From b84d4ba36d5a6f29b8b8f72ad44d0410162add05 Mon Sep 17 00:00:00 2001
From: Frederic <frederic@git.blinkenbunt.org>
Date: Sun, 28 Apr 2019 23:50:14 +0200
Subject: [PATCH] add username field, prepare for salted email hash

---
 bam/forms.py | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/bam/forms.py b/bam/forms.py
index c752de4..6a397e2 100644
--- a/bam/forms.py
+++ b/bam/forms.py
@@ -1,13 +1,18 @@
 import hashlib
 from django.contrib.auth.forms import PasswordResetForm
-from bam.models import Account
+from django.contrib.auth.hashers import check_password
+from django import forms
+from django.utils.translation import gettext, gettext_lazy as _
+from .models import Account
 
 
 class HashedEmailPasswordResetForm(PasswordResetForm):
+    username = forms.CharField(label=_('Username'), max_length=254)
+
     def get_users(self, email):
-        hashed_email = hashlib.sha256(bytes(email, 'utf-8')).hexdigest()
-        accounts = Account.objects.filter(hashed_email=hashed_email)
-        if accounts.count() > 0:
-            return (a.user for a in accounts if a.user.has_usable_password())
-        else:
-            return super().get_users(email)
+        accounts = Account.objects.filter(
+            user__username=self.cleaned_data['username']
+        )
+        return (a.user for a in accounts if a.user.has_usable_password() and
+                (check_password(email, a.hashed_email)
+                 or a.user.email == email))