Code

Ticket #14674: 14674.patch

File 14674.patch, 1.9 KB (added by summerisgone, 4 years ago)

Excluded users with unusable password from ResetPasswordForm

  • django/contrib/auth/forms.py

     
    1 from django.contrib.auth.models import User 
     1from django.contrib.auth.models import User, UNUSABLE_PASSWORD 
    22from django.contrib.auth import authenticate 
    33from django.contrib.auth.tokens import default_token_generator 
    44from django.contrib.sites.models import get_current_site 
     
    111111        Validates that a user exists with the given e-mail address. 
    112112        """ 
    113113        email = self.cleaned_data["email"] 
    114         self.users_cache = User.objects.filter(email__iexact=email) 
     114        self.users_cache = User.objects.filter(email__iexact=email).exclude( 
     115            password=UNUSABLE_PASSWORD) 
    115116        if len(self.users_cache) == 0: 
    116117            raise forms.ValidationError(_("That e-mail address doesn't have an associated user account. Are you sure you've registered?")) 
    117118        return email 
  • docs/topics/auth.txt

     
    202202        You may need this if authentication for your application takes place 
    203203        against an existing external source such as an LDAP directory. 
    204204 
     205        Also, users with unusable_password will not able to request reseting  
     206        their passwords 
     207 
    205208    .. method:: models.User.has_usable_password() 
    206209 
    207210        .. versionadded:: 1.0 
     
    916919    that can be used to reset the password, and sending that link to the 
    917920    user's registered e-mail address. 
    918921 
     922    Reseting password will not work for users with unusable_password, 
     923    see :meth:`~django.contrib.auth.models.User.set_unusable_password()` 
     924 
    919925    **Optional arguments:** 
    920926 
    921927        * ``template_name``: The full name of a template to use for