Tivix/django-rest-auth
1
1
Fork 0
mirror of https://github.com/Tivix/django-rest-auth.git synced 2024-11-22 09:06:40 +03:00
Code Issues Packages Projects Releases Wiki Activity

#131: Do not raise 400 when resetting password for non-existing account

Browse Source 
- Do not raises validation error if email doesn't exist
- Update unit test
This commit is contained in:
Matt d'Entremont 2016-01-04 10:17:47 -04:00
parent 4a56a9e7e5
commit d36a9bc1cb
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
rest_auth/serializers.py
View File

@ -115,9 +115,6 @@ class PasswordResetSerializer(serializers.Serializer):
if not self.reset_form.is_valid():
raise serializers.ValidationError(_('Error'))
if not UserModel.objects.filter(email__iexact=value).exists():
raise serializers.ValidationError(_('Invalid e-mail address'))
return value
def save(self):

5
rest_auth/tests/test_api.py
View File

@ -234,12 +234,15 @@ class APITestCase1(TestCase, BaseAPITestCase):
self.assertEqual(len(mail.outbox), mail_count + 1)
def test_password_reset_with_invalid_email(self):
"""
Invalid email should not raise error, as this would leak users
"""
get_user_model().objects.create_user(self.USERNAME, self.EMAIL, self.PASS)
# call password reset
mail_count = len(mail.outbox)
payload = {'email': 'nonexisting@email.com'}
self.post(self.password_reset_url, data=payload, status_code=400)
self.post(self.password_reset_url, data=payload, status_code=200)
self.assertEqual(len(mail.outbox), mail_count)
def test_user_details(self):