use UserProfile for doing pwreset (bug 596263)

apps/users/forms.py

@@ -12,7 +12,8 @@ import happyforms
 from tower import ugettext as _, ugettext_lazy as _lazy
 
 from amo.utils import slug_validator
-from .models import UserProfile, BlacklistedUsername, BlacklistedEmailDomain
+from .models import (UserProfile, BlacklistedUsername, BlacklistedEmailDomain,
+                     DjangoUser)
 from . import tasks
 
 log = commonware.log.getLogger('z.users')
@@ -23,6 +24,16 @@ class AuthenticationForm(auth_forms.AuthenticationForm):
 
 
 class PasswordResetForm(auth_forms.PasswordResetForm):
+
+    def clean_email(self):
+        email = self.cleaned_data['email']
+        self.users_cache = UserProfile.objects.filter(email__iexact=email)
+        if not self.users_cache:
+            raise forms.ValidationError(
+                _("That e-mail address doesn't have an associated user "
+                  "account. Are you sure you've registered?"))
+        return email
+
     def save(self, **kw):
         for user in self.users_cache:
             log.info(u'Password reset email sent for user (%s)' % user)
@@ -35,11 +46,12 @@ class PasswordResetForm(auth_forms.PasswordResetForm):
 
 
 class SetPasswordForm(auth_forms.SetPasswordForm):
-    def __init__(self, user, *args, **kwargs):
+
-        super(SetPasswordForm, self).__init__(user, *args, **kwargs)
+    def __init__(self, *args, **kwargs):
-        if self.user:
+        super(SetPasswordForm, self).__init__(*args, **kwargs)
-            # We store our password in the users table, not auth_user like
+        # We store our password in the users table, not auth_user like
-            # Django expects
+        # Django expects.
+        if isinstance(self.user, DjangoUser):
             self.user = self.user.get_profile()
 
     def save(self, **kw):

apps/users/models.py

@@ -145,6 +145,14 @@ class UserProfile(amo.models.ModelBase):
 
     welcome_name = name
 
+    @property
+    def last_login(self):
+        """Make UserProfile look more like auth.User."""
+        # Django expects this to be non-null, so fake a login attempt.
+        if not self.last_login_attempt:
+            self.update(last_login_attempt=datetime.now())
+        return self.last_login_attempt
+
     @amo.cached_property
     def reviews(self):
         """All reviews that are not dev replies."""

apps/users/tests/test_forms.py

@@ -87,6 +87,14 @@ class TestPasswordResetForm(UserFormBase):
         assert mail.outbox[0].subject.find('Password reset') == 0
         assert mail.outbox[0].body.find('pwreset/%s' % self.uidb36) > 0
 
+    def test_amo_user_but_no_django_user(self):
+        # Password reset should work without a Django user.
+        self.user_profile.update(user=None, _signal=True)
+        self.user.delete()
+        self.client.post('/en-US/firefox/users/pwreset',
+                        {'email': self.user.email})
+        eq_(len(mail.outbox), 1)
+
 
 class TestUserDeleteForm(UserFormBase):
 
@@ -106,7 +114,7 @@ class TestUserDeleteForm(UserFormBase):
     def test_success(self):
         self.client.login(username='jbalogh@mozilla.com', password='foo')
         data = {'password': 'foo', 'confirm': True, }
-        r = self.client.post('/en-US/firefox/users/delete', data, follow=True)
+        self.client.post('/en-US/firefox/users/delete', data, follow=True)
         # TODO XXX: Bug 593055
         #self.assertContains(r, "Profile Deleted")
         u = UserProfile.objects.get(id='4043307')
@@ -115,7 +123,7 @@ class TestUserDeleteForm(UserFormBase):
     @patch('users.models.UserProfile.is_developer')
     def test_developer_attempt(self, f):
         """A developer's attempt to delete one's self must be thwarted."""
-        f = lambda: True
+        f.return_value = True
         self.client.login(username='jbalogh@mozilla.com', password='foo')
         data = {'password': 'foo', 'confirm': True, }
         r = self.client.post('/en-US/firefox/users/delete', data, follow=True)
@@ -335,15 +343,15 @@ class TestUserRegisterForm(UserFormBase):
 
     @patch('captcha.fields.ReCaptchaField.clean')
     def test_success(self, clean):
-        clean = lambda: ''
+        clean.return_value = ''
 
         data = {'email': 'john.connor@sky.net',
                 'password': 'carebears',
                 'password2': 'carebears',
                 'username': 'BigJC',
                 'homepage': ''}
-        r = self.client.post('/en-US/firefox/users/register', data,
+        self.client.post('/en-US/firefox/users/register', data,
-                             follow=True)
+                         follow=True)
         # TODO XXX POSTREMORA: uncomment when remora goes away
         #self.assertContains(r, "Congratulations!")
 

apps/users/urls.py

@@ -4,10 +4,14 @@ from django.conf.urls.defaults import patterns, url, include
 from zadmin import jinja_for_django
 
 from . import forms, views
+from .models import UserProfile
 
 # So we can use the contrib logic for password resets, etc.
 auth_views.render_to_response = jinja_for_django
 
+# We need Django to use our User model.
+auth_views.User = UserProfile
+
 
 # These will all start with /user/<user_id>/
 detail_patterns = patterns('',

migrations/78-null-created.sql

@@ -0,0 +1,2 @@
+-- Ah the joys of fake data.
+UPDATE users SET created = '2007-03-05 13:09:33'  WHERE created IS NULL;