Permalink
Browse files

[1.11.x] Fixed #27840 -- Fixed KeyError in PasswordResetConfirmView.f…

…orm_valid().

When a user is already logged in when submitting the password and
password confirmation to reset a password, a KeyError occurred while
removing the reset session token from the session.

Refs #17209

Thanks Quentin Marlats for the report and Florian Apolloner and Tim
Graham for the review.
  • Loading branch information...
1 parent da2e92d commit f5ff5be2c11613e611f53ba4d6b194675811cbad @MarkusH MarkusH committed Feb 14, 2017
Showing with 9 additions and 1 deletion.
  1. +1 −1 django/contrib/auth/views.py
  2. +8 −0 tests/auth_tests/test_views.py
@@ -492,9 +492,9 @@ def get_form_kwargs(self):
def form_valid(self, form):
user = form.save()
+ del self.request.session[INTERNAL_RESET_SESSION_TOKEN]
if self.post_reset_login:
auth_login(self.request, user)
- del self.request.session[INTERNAL_RESET_SESSION_TOKEN]
return super(PasswordResetConfirmView, self).form_valid(form)
def get_context_data(self, **kwargs):
@@ -331,6 +331,14 @@ def test_confirm_login_post_reset(self):
self.assertRedirects(response, '/reset/done/', fetch_redirect_response=False)
self.assertIn(SESSION_KEY, self.client.session)
+ def test_confirm_login_post_reset_already_logged_in(self):
+ url, path = self._test_confirm_start()
+ path = path.replace('/reset/', '/reset/post_reset_login/')
+ self.login()
+ response = self.client.post(path, {'new_password1': 'anewpassword', 'new_password2': 'anewpassword'})
+ self.assertRedirects(response, '/reset/done/', fetch_redirect_response=False)
+ self.assertIn(SESSION_KEY, self.client.session)
+
def test_confirm_display_user_from_form(self):
url, path = self._test_confirm_start()
response = self.client.get(path)

0 comments on commit f5ff5be

Please sign in to comment.