Ticket #16919: setpasswordform_withtests.diff

django/contrib/auth/views.py

@@ -208 +208 @@
                 form.save()
                 return HttpResponseRedirect(post_reset_redirect)
         else:
-            form = set_password_form(None)
+            form = set_password_form(user)
     else:
         validlink = False
         form = None

django/contrib/auth/tests/views.py

@@ -180 +180 @@
         self.assertEqual(response.status_code, 200)
         self.assertContainsEscaped(response, SetPasswordForm.error_messages['password_mismatch'])
 
+    def test_confirm_display_user_from_form(self):
+        url, path = self._test_confirm_start()
+        response = self.client.get(path)
 
+        # The ``password_reset_confirm`` view should stash the user object
+        # on the ``SetPasswordForm`` object that it creates, even on GET requests.
+        # For this test suite, we render ``{{ form.user }}`` in the template
+        # ``registration/password_reset_confirm.html`` so that we can test this.
+        # See #16919.
+        username = User.objects.get(email='staffmember@example.com').username
+        self.assertTrue("Hello, %s." % username in response.content)
+
+        # However, the view should NOT stash any user object on a form if the
+        # password reset link was invalid.
+        response = self.client.get('/reset/zzzzzzzzzzzzz-1-1/')
+        self.assertTrue("Hello, ." in response.content)
+
 class ChangePasswordTest(AuthViewsTestCase):
 
     def fail_login(self, password='password'):

django/contrib/auth/tests/templates/registration/password_reset_confirm.html

@@ +1 @@
+Hello, {{ form.user }}.
+
 {% if validlink %}
 Please enter your new password: {{ form }}
 {% else %}
@@ -2 +4 @@
 The password reset link was invalid
-{% endif %}
- No newline at end of file
+{% endif %}