Fix bug: check the posted username also with logged in user's

username
2019-02-23 18:45:53 +01:00 · 2019-02-23 18:45:53 +01:00 · 6a28b51354
parent 113fa2c454
commit 6a28b51354
1 changed files with 1 additions and 1 deletions
--- a/dal/views.py
+++ b/dal/views.py
@ -333,7 +333,7 @@ class ResetRequest(View):
        # get the hidden value of user
        user = request.POST.get("user")
        # some checks over the supplied data
-        if user == "" or not user:
+        if user == "" or not user or user != self.request.user.username:
            return render(request, 'error.html', { 'service': service, 'error': 'Something went wrong. Did you use the supplied form?' } )
        if password1 == "" or not password1 or password2 == "" or not password2:
            return render(request, 'error.html', { 'service': service, 'error': 'Please supply a password and confirm it.' } )