Ticket #14674: 14764.diff

django/contrib/auth/forms.py

@@ -1 @@
-from django.contrib.auth.models import User
+from django.contrib.auth.models import User, UNUSABLE_PASSWORD
 from django.contrib.auth import authenticate
 from django.contrib.auth.tokens import default_token_generator
 from django.contrib.sites.models import get_current_site
@@ -112 +112 @@
         """
         email = self.cleaned_data["email"]
         self.users_cache = User.objects.filter(email__iexact=email)
-        if len(self.users_cache) == 0:
+        if self.users_cache.filter(password=UNUSABLE_PASSWORD).count():
+            raise forms.ValidationError(_("The user account associated with this email address is not allowed to reset it's password."))
+        if self.users_cache.count() == 0:
             raise forms.ValidationError(_("That e-mail address doesn't have an associated user account. Are you sure you've registered?"))
         return email
 

django/contrib/auth/tests/forms.py

@@ -250 +250 @@
         self.assertEqual(user.email, 'tesT@example.com')
         user = User.objects.create_user('forms_test3', 'tesT', 'test')
         self.assertEqual(user.email, 'tesT')
+
+    def test_unusable_password(self):
+        user = User.objects.create_user('testuser', 'test@example.com', 'test')
+        data = {"email": "test@example.com"}
+        form = PasswordResetForm(data)
+        self.assertTrue(form.is_valid())
+        user.set_unusable_password()
+        user.save()
+        form = PasswordResetForm(data)
+        self.assertFalse(form.is_valid())
+        self.assertEqual(form["email"].errors, 
+                         [u"The user account associated with this email address is not allowed to reset it's password."])