Ticket #14674: 14674.patch

File 14674.patch, 1.9 KB (added by summerisgone, 5 years ago)

Excluded users with unusable password from ResetPasswordForm

  • django/contrib/auth/forms.py

     
    1 from django.contrib.auth.models import User
     1from django.contrib.auth.models import User, UNUSABLE_PASSWORD
    22from django.contrib.auth import authenticate
    33from django.contrib.auth.tokens import default_token_generator
    44from django.contrib.sites.models import get_current_site
     
    111111        Validates that a user exists with the given e-mail address.
    112112        """
    113113        email = self.cleaned_data["email"]
    114         self.users_cache = User.objects.filter(email__iexact=email)
     114        self.users_cache = User.objects.filter(email__iexact=email).exclude(
     115            password=UNUSABLE_PASSWORD)
    115116        if len(self.users_cache) == 0:
    116117            raise forms.ValidationError(_("That e-mail address doesn't have an associated user account. Are you sure you've registered?"))
    117118        return email
  • docs/topics/auth.txt

     
    202202        You may need this if authentication for your application takes place
    203203        against an existing external source such as an LDAP directory.
    204204
     205        Also, users with unusable_password will not able to request reseting
     206        their passwords
     207
    205208    .. method:: models.User.has_usable_password()
    206209
    207210        .. versionadded:: 1.0
     
    916919    that can be used to reset the password, and sending that link to the
    917920    user's registered e-mail address.
    918921
     922    Reseting password will not work for users with unusable_password,
     923    see :meth:`~django.contrib.auth.models.User.set_unusable_password()`
     924
    919925    **Optional arguments:**
    920926
    921927        * ``template_name``: The full name of a template to use for
Back to Top