This prevents information leaking to potential attackers. If you want to provide an error message in this case, you can subclass PasswordResetForm
and use the password_reset_form argument.
-Users flagged with an unusable password (see set_unusable_password() aren't allowed to request a password reset to prevent misuse when using an external
+Users flagged with an unusable password - see set_unusable_password() - aren't allowed to request a password reset to prevent misuse when using an external
authentication source like LDAP. Note that they won't receive any error message since this would expose their account's existence but no mail will be sent either.
More Detail: https://docs.djangoproject.com/en/dev/topics/auth/default/#topics-auth-creating-users
from portal.forms import PasswordResetForm, SetPasswordForm
from django.contrib.auth.tokens import default_token_generator
from django.contrib.sites.models import get_current_site
-from django.contrib.auth.hashers import UNUSABLE_PASSWORD, identify_hasher
+from django.contrib.auth.hashers import identify_hasher
##
import os.path, re
if form.is_valid():
### email check in manifold DB ###
- email = form.cleaned_data['email'] # email inserted on the form
+ email = form.cleaned_data['email'].lower() # email inserted on the form
user_query = Query().get('local:user').select('user_id','email')
user_details = execute_admin_query(request, user_query)
flag = 0
### manifold pass update ###
#password = form.cleaned_data('password1')
password=request.POST['new_password1']
- user_query = Query().get('local:user').select('user_id','email','password')
- user_details = execute_admin_query(request, user_query)
- for user_detail in user_details:
- if user_detail['email'] == user.email:
- user_detail['password'] = password
+ #user_query = Query().get('local:user').select('user_id','email','password')
+ #user_details = execute_admin_query(request, user_query)
+ #for user_detail in user_details:
+ # if user_detail['email'] == user.email:
+ # user_detail['password'] = password
#updating password in local:user
- user_params = { 'password': user_detail['password']}
+ user_params = { 'password': password}
manifold_update_user(request,user.email,user_params)
### end of manifold pass update ###