Skip to content

Commit 2e75262

Browse files
committed
Rollback 19962.
- Legacy-Id: 19964
1 parent 002f859 commit 2e75262

6 files changed

Lines changed: 10 additions & 59 deletions

File tree

ietf/ietfauth/tests.py

Lines changed: 2 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -373,11 +373,9 @@ def test_nomcom_dressing_on_profile(self):
373373

374374
def test_reset_password(self):
375375
url = urlreverse(ietf.ietfauth.views.password_reset)
376-
email = 'someone@example.com'
377-
password = 'foobar'
378376

379-
user = User.objects.create(username=email, email=email)
380-
user.set_password(password)
377+
user = User.objects.create(username="someone@example.com", email="someone@example.com")
378+
user.set_password("forgotten")
381379
user.save()
382380
p = Person.objects.create(name="Some One", ascii="Some One", user=user)
383381
Email.objects.create(address=user.username, person=p, origin=user.username)
@@ -416,39 +414,6 @@ def test_reset_password(self):
416414
self.assertEqual(len(q("form .has-error")), 0)
417415
self.assertTrue(self.username_in_htpasswd_file(user.username))
418416

419-
# reuse reset url
420-
r = self.client.get(confirm_url)
421-
self.assertEqual(r.status_code, 404)
422-
423-
# login after reset request
424-
empty_outbox()
425-
user.set_password(password)
426-
user.save()
427-
428-
r = self.client.post(url, { 'username': user.username })
429-
self.assertEqual(r.status_code, 200)
430-
self.assertEqual(len(outbox), 1)
431-
confirm_url = self.extract_confirm_url(outbox[-1])
432-
433-
r = self.client.post(urlreverse(ietf.ietfauth.views.login), {'username': email, 'password': password})
434-
435-
r = self.client.get(confirm_url)
436-
self.assertEqual(r.status_code, 404)
437-
438-
# change password after reset request
439-
empty_outbox()
440-
441-
r = self.client.post(url, { 'username': user.username })
442-
self.assertEqual(r.status_code, 200)
443-
self.assertEqual(len(outbox), 1)
444-
confirm_url = self.extract_confirm_url(outbox[-1])
445-
446-
user.set_password('newpassword')
447-
user.save()
448-
449-
r = self.client.get(confirm_url)
450-
self.assertEqual(r.status_code, 404)
451-
452417
def test_review_overview(self):
453418
review_req = ReviewRequestFactory()
454419
assignment = ReviewAssignmentFactory(review_request=review_req,reviewer=EmailFactory(person__user__username='reviewer'))

ietf/ietfauth/views.py

Lines changed: 5 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@
3636

3737
import importlib
3838

39-
from datetime import date as Date, datetime as DateTime
39+
from datetime import date as Date
4040
# needed if we revert to higher barrier for account creation
4141
#from datetime import datetime as DateTime, timedelta as TimeDelta, date as Date
4242
from collections import defaultdict
@@ -418,16 +418,7 @@ def password_reset(request):
418418
if form.is_valid():
419419
username = form.cleaned_data['username']
420420

421-
data = { 'username': username }
422-
if User.objects.filter(username=username).exists():
423-
user = User.objects.get(username=username)
424-
data['password'] = user.password
425-
if user.last_login:
426-
data['last_login'] = user.last_login.timestamp()
427-
else:
428-
data['last_login'] = None
429-
430-
auth = django.core.signing.dumps(data, salt="password_reset")
421+
auth = django.core.signing.dumps(username, salt="password_reset")
431422

432423
domain = Site.objects.get_current().domain
433424
subject = 'Confirm password reset at %s' % domain
@@ -438,7 +429,7 @@ def password_reset(request):
438429
'domain': domain,
439430
'auth': auth,
440431
'username': username,
441-
'expire': settings.MINUTES_TO_EXPIRE_RESET_PASSWORD_LINK,
432+
'expire': settings.DAYS_TO_EXPIRE_REGISTRATION_LINK,
442433
})
443434

444435
success = True
@@ -452,16 +443,11 @@ def password_reset(request):
452443

453444
def confirm_password_reset(request, auth):
454445
try:
455-
data = django.core.signing.loads(auth, salt="password_reset", max_age=settings.MINUTES_TO_EXPIRE_RESET_PASSWORD_LINK * 60)
456-
username = data['username']
457-
password = data['password']
458-
last_login = None
459-
if data['last_login']:
460-
last_login = DateTime.fromtimestamp(data['last_login'])
446+
username = django.core.signing.loads(auth, salt="password_reset", max_age=settings.DAYS_TO_EXPIRE_REGISTRATION_LINK * 24 * 60 * 60)
461447
except django.core.signing.BadSignature:
462448
raise Http404("Invalid or expired auth")
463449

464-
user = get_object_or_404(User, username=username, password=password, last_login=last_login)
450+
user = get_object_or_404(User, username=username)
465451

466452
success = False
467453
if request.method == 'POST':

ietf/settings.py

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1007,7 +1007,6 @@ def skip_unreadable_post(record):
10071007

10081008
# Account settings
10091009
DAYS_TO_EXPIRE_REGISTRATION_LINK = 3
1010-
MINUTES_TO_EXPIRE_RESET_PASSWORD_LINK = 60
10111010
HTPASSWD_COMMAND = "/usr/bin/htpasswd"
10121011
HTPASSWD_FILE = "/www/htpasswd"
10131012

ietf/submit/management/commands/purge_yang_checks.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
from tqdm import tqdm
44

55
from django.core.management.base import BaseCommand
6+
from django.db import migrations
67

78
from ietf.submit.models import Submission, SubmissionCheck
89

ietf/templates/registration/password_reset_email.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ Hello,
55

66
https://{{ domain }}{% url "ietf.ietfauth.views.confirm_password_reset" auth %}
77

8-
This link will expire in {{ expire }} minutes.
8+
This link will expire in {{ expire }} days.
99

1010
If you have not requested a password reset you can ignore this email, your
1111
credentials have been left untouched.

ietf/utils/management/commands/run_yang_model_checks.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
import debug # pyflakes:ignore
1212

1313
from ietf.doc.models import Document, State, DocAlias
14-
from ietf.submit.models import Submission
14+
from ietf.submit.models import Submission, SubmissionCheck
1515
from ietf.submit.checkers import DraftYangChecker
1616

1717

0 commit comments

Comments
 (0)