From 05e08891b20d658641b6ca5659102a68745b8424 Mon Sep 17 00:00:00 2001
From: Mateusz Mandera <mateusz.mandera@protonmail.com>
Date: Sun, 2 Feb 2020 13:51:39 +0100
Subject: [PATCH] auth: Replace deprecated password_reset_confirm.

Tests require adjusting, because the class-based view has an additional
redirect - through /uid/set-password/ and the token is read from the
session. See Django code of PasswordResetConfirmView.
---
 zerver/tests/test_signup.py | 10 ++++++++--
 zproject/urls.py            |  9 ++++-----
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/zerver/tests/test_signup.py b/zerver/tests/test_signup.py
index f65b8d7dfe..c43145fa53 100644
--- a/zerver/tests/test_signup.py
+++ b/zerver/tests/test_signup.py
@@ -3,6 +3,7 @@ import datetime
 from email.utils import parseaddr
 
 from django.conf import settings
+from django.contrib.auth.views import INTERNAL_RESET_URL_TOKEN
 from django.contrib.contenttypes.models import ContentType
 from django.http import HttpResponse
 from django.test import TestCase, override_settings
@@ -240,18 +241,23 @@ class PasswordResetTest(ZulipTestCase):
         password_reset_url = self.get_confirmation_url_from_outbox(
             email, url_pattern=settings.EXTERNAL_HOST + r"(\S\S+)")
         result = self.client_get(password_reset_url)
+        self.assertEqual(result.status_code, 302)
+        self.assertTrue(result.url.endswith('/{}/'.format(INTERNAL_RESET_URL_TOKEN)))
+
+        final_reset_url = result.url
+        result = self.client_get(final_reset_url)
         self.assertEqual(result.status_code, 200)
 
         # Reset your password
         with self.settings(PASSWORD_MIN_LENGTH=3, PASSWORD_MIN_GUESSES=1000):
             # Verify weak passwords don't work.
-            result = self.client_post(password_reset_url,
+            result = self.client_post(final_reset_url,
                                       {'new_password1': 'easy',
                                        'new_password2': 'easy'})
             self.assert_in_response("The password is too weak.",
                                     result)
 
-            result = self.client_post(password_reset_url,
+            result = self.client_post(final_reset_url,
                                       {'new_password1': 'f657gdGGk9',
                                        'new_password2': 'f657gdGGk9'})
             # password reset succeeded
diff --git a/zproject/urls.py b/zproject/urls.py
index 0f877811ad..f024d46d17 100644
--- a/zproject/urls.py
+++ b/zproject/urls.py
@@ -13,7 +13,7 @@ from zerver.lib.integrations import WEBHOOK_INTEGRATIONS
 
 
 from django.contrib.auth.views import (LoginView, password_reset_done,
-                                       password_reset_confirm, password_reset_complete)
+                                       PasswordResetConfirmView, password_reset_complete)
 
 import zerver.tornado.views
 import zerver.views
@@ -459,10 +459,9 @@ i18n_urls = [
     url(r'^accounts/password/reset/done/$', password_reset_done,
         {'template_name': 'zerver/reset_emailed.html'}),
     url(r'^accounts/password/reset/(?P<uidb64>[0-9A-Za-z]+)/(?P<token>.+)/$',
-        password_reset_confirm,
-        {'post_reset_redirect': '/accounts/password/done/',
-         'template_name': 'zerver/reset_confirm.html',
-         'set_password_form': zerver.forms.LoggingSetPasswordForm},
+        PasswordResetConfirmView.as_view(success_url='/accounts/password/done/',
+                                         template_name='zerver/reset_confirm.html',
+                                         form_class=zerver.forms.LoggingSetPasswordForm),
         name='django.contrib.auth.views.password_reset_confirm'),
     url(r'^accounts/password/done/$', password_reset_complete,
         {'template_name': 'zerver/reset_done.html'}),