1
0
mirror of https://github.com/django/django.git synced 2025-01-03 15:06:09 +00:00

Fixed #16919 -- Passed user to set_password_form in GET requests.

Thanks Jaime Irurzun for the report and initial patch and
ejucovy for the test.
This commit is contained in:
Tim Graham 2013-10-02 13:28:15 -04:00
parent a80d9ab0fe
commit 1285ca67eb
3 changed files with 20 additions and 2 deletions

View File

@ -1,5 +1,7 @@
Hello, {{ form.user }}.
{% if validlink %} {% if validlink %}
Please enter your new password: {{ form }} Please enter your new password: {{ form }}
{% else %} {% else %}
The password reset link was invalid The password reset link was invalid
{% endif %} {% endif %}

View File

@ -307,6 +307,22 @@ class PasswordResetTest(AuthViewsTestCase):
self.assertEqual(response.status_code, 302) self.assertEqual(response.status_code, 302)
self.assertURLEqual(response.url, '/password_reset/') self.assertURLEqual(response.url, '/password_reset/')
def test_confirm_display_user_from_form(self):
url, path = self._test_confirm_start()
response = self.client.get(path)
# #16919 -- The ``password_reset_confirm`` view should pass the user
# object to the ``SetPasswordForm``, even on GET requests.
# For this test, we render ``{{ form.user }}`` in the template
# ``registration/password_reset_confirm.html`` so that we can test this.
username = User.objects.get(email='staffmember@example.com').username
self.assertContains(response, "Hello, %s." % username)
# However, the view should NOT pass any user object on a form if the
# password reset link was invalid.
response = self.client.get('/reset/zzzzzzzzzzzzz/1-1/')
self.assertContains(response, "Hello, .")
@override_settings(AUTH_USER_MODEL='auth.CustomUser') @override_settings(AUTH_USER_MODEL='auth.CustomUser')
class CustomUserPasswordResetTest(AuthViewsTestCase): class CustomUserPasswordResetTest(AuthViewsTestCase):

View File

@ -216,7 +216,7 @@ def password_reset_confirm(request, uidb64=None, token=None,
form.save() form.save()
return HttpResponseRedirect(post_reset_redirect) return HttpResponseRedirect(post_reset_redirect)
else: else:
form = set_password_form(None) form = set_password_form(user)
else: else:
validlink = False validlink = False
form = None form = None