CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity

Do not allow password reset for disabled users

Browse Source
This commit is contained in:
Raphael Michel
2023-11-13 12:42:10 +01:00
parent c21083bf80
commit 65b74d0483
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/pretix/control/views/auth.py
View File

@@ -266,7 +266,7 @@ class Forgot(TemplateView):
has_redis = settings.HAS_REDIS has_redis = settings.HAS_REDIS
try: try:
user = User.objects.get(email__iexact=email) user = User.objects.get(is_active=True, email__iexact=email)
if has_redis: if has_redis:
from django_redis import get_redis_connection from django_redis import get_redis_connection
@@ -330,7 +330,7 @@ class Recover(TemplateView):
if request.user.is_authenticated: if request.user.is_authenticated:
return redirect(request.GET.get("next", 'control:index')) return redirect(request.GET.get("next", 'control:index'))
try: try:
user = User.objects.get(id=self.request.GET.get('id'), auth_backend='native') user = User.objects.get(id=self.request.GET.get('id'), is_active=True, auth_backend='native')
except User.DoesNotExist: except User.DoesNotExist:
return self.invalid('unknownuser') return self.invalid('unknownuser')
if not default_token_generator.check_token(user, self.request.GET.get('token')): if not default_token_generator.check_token(user, self.request.GET.get('token')):