Make password reset use username throughout and reword the reset page

so it's clear that one has to enter the account name and not just any email address associated with the account. - Legacy-Id: 11171
2016-05-06 12:32:11 +00:00 · 2016-05-06 12:32:11 +00:00 · 4d4cf93f22
parent dedb00b0a5
commit 4d4cf93f22
5 changed files with 16 additions and 15 deletions
--- a/ietf/ietfauth/forms.py
+++ b/ietf/ietfauth/forms.py
@ -82,13 +82,13 @@ class RoleEmailForm(forms.Form):


 class ResetPasswordForm(forms.Form):
-    email = forms.EmailField(label="Your email (lowercase)")
+    username = forms.EmailField(label="Your email (lowercase)")

-    def clean_email(self):
-        email = self.cleaned_data["email"]
-        if not User.objects.filter(username=email).exists():
+    def clean_username(self):
+        username = self.cleaned_data["username"]
+        if not User.objects.filter(username=username).exists():
            raise forms.ValidationError(mark_safe("Didn't find a matching account. If you don't have an account yet, you can <a href=\"{}\">create one</a>.".format(urlreverse("create_account"))))
-        return email
+        return username


 class TestEmailForm(forms.Form):
--- a/ietf/ietfauth/tests.py
+++ b/ietf/ietfauth/tests.py
@ -241,14 +241,14 @@ class IetfAuthTests(TestCase):
        self.assertEqual(r.status_code, 200)

        # ask for reset, wrong username
-        r = self.client.post(url, { 'email': "nobody@example.com" })
+        r = self.client.post(url, { 'username': "nobody@example.com" })
        self.assertEqual(r.status_code, 200)
        q = PyQuery(r.content)
        self.assertTrue(len(q("form .has-error")) > 0)

        # ask for reset
        empty_outbox()
-        r = self.client.post(url, { 'email': user.username })
+        r = self.client.post(url, { 'username': user.username })
        self.assertEqual(r.status_code, 200)
        self.assertEqual(len(outbox), 1)

--- a/ietf/ietfauth/views.py
+++ b/ietf/ietfauth/views.py
@ -276,18 +276,19 @@ def password_reset(request):
    if request.method == 'POST':
        form = ResetPasswordForm(request.POST)
        if form.is_valid():
-            to_email = form.cleaned_data['email']
+            username = form.cleaned_data['username']

-            auth = django.core.signing.dumps(to_email, salt="password_reset")
+            auth = django.core.signing.dumps(username, salt="password_reset")

            domain = Site.objects.get_current().domain
            subject = 'Confirm password reset at %s' % domain
            from_email = settings.DEFAULT_FROM_EMAIL
+            to_email = username # form validation makes sure that this is an email address

            send_mail(request, to_email, from_email, subject, 'registration/password_reset_email.txt', {
                'domain': domain,
                'auth': auth,
-                'username': to_email,
+                'username': username,
                'expire': settings.DAYS_TO_EXPIRE_REGISTRATION_LINK,
            })

@ -302,11 +303,11 @@ def password_reset(request):

 def confirm_password_reset(request, auth):
    try:
-        email = django.core.signing.loads(auth, salt="password_reset", max_age=settings.DAYS_TO_EXPIRE_REGISTRATION_LINK * 24 * 60 * 60)
+        username = django.core.signing.loads(auth, salt="password_reset", max_age=settings.DAYS_TO_EXPIRE_REGISTRATION_LINK * 24 * 60 * 60)
    except django.core.signing.BadSignature:
        raise Http404("Invalid or expired auth")

-    user = get_object_or_404(User, username=email)
+    user = get_object_or_404(User, username=username)

    success = False
    if request.method == 'POST':
@ -325,7 +326,7 @@ def confirm_password_reset(request, auth):

    return render(request, 'registration/change_password.html', {
        'form': form,
-        'email': email,
+        'username': username,
        'success': success,
    })

--- a/ietf/templates/registration/change_password.html
+++ b/ietf/templates/registration/change_password.html
@ -18,7 +18,7 @@
  {% else %}
    <h1>Change password</h1>

-    <p>You can change the password below for your user {{ email }} below.</p>
+    <p>You can change the password below for your user {{ username }} below.</p>
    <form method="post">
      {% csrf_token %}
      {% bootstrap_form form %}
--- a/ietf/templates/registration/password_reset.html
+++ b/ietf/templates/registration/password_reset.html
@ -17,7 +17,7 @@
  {% else %}
    <h1>Password reset</h1>

-    <p>Please enter an email address associated with the account for which you would like to reset the password.</p>
+    <p>Please enter the account for which you would like to reset the password.</p>

    <form method="post">
      {% csrf_token %}