From a91866e74169eddfc0293726a984827b231d27eb Mon Sep 17 00:00:00 2001 From: Jean-Romain Garnier Date: Fri, 17 Apr 2020 11:39:11 +0000 Subject: [PATCH] Require login on confirmation email resend --- users/forms.py | 8 ++++++-- users/views.py | 3 ++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/users/forms.py b/users/forms.py index de229fcd..dd9ddaa7 100644 --- a/users/forms.py +++ b/users/forms.py @@ -330,7 +330,11 @@ class AdherentForm(FormRevMixin, FieldPermissionFormMixin, ModelForm): self.fields["room"].label = _("Room") self.fields["room"].empty_label = _("No room") self.fields["school"].empty_label = _("Select a school") - self.initial["email"] = kwargs["instance"].email + + if not kwargs["user"].is_anonymous(): + self.initial["email"] = kwargs["user"].email + else: + self.initial["email"] = None class Meta: model = Adherent @@ -383,7 +387,7 @@ class AdherentForm(FormRevMixin, FieldPermissionFormMixin, ModelForm): """On met à jour l'état de l'utilisateur en fonction de son mail""" user = super(AdherentForm, self).save(commit=commit) - if user.email != self.initial["email"]: + if self.initial["email"] is not None and user.email != self.initial["email"]: # Send a confirmation email if user.state in [User.STATE_ACTIVE, User.STATE_DISABLED, User.STATE_NOT_YET_ACTIVE, User.STATE_EMAIL_NOT_YET_CONFIRMED]: user.state = User.STATE_EMAIL_NOT_YET_CONFIRMED diff --git a/users/views.py b/users/views.py index b93bf7f3..cd135546 100644 --- a/users/views.py +++ b/users/views.py @@ -1051,8 +1051,9 @@ def process_email(request, req): ) +@login_required @can_edit(User) -def resend_confirmation_email(request, userid): +def resend_confirmation_email(request, logged_user, userid): """ Renvoi du mail de confirmation """ try: user = User.objects.get(