Allow users who haven't set a password to set one.

Previously, if a user had only authenticated via Google auth, they would be unable to reset their password in order to set one (which is needed to setup the mobile apps, for example).
2025-11-03 21:43:21 +00:00 · 2016-04-28 14:07:41 -07:00
parent 646ea3214a
commit a0430c02ce
2 changed files with 19 additions and 4 deletions
--- a/zerver/forms.py
+++ b/zerver/forms.py
@@ -3,7 +3,8 @@ from __future__ import absolute_import
 from django import forms
 from django.core.exceptions import ValidationError
 from django.utils.safestring import mark_safe
-from django.contrib.auth.forms import SetPasswordForm, AuthenticationForm
+from django.contrib.auth.forms import SetPasswordForm, AuthenticationForm, \
+    PasswordResetForm
 from django.conf import settings

 from zerver.models import Realm, get_user_profile_by_email, UserProfile, \
@@ -81,6 +82,19 @@ class LoggingSetPasswordForm(SetPasswordForm):
                           log=True, commit=commit)
        return self.user

+class ZulipPasswordResetForm(PasswordResetForm):
+    def get_users(self, email):
+        """Given an email, return matching user(s) who should receive a reset.
+
+        This is modified from the original in that it allows non-bot
+        users who don't have a usable password to reset their
+        passwords.
+        """
+        if not password_auth_enabled:
+            return []
+        return UserProfile.objects.filter(email__iexact=email, is_active=True,
+                                          is_bot=False)
+
 class CreateUserForm(forms.Form):
    full_name = forms.CharField(max_length=100)
    email = forms.EmailField()
--- a/zproject/urls.py
+++ b/zproject/urls.py
@@ -33,9 +33,10 @@ urlpatterns = patterns('',

    url(r'^accounts/password/reset/$', 'django.contrib.auth.views.password_reset',
        {'post_reset_redirect': '/accounts/password/reset/done/',
-            'template_name': 'zerver/reset.html',
-            'email_template_name': 'registration/password_reset_email.txt',
-            }),
+         'template_name': 'zerver/reset.html',
+         'email_template_name': 'registration/password_reset_email.txt',
+         'password_reset_form': zerver.forms.ZulipPasswordResetForm,
+        }),
    url(r'^accounts/password/reset/done/$', 'django.contrib.auth.views.password_reset_done',
        {'template_name': 'zerver/reset_emailed.html'}),
    url(r'^accounts/password/reset/(?P<uidb64>[0-9A-Za-z]+)/(?P<token>.+)/$',