agstack · lucienshema · Apr 10, 2025 · Apr 10, 2025
diff --git a/my_eudr_app/auth_views.py b/my_eudr_app/auth_views.py
@@ -22,6 +22,8 @@
 from rest_framework.permissions import IsAuthenticated
 from django.db.models import Q
 
+from my_eudr_app.forms import CustomPasswordResetForm
+
 
 @swagger_auto_schema(method='post', request_body=openapi.Schema(type=openapi.TYPE_OBJECT, properties={
     'first_name': openapi.Schema(type=openapi.TYPE_STRING, description='First Name'),
@@ -338,8 +340,7 @@ def logout_view(request):
 #         password_reset_form = PasswordResetForm(request.POST)
 #         if password_reset_form.is_valid():
 #             data = password_reset_form.cleaned_data['email']
-#             # associated_users = User.objects.filter(email=data)
-#             associated_users = User.objects.filter(Q(email=data) | Q(username=data))
+#             associated_users = User.objects.filter(email=data)
 #             if associated_users.exists():
 #                 for user in associated_users:
 #                     subject = "TerraTrav Validation Portal - Password Reset Requested"
@@ -368,26 +369,81 @@ def logout_view(request):
 #     password_reset_form = PasswordResetForm()
 #     return render(request, "auth/password_reset.html", {"form": password_reset_form})
 
+### Fixed the issues raised from Burundi ###
+
+# @api_view(['GET', 'POST'])
+# def password_reset_request(request):
+#     if request.method == "GET":
+#         password_reset_form = PasswordResetForm()
+#         return render(request, "auth/password_reset.html", {"form": password_reset_form})
+
+#     if request.method == "POST":
+#         password_reset_form = PasswordResetForm(request.POST)
+#         if password_reset_form.is_valid():
+#             data = password_reset_form.cleaned_data['email']
+#             # Match users where either email or username equals the entered email
+#             associated_users = User.objects.filter(Q(email=data) | Q(username=data))
+
+#             if associated_users.exists():
+#                 for user in associated_users:
+#                     # Use email if available, otherwise use username as fallback
+#                     recipient = user.email if user.email else user.username
+
+#                     subject = "TerraTrav Validation Portal - Password Reset Requested"
+#                     email_template_name = "auth/password_reset_email.html"
+#                     c = {
+#                         "email": recipient,
+#                         "domain": request.get_host(),
+#                         "site_name": "TerraTrac Validation Portal",
+#                         "uid": urlsafe_base64_encode(force_bytes(user.pk)),
+#                         "user": user,
+#                         "token": default_token_generator.make_token(user),
+#                         "protocol": 'https' if request.is_secure() else 'http',
+#                     }
+#                     email = render_to_string(email_template_name, c)
+
+#                     send_mail(
+#                         subject,
+#                         message=email,
+#                         html_message=email,
+#                         from_email=settings.DEFAULT_FROM_EMAIL,
+#                         recipient_list=[recipient]
+#                     )
+
+#                 messages.success(
+#                     request, 'A link to reset your password has been sent to your email address.')
+#                 return redirect(reverse('password_reset'))
+#             else:
+#                 messages.error(
+#                     request, 'No user found with this email address or username.')
+#                 return redirect(reverse('password_reset'))
+
+#     password_reset_form = PasswordResetForm()
+#     return render(request, "auth/password_reset.html", {"form": password_reset_form})
+
+
+## adding the changes to the password reset request view to ensure that it works with both email and username depending on what the user submits to the form  ##
+
 @api_view(['GET', 'POST'])
 def password_reset_request(request):
     if request.method == "GET":
-        password_reset_form = PasswordResetForm()
+        password_reset_form =  CustomPasswordResetForm()
         return render(request, "auth/password_reset.html", {"form": password_reset_form})
 
     if request.method == "POST":
-        password_reset_form = PasswordResetForm(request.POST)
+        password_reset_form = CustomPasswordResetForm(request.POST)
         if password_reset_form.is_valid():
-            data = password_reset_form.cleaned_data['email']
-            # Match users where either email or username equals the entered email
-            associated_users = User.objects.filter(Q(email=data) | Q(username=data))
+            identifier = password_reset_form.cleaned_data['email']  # Could be username or email
+            # Try to find user where input matches username or email
+            associated_users = User.objects.filter(Q(username=identifier) | Q(email=identifier))
 
-            if associated_users.exists():
+            if associated_users.exists():  # Ensure user exists
                 for user in associated_users:
                     # Use email if available, otherwise use username as fallback
-                    recipient = user.email if user.email else user.username
-
                     subject = "TerraTrav Validation Portal - Password Reset Requested"
                     email_template_name = "auth/password_reset_email.html"
+                    recipient = user.email if user.email else user.username
+                    print(f"Recipient: {recipient}")  # Debugging line
                     c = {
                         "email": recipient,
                         "domain": request.get_host(),
@@ -404,21 +460,22 @@ def password_reset_request(request):
                         message=email,
                         html_message=email,
                         from_email=settings.DEFAULT_FROM_EMAIL,
-                        recipient_list=[recipient]
+                        recipient_list=[user.email]
                     )
 
-                messages.success(
-                    request, 'A link to reset your password has been sent to your email address.')
-                return redirect(reverse('password_reset'))
-            else:
-                messages.error(
-                    request, 'No user found with this email address or username.')
-                return redirect(reverse('password_reset'))
+                    messages.success(
+                        request, 'A password reset link has been sent to the user\'s registered email.')
+                    return redirect(reverse('password_reset'))
+                else:
+                    messages.error(
+                        request, 'No user found with that username or email, or no email is set for that user.')
+        return redirect(reverse('password_reset'))
 
-    password_reset_form = PasswordResetForm()
+    password_reset_form =  CustomPasswordResetForm()
     return render(request, "auth/password_reset.html", {"form": password_reset_form})
 
 
+
 @swagger_auto_schema(method='get', security=[],
                      tags=["User Management"], operation_summary="Endpoint that allows a user to reset their password")
 # @api_view(['GET'])

diff --git a/my_eudr_app/forms.py b/my_eudr_app/forms.py
@@ -0,0 +1,12 @@
+from django import forms
+from django.contrib.auth.forms import PasswordResetForm
+
+class CustomPasswordResetForm(PasswordResetForm):
+    email = forms.CharField(
+        label="Username or Email",
+        max_length=254,
+        widget=forms.TextInput(attrs={
+            'class': 'form-control',
+            'placeholder': 'Enter your username or email',
+        })
+    )
diff --git a/my_eudr_app/templates/auth/password_reset.html b/my_eudr_app/templates/auth/password_reset.html
@@ -98,12 +98,31 @@ <h4 class="text-center my-4">TerraTrac Reset Password</h4>
                 </div>
                 {% endfor %} {% endif %}
 
-                <form method="POST">
+                {% comment %} <form method="POST">
                   {% csrf_token %} {{ form.as_p }}
+                  <button type="submit" class="btn btn-primary w-100">
+                    Send Reset Link
+                  </button>
+                </form> {% endcomment %}
+
+                <form method="POST">
+                  {% csrf_token %}
+
+                  <div class="mb-3">
+                    <label for="id_email" class="form-label">Username or Email</label>
+                    {{ form.email }}
+                    {% if form.email.errors %}
+                      <div class="text-danger">
+                        {{ form.email.errors }}
+                      </div>
+                    {% endif %}
+                  </div>
+
                   <button type="submit" class="btn btn-primary w-100">
                     Send Reset Link
                   </button>
                 </form>
+
 
                 <p class="mt-3">
                   <a href="{% url 'login' %}">Get Back to Login</a>