From 741045628b9f7471c99bd3d54835890585a6b59e Mon Sep 17 00:00:00 2001
From: Timon Engelke <timon.engelke@online.de>
Date: Wed, 4 Oct 2023 18:50:13 +0200
Subject: [PATCH] Generate URL for password reset

---
 mafiasi/registration/urls.py  |  1 +
 mafiasi/registration/views.py | 21 ++++++++++++++++++++-
 mafiasi/settings.py           |  7 +++----
 3 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/mafiasi/registration/urls.py b/mafiasi/registration/urls.py
index d27fc225..16c1b2c5 100644
--- a/mafiasi/registration/urls.py
+++ b/mafiasi/registration/urls.py
@@ -9,6 +9,7 @@
     path("change_email/<token>", change_email, name="registration_change_email"),
     path("request_successful", request_successful, name="registration_request_successful"),
     path("account", account_settings, name="registration_account"),
+    path("password_reset", password_reset, name="registration_password_reset"),
 ]
 
 if settings.REGISTER_ENABLED:
diff --git a/mafiasi/registration/views.py b/mafiasi/registration/views.py
index 2ebb927d..54f99a82 100644
--- a/mafiasi/registration/views.py
+++ b/mafiasi/registration/views.py
@@ -1,4 +1,5 @@
 from smtplib import SMTPRecipientsRefused
+from urllib.parse import urlencode
 
 from django.conf import settings
 from django.contrib import messages
@@ -316,11 +317,12 @@ def _finish_account_request(request, info):
 
 def _send_email_exists(request, username):
     email = Mafiasi.objects.get(username=username).real_email
+    password_reset_url = request.build_absolute_uri(reverse("registration_password_reset"))
     email_content = render_to_string(
         "registration/email_exists.txt",
         {
             "username": username,
-            "password_reset_url": settings.PASSWORD_RESET_URL,
+            "password_reset_url": password_reset_url,
         },
     )
     return _send_mail_or_error_page(
@@ -357,3 +359,20 @@ def _send_mail_or_error_page(subject, content, address, request, email_shown):
             "email": email_shown,
         },
     )
+
+
+def password_reset(request):
+    password_reset_url = settings.PASSWORD_RESET_URL
+    if password_reset_url is None:
+        password_reset_url = (
+            settings.OPENID_ISSUER
+            + "/login-actions/reset-credentials?"
+            + urlencode(
+                {
+                    "response_type": "code",
+                    "client_id": settings.OPENID_CLIENT_ID,
+                    "redirect_uri": request.build_absolute_uri(reverse(settings.LOGIN_URL)),
+                }
+            )
+        )
+    return redirect(password_reset_url)
diff --git a/mafiasi/settings.py b/mafiasi/settings.py
index 0188895c..2713914a 100644
--- a/mafiasi/settings.py
+++ b/mafiasi/settings.py
@@ -30,10 +30,9 @@
 KEYCLOAK_ACCOUNT_CONSOLE_URL = env.str(
     "MAFIASI_KEYCLOAK_ACCOUNT_CONSOLE_URL", default="https://identity.mafiasi.de/realms/mafiasi/account"
 )
-PASSWORD_RESET_URL = env.str(
-    "MAFIASI_PASSWORD_RESET_URL",
-    default="https://identity.mafiasi.de/realms/mafiasi/login-actions/reset-credentials",
-)
+
+# If this is None, it is automatically generated from OPENID_ISSUER
+PASSWORD_RESET_URL = env.str("MAFIASI_PASSWORD_RESET_URL", default=None)
 
 OPENID_SYNC_SUPERUSER = env.bool("MAFIASI_OPENID_SYNC_SUPERUSER", default=True)
 if OPENID_SYNC_SUPERUSER: