From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 18 Nov 2024 17:07:22 +0000 (+0000)
Subject: auth: Allow password reset using the email address
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ee5f32695e76e2111eec4b5c0e26465233feaff0;p=ipfire.org.git

auth: Allow password reset using the email address

Before, we strictly required the username.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/web/auth.py b/src/web/auth.py
index 4a4c88a4..4d2c0f51 100644
--- a/src/web/auth.py
+++ b/src/web/auth.py
@@ -140,9 +140,9 @@ class PasswordResetInitiationHandler(base.BaseHandler):
 		username = self.get_argument("username")
 
 		# Fetch account and submit password reset
-		account = self.backend.accounts.get_by_uid(username)
-		if account:
-			with self.db.transaction():
+		with self.db.transaction():
+			account = self.backend.accounts.find_account(username)
+			if account:
 				account.request_password_reset()
 
 		self.render("auth/password-reset-successful.html")