
self.assertEqual(user.email, 'tesT@example.com')
user = User.objects.create_user('forms_test3', 'tesT', 'test')
self.assertEqual(user.email, 'tesT')
+
+ def test_inactive_user(self):
+ #tests that inactive user cannot
+ #receive password reset email
+ (user, username, email) = self.create_dummy_user()
+ user.is_active = False
+ user.save()
+ form = PasswordResetForm({'email': email})
+ self.assertFalse(form.is_valid())
Please sign in to comment.
Something went wrong with that request. Please try again.