paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-04 22:13:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

ldap: Prevent useless password resets when email auth is not enabled.

Browse Source 
While the passwords wouldn't do anything without email auth enabled
anyway, it's probably better not to have users be able to go through
the flow.
This commit is contained in:
Tim Abbott
2017-10-24 11:44:01 -07:00
parent b590cd6c8f
commit d69c39cad1
2 changed files with 21 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
zerver/forms.py
View File

@@ -26,7 +26,7 @@ from zerver.lib.subdomains import get_subdomain, check_subdomain, is_root_domain
from zerver.lib.users import check_full_name from zerver.lib.users import check_full_name
from zerver.models import Realm, get_user_profile_by_email, UserProfile, \ from zerver.models import Realm, get_user_profile_by_email, UserProfile, \
get_realm, email_to_domain, email_allowed_for_realm get_realm, email_to_domain, email_allowed_for_realm
from zproject.backends import password_auth_enabled from zproject.backends import email_auth_enabled
import logging import logging
import re import re
@@ -191,7 +191,7 @@ class ZulipPasswordResetForm(PasswordResetForm):
users who don't have a usable password to reset their users who don't have a usable password to reset their
passwords. passwords.
""" """
if not password_auth_enabled: if not email_auth_enabled():
logging.info("Password reset attempted for %s even though password auth is disabled." % (email,)) logging.info("Password reset attempted for %s even though password auth is disabled." % (email,))
return [] return []
result = UserProfile.objects.filter(email__iexact=email, is_active=True, result = UserProfile.objects.filter(email__iexact=email, is_active=True,

19
zerver/tests/test_signup.py
View File

@@ -250,6 +250,25 @@ class PasswordResetTest(ZulipTestCase):
self.assertIn("Psst. Word on the street is that you", self.assertIn("Psst. Word on the street is that you",
message.body) message.body)
@override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipLDAPAuthBackend',
'zproject.backends.ZulipDummyBackend'))
def test_ldap_auth_only(self):
# type: () -> None
"""If the email auth backend is not enabled, password reset should do nothing"""
email = self.example_email("hamlet")
result = self.client_post('/accounts/password/reset/', {'email': email})
# check the redirect link telling you to check mail for password reset link
self.assertEqual(result.status_code, 302)
self.assertTrue(result["Location"].endswith(
"/accounts/password/reset/done/"))
result = self.client_get(result["Location"])
self.assert_in_response("Check your email to finish the process.", result)
from django.core.mail import outbox
self.assertEqual(len(outbox), 0)
def test_redirect_endpoints(self): def test_redirect_endpoints(self):
# type: () -> None # type: () -> None
''' '''