diff --git a/opentech/apply/users/forms.py b/opentech/apply/users/forms.py
index 88e7bdbc44a63114c5929a66055b805d56fc51b8..b27eab0b8f4091fe4368787ac298499078a473fd 100644
--- a/opentech/apply/users/forms.py
+++ b/opentech/apply/users/forms.py
@@ -34,6 +34,10 @@ class ProfileForm(forms.ModelForm):
if not self.instance.is_apply_staff:
del self.fields['slack']
+ if not self.instance.has_usable_password():
+ # User is registered with oauth - no password change allowed
+ del self.fields['email']
+
def clean_slack(self):
slack = self.cleaned_data['slack']
if slack:
diff --git a/opentech/apply/users/templates/users/login.html b/opentech/apply/users/templates/users/login.html
index 5f542f6ea06646eac09272371c5be708b8e11788..e80099f534a16cf2623e83a1b574c50017d499eb 100644
--- a/opentech/apply/users/templates/users/login.html
+++ b/opentech/apply/users/templates/users/login.html
@@ -13,7 +13,7 @@
</form>
<div class="wrapper wrapper--inner-space-large">
- <a class="link link--button link--button-long-text" href="{% url "social:begin" "google-oauth2" %}?next={% url "users:account" %}">Log in with your OTF email</a>
+ <a class="link link--button link--button-long-text" href="{% url "social:begin" "google-oauth2" %}">Log in with your OTF email</a>
</div>
</div>
{% endblock %}
diff --git a/opentech/apply/users/tests/factories.py b/opentech/apply/users/tests/factories.py
index e474e940ec796b7f728482fa2a2a6c6087025eeb..b111108c871b44f89780a9472a3c68b3c3d2dedd 100644
--- a/opentech/apply/users/tests/factories.py
+++ b/opentech/apply/users/tests/factories.py
@@ -41,7 +41,7 @@ class AdminFactory(UserFactory):
is_admin = True
-class StaffFactory(UserFactory):
+class StaffFactory(OAuthUserFactory):
class Meta:
exclude = ('slack_temp', )
is_staff = True
diff --git a/opentech/apply/users/tests/test_forms.py b/opentech/apply/users/tests/test_forms.py
index 03860d17eeba33dca8ee4453aaab88c05c56a083..06e81fb933f048101100af1a60e7dff680c4f9e8 100644
--- a/opentech/apply/users/tests/test_forms.py
+++ b/opentech/apply/users/tests/test_forms.py
@@ -48,6 +48,13 @@ class TestStaffProfileForm(BaseTestProfileForm):
def setUp(self):
self.staff = StaffFactory()
+ def test_cant_change_password(self):
+ new_email = 'me@this.com'
+ form = self.submit_form(self.staff, email=new_email)
+ self.assertFalse('email' in form.fields)
+ self.staff.refresh_from_db()
+ self.assertNotEqual(new_email, self.staff.email)
+
def test_can_set_slack_name(self):
slack_name = '@foobar'
self.submit_form(self.staff, slack=slack_name)
diff --git a/opentech/apply/users/tests/test_views.py b/opentech/apply/users/tests/test_views.py
index 935dcdc981e7301ad4f28cd84a204fb775c4ee3e..1943e508315cfd891b11d2095dd1b5e2639c4af0 100644
--- a/opentech/apply/users/tests/test_views.py
+++ b/opentech/apply/users/tests/test_views.py
@@ -43,3 +43,7 @@ class TestStaffProfileView(BaseTestProfielView):
def test_can_set_slack_name(self):
response = self.client.get(self.url, follow=True)
self.assertContains(response, 'Slack name')
+
+ def test_can_not_set_email(self):
+ response = self.client.get(self.url, follow=True)
+ self.assertNotContains(response, 'Email')
diff --git a/opentech/settings/base.py b/opentech/settings/base.py
index d624e6fb467b0f2fc3af8ff523dfd49e8d1b4914..4171f5bcfbfbe35ba56711d780fc7999ae187219 100644
--- a/opentech/settings/base.py
+++ b/opentech/settings/base.py
@@ -317,7 +317,7 @@ SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS = STAFF_EMAIL_DOMAINS
SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = ''
SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = ''
-SOCIAL_AUTH_LOGIN_ERROR_URL = 'users:account'
+SOCIAL_AUTH_LOGIN_ERROR_URL = 'users:login'
SOCIAL_AUTH_NEW_ASSOCIATION_REDIRECT_URL = 'users:account'
# For pipelines, see http://python-social-auth.readthedocs.io/en/latest/pipeline.html?highlight=pipelines#authentication-pipeline