From 2b5cb1caad3b79a39f51818e85f99ab7c3aecba0 Mon Sep 17 00:00:00 2001 From: Ali-D-Akbar Date: Thu, 8 Apr 2021 17:27:20 +0500 Subject: [PATCH] fix!: allow reset password from support tools --- .../djangoapps/user_authn/views/password_reset.py | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/openedx/core/djangoapps/user_authn/views/password_reset.py b/openedx/core/djangoapps/user_authn/views/password_reset.py index cdbd0f057d..b8ec993173 100644 --- a/openedx/core/djangoapps/user_authn/views/password_reset.py +++ b/openedx/core/djangoapps/user_authn/views/password_reset.py @@ -1,5 +1,4 @@ """ Password reset logic and views . """ - import logging from django import forms @@ -596,8 +595,11 @@ def password_change_request_handler(request): """ user = request.user - # Prefer logged-in user's email - email = user.email if user.is_authenticated else request.POST.get('email') + if user.is_staff and user.is_superuser and request.POST.get('email_from_support_tools'): + email = request.POST.get('email_from_support_tools') + else: + # Prefer logged-in user's email + email = user.email if user.is_authenticated else request.POST.get('email') AUDIT_LOG.info("Password reset initiated for email %s.", email) if getattr(request, 'limited', False): @@ -610,7 +612,8 @@ def password_change_request_handler(request): if email: try: request_password_change(email, request.is_secure()) - user = user if user.is_authenticated else _get_user_from_email(email=email) + user = user if not request.POST.get('email_from_support_tools') and user.is_authenticated \ + else _get_user_from_email(email=email) destroy_oauth_tokens(user) except errors.UserNotFound: AUDIT_LOG.info("Invalid password reset attempt")