Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

[1.2.X] Fixed #9213 - Added check to prevent inactive users from rese…

…tting their password. Thanks to John Scott for report and draft patch, and Evgeny Fadeev for final patch with test.

Backport of r15805 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15808 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit e5f49f8c064e70159d40841defbf603aabb6739d 1 parent f10dae5
Carl Meyer authored March 14, 2011
7  django/contrib/auth/forms.py
@@ -108,10 +108,13 @@ class PasswordResetForm(forms.Form):
108 108
 
109 109
     def clean_email(self):
110 110
         """
111  
-        Validates that a user exists with the given e-mail address.
  111
+        Validates that an active user exists with the given e-mail address.
112 112
         """
113 113
         email = self.cleaned_data["email"]
114  
-        self.users_cache = User.objects.filter(email__iexact=email)
  114
+        self.users_cache = User.objects.filter(
  115
+                                email__iexact=email,
  116
+                                is_active=True
  117
+                            )
115 118
         if len(self.users_cache) == 0:
116 119
             raise forms.ValidationError(_("That e-mail address doesn't have an associated user account. Are you sure you've registered?"))
117 120
         return email
24  django/contrib/auth/tests/forms.py
@@ -219,6 +219,15 @@ class PasswordResetFormTest(TestCase):
219 219
 
220 220
     fixtures = ['authtestdata.json']
221 221
 
  222
+    def create_dummy_user(self):
  223
+        """creates a user and returns a tuple
  224
+        (user_object, username, email)
  225
+        """
  226
+        username = 'jsmith'
  227
+        email = 'jsmith@example.com'
  228
+        user = User.objects.create_user(username, email, 'test123')
  229
+        return (user, username, email)
  230
+
222 231
     def test_invalid_email(self):
223 232
         data = {'email':'not valid'}
224 233
         form = PasswordResetForm(data)
@@ -236,11 +245,11 @@ def test_nonexistant_email(self):
236 245
 
237 246
     def test_cleaned_data(self):
238 247
         # Regression test
239  
-        user = User.objects.create_user("jsmith3", "jsmith3@example.com", "test123")
240  
-        data = {'email':'jsmith3@example.com'}
  248
+        (user, username, email) = self.create_dummy_user()
  249
+        data = {'email': email}
241 250
         form = PasswordResetForm(data)
242 251
         self.assertTrue(form.is_valid())
243  
-        self.assertEqual(form.cleaned_data['email'], u'jsmith3@example.com')
  252
+        self.assertEqual(form.cleaned_data['email'], email)
244 253
 
245 254
 
246 255
     def test_bug_5605(self):
@@ -250,3 +259,12 @@ def test_bug_5605(self):
250 259
         self.assertEqual(user.email, 'tesT@example.com')
251 260
         user = User.objects.create_user('forms_test3', 'tesT', 'test')
252 261
         self.assertEqual(user.email, 'tesT')
  262
+
  263
+    def test_inactive_user(self):
  264
+        #tests that inactive user cannot
  265
+        #receive password reset email
  266
+        (user, username, email) = self.create_dummy_user()
  267
+        user.is_active = False
  268
+        user.save()
  269
+        form = PasswordResetForm({'email': email})
  270
+        self.assertFalse(form.is_valid())

0 notes on commit e5f49f8

Please sign in to comment.
Something went wrong with that request. Please try again.