Merge pull request #109 from level12/100-unverified-pw-reset

Allow unverified users to reset thier passwords
level12 · Apr 1, 2020 · 8888386 · 8888386
2 parents e59fcc1 + 13475d0
commit 8888386
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 3 deletions.
diff --git a/keg_auth/libs/authenticators.py b/keg_auth/libs/authenticators.py
@@ -330,7 +330,7 @@ def __call__(self, *args, **kwargs):
 
     def on_form_valid(self, form):
         try:
-            user = self.parent.verify_user(login_id=form.email.data)
+            user = self.parent.verify_user(login_id=form.email.data, allow_unverified=True)
 
             # User is active, take action to initiate password reset
             return self.on_success(user)
@@ -396,12 +396,14 @@ class KegAuthenticator(PasswordAuthenticatorMixin, LoginAuthenticator):
         'logout': LogoutViewResponder,
     }
 
-    def verify_user(self, login_id=None, password=None):
+    def verify_user(self, login_id=None, password=None, allow_unverified=False):
         user = self.user_ent.query.filter_by(username=login_id).one_or_none()
 
         if not user:
             raise UserNotFound
-        if not user.is_active:
+        if not allow_unverified and not user.is_active:
+            raise UserInactive(user)
+        if allow_unverified and not user.is_enabled:
             raise UserInactive(user)
         if password and not self.verify_password(user, password):
             raise UserInvalidAuth(user)

diff --git a/keg_auth/tests/test_authenticators.py b/keg_auth/tests/test_authenticators.py
@@ -36,6 +36,18 @@ def test_user_verified(self):
         found_user = authenticator.verify_user(login_id=user.email, password=user._plaintext_pass)
         assert user is found_user
 
+    def test_unverified_user(self):
+        user = User.testing_create()
+        user.is_verified = False
+        authenticator = auth.KegAuthenticator(app=flask.current_app)
+        with pytest.raises(auth.UserInactive) as e_info:
+            authenticator.verify_user(login_id=user.email, password=user._plaintext_pass)
+        assert e_info.value.user is user
+
+        found_user = authenticator.verify_user(login_id=user.email, password=user._plaintext_pass,
+                                               allow_unverified=True)
+        assert user is found_user
+
 
 class TestLdapAuthenticator:
     def setup(self):