-
Notifications
You must be signed in to change notification settings - Fork 299
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix allauth reset password bug (#276)
* Fix allauth reset password bug * Fix allauth uid Invalid value Fix allauth verify url not match Fix unit test: test_password_reset_with_invalid_email
- Loading branch information
Showing
2 changed files
with
75 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
|
||
from django.conf import settings | ||
from django.contrib.sites.shortcuts import get_current_site | ||
from django.urls import reverse | ||
|
||
if 'allauth' in settings.INSTALLED_APPS: | ||
from allauth.account import app_settings | ||
from allauth.account.adapter import get_adapter | ||
from allauth.account.forms import \ | ||
ResetPasswordForm as DefaultPasswordResetForm | ||
from allauth.account.forms import default_token_generator | ||
from allauth.account.utils import (filter_users_by_email, | ||
user_pk_to_url_str, user_username) | ||
from allauth.utils import build_absolute_uri | ||
else: | ||
from django.contrib.auth.forms import DefaultPasswordResetForm | ||
from django.contrib.auth.tokens import default_token_generator | ||
|
||
class PasswordResetForm(DefaultPasswordResetForm): | ||
def clean_email(self): | ||
""" | ||
Invalid email should not raise error, as this would leak users | ||
for unit test: test_password_reset_with_invalid_email | ||
""" | ||
email = self.cleaned_data["email"] | ||
email = get_adapter().clean_email(email) | ||
self.users = filter_users_by_email(email, is_active=True) | ||
return self.cleaned_data["email"] | ||
|
||
def save(self, request, **kwargs): | ||
if 'allauth' not in settings.INSTALLED_APPS: | ||
return super().save(request, **kwargs) | ||
# for allauth | ||
current_site = get_current_site(request) | ||
email = self.cleaned_data['email'] | ||
token_generator = kwargs.get('token_generator', default_token_generator) | ||
|
||
for user in self.users: | ||
|
||
temp_key = token_generator.make_token(user) | ||
|
||
# save it to the password reset model | ||
# password_reset = PasswordReset(user=user, temp_key=temp_key) | ||
# password_reset.save() | ||
|
||
# send the password reset email | ||
path = reverse( | ||
'password_reset_confirm', | ||
args=[user_pk_to_url_str(user), temp_key], | ||
) | ||
url = build_absolute_uri(request, path) | ||
|
||
context = { | ||
'current_site': current_site, | ||
'user': user, | ||
'password_reset_url': url, | ||
'request': request, | ||
} | ||
if app_settings.AUTHENTICATION_METHOD != app_settings.AuthenticationMethod.EMAIL: | ||
context['username'] = user_username(user) | ||
get_adapter(request).send_mail( | ||
'account/email/password_reset_key', email, context | ||
) | ||
return self.cleaned_data['email'] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters