Merge pull request #1459 from bookwyrm-social/password-reset

Prevent password reset for inactive users
This commit is contained in:
Mouse Reeve 2021-09-27 12:55:05 -07:00 committed by GitHub
commit 6d2403bbc7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 1 deletions

View file

@ -43,12 +43,14 @@ class PasswordViews(TestCase):
def test_password_reset_request_post(self):
"""send 'em an email"""
request = self.factory.post("", {"email": "aa@bb.ccc"})
request.user = self.anonymous_user
view = views.PasswordResetRequest.as_view()
resp = view(request)
self.assertEqual(resp.status_code, 200)
resp.render()
request = self.factory.post("", {"email": "mouse@mouse.com"})
request.user = self.anonymous_user
with patch("bookwyrm.emailing.send_email.delay"):
resp = view(request)
resp.render()

View file

@ -27,7 +27,9 @@ class PasswordResetRequest(View):
"""create a password reset token"""
email = request.POST.get("email")
try:
user = models.User.objects.get(email=email, email__isnull=False)
user = models.User.viewer_aware_objects(request.user).get(
email=email, email__isnull=False
)
except models.User.DoesNotExist:
data = {"error": _("No user with that email address was found.")}
return TemplateResponse(request, "password_reset_request.html", data)