Fixed #14674 -- Prevent user accounts with an unusable password from resetting passwords. Thanks, summerisgone, thejaswi_puthraya and lrekucki.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16455 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2025-10-25 22:56:12 +00:00 · 2011-06-26 16:51:34 +00:00
parent 821d8aaaaa
commit 2619dc8285
4 changed files with 81 additions and 52 deletions
--- a/django/contrib/auth/tests/forms.py
+++ b/django/contrib/auth/tests/forms.py
@@ -281,3 +281,16 @@ class PasswordResetFormTest(TestCase):
        user.save()
        form = PasswordResetForm({'email': email})
        self.assertFalse(form.is_valid())
+
+
+    def test_unusable_password(self):
+        user = User.objects.create_user('testuser', 'test@example.com', 'test')
+        data = {"email": "test@example.com"}
+        form = PasswordResetForm(data)
+        self.assertTrue(form.is_valid())
+        user.set_unusable_password()
+        user.save()
+        form = PasswordResetForm(data)
+        self.assertFalse(form.is_valid())
+        self.assertEqual(form["email"].errors,
+                         [u"The user account associated with this e-mail address cannot reset the password."])