summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--django/contrib/auth/tests/templates/registration/password_reset_confirm.html4
-rw-r--r--django/contrib/auth/tests/test_views.py16
-rw-r--r--django/contrib/auth/views.py2
3 files changed, 20 insertions, 2 deletions
diff --git a/django/contrib/auth/tests/templates/registration/password_reset_confirm.html b/django/contrib/auth/tests/templates/registration/password_reset_confirm.html
index 8f06c57793..42677d6766 100644
--- a/django/contrib/auth/tests/templates/registration/password_reset_confirm.html
+++ b/django/contrib/auth/tests/templates/registration/password_reset_confirm.html
@@ -1,5 +1,7 @@
+Hello, {{ form.user }}.
+
{% if validlink %}
Please enter your new password: {{ form }}
{% else %}
The password reset link was invalid
-{% endif %} \ No newline at end of file
+{% endif %}
diff --git a/django/contrib/auth/tests/test_views.py b/django/contrib/auth/tests/test_views.py
index 0ee36e0082..16c695c7fd 100644
--- a/django/contrib/auth/tests/test_views.py
+++ b/django/contrib/auth/tests/test_views.py
@@ -307,6 +307,22 @@ class PasswordResetTest(AuthViewsTestCase):
self.assertEqual(response.status_code, 302)
self.assertURLEqual(response.url, '/password_reset/')
+ def test_confirm_display_user_from_form(self):
+ url, path = self._test_confirm_start()
+ response = self.client.get(path)
+
+ # #16919 -- The ``password_reset_confirm`` view should pass the user
+ # object to the ``SetPasswordForm``, even on GET requests.
+ # For this test, we render ``{{ form.user }}`` in the template
+ # ``registration/password_reset_confirm.html`` so that we can test this.
+ username = User.objects.get(email='staffmember@example.com').username
+ self.assertContains(response, "Hello, %s." % username)
+
+ # However, the view should NOT pass any user object on a form if the
+ # password reset link was invalid.
+ response = self.client.get('/reset/zzzzzzzzzzzzz/1-1/')
+ self.assertContains(response, "Hello, .")
+
@override_settings(AUTH_USER_MODEL='auth.CustomUser')
class CustomUserPasswordResetTest(AuthViewsTestCase):
diff --git a/django/contrib/auth/views.py b/django/contrib/auth/views.py
index d5f15138c4..d20e061538 100644
--- a/django/contrib/auth/views.py
+++ b/django/contrib/auth/views.py
@@ -216,7 +216,7 @@ def password_reset_confirm(request, uidb64=None, token=None,
form.save()
return HttpResponseRedirect(post_reset_redirect)
else:
- form = set_password_form(None)
+ form = set_password_form(user)
else:
validlink = False
form = None