Changed PasswordChangeSerializer to not include old_password when user has no usable password

2024-11-22 09:06:40 +03:00 · 2017-09-18 01:58:51 +08:00 · 2017-09-18 01:58:51 +08:00 · b002ee3d4b
commit b002ee3d4b
parent 9d1f65eedc
1 changed files with 3 additions and 3 deletions
--- a/rest_auth/serializers.py
+++ b/rest_auth/serializers.py
@ -239,12 +239,12 @@ class PasswordChangeSerializer(serializers.Serializer):
        )
        super(PasswordChangeSerializer, self).__init__(*args, **kwargs)

-        if not self.old_password_field_enabled:
-            self.fields.pop('old_password')
-
        self.request = self.context.get('request')
        self.user = getattr(self.request, 'user', None)

+        if not self.old_password_field_enabled or not self.user.has_usable_password():
+            self.fields.pop('old_password')
+
    def validate_old_password(self, value):
        invalid_password_conditions = (
            self.old_password_field_enabled,