unusable passwords - support for all djangos

[myslice.git] / portal / django_passresetview.py

diff --git a/portal/django_passresetview.py b/portal/django_passresetview.py
index adf6239..8e57199 100644 (file)
--- a/portal/django_passresetview.py
+++ b/portal/django_passresetview.py
@@ -34,7 +34,7 @@ If the email address provided does not exist in the system, this view won't send
 This prevents information leaking to potential attackers. If you want to provide an error message in this case, you can subclass PasswordResetForm 
 and use the password_reset_form argument.
 
-Users flagged with an unusable password (see set_unusable_password() aren't allowed to request a password reset to prevent misuse when using an external 
+Users flagged with an unusable password - see set_unusable_password() - aren't allowed to request a password reset to prevent misuse when using an external 
 authentication source like LDAP. Note that they won't receive any error message since this would expose their account's existence but no mail will be sent either.
 
 More Detail: https://docs.djangoproject.com/en/dev/topics/auth/default/#topics-auth-creating-users
@@ -64,7 +64,7 @@ from django.contrib.auth.decorators import login_required
 from portal.forms import PasswordResetForm, SetPasswordForm
 from django.contrib.auth.tokens import default_token_generator
 from django.contrib.sites.models import get_current_site
-from django.contrib.auth.hashers import UNUSABLE_PASSWORD, identify_hasher
+from django.contrib.auth.hashers import identify_hasher
 
 ##
 import os.path, re
@@ -115,7 +115,7 @@ def password_reset(request, is_admin_site=False,
         if form.is_valid():
 
             ### email check in manifold DB ###
-            email = form.cleaned_data['email'] # email inserted on the form
+            email = form.cleaned_data['email'].lower() # email inserted on the form
             user_query  = Query().get('local:user').select('user_id','email')
             user_details = execute_admin_query(request, user_query)
             flag = 0
@@ -196,13 +196,13 @@ def password_reset_confirm(request, uidb36=None, token=None,
                 ### manifold pass update ###
                 #password = form.cleaned_data('password1')
                 password=request.POST['new_password1']
-                user_query  = Query().get('local:user').select('user_id','email','password')
-                user_details = execute_admin_query(request, user_query)
-                for user_detail in user_details:
-                    if user_detail['email'] == user.email:
-                        user_detail['password'] = password
+                #user_query  = Query().get('local:user').select('user_id','email','password')
+                #user_details = execute_admin_query(request, user_query)
+                #for user_detail in user_details:
+                #    if user_detail['email'] == user.email:
+                #        user_detail['password'] = password
                 #updating password in local:user
-                user_params = { 'password': user_detail['password']}
+                user_params = { 'password': password}
                 manifold_update_user(request,user.email,user_params)    
                 ### end of manifold pass update ###