From 759a472f8f4d0730187b6c612aa5b42018a3e396 Mon Sep 17 00:00:00 2001
From: mlbonhomme <bonhomme@teklia.com>
Date: Mon, 8 Apr 2024 17:33:45 +0200
Subject: [PATCH] Warn the user when the password reset link is expired

---
 arkindex/users/serializers.py               | 4 +++-
 arkindex/users/tests/test_password_reset.py | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/arkindex/users/serializers.py b/arkindex/users/serializers.py
index 705ef7d16f..8bf49eeea6 100644
--- a/arkindex/users/serializers.py
+++ b/arkindex/users/serializers.py
@@ -140,8 +140,10 @@ class PasswordResetConfirmSerializer(serializers.Serializer):
 
     def save(self):
         user = self.validated_data["user"]
-        if not user or not self.validated_data["valid_token"]:
+        if not user:
             return
+        if not self.validated_data["valid_token"]:
+            raise serializers.ValidationError({"token": "This password reset link has expired. Please generate a new one using the 'Forgot your password?' link on the Login page."})
         user.set_password(self.validated_data["password"])
         user.save()
 
diff --git a/arkindex/users/tests/test_password_reset.py b/arkindex/users/tests/test_password_reset.py
index 32c08a1b2a..517dc45180 100644
--- a/arkindex/users/tests/test_password_reset.py
+++ b/arkindex/users/tests/test_password_reset.py
@@ -75,7 +75,7 @@ class TestPasswordReset(FixtureAPITestCase):
             },
             format="json",
         )
-        self.assertEqual(resp.status_code, status.HTTP_201_CREATED)
+        self.assertEqual(resp.status_code, status.HTTP_400_BAD_REQUEST)
         self.user.refresh_from_db()
         self.assertFalse(self.user.check_password("S3cr37Pa$$w0rd"))
         self.assertEqual(token_gen_mock.check_token.call_count, 1)
-- 
GitLab