Fix merge conflicts from develop (from PB&S release)

cslzchen · cslzchen · commit 0582e6f64592 · 2025-09-17T14:59:09.000-04:00
diff --git a/api/users/views.py b/api/users/views.py
@@ -45,7 +45,6 @@
 from api.registrations.serializers import RegistrationSerializer
 from api.resources import annotations as resource_annotations
 
-from api.users.services import send_password_reset_email
 from api.users.permissions import (
     CurrentUser, ReadOnlyOrCurrentUser,
     ReadOnlyOrCurrentUserRelationship,
@@ -828,7 +827,6 @@ def get(self, request, *args, **kwargs):
         if not email:
             raise ValidationError('Request must include email in query params.')
 
-<<<<<<< HEAD
         status_message = language.RESET_PASSWORD_SUCCESS_STATUS_MESSAGE.format(email=email)
         # check if the user exists
         user_obj = get_user(email=email)
@@ -863,27 +861,12 @@ def get(self, request, *args, **kwargs):
                         'reset_link': reset_link,
                     },
                 )
-=======
-        # check if the user exists
-        user_obj = get_user(email=email)
-        if user_obj and user_obj.is_active:
-            # rate limit forgot_password_post
-            if not throttle_period_expired(user_obj.email_last_sent, settings.SEND_EMAIL_THROTTLE):
-                status_message = 'You have recently requested to change your password. ' \
-                    'Please wait a few minutes before trying again.'
-                return Response({'message': status_message, 'kind': 'error'}, status=status.HTTP_429_TOO_MANY_REQUESTS)
-
-            send_password_reset_email(user_obj, email, institutional=institutional)
->>>>>>> upstream/develop
 
         return Response(
             status=status.HTTP_200_OK,
             data={
-<<<<<<< HEAD
                 'message': status_message,
-=======
-                'message': language.RESET_PASSWORD_SUCCESS_STATUS_MESSAGE.format(email=email),
->>>>>>> upstream/develop
+
                 'kind': 'success',
                 'institutional': institutional,
             },
diff --git a/api_tests/users/views/test_user_settings.py b/api_tests/users/views/test_user_settings.py
@@ -7,17 +7,9 @@
     AuthUserFactory,
     UserFactory,
 )
-<<<<<<< HEAD
 from osf.models import Email, NotableDomain, NotificationType
 from framework.auth.views import auth_email_logout
 from tests.utils import capture_notifications
-=======
-from django.middleware import csrf
-from django.core.cache import cache
-from osf.models import Email, NotableDomain
-from framework.auth.views import auth_email_logout
-from website import mails, settings
->>>>>>> upstream/develop
 
 @pytest.fixture()
 def user_one():
@@ -177,141 +169,6 @@ def test_multiple_errors(self, app, user_one, url, payload):
 
 
 @pytest.mark.django_db
-<<<<<<< HEAD
-=======
-@pytest.mark.usefixtures('mock_send_grid')
-class TestResetPassword:
-
-    @pytest.fixture()
-    def user_one(self):
-        user = UserFactory()
-        user.set_password('password1')
-        user.auth = (user.username, 'password1')
-        user.save()
-        return user
-
-    @pytest.fixture()
-    def url(self):
-        return f'/{API_BASE}users/reset_password/'
-
-    @pytest.fixture
-    def csrf_token(self):
-        return csrf._mask_cipher_secret(csrf._get_new_csrf_string())
-
-    @pytest.fixture(autouse=True)
-    def clear_throttle_cache(self):
-        cache.clear()
-
-    def test_get(self, app, url, user_one):
-        encoded_email = urllib.parse.quote(user_one.email)
-        url = f'{url}?email={encoded_email}'
-        with mock.patch.object(mails, 'send_mail', return_value=None) as mock_send_mail:
-            res = app.get(url)
-            assert res.status_code == 200
-
-            user_one.reload()
-            mock_send_mail.assert_called_with(
-                to_addr=user_one.username,
-                mail=mails.FORGOT_PASSWORD,
-                reset_link=f'{settings.DOMAIN}resetpassword/{user_one._id}/{user_one.verification_key_v2['token']}',
-                can_change_preferences=False,
-            )
-
-    def test_get_invalid_email(self, mock_send_grid, app, url):
-        url = f'{url}?email={'invalid_email'}'
-        res = app.get(url)
-        assert res.status_code == 200
-        assert not mock_send_grid.called
-
-    def test_post(self, app, url, user_one):
-        encoded_email = urllib.parse.quote(user_one.email)
-        url = f'{url}?email={encoded_email}'
-        res = app.get(url)
-        user_one.reload()
-        payload = {
-            'data': {
-                'attributes': {
-                    'uid': user_one._id,
-                    'token': user_one.verification_key_v2['token'],
-                    'password': 'password2',
-                }
-            }
-        }
-
-        res = app.post_json_api(url, payload)
-        user_one.reload()
-        assert res.status_code == 200
-        assert user_one.check_password('password2')
-
-    def test_post_empty_payload(self, app, url, csrf_token):
-        app.set_cookie(CSRF_COOKIE_NAME, csrf_token)
-        payload = {
-            'data': {
-                'attributes': {
-                }
-            }
-        }
-        res = app.post_json_api(url, payload, expect_errors=True, headers={'X-CSRFToken': csrf_token})
-        assert res.status_code == 400
-
-    def test_post_invalid_token(self, app, url, user_one, csrf_token):
-        app.set_cookie(CSRF_COOKIE_NAME, csrf_token)
-        payload = {
-            'data': {
-                'attributes': {
-                    'uid': user_one._id,
-                    'token': 'invalid_token',
-                    'password': 'password2',
-                }
-            }
-        }
-        res = app.post_json_api(url, payload, expect_errors=True, headers={'X-THROTTLE-TOKEN': 'test-token', 'X-CSRFToken': csrf_token})
-        assert res.status_code == 400
-
-    def test_post_invalid_password(self, app, url, user_one, csrf_token):
-        app.set_cookie(CSRF_COOKIE_NAME, csrf_token)
-        encoded_email = urllib.parse.quote(user_one.email)
-        url = f'{url}?email={encoded_email}'
-        res = app.get(url)
-        user_one.reload()
-        payload = {
-            'data': {
-                'attributes': {
-                    'uid': user_one._id,
-                    'token': user_one.verification_key_v2['token'],
-                    'password': user_one.username,
-                }
-            }
-        }
-
-        res = app.post_json_api(url, payload, expect_errors=True, headers={'X-THROTTLE-TOKEN': 'test-token', 'X-CSRFToken': csrf_token})
-        assert res.status_code == 400
-
-    def test_throttle(self, app, url, user_one):
-        encoded_email = urllib.parse.quote(user_one.email)
-        url = f'{url}?email={encoded_email}'
-        app.get(url)
-        user_one.reload()
-        payload = {
-            'data': {
-                'attributes': {
-                    'uid': user_one._id,
-                    'token': user_one.verification_key_v2['token'],
-                    'password': '12345',
-                }
-            }
-        }
-
-        res = app.post_json_api(url, payload, expect_errors=False)
-        assert res.status_code == 200
-
-        res = app.get(url, expect_errors=True)
-        assert res.status_code == 429
-        assert res.json['message'] == 'You have recently requested to change your password. Please wait a few minutes before trying again.'
-
-
-@pytest.mark.django_db
->>>>>>> upstream/develop
 class TestUserEmailsList:
 
     @pytest.fixture(autouse=True)
