Handle the case when the user requesting a password reset does not have an

email address


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@36982 20353a03-c40f-0410-a6d1-a30d3c3de9de

product/ERP5/Tool/PasswordTool.py

@@ -72,22 +72,33 @@ class PasswordTool(BaseTool):
     if user_login is None:
       user_login = REQUEST["user_login"]
 
-    # check user exists
+    msg = None
+    # check user exists, and have an email
     user_list = self.getPortalObject().acl_users.\
                       erp5_users.getUserByLogin(user_login)
     if len(user_list) == 0:
       msg = translateString("User ${user} does not exist.",
                             mapping={'user':user_login})
+    else:
+      # We use checked_permission to prevent errors when trying to acquire
+      # email from organisation
+      user = user_list[0]
+      email_value = user.getDefaultEmailValue(
+              checked_permission='Access content information')
+      if email_value is None or not email_value.asText():
+        msg = translateString(
+            "User ${user} does not have an email address, please contact site "
+            "administrator directly", mapping={'user':user_login})
+      
+    if msg:
       if REQUEST is not None:
         parameter = urlencode(dict(portal_status_message=msg))
         ret_url = '%s/login_form?%s' % \
                   (self.getPortalObject().absolute_url(),
                   parameter)
         return REQUEST.RESPONSE.redirect( ret_url )
-      else:
-        return msg
+      return msg
 
-    user = user_list[0].getObject()
     # generate a random string
     random_url = self._generateUUID()
     parameter = urlencode(dict(reset_key=random_url))

product/ERP5/tests/testPasswordTool.py

@@ -437,6 +437,40 @@ class TestPasswordTool(ERP5TypeTestCase):
     self.tic()
     self._assertUserExists('userZ ', 'newZ2')
 
+  def test_no_email_on_person(self):
+    person = self.portal.person_module.newContent(portal_type="Person",
+                                    reference="user",
+                                    password="password",)
+    assignment = person.newContent(portal_type='Assignment')
+    assignment.open()
+
+    transaction.commit()
+    self.tic()
+    self.logout()
+    ret = self.portal.portal_password.mailPasswordResetRequest(user_login='user')
+    self.assertEquals("User user does not have an email address, please contact"
+        " site administrator directly", str(ret))
+
+  def test_acquired_email_on_person(self):
+    organisation = self.portal.organisation_module.newContent(
+                                    portal_type='Organisation',
+                                    default_email_text="organisation@example.com",)
+    person = self.portal.person_module.newContent(portal_type="Person",
+                                    reference="user",
+                                    password="password",
+                                    default_career_subordination_value=organisation)
+    assignment = person.newContent(portal_type='Assignment')
+    assignment.open()
+
+    transaction.commit()
+    self.tic()
+    self._assertUserExists('user', 'password')
+    self.logout()
+    ret = self.portal.portal_password.mailPasswordResetRequest(user_login='user')
+    self.assertEquals("User user does not have an email address, please contact"
+        " site administrator directly", str(ret))
+
+
 class TestPasswordToolWithCRM(TestPasswordTool):
   """
   Test reset of password