Fixed #7723 - implemented a secure password reset form that uses a token and prompts user for new password.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@8162 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2025-10-25 22:56:12 +00:00 · 2008-07-31 20:47:53 +00:00
parent 9a56fe765e
commit fcd837cd0f
16 changed files with 401 additions and 70 deletions
--- a/django/contrib/auth/tests/forms.py
+++ b/django/contrib/auth/tests/forms.py
@@ -2,7 +2,7 @@
 FORM_TESTS = """
 >>> from django.contrib.auth.models import User
 >>> from django.contrib.auth.forms import UserCreationForm, AuthenticationForm
->>> from django.contrib.auth.forms import PasswordChangeForm
+>>> from django.contrib.auth.forms import PasswordChangeForm, SetPasswordForm

 The user already exists.

@@ -95,6 +95,32 @@ True
 >>> form.non_field_errors()
 []

+SetPasswordForm:
+
+The two new passwords do not match.
+
+>>> data = {
+...     'new_password1': 'abc123',
+...     'new_password2': 'abc',
+... }
+>>> form = SetPasswordForm(user, data)
+>>> form.is_valid()
+False
+>>> form["new_password2"].errors
+[u"The two password fields didn't match."]
+
+The success case.
+
+>>> data = {
+...     'new_password1': 'abc123',
+...     'new_password2': 'abc123',
+... }
+>>> form = SetPasswordForm(user, data)
+>>> form.is_valid()
+True
+
+PasswordChangeForm:
+
 The old password is incorrect.

 >>> data = {
@@ -132,4 +158,9 @@ The success case.
 >>> form.is_valid()
 True

+Regression test - check the order of fields:
+
+>>> PasswordChangeForm(user, {}).fields.keys()
+['old_password', 'new_password1', 'new_password2']
+
 """