summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCarl Meyer <carl@oddbird.net>2011-03-14 21:22:00 +0000
committerCarl Meyer <carl@oddbird.net>2011-03-14 21:22:00 +0000
commite5f49f8c064e70159d40841defbf603aabb6739d (patch)
tree5f728e3768685286b90401abe7e51b9a4597bd3c
parentf10dae516015d8d48d4c13f3aa9455276ce9d1f8 (diff)
[1.2.X] Fixed #9213 - Added check to prevent inactive users from resetting their password. Thanks to John Scott for report and draft patch, and Evgeny Fadeev for final patch with test.
Backport of r15805 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15808 bcc190cf-cafb-0310-a4f2-bffc1f526a37
-rw-r--r--django/contrib/auth/forms.py7
-rw-r--r--django/contrib/auth/tests/forms.py24
2 files changed, 26 insertions, 5 deletions
diff --git a/django/contrib/auth/forms.py b/django/contrib/auth/forms.py
index 7670c85542..ee09a626a4 100644
--- a/django/contrib/auth/forms.py
+++ b/django/contrib/auth/forms.py
@@ -108,10 +108,13 @@ class PasswordResetForm(forms.Form):
def clean_email(self):
"""
- Validates that a user exists with the given e-mail address.
+ Validates that an active user exists with the given e-mail address.
"""
email = self.cleaned_data["email"]
- self.users_cache = User.objects.filter(email__iexact=email)
+ self.users_cache = User.objects.filter(
+ email__iexact=email,
+ is_active=True
+ )
if len(self.users_cache) == 0:
raise forms.ValidationError(_("That e-mail address doesn't have an associated user account. Are you sure you've registered?"))
return email
diff --git a/django/contrib/auth/tests/forms.py b/django/contrib/auth/tests/forms.py
index 5aa49e09c3..6f9e01d127 100644
--- a/django/contrib/auth/tests/forms.py
+++ b/django/contrib/auth/tests/forms.py
@@ -219,6 +219,15 @@ class PasswordResetFormTest(TestCase):
fixtures = ['authtestdata.json']
+ def create_dummy_user(self):
+ """creates a user and returns a tuple
+ (user_object, username, email)
+ """
+ username = 'jsmith'
+ email = 'jsmith@example.com'
+ user = User.objects.create_user(username, email, 'test123')
+ return (user, username, email)
+
def test_invalid_email(self):
data = {'email':'not valid'}
form = PasswordResetForm(data)
@@ -236,11 +245,11 @@ class PasswordResetFormTest(TestCase):
def test_cleaned_data(self):
# Regression test
- user = User.objects.create_user("jsmith3", "jsmith3@example.com", "test123")
- data = {'email':'jsmith3@example.com'}
+ (user, username, email) = self.create_dummy_user()
+ data = {'email': email}
form = PasswordResetForm(data)
self.assertTrue(form.is_valid())
- self.assertEqual(form.cleaned_data['email'], u'jsmith3@example.com')
+ self.assertEqual(form.cleaned_data['email'], email)
def test_bug_5605(self):
@@ -250,3 +259,12 @@ class PasswordResetFormTest(TestCase):
self.assertEqual(user.email, 'tesT@example.com')
user = User.objects.create_user('forms_test3', 'tesT', 'test')
self.assertEqual(user.email, 'tesT')
+
+ def test_inactive_user(self):
+ #tests that inactive user cannot
+ #receive password reset email
+ (user, username, email) = self.create_dummy_user()
+ user.is_active = False
+ user.save()
+ form = PasswordResetForm({'email': email})
+ self.assertFalse(form.is_valid())