Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

registration: Use tokenized noreply address in password reset.

This commit is contained in:
Vishnu Ks 2018-06-19 18:20:36 +05:30 committed by Tim Abbott
parent 2b1424e51a
commit 994e1a2154
2 changed files with 17 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
zerver/forms.py
View File

@ -242,7 +242,8 @@ class ZulipPasswordResetForm(PasswordResetForm):
context['reset_url'] = "{}{}".format(user.realm.uri, endpoint) context['reset_url'] = "{}{}".format(user.realm.uri, endpoint)
send_email('zerver/emails/password_reset', to_user_id=user.id, send_email('zerver/emails/password_reset', to_user_id=user.id,
from_name="Zulip Account Security", from_name="Zulip Account Security",
from_address=FromAddress.NOREPLY, context=context) from_address=FromAddress.tokenized_no_reply_address(),
context=context)
else: else:
context['no_account_in_realm'] = True context['no_account_in_realm'] = True
accounts = UserProfile.objects.filter(email__iexact=email) accounts = UserProfile.objects.filter(email__iexact=email)
@ -251,7 +252,8 @@ class ZulipPasswordResetForm(PasswordResetForm):
context['multiple_accounts'] = accounts.count() != 1 context['multiple_accounts'] = accounts.count() != 1
send_email('zerver/emails/password_reset', to_email=email, send_email('zerver/emails/password_reset', to_email=email,
from_name="Zulip Account Security", from_name="Zulip Account Security",
from_address=FromAddress.NOREPLY, context=context) from_address=FromAddress.tokenized_no_reply_address(),
context=context)
class CreateUserForm(forms.Form): class CreateUserForm(forms.Form):
full_name = forms.CharField(max_length=100) full_name = forms.CharField(max_length=100)

20
zerver/tests/test_signup.py
View File

@ -1,5 +1,8 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
import datetime import datetime
from email.utils import parseaddr
import re
import django_otp import django_otp
from django.conf import settings from django.conf import settings
from django.contrib.contenttypes.models import ContentType from django.contrib.contenttypes.models import ContentType
@ -178,7 +181,8 @@ class PasswordResetTest(ZulipTestCase):
from django.core.mail import outbox from django.core.mail import outbox
from_email = outbox[0].from_email from_email = outbox[0].from_email
self.assertIn("Zulip Account Security", from_email) self.assertIn("Zulip Account Security", from_email)
self.assertIn(FromAddress.NOREPLY, from_email) tokenized_no_reply_email = parseaddr(from_email)[1]
self.assertTrue(re.search(self.TOKENIZED_NOREPLY_REGEX, tokenized_no_reply_email))
self.assertIn("Psst. Word on the street is that you", outbox[0].body) self.assertIn("Psst. Word on the street is that you", outbox[0].body)
# Visit the password reset link. # Visit the password reset link.
@ -222,8 +226,8 @@ class PasswordResetTest(ZulipTestCase):
from django.core.mail import outbox from django.core.mail import outbox
from_email = outbox[0].from_email from_email = outbox[0].from_email
self.assertIn("Zulip Account Security", from_email) self.assertIn("Zulip Account Security", from_email)
self.assertIn(FromAddress.NOREPLY, from_email) tokenized_no_reply_email = parseaddr(from_email)[1]
self.assertTrue(re.search(self.TOKENIZED_NOREPLY_REGEX, tokenized_no_reply_email))
self.assertIn('Someone (possibly you) requested a password', self.assertIn('Someone (possibly you) requested a password',
outbox[0].body) outbox[0].body)
self.assertNotIn('does have an active account in the zulip.testserver', self.assertNotIn('does have an active account in the zulip.testserver',
@ -249,8 +253,8 @@ class PasswordResetTest(ZulipTestCase):
from django.core.mail import outbox from django.core.mail import outbox
from_email = outbox[0].from_email from_email = outbox[0].from_email
self.assertIn("Zulip Account Security", from_email) self.assertIn("Zulip Account Security", from_email)
self.assertIn(FromAddress.NOREPLY, from_email) tokenized_no_reply_email = parseaddr(from_email)[1]
self.assertTrue(re.search(self.TOKENIZED_NOREPLY_REGEX, tokenized_no_reply_email))
self.assertIn('Someone (possibly you) requested a password', self.assertIn('Someone (possibly you) requested a password',
outbox[0].body) outbox[0].body)
self.assertNotIn('does have an active account in the zulip.testserver', self.assertNotIn('does have an active account in the zulip.testserver',
@ -297,7 +301,8 @@ class PasswordResetTest(ZulipTestCase):
from django.core.mail import outbox from django.core.mail import outbox
self.assertEqual(len(outbox), 1) self.assertEqual(len(outbox), 1)
message = outbox.pop() message = outbox.pop()
self.assertIn(FromAddress.NOREPLY, message.from_email) tokenized_no_reply_email = parseaddr(message.from_email)[1]
self.assertTrue(re.search(self.TOKENIZED_NOREPLY_REGEX, tokenized_no_reply_email))
self.assertIn('Someone (possibly you) requested a password', self.assertIn('Someone (possibly you) requested a password',
message.body) message.body)
self.assertIn("but\nyou do not have an active account in http://zephyr.testserver", self.assertIn("but\nyou do not have an active account in http://zephyr.testserver",
@ -366,7 +371,8 @@ class PasswordResetTest(ZulipTestCase):
self.assertEqual(len(outbox), 1) self.assertEqual(len(outbox), 1)
message = outbox.pop() message = outbox.pop()
self.assertIn(FromAddress.NOREPLY, message.from_email) tokenized_no_reply_email = parseaddr(message.from_email)[1]
self.assertTrue(re.search(self.TOKENIZED_NOREPLY_REGEX, tokenized_no_reply_email))
self.assertIn('Psst. Word on the street is that you need a new password', self.assertIn('Psst. Word on the street is that you need a new password',
message.body) message.body)