mirror of
https://github.com/django/django.git
synced 2025-01-03 06:55:47 +00:00
Fixed #16919 -- Passed user to set_password_form in GET requests.
Thanks Jaime Irurzun for the report and initial patch and ejucovy for the test.
This commit is contained in:
parent
a80d9ab0fe
commit
1285ca67eb
@ -1,5 +1,7 @@
|
||||
Hello, {{ form.user }}.
|
||||
|
||||
{% if validlink %}
|
||||
Please enter your new password: {{ form }}
|
||||
{% else %}
|
||||
The password reset link was invalid
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
@ -307,6 +307,22 @@ class PasswordResetTest(AuthViewsTestCase):
|
||||
self.assertEqual(response.status_code, 302)
|
||||
self.assertURLEqual(response.url, '/password_reset/')
|
||||
|
||||
def test_confirm_display_user_from_form(self):
|
||||
url, path = self._test_confirm_start()
|
||||
response = self.client.get(path)
|
||||
|
||||
# #16919 -- The ``password_reset_confirm`` view should pass the user
|
||||
# object to the ``SetPasswordForm``, even on GET requests.
|
||||
# For this test, we render ``{{ form.user }}`` in the template
|
||||
# ``registration/password_reset_confirm.html`` so that we can test this.
|
||||
username = User.objects.get(email='staffmember@example.com').username
|
||||
self.assertContains(response, "Hello, %s." % username)
|
||||
|
||||
# However, the view should NOT pass any user object on a form if the
|
||||
# password reset link was invalid.
|
||||
response = self.client.get('/reset/zzzzzzzzzzzzz/1-1/')
|
||||
self.assertContains(response, "Hello, .")
|
||||
|
||||
|
||||
@override_settings(AUTH_USER_MODEL='auth.CustomUser')
|
||||
class CustomUserPasswordResetTest(AuthViewsTestCase):
|
||||
|
@ -216,7 +216,7 @@ def password_reset_confirm(request, uidb64=None, token=None,
|
||||
form.save()
|
||||
return HttpResponseRedirect(post_reset_redirect)
|
||||
else:
|
||||
form = set_password_form(None)
|
||||
form = set_password_form(user)
|
||||
else:
|
||||
validlink = False
|
||||
form = None
|
||||
|
Loading…
Reference in New Issue
Block a user