[Django Code] #5272: PasswordResetForm Issue

Mon, 27 Aug 2007 14:52:34 -0700 

#5272: PasswordResetForm Issue
-------------------------------------------------+--------------------------
Reporter:  Alper KANAT <[EMAIL PROTECTED]>  |       Owner:  adrian             
  Status:  new                                   |   Component:  Contrib apps   
    
 Version:  SVN                                   |    Keywords:  password reset 
form
   Stage:  Unreviewed                            |   Has_patch:  0              
    
-------------------------------------------------+--------------------------
 In /contrib/auth/forms.py (line 89) it loops through the users found. So
 if I have 2 or more accounts with the same e-mail address (because the
 emailfield in Users model is not unique) it would change every accounts
 password in this case which is not very nice..
 
 The code is like this: (SVN commit: 6001)
 
 class PasswordResetForm(oldforms.Manipulator):
     "A form that lets a user request a password reset"
     def __init__(self):
         self.fields = (
             oldforms.EmailField(field_name="email", length=40,
 is_required=True,
                 validator_list=[self.isValidUserEmail]),
         )
 
     def isValidUserEmail(self, new_data, all_data):
         "Validates that a user exists with the given e-mail address"
         self.users_cache =
 list(User.objects.filter(email__iexact=new_data))
         if len(self.users_cache) == 0:
             raise validators.ValidationError, _("That e-mail address
 doesn't have an associated user account. Are you sure you've registered?")
 
     def save(self, domain_override=None,
 email_template_name='registration/password_reset_email.html'):
         "Calculates a new password randomly and sends it to the user"
         from django.core.mail import send_mail
         for user in self.users_cache:
             new_pass = User.objects.make_random_password()
             user.set_password(new_pass)
             user.save()
             if not domain_override:
                 current_site = Site.objects.get_current()
                 site_name = current_site.name
                 domain = current_site.domain
             else:
                 site_name = domain = domain_override
             t = loader.get_template(email_template_name)
             c = {
                 'new_password': new_pass,
                 'email': user.email,
                 'domain': domain,
                 'site_name': site_name,
                 'user': user,
                 }
             send_mail('Password reset on %s' % site_name,
 t.render(Context(c)), None, [user.email])

-- 
Ticket URL: <http://code.djangoproject.com/ticket/5272>
Django Code <http://code.djangoproject.com/>
The web framework for perfectionists with deadlines
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to