Opened 2 years ago

Last modified 9 months ago

#17431 new New feature

Allow PasswordResetForm subclasses full control over email message to send

Reported by: ejucovy Owned by: nobody
Component: contrib.auth Version: master
Severity: Normal Keywords:
Cc: timograham@… Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: yes
Easy pickings: no UI/UX: no


The django.contrib.auth.forms.PasswordResetForm has logic to:

  1. Validate that an active user exists with the email address provided
  2. Generate an unguessable URL for the given user to reset his password using a timestamped token
  3. Construct an email with a link to that URL
  4. Send that email to the given user's email address

The .save() method of the form class is responsible for three of these four tasks. The .save() method includes parameters for overriding the subject, body, and From: address of the email to be sent. However, it's sometimes necessary to have more control over the email that will be sent. These use cases could include:

  1. BCC'ing a site administrator with a copy of the email sent
  2. Setting a custom Reply-To like "password-reset-help@…" that is distinct from the message's From: address
  3. Setting a text/html MIME type for the message, or using an EmailMultiAlternatives object to attach both text and HTML versions of the message

For all of these use cases, the knobs currently provided are insufficient, and require copying over all the logic in the .save() method.

The attached patch satisfies these use cases by allowing the user to subclass PasswordResetForm and override a .construct_email() method, whose job is to construct and return an EmailMessage to be sent by the .save() method. The changes are fully backwards-compatible, and a test demonstrating the subclassing approach is provided.

Attachments (1)

password_reset_custom_email.diff (4.3 KB) - added by ejucovy 2 years ago.

Download all attachments as: .zip

Change History (7)

Changed 2 years ago by ejucovy

comment:1 Changed 2 years ago by aaugustin

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Accepted

comment:2 follow-up: Changed 2 years ago by anonymous

My need is to include an additional variable in the context that is used to render the email template. I don't see that the patch provided supports that use case?

comment:3 in reply to: ↑ 2 Changed 2 years ago by ejucovy

Replying to anonymous:

My need is to include an additional variable in the context that is used to render the email template. I don't see that the patch provided supports that use case?

Where will your extra context variable be coming from?

If it's something that you can derive without access to a request, then you can just inject it into the context in your overridden construct_email method. Likewise if it's something derived from request.POST then will contain the full POSTed form, and you can inject your needed variable in construct_email.

comment:4 Changed 2 years ago by aaugustin

#12684 was a duplicate.

comment:5 Changed 16 months ago by revolunet

Thanks ejucovy

+1 on this;

we definitely need to have full control on the sent email template and context.

comment:6 Changed 9 months ago by timo

  • Cc timograham@… added
  • Patch needs improvement set

Patch needs to be updated to apply cleanly.

Add Comment

Modify Ticket

Change Properties
<Author field>
as new
The owner will be changed from nobody to anonymous. Next status will be 'assigned'
as The resolution will be set. Next status will be 'closed'

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.