mirror of
https://github.com/bookwyrm-social/bookwyrm.git
synced 2024-11-27 12:01:14 +00:00
Merge pull request #1459 from bookwyrm-social/password-reset
Prevent password reset for inactive users
This commit is contained in:
commit
6d2403bbc7
2 changed files with 5 additions and 1 deletions
|
@ -43,12 +43,14 @@ class PasswordViews(TestCase):
|
|||
def test_password_reset_request_post(self):
|
||||
"""send 'em an email"""
|
||||
request = self.factory.post("", {"email": "aa@bb.ccc"})
|
||||
request.user = self.anonymous_user
|
||||
view = views.PasswordResetRequest.as_view()
|
||||
resp = view(request)
|
||||
self.assertEqual(resp.status_code, 200)
|
||||
resp.render()
|
||||
|
||||
request = self.factory.post("", {"email": "mouse@mouse.com"})
|
||||
request.user = self.anonymous_user
|
||||
with patch("bookwyrm.emailing.send_email.delay"):
|
||||
resp = view(request)
|
||||
resp.render()
|
||||
|
|
|
@ -27,7 +27,9 @@ class PasswordResetRequest(View):
|
|||
"""create a password reset token"""
|
||||
email = request.POST.get("email")
|
||||
try:
|
||||
user = models.User.objects.get(email=email, email__isnull=False)
|
||||
user = models.User.viewer_aware_objects(request.user).get(
|
||||
email=email, email__isnull=False
|
||||
)
|
||||
except models.User.DoesNotExist:
|
||||
data = {"error": _("No user with that email address was found.")}
|
||||
return TemplateResponse(request, "password_reset_request.html", data)
|
||||
|
|
Loading…
Reference in a new issue