Ticket #14674: ticket14674.diff

django/contrib/auth/forms.py

@@ -1 @@
-from django.contrib.auth.models import User
+from django.contrib.auth.models import User, UNUSABLE_PASSWORD
 from django.contrib.auth import authenticate
 from django.contrib.auth.tokens import default_token_generator
 from django.contrib.sites.models import get_current_site
@@ -6 +6 @@
 from django import forms
 from django.utils.translation import ugettext_lazy as _
 from django.utils.http import int_to_base36
+from django.utils.itercompat import any
 
 class UserCreationForm(forms.ModelForm):
     """
@@ -112 +113 @@
         """
         email = self.cleaned_data["email"]
         self.users_cache = User.objects.filter(email__iexact=email)
-        if len(self.users_cache) == 0:
+        if not len(self.users_cache):
             raise forms.ValidationError(_("That e-mail address doesn't have an associated user account. Are you sure you've registered?"))
+        if any((user.password == UNUSABLE_PASSWORD) for user in self.users_cache):
+            raise forms.ValidationError(_("The user account associated with this email address cannot reset it's password."))
         return email
 
     def save(self, domain_override=None, email_template_name='registration/password_reset_email.html',

django/contrib/auth/tests/forms.py

@@ -250 +250 @@
         self.assertEqual(user.email, 'tesT@example.com')
         user = User.objects.create_user('forms_test3', 'tesT', 'test')
         self.assertEqual(user.email, 'tesT')
+
+    def test_unusable_password(self):
+        user = User.objects.create_user('testuser', 'test@example.com', 'test')
+        data = {"email": "test@example.com"}
+        form = PasswordResetForm(data)
+        self.assertTrue(form.is_valid())
+        user.set_unusable_password()
+        user.save()
+        form = PasswordResetForm(data)
+        self.assertFalse(form.is_valid())
+        self.assertEqual(form["email"].errors,
+                         [u"The user account associated with this email address cannot reset it's password."])

django/utils/itercompat.py

@@ -6 +6 @@
 
 import itertools
 
+__all__ = [
+    'all',
+    'any',
+    'is_iterable',
+    'product',
+]
+
 # Fallback for Python 2.4, Python 2.5
-def product(*args, **kwds):
+def _product(*args, **kwds):
     """
     Taken from http://docs.python.org/library/itertools.html#itertools.product
     """
@@ -19 +26 @@
         result = [x+[y] for x in result for y in pool]
     for prod in result:
         yield tuple(prod)
-
-if hasattr(itertools, 'product'):
-    product = itertools.product
+product = getattr(itertools, 'product', _product)
 
 def is_iterable(x):
     "A implementation independent way of checking for iterables"
@@ -32 +37 @@
     else:
         return True
 
-def all(iterable):
+def _all(iterable):
+    """
+    Taken from http://docs.python.org/library/functions.html#all
+    """
     for item in iterable:
         if not item:
             return False
     return True
+all = getattr(__builtins__, "all", _all)
+
+def _any(iterable):
+    """
+    Taken from http://docs.python.org/library/functions.html#any
+    """
+    for element in iterable:
+        if element:
+            return True
+    return False
+any = getattr(__builtins__, "any", _any)

docs/topics/auth.txt

@@ -945 +945 @@
 
         * ``form``: The form for resetting the user's password.
 
+    .. note::
+
+       Users flagged with an unusable password (see
+       :meth:`~django.contrib.auth.models.User.set_unusable_password()`
+       will not be able to request a password reset. This is done to
+       prevent a password reset when using an external authentication
+       source like LDAP.
+
 .. function:: views.password_reset_done(request[, template_name])
 
     The page shown after a user has reset their password.