change behavior of reset password

- send email even if password is unusable - tell user if there's no user with that email
2017-09-22 16:54:16 -04:00 · 2017-09-22 16:54:16 -04:00 · 4aa968a523
parent d968a800ae
commit 4aa968a523
6 changed files with 27 additions and 11 deletions
--- a/frontend/templates/gift_login.html
+++ b/frontend/templates/gift_login.html
@ -22,7 +22,7 @@ Make sure the username box has your <b>username, not your email</b> -- some brow
 <br />


-<a href="{% url 'auth_password_reset' %}?next={% url 'receive_gift' gift.acq.nonce %}">Forgot</a> your password?  <a href="{% url 'registration_register' %}?next={% url 'receive_gift' gift.acq.nonce %}">Need an account</a>?  <a href="/faq/basics/account">Other questions</a>?
+<a href="{% url 'libraryauth_password_reset' %}?next={% url 'receive_gift' gift.acq.nonce %}">Forgot</a> your password?  <a href="{% url 'registration_register' %}?next={% url 'receive_gift' gift.acq.nonce %}">Need an account</a>?  <a href="/faq/basics/account">Other questions</a>?


 <br /><br />
--- a/frontend/templates/registration/activation_complete.html
+++ b/frontend/templates/registration/activation_complete.html
@ -11,7 +11,7 @@
 </div>
 <br />
 <div>
-<a href="{% url 'auth_password_reset' %}">Forgot</a> your password? 
+<a href="{% url 'libraryauth_password_reset' %}">Forgot</a> your password? 
 </div>
 {% else %}
 <div>
--- a/frontend/templates/registration/from_pledge.html
+++ b/frontend/templates/registration/from_pledge.html
@ -71,7 +71,7 @@ function put_un_in_cookie(){
        </div>
        <div class="halfcolumn1  login_box">
            <h3>Already Have an Unglue.it Account?</h3>
-            <a href="{% url 'auth_password_reset' %}?next={% if request.GET.next %}{{ request.GET.next|urlencode }}{% else %}{{ request.get_full_path|urlencode}}{% endif %}">Forgot</a> your password?  </li>
+            <a href="{% url 'libraryauth_password_reset' %}?next={% if request.GET.next %}{{ request.GET.next|urlencode }}{% else %}{{ request.get_full_path|urlencode}}{% endif %}">Forgot</a> your password?  </li>
            {% include "login_form.html" %}
        </div>

--- a/frontend/templates/registration/login.html
+++ b/frontend/templates/registration/login.html
@ -28,7 +28,7 @@ Make sure the username box has your <b>username, not your email</b> -- some brow
 <br />


-<a href="{% url 'auth_password_reset' %}?next={% if request.GET.next %}{{ request.GET.next|urlencode }}{% else %}{{ request.get_full_path|urlencode}}{% endif %}">Forgot</a> your password?  <a href="{% url 'registration_register' %}?next={% if request.GET.next %}{{ request.GET.next|urlencode }}{% else %}{{ request.get_full_path|urlencode}}{% endif %}">Need an account</a>?  <a href="/faq/basics/account">Other questions</a>?
+<a href="{% url 'libraryauth_password_reset' %}?next={% if request.GET.next %}{{ request.GET.next|urlencode }}{% else %}{{ request.get_full_path|urlencode}}{% endif %}">Forgot</a> your password?  <a href="{% url 'registration_register' %}?next={% if request.GET.next %}{{ request.GET.next|urlencode }}{% else %}{{ request.get_full_path|urlencode}}{% endif %}">Need an account</a>?  <a href="/faq/basics/account">Other questions</a>?


 <br /><br />
--- a/libraryauth/forms.py
+++ b/libraryauth/forms.py
@ -1,6 +1,7 @@
 import logging
 from django import forms
-from django.contrib.auth.forms import AuthenticationForm, PasswordChangeForm
+from django.contrib.auth import get_user_model
+from django.contrib.auth.forms import AuthenticationForm, PasswordResetForm
 from django.contrib.auth.models import User
 from django.utils.translation import ugettext_lazy as _
 from registration.forms import RegistrationForm
@ -66,12 +67,20 @@ class AuthForm(AuthenticationForm):
        else:
            super(AuthForm, self).__init__(*args, **kwargs)
            
-class SocialAwarePasswordChangeForm(PasswordChangeForm):
-    def clean_old_password(self):
-        if self.user.has_usable_password():
-            return super(SocialAwarePasswordChangeForm,self).clean_old_password()
-        else:
-            return self.cleaned_data["old_password"]
+class SocialAwarePasswordResetForm(PasswordResetForm):
+    def get_users(self, email):
+        """
+        Send the reset form even if the user password is not usable
+        """
+        active_users = get_user_model()._default_manager.filter(
+            email__iexact=email, is_active=True)
+        return active_users
+
+    def clean_email(self):
+        email = self.cleaned_data['email']
+        if not get_user_model().objects.filter(email__iexact=email, is_active=True).exists():
+            raise forms.ValidationError("There aren't ungluers with that email address!")
+        return email
  

 class NewLibraryForm(forms.ModelForm):
--- a/libraryauth/urls.py
+++ b/libraryauth/urls.py
@ -2,6 +2,7 @@ from django.conf.urls import patterns, url, include
 from django.core.urlresolvers import reverse_lazy
 from django.views.generic.base import TemplateView
 from django.contrib.auth.decorators import login_required
+from django.contrib.auth.views import password_reset
 from . import views, models, forms
 from .views import superlogin

@ -58,6 +59,12 @@ urlpatterns = [
                           views.social_aware_password_change,
                           {'post_change_redirect': reverse_lazy('auth_password_change_done')},
                           name='libraryauth_password_change'),
+    url(r'^password/reset/$',
+                           password_reset,
+                           {'post_reset_redirect': reverse_lazy('auth_password_reset_done'),
+                           'password_reset_form': forms.SocialAwarePasswordResetForm},
+                           name='libraryauth_password_reset'),
+
    url(r'^socialauth/', include('social.apps.django_app.urls', namespace='social')),
    url('accounts/', include('email_change.urls')),
    url(r'^accounts/', include('registration.backends.model_activation.urls')),