summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCarl Meyer <carl@oddbird.net>2011-03-14 21:14:10 +0000
committerCarl Meyer <carl@oddbird.net>2011-03-14 21:14:10 +0000
commit7d71a9e45fa85bff15501057b69440b4dfae688d (patch)
treed7226ed18a07487565c7e0c27f8e8961bb831d90
parentfd2f18008caeca28c60c43cce7b43fb87c6fee78 (diff)
Fixed #9213 - Added check to prevent inactive users from resetting their password. Thanks to John Scott for report and draft patch, and Evgeny Fadeev for final patch with test.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15805 bcc190cf-cafb-0310-a4f2-bffc1f526a37
-rw-r--r--django/contrib/auth/forms.py7
-rw-r--r--django/contrib/auth/tests/forms.py24
2 files changed, 26 insertions, 5 deletions
diff --git a/django/contrib/auth/forms.py b/django/contrib/auth/forms.py
index 74732799e7..3dcbd8480c 100644
--- a/django/contrib/auth/forms.py
+++ b/django/contrib/auth/forms.py
@@ -109,10 +109,13 @@ class PasswordResetForm(forms.Form):
def clean_email(self):
"""
- Validates that a user exists with the given e-mail address.
+ Validates that an active user exists with the given e-mail address.
"""
email = self.cleaned_data["email"]
- self.users_cache = User.objects.filter(email__iexact=email)
+ self.users_cache = User.objects.filter(
+ email__iexact=email,
+ is_active=True
+ )
if len(self.users_cache) == 0:
raise forms.ValidationError(_("That e-mail address doesn't have an associated user account. Are you sure you've registered?"))
return email
diff --git a/django/contrib/auth/tests/forms.py b/django/contrib/auth/tests/forms.py
index 5aa49e09c3..6f9e01d127 100644
--- a/django/contrib/auth/tests/forms.py
+++ b/django/contrib/auth/tests/forms.py
@@ -219,6 +219,15 @@ class PasswordResetFormTest(TestCase):
fixtures = ['authtestdata.json']
+ def create_dummy_user(self):
+ """creates a user and returns a tuple
+ (user_object, username, email)
+ """
+ username = 'jsmith'
+ email = 'jsmith@example.com'
+ user = User.objects.create_user(username, email, 'test123')
+ return (user, username, email)
+
def test_invalid_email(self):
data = {'email':'not valid'}
form = PasswordResetForm(data)
@@ -236,11 +245,11 @@ class PasswordResetFormTest(TestCase):
def test_cleaned_data(self):
# Regression test
- user = User.objects.create_user("jsmith3", "jsmith3@example.com", "test123")
- data = {'email':'jsmith3@example.com'}
+ (user, username, email) = self.create_dummy_user()
+ data = {'email': email}
form = PasswordResetForm(data)
self.assertTrue(form.is_valid())
- self.assertEqual(form.cleaned_data['email'], u'jsmith3@example.com')
+ self.assertEqual(form.cleaned_data['email'], email)
def test_bug_5605(self):
@@ -250,3 +259,12 @@ class PasswordResetFormTest(TestCase):
self.assertEqual(user.email, 'tesT@example.com')
user = User.objects.create_user('forms_test3', 'tesT', 'test')
self.assertEqual(user.email, 'tesT')
+
+ def test_inactive_user(self):
+ #tests that inactive user cannot
+ #receive password reset email
+ (user, username, email) = self.create_dummy_user()
+ user.is_active = False
+ user.save()
+ form = PasswordResetForm({'email': email})
+ self.assertFalse(form.is_valid())