From 9f3fd9cc025e07c67fb28d67edc6fb0774399904 Mon Sep 17 00:00:00 2001
From: Todd Dembrey <todd.dembrey@torchbox.com>
Date: Tue, 25 Sep 2018 14:40:55 +0100
Subject: [PATCH] Make sure the reset url is the correct site from the request

---
 .../users/templates/users/password_reset/email.txt |  2 +-
 opentech/apply/users/tests/test_views.py           | 14 ++++++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/opentech/apply/users/templates/users/password_reset/email.txt b/opentech/apply/users/templates/users/password_reset/email.txt
index 58e179542..ba51754de 100644
--- a/opentech/apply/users/templates/users/password_reset/email.txt
+++ b/opentech/apply/users/templates/users/password_reset/email.txt
@@ -1,6 +1,6 @@
 {% load i18n wagtailadmin_tags %}{% base_url_setting as base_url %}
 {% trans "Please follow the link below to reset your password:" %}
-{% if site.root_url %}{{ site.root_url }}{% else %}{{ base_url }}{% endif %}{% url 'users:password_reset_confirm' uidb64=uid token=token %}
+{{ protocol }}://{{ domain }}{% url 'users:password_reset_confirm' uidb64=uid token=token %}
 
 {% if user.USERNAME_FIELD != "email" %}
 {% trans "Your username (in case you've forgotten):" %} {{ user.get_username }}
diff --git a/opentech/apply/users/tests/test_views.py b/opentech/apply/users/tests/test_views.py
index e5c2a6dc4..044a9566d 100644
--- a/opentech/apply/users/tests/test_views.py
+++ b/opentech/apply/users/tests/test_views.py
@@ -1,6 +1,8 @@
+from django.core import mail
 from django.test import override_settings, TestCase
 from django.urls import reverse
 
+from opentech.apply.utils.testing.tests import BaseViewTestCase
 from .factories import OAuthUserFactory, StaffFactory, UserFactory
 
 
@@ -44,3 +46,15 @@ class TestStaffProfileView(BaseTestProfielView):
     def test_can_set_slack_name(self):
         response = self.client.get(self.url, follow=True)
         self.assertContains(response, 'Slack name')
+
+
+class TestPasswordReset(BaseViewTestCase):
+    user_factory = UserFactory
+    url_name = 'users:{}'
+    base_view_name = 'password_reset'
+
+    def test_recieves_email(self):
+        response = self.post_page(None, data={'email': self.user.email})
+        self.assertRedirects(response, self.url(None, view_name='password_reset_done'))
+        self.assertEqual(len(mail.outbox), 1)
+        self.assertIn('https://testserver/account/password/reset/confirm', mail.outbox[0].body)
-- 
GitLab