mirror of
https://github.com/bookwyrm-social/bookwyrm.git
synced 2024-11-22 01:21:07 +00:00
Merge pull request #2879 from bookwyrm-social/reactivation-bug
Don't allow invalid account reactivation
This commit is contained in:
commit
c4d72829e9
4 changed files with 34 additions and 2 deletions
|
@ -394,6 +394,8 @@ class User(OrderedCollectionPageMixin, AbstractUser):
|
|||
def reactivate(self):
|
||||
"""Now you want to come back, huh?"""
|
||||
# pylint: disable=attribute-defined-outside-init
|
||||
if not self.allow_reactivation:
|
||||
return
|
||||
self.is_active = True
|
||||
self.deactivation_reason = None
|
||||
self.allow_reactivation = False
|
||||
|
|
|
@ -347,11 +347,17 @@ class RegisterViews(TestCase):
|
|||
self.settings.save()
|
||||
|
||||
self.local_user.is_active = False
|
||||
self.local_user.allow_reactivation = True
|
||||
self.local_user.deactivation_reason = "pending"
|
||||
self.local_user.confirmation_code = "12345"
|
||||
self.local_user.save(
|
||||
broadcast=False,
|
||||
update_fields=["is_active", "deactivation_reason", "confirmation_code"],
|
||||
update_fields=[
|
||||
"is_active",
|
||||
"allow_reactivation",
|
||||
"deactivation_reason",
|
||||
"confirmation_code",
|
||||
],
|
||||
)
|
||||
view = views.ConfirmEmailCode.as_view()
|
||||
request = self.factory.get("")
|
||||
|
|
|
@ -141,3 +141,24 @@ class DeleteUserViews(TestCase):
|
|||
self.local_user.refresh_from_db()
|
||||
self.assertTrue(self.local_user.is_active)
|
||||
self.assertIsNone(self.local_user.deactivation_reason)
|
||||
|
||||
def test_reactivate_user_post_disallowed(self, _):
|
||||
"""Reactivate action under the wrong circumstances"""
|
||||
self.local_user.is_active = False
|
||||
self.local_user.save(broadcast=False)
|
||||
|
||||
view = views.ReactivateUser.as_view()
|
||||
form = forms.LoginForm()
|
||||
form.data["localname"] = "mouse"
|
||||
form.data["password"] = "password"
|
||||
request = self.factory.post("", form.data)
|
||||
request.user = self.local_user
|
||||
middleware = SessionMiddleware()
|
||||
middleware.process_request(request)
|
||||
request.session.save()
|
||||
|
||||
with patch("bookwyrm.views.preferences.delete_user.login"):
|
||||
view(request)
|
||||
|
||||
self.local_user.refresh_from_db()
|
||||
self.assertFalse(self.local_user.is_active)
|
||||
|
|
|
@ -74,6 +74,7 @@ class Register(View):
|
|||
password,
|
||||
localname=localname,
|
||||
local=True,
|
||||
allow_reactivation=settings.require_confirm_email,
|
||||
deactivation_reason="pending" if settings.require_confirm_email else None,
|
||||
is_active=not settings.require_confirm_email,
|
||||
preferred_timezone=preferred_timezone,
|
||||
|
@ -105,7 +106,9 @@ class ConfirmEmailCode(View):
|
|||
|
||||
# look up the user associated with this code
|
||||
try:
|
||||
user = models.User.objects.get(confirmation_code=code)
|
||||
user = models.User.objects.get(
|
||||
confirmation_code=code, deactivation_reason="pending"
|
||||
)
|
||||
except models.User.DoesNotExist:
|
||||
return TemplateResponse(
|
||||
request, "confirm_email/confirm_email.html", {"valid": False}
|
||||
|
|
Loading…
Reference in a new issue