Added non existing e-mail validation on password reset

+ small cleanup
2024-11-22 17:16:34 +03:00 · 2015-11-23 22:17:32 +01:00 · 2015-11-23 22:17:32 +01:00 · d9b8f3faf6
commit d9b8f3faf6
parent 52283aed70
2 changed files with 18 additions and 9 deletions
--- a/rest_auth/serializers.py
+++ b/rest_auth/serializers.py
@ -94,7 +94,7 @@ class UserDetailsSerializer(serializers.ModelSerializer):
    User model w/o password
    """
    class Meta:
-        model = get_user_model()
+        model = UserModel
        fields = ('username', 'email', 'first_name', 'last_name')
        read_only_fields = ('email', )

@ -113,7 +113,11 @@ class PasswordResetSerializer(serializers.Serializer):
        # Create PasswordResetForm with the serializer
        self.reset_form = self.password_reset_form_class(data=self.initial_data)
        if not self.reset_form.is_valid():
-            raise serializers.ValidationError('Error')
+            raise serializers.ValidationError(_('Error'))
+
+        if not UserModel.objects.filter(email=value).exists():
+            raise serializers.ValidationError(_('Invalid e-mail address'))
+
        return value

    def save(self):
--- a/rest_auth/tests.py
+++ b/rest_auth/tests.py
@ -160,13 +160,9 @@ class APITestCase1(TestCase, BaseAPITestCase):
        result = {}
        from django.utils.encoding import force_bytes
        from django.contrib.auth.tokens import default_token_generator
-        from django import VERSION
-        if VERSION[1] == 5:
-            from django.utils.http import int_to_base36
-            result['uid'] = int_to_base36(user.pk)
-        else:
-            from django.utils.http import urlsafe_base64_encode
-            result['uid'] = urlsafe_base64_encode(force_bytes(user.pk))
+        from django.utils.http import urlsafe_base64_encode
+
+        result['uid'] = urlsafe_base64_encode(force_bytes(user.pk))
        result['token'] = default_token_generator.make_token(user)
        return result

@ -338,6 +334,15 @@ class APITestCase1(TestCase, BaseAPITestCase):
        }
        self.post(self.login_url, data=payload, status_code=200)

+    def test_password_reset_with_invalid_email(self):
+        get_user_model().objects.create_user(self.USERNAME, self.EMAIL, self.PASS)
+
+        # call password reset
+        mail_count = len(mail.outbox)
+        payload = {'email': 'nonexisting@email.com'}
+        self.post(self.password_reset_url, data=payload, status_code=400)
+        self.assertEqual(len(mail.outbox), mail_count)
+
    def test_user_details(self):
        user = get_user_model().objects.create_user(self.USERNAME, self.EMAIL, self.PASS)
        payload = {