Skip to content

Commit d9b8f3f

Browse files
mariodevmariodev
committed
Added non existing e-mail validation on password reset
+ small cleanup
1 parent 52283ae commit d9b8f3f

File tree

2 files changed

+18
-9
lines changed

2 files changed

+18
-9
lines changed

rest_auth/serializers.py

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -94,7 +94,7 @@ class UserDetailsSerializer(serializers.ModelSerializer):
9494
User model w/o password
9595
"""
9696
class Meta:
97-
model = get_user_model()
97+
model = UserModel
9898
fields = ('username', 'email', 'first_name', 'last_name')
9999
read_only_fields = ('email', )
100100

@@ -113,7 +113,11 @@ def validate_email(self, value):
113113
# Create PasswordResetForm with the serializer
114114
self.reset_form = self.password_reset_form_class(data=self.initial_data)
115115
if not self.reset_form.is_valid():
116-
raise serializers.ValidationError('Error')
116+
raise serializers.ValidationError(_('Error'))
117+
118+
if not UserModel.objects.filter(email=value).exists():
119+
raise serializers.ValidationError(_('Invalid e-mail address'))
120+
117121
return value
118122

119123
def save(self):

rest_auth/tests.py

Lines changed: 12 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -160,13 +160,9 @@ def _generate_uid_and_token(self, user):
160160
result = {}
161161
from django.utils.encoding import force_bytes
162162
from django.contrib.auth.tokens import default_token_generator
163-
from django import VERSION
164-
if VERSION[1] == 5:
165-
from django.utils.http import int_to_base36
166-
result['uid'] = int_to_base36(user.pk)
167-
else:
168-
from django.utils.http import urlsafe_base64_encode
169-
result['uid'] = urlsafe_base64_encode(force_bytes(user.pk))
163+
from django.utils.http import urlsafe_base64_encode
164+
165+
result['uid'] = urlsafe_base64_encode(force_bytes(user.pk))
170166
result['token'] = default_token_generator.make_token(user)
171167
return result
172168

@@ -338,6 +334,15 @@ def test_password_reset(self):
338334
}
339335
self.post(self.login_url, data=payload, status_code=200)
340336

337+
def test_password_reset_with_invalid_email(self):
338+
get_user_model().objects.create_user(self.USERNAME, self.EMAIL, self.PASS)
339+
340+
# call password reset
341+
mail_count = len(mail.outbox)
342+
payload = {'email': 'nonexisting@email.com'}
343+
self.post(self.password_reset_url, data=payload, status_code=400)
344+
self.assertEqual(len(mail.outbox), mail_count)
345+
341346
def test_user_details(self):
342347
user = get_user_model().objects.create_user(self.USERNAME, self.EMAIL, self.PASS)
343348
payload = {

0 commit comments

Comments
 (0)