From df4a56071692a21bf489e6f7f0bdd4a38ca93490 Mon Sep 17 00:00:00 2001
From: Fredrik Jonsson <frjo@xdeb.org>
Date: Thu, 24 Jan 2019 09:37:57 +0100
Subject: [PATCH] Set a temp password on user activation so users who skip
 setting one can use the password reset function.

---
 opentech/apply/users/views.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/opentech/apply/users/views.py b/opentech/apply/users/views.py
index 02e1c8f15..ceca91961 100644
--- a/opentech/apply/users/views.py
+++ b/opentech/apply/users/views.py
@@ -3,6 +3,7 @@ from django.contrib.auth import get_user_model, login, update_session_auth_hash
 from django.contrib.auth.decorators import login_required
 from django.contrib.auth.forms import AdminPasswordChangeForm
 from django.contrib.auth.tokens import PasswordResetTokenGenerator
+from django.contrib.auth.models import BaseUserManager
 from django.shortcuts import redirect, render
 from django.template.response import TemplateResponse
 from django.urls import reverse_lazy
@@ -71,6 +72,9 @@ class ActivationView(TemplateView):
 
         if self.valid(user, kwargs.get('token')):
             user.is_active = True
+            # Set a temp password so users who skip setting one can use the password reset function.
+            temp_pass = BaseUserManager().make_random_password(length=32)
+            user.set_password(temp_pass)
             user.save()
 
             user.backend = 'django.contrib.auth.backends.ModelBackend'
-- 
GitLab