Ticket #14674: 14674.patch

django/contrib/auth/forms.py

@@ -1 @@
-from django.contrib.auth.models import User
+from django.contrib.auth.models import User, UNUSABLE_PASSWORD
 from django.contrib.auth import authenticate
 from django.contrib.auth.tokens import default_token_generator
 from django.contrib.sites.models import get_current_site
@@ -111 +111 @@
         Validates that a user exists with the given e-mail address.
         """
         email = self.cleaned_data["email"]
-        self.users_cache = User.objects.filter(email__iexact=email)
+        self.users_cache = User.objects.filter(email__iexact=email).exclude(
+            password=UNUSABLE_PASSWORD)
         if len(self.users_cache) == 0:
             raise forms.ValidationError(_("That e-mail address doesn't have an associated user account. Are you sure you've registered?"))
         return email

docs/topics/auth.txt

@@ -202 +202 @@
         You may need this if authentication for your application takes place
         against an existing external source such as an LDAP directory.
 
+        Also, users with unusable_password will not able to request reseting 
+        their passwords
+
     .. method:: models.User.has_usable_password()
 
         .. versionadded:: 1.0
@@ -916 +919 @@
     that can be used to reset the password, and sending that link to the
     user's registered e-mail address.
 
+    Reseting password will not work for users with unusable_password,
+    see :meth:`~django.contrib.auth.models.User.set_unusable_password()`
+
     **Optional arguments:**
 
         * ``template_name``: The full name of a template to use for