Skip to content

Commit

Permalink
fix: Send create user email for password resets where we have an emai…
Browse files Browse the repository at this point in the history
…l and person, but no user. (#7729)

* fix: Send create user email for password resets where we have an email and person, but no user account

This fixes #6458

* fix: create User straight away and use nomral password reset

---------

Co-authored-by: Robert Sparks <[email protected]>
  • Loading branch information
ThisIsMissEm and rjsparks authored Aug 7, 2024
1 parent 0c8db80 commit 3097074
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 3 deletions.
18 changes: 18 additions & 0 deletions ietf/ietfauth/tests.py
Original file line number Diff line number Diff line change
Expand Up @@ -527,6 +527,24 @@ def test_reset_password_without_username(self):
self.assertIn(secondary_address, to)
self.assertNotIn(inactive_secondary_address, to)

def test_reset_password_without_user(self):
"""Reset password using email address for person without a user account"""
url = urlreverse('ietf.ietfauth.views.password_reset')
email = EmailFactory()
person = email.person
# Remove the user object from the person to get a Email/Person without User:
person.user = None
person.save()
# Remove the remaining User record, since reset_password looks for that by username:
User.objects.filter(username__iexact=email.address).delete()
empty_outbox()
r = self.client.post(url, { 'username': email.address })
self.assertEqual(len(outbox), 1)
lastReceivedEmail = outbox[-1]
self.assertIn(email.address, lastReceivedEmail.get('To'))
self.assertTrue(lastReceivedEmail.get('Subject').startswith("Confirm password reset"))
self.assertContains(r, "Your password reset request has been successfully received", status_code=200)

def test_review_overview(self):
review_req = ReviewRequestFactory()
assignment = ReviewAssignmentFactory(review_request=review_req,reviewer=EmailFactory(person__user__username='reviewer'))
Expand Down
16 changes: 13 additions & 3 deletions ietf/ietfauth/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -491,9 +491,19 @@ def password_reset(request):
if not user:
# try to find user ID from the email address
email = Email.objects.filter(address=submitted_username).first()
if email and email.person and email.person.user:
user = email.person.user

if email and email.person:
if email.person.user:
user = email.person.user
else:
# Create a User record with this (conditioned by way of Email) username
# Don't bother setting the name or email fields on User - rely on the
# Person pointer.
user = User.objects.create(
username=email.address.lower(),
is_active=True,
)
email.person.user = user
email.person.save()
if user and user.person.email_set.filter(active=True).exists():
data = {
'username': user.username,
Expand Down

0 comments on commit 3097074

Please sign in to comment.