Do not offer password reset without email auth

We're using email authentication backend to send the password reset link, without it there is no way to do this. Signed-off-by: Michal Čihař <michal@cihar.com>

Do not offer password reset without email auth
We're using email authentication backend to send the password reset link, without it there is no way to do this. Signed-off-by: Michal Čihař <michal@cihar.com>
b7deffdf · Michal Čihař · 2323908f · b7deffdf · b7deffdf
Commit b7deffdf authored Oct 29, 2015 by Michal Čihař
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 0 deletions

weblate/accounts/views.py weblate/accounts/views.py +8 -0

weblate/html/accounts/login.html weblate/html/accounts/login.html +2 -0

No files found.
--- a/weblate/accounts/views.py
+++ b/weblate/accounts/views.py
@@ -389,6 +389,7 @@ def weblate_login(request):
            'login_backends': [
                x for x in auth_backends if x != 'email'
            ],
+            'can_reset': 'email' in auth_backends,
            'title': _('Login'),
        }
    )
@@ -530,6 +531,13 @@ def reset_password(request):
    '''
    Password reset handling.
    '''
+    if 'email' not in load_backends(BACKENDS).keys():
+        messages.error(
+            request,
+            _('Can not reset password, email authentication is disabled!')
+        )
+        return redirect('login')
+
    if request.method == 'POST':
        form = ResetForm(request.POST)
        if form.is_valid():

--- a/weblate/html/accounts/login.html
+++ b/weblate/html/accounts/login.html
@@ -30,8 +30,10 @@
 {% csrf_token %}
 {{ form|crispy }}
 <p class="helptext">
+{% if can_reset %}
 {% url 'password_reset' as reset_url %}
 {% blocktrans %}Forgot your password? You can <a href="{{ reset_url }}">reset it</a>.{% endblocktrans %}
+{% endif %}
 </p>

 <input type="hidden" name="next" value="{{ next }}" />