From 4aa968a5236b9f3d0e6a3c6349e4d4cca025ea54 Mon Sep 17 00:00:00 2001
From: eric <eric@hellman.net>
Date: Fri, 22 Sep 2017 16:54:16 -0400
Subject: [PATCH] change behavior of reset password

- send email even if password is unusable
- tell user if there's no user with that email
---
 frontend/templates/gift_login.html            |  2 +-
 .../registration/activation_complete.html     |  2 +-
 .../templates/registration/from_pledge.html   |  2 +-
 frontend/templates/registration/login.html    |  2 +-
 libraryauth/forms.py                          | 23 +++++++++++++------
 libraryauth/urls.py                           |  7 ++++++
 6 files changed, 27 insertions(+), 11 deletions(-)

diff --git a/frontend/templates/gift_login.html b/frontend/templates/gift_login.html
index 11329116..5db402db 100644
--- a/frontend/templates/gift_login.html
+++ b/frontend/templates/gift_login.html
@@ -22,7 +22,7 @@ Make sure the username box has your <b>username, not your email</b> -- some brow
 <br />
 
 
-<a href="{% url 'auth_password_reset' %}?next={% url 'receive_gift' gift.acq.nonce %}">Forgot</a> your password?  <a href="{% url 'registration_register' %}?next={% url 'receive_gift' gift.acq.nonce %}">Need an account</a>?  <a href="/faq/basics/account">Other questions</a>?
+<a href="{% url 'libraryauth_password_reset' %}?next={% url 'receive_gift' gift.acq.nonce %}">Forgot</a> your password?  <a href="{% url 'registration_register' %}?next={% url 'receive_gift' gift.acq.nonce %}">Need an account</a>?  <a href="/faq/basics/account">Other questions</a>?
 
 
 <br /><br />
diff --git a/frontend/templates/registration/activation_complete.html b/frontend/templates/registration/activation_complete.html
index dcd0d39c..1b5e86bc 100644
--- a/frontend/templates/registration/activation_complete.html
+++ b/frontend/templates/registration/activation_complete.html
@@ -11,7 +11,7 @@
 </div>
 <br />
 <div>
-<a href="{% url 'auth_password_reset' %}">Forgot</a> your password? 
+<a href="{% url 'libraryauth_password_reset' %}">Forgot</a> your password? 
 </div>
 {% else %}
 <div>
diff --git a/frontend/templates/registration/from_pledge.html b/frontend/templates/registration/from_pledge.html
index c2ec7418..a4a57f8c 100644
--- a/frontend/templates/registration/from_pledge.html
+++ b/frontend/templates/registration/from_pledge.html
@@ -71,7 +71,7 @@ function put_un_in_cookie(){
         </div>
         <div class="halfcolumn1  login_box">
             <h3>Already Have an Unglue.it Account?</h3>
-            <a href="{% url 'auth_password_reset' %}?next={% if request.GET.next %}{{ request.GET.next|urlencode }}{% else %}{{ request.get_full_path|urlencode}}{% endif %}">Forgot</a> your password?  </li>
+            <a href="{% url 'libraryauth_password_reset' %}?next={% if request.GET.next %}{{ request.GET.next|urlencode }}{% else %}{{ request.get_full_path|urlencode}}{% endif %}">Forgot</a> your password?  </li>
             {% include "login_form.html" %}
         </div>
 
diff --git a/frontend/templates/registration/login.html b/frontend/templates/registration/login.html
index d89992a6..f81aca4e 100644
--- a/frontend/templates/registration/login.html
+++ b/frontend/templates/registration/login.html
@@ -28,7 +28,7 @@ Make sure the username box has your <b>username, not your email</b> -- some brow
 <br />
 
 
-<a href="{% url 'auth_password_reset' %}?next={% if request.GET.next %}{{ request.GET.next|urlencode }}{% else %}{{ request.get_full_path|urlencode}}{% endif %}">Forgot</a> your password?  <a href="{% url 'registration_register' %}?next={% if request.GET.next %}{{ request.GET.next|urlencode }}{% else %}{{ request.get_full_path|urlencode}}{% endif %}">Need an account</a>?  <a href="/faq/basics/account">Other questions</a>?
+<a href="{% url 'libraryauth_password_reset' %}?next={% if request.GET.next %}{{ request.GET.next|urlencode }}{% else %}{{ request.get_full_path|urlencode}}{% endif %}">Forgot</a> your password?  <a href="{% url 'registration_register' %}?next={% if request.GET.next %}{{ request.GET.next|urlencode }}{% else %}{{ request.get_full_path|urlencode}}{% endif %}">Need an account</a>?  <a href="/faq/basics/account">Other questions</a>?
 
 
 <br /><br />
diff --git a/libraryauth/forms.py b/libraryauth/forms.py
index a0a84d16..5bf76838 100644
--- a/libraryauth/forms.py
+++ b/libraryauth/forms.py
@@ -1,6 +1,7 @@
 import logging
 from django import forms
-from django.contrib.auth.forms import AuthenticationForm, PasswordChangeForm
+from django.contrib.auth import get_user_model
+from django.contrib.auth.forms import AuthenticationForm, PasswordResetForm
 from django.contrib.auth.models import User
 from django.utils.translation import ugettext_lazy as _
 from registration.forms import RegistrationForm
@@ -66,12 +67,20 @@ class AuthForm(AuthenticationForm):
         else:
             super(AuthForm, self).__init__(*args, **kwargs)
             
-class SocialAwarePasswordChangeForm(PasswordChangeForm):
-    def clean_old_password(self):
-        if self.user.has_usable_password():
-            return super(SocialAwarePasswordChangeForm,self).clean_old_password()
-        else:
-            return self.cleaned_data["old_password"]
+class SocialAwarePasswordResetForm(PasswordResetForm):
+    def get_users(self, email):
+        """
+        Send the reset form even if the user password is not usable
+        """
+        active_users = get_user_model()._default_manager.filter(
+            email__iexact=email, is_active=True)
+        return active_users
+
+    def clean_email(self):
+        email = self.cleaned_data['email']
+        if not get_user_model().objects.filter(email__iexact=email, is_active=True).exists():
+            raise forms.ValidationError("There aren't ungluers with that email address!")
+        return email
   
 
 class NewLibraryForm(forms.ModelForm):
diff --git a/libraryauth/urls.py b/libraryauth/urls.py
index 1208cab5..a14b3cd3 100644
--- a/libraryauth/urls.py
+++ b/libraryauth/urls.py
@@ -2,6 +2,7 @@ from django.conf.urls import patterns, url, include
 from django.core.urlresolvers import reverse_lazy
 from django.views.generic.base import TemplateView
 from django.contrib.auth.decorators import login_required
+from django.contrib.auth.views import password_reset
 from . import views, models, forms
 from .views import superlogin
 
@@ -58,6 +59,12 @@ urlpatterns = [
                            views.social_aware_password_change,
                            {'post_change_redirect': reverse_lazy('auth_password_change_done')},
                            name='libraryauth_password_change'),
+    url(r'^password/reset/$',
+                           password_reset,
+                           {'post_reset_redirect': reverse_lazy('auth_password_reset_done'),
+                           'password_reset_form': forms.SocialAwarePasswordResetForm},
+                           name='libraryauth_password_reset'),
+
     url(r'^socialauth/', include('social.apps.django_app.urls', namespace='social')),
     url('accounts/', include('email_change.urls')),
     url(r'^accounts/', include('registration.backends.model_activation.urls')),