From ee5f32695e76e2111eec4b5c0e26465233feaff0 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 18 Nov 2024 17:07:22 +0000
Subject: [PATCH] auth: Allow password reset using the email address

Before, we strictly required the username.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/web/auth.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/web/auth.py b/src/web/auth.py
index 4a4c88a4..4d2c0f51 100644
--- a/src/web/auth.py
+++ b/src/web/auth.py
@@ -140,9 +140,9 @@ class PasswordResetInitiationHandler(base.BaseHandler):
 		username = self.get_argument("username")
 
 		# Fetch account and submit password reset
-		account = self.backend.accounts.get_by_uid(username)
-		if account:
-			with self.db.transaction():
+		with self.db.transaction():
+			account = self.backend.accounts.find_account(username)
+			if account:
 				account.request_password_reset()
 
 		self.render("auth/password-reset-successful.html")
-- 
2.47.3