backend: Make password reset form support multi realm membership.

templates/zerver/emails/password_reset.source.html

@@ -4,13 +4,25 @@
 <p>
     {% if no_account_in_realm %}
         Someone (possibly you) requested a password reset email for {{ email }}
-        on {{ realm_uri }}, but {{ email }} does not have an
+        on {{ realm_uri }}, but you do not have an
         active account in {{ realm_uri }}.
 
-        {% if account_exists_another_realm %}
+        {% if accounts %}
-        However, {{ email }} does have an active account in the {{ user.realm.uri }}
+            {% if multiple_accounts %}
+            However, you do have active accounts in the following
+            organizations.
+            <ul>
+                {% for account in accounts %}
+                <li>{{ account.realm.uri }}</li>
+                {% endfor %}
+            </ul>
+            You can try logging in or resetting your password in the organization
+            you want.
+            {% else %}
+            However, you do have an active account in the {{ accounts[0].realm.uri }}
             organization; you can try logging in or resetting your password there.
             {% endif %}
+        {% endif %}
     {% else %}
         Psst. Word on the street is that you need a new password, {{ email }}.<br />
         It's all good. Click here and we'll take care of the rest:<br />

templates/zerver/emails/password_reset.txt

@@ -1,12 +1,19 @@
 {% if no_account_in_realm %}
 Someone (possibly you) requested a password reset email for
 {{ email }} on {{ realm_uri }}, but
-{{ email }} does not have an active account in
+you do not have an active account in {{ realm_uri }}.
-{{ realm_uri }}.
+{% if accounts %}
-{% if account_exists_another_realm %}
+{% if multiple_accounts %}
-However, {{ email }} does have an active account in
+However, you do have active accounts in the following organizations.
-{{ user.realm.uri }} organization; you can try
+{% for account in accounts %}
-logging in or resetting your password there.
+{{ account.realm.uri }}
+{% endfor %}
+You can try logging in or resetting your password in the organization
+you want.
+{% else %}
+However, you do have an active account in the {{ accounts[0].realm.uri }}
+organization; you can try logging in or resetting your password there.
+{% endif %}
 {% endif %}
 {% else %}
 Psst. Word on the street is that you need a new password, {{ email }}.

version.py

@@ -1,3 +1,3 @@
 ZULIP_VERSION = "1.7.1+git"
 
-PROVISION_VERSION = '13.0'
+PROVISION_VERSION = '13.1'

zerver/forms.py

@@ -24,7 +24,7 @@ from zerver.lib.request import JsonableError
 from zerver.lib.send_email import send_email, FromAddress
 from zerver.lib.subdomains import get_subdomain, user_matches_subdomain, is_root_domain_available
 from zerver.lib.users import check_full_name
-from zerver.models import Realm, get_user_profile_by_email, UserProfile, \
+from zerver.models import Realm, get_user, UserProfile, \
     get_realm, email_to_domain, email_allowed_for_realm
 from zproject.backends import email_auth_enabled
 
@@ -208,25 +208,23 @@ class ZulipPasswordResetForm(PasswordResetForm):
         """
         email = self.cleaned_data["email"]
 
-        subdomain = get_subdomain(request)
+        realm = get_realm(get_subdomain(request))
-        realm = get_realm(subdomain)
 
         if not email_auth_enabled(realm):
             logging.info("Password reset attempted for %s even though password auth is disabled." % (email,))
             return
 
         try:
-            user = get_user_profile_by_email(email)
+            user = get_user(email, realm)
         except UserProfile.DoesNotExist:
             user = None
 
         context = {
             'email': email,
             'realm_uri': realm.uri,
-            'user': user,
         }
 
-        if user is not None and user_matches_subdomain(subdomain, user):
+        if user is not None:
             token = token_generator.make_token(user)
             uid = urlsafe_base64_encode(force_bytes(user.id))
             endpoint = reverse('django.contrib.auth.views.password_reset_confirm',
@@ -234,16 +232,15 @@ class ZulipPasswordResetForm(PasswordResetForm):
 
             context['no_account_in_realm'] = False
             context['reset_url'] = "{}{}".format(user.realm.uri, endpoint)
-
             send_email('zerver/emails/password_reset', to_user_id=user.id,
                        from_name="Zulip Account Security",
                        from_address=FromAddress.NOREPLY, context=context)
         else:
             context['no_account_in_realm'] = True
-            if user is not None:
+            accounts = UserProfile.objects.filter(email__iexact=email)
-                context['account_exists_another_realm'] = True
+            if accounts:
-            else:
+                context['accounts'] = accounts
-                context['account_exists_another_realm'] = False
+                context['multiple_accounts'] = accounts.count() != 1
             send_email('zerver/emails/password_reset', to_email=email,
                        from_name="Zulip Account Security",
                        from_address=FromAddress.NOREPLY, context=context)

zerver/tests/test_signup.py

@@ -238,7 +238,7 @@ class PasswordResetTest(ZulipTestCase):
         self.assertIn(FromAddress.NOREPLY, message.from_email)
         self.assertIn('Someone (possibly you) requested a password',
                       message.body)
-        self.assertIn("hamlet@zulip.com does not have an active account in\nhttp://zephyr.testserver",
+        self.assertIn("but\nyou do not have an active account in http://zephyr.testserver",
                       message.body)
 
     def test_invalid_subdomain(self) -> None: