auth: Allow password reset using the email address

Before, we strictly required the username.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/web/auth.py b/src/web/auth.py
index 4a4c88a4c2858f8b864fb584223b328e615590bf..4d2c0f51b89f703022a4762d9ae24f12ecc3e188 100644 (file)
--- a/src/web/auth.py
+++ b/src/web/auth.py
@@ -140,9 +140,9 @@ class PasswordResetInitiationHandler(base.BaseHandler):
                username = self.get_argument("username")
 
                # Fetch account and submit password reset
-               account = self.backend.accounts.get_by_uid(username)
-               if account:
-                       with self.db.transaction():
+               with self.db.transaction():
+                       account = self.backend.accounts.find_account(username)
+                       if account:
                                account.request_password_reset()
 
                self.render("auth/password-reset-successful.html")