Opened 6 years ago

Last modified 12 months ago

#22752 assigned Cleanup/optimization

PasswordResetForm email context is missing current_app

Reported by: Ben Davis Owned by: Hasan Ramezani
Component: contrib.auth Version: master
Severity: Normal Keywords:
Cc: Ben Davis Triage Stage: Accepted
Has patch: yes Needs documentation: yes
Needs tests: yes Patch needs improvement: yes
Easy pickings: no UI/UX: no


I have multiple namespace instances for password reset urls. The email template rendered by the default PasswordResetForm does not included a current_app context. It's an easy fix, though, ass the PasswordResetForm already has self.current_app. Just need to wrap the context instance passed to the email template:

  • django/contrib/auth/

    diff --git a/django/contrib/auth/ b/django/contrib/auth/
    index 6e07d45..baef873 100644
    a b from collections import OrderedDict 
    55from django import forms
    66from django.forms.utils import flatatt
    7 from django.template import loader
     7from django.template import loader, Context
    88from django.utils.encoding import force_bytes
    99from django.utils.html import format_html, format_html_join
    1010from django.utils.http import urlsafe_base64_encode
    class PasswordResetForm(forms.Form): 
    264264                'token': token_generator.make_token(user),
    265265                'protocol': 'https' if use_https else 'http',
    266266            }
    267             subject = loader.render_to_string(subject_template_name, c)
     267            context_instance = Context(current_app=self.current_app)
     268            subject = loader.render_to_string(
     269                subject_template_name, c, context_instance)
    268270            # Email subject *must not* contain newlines
    269271            subject = ''.join(subject.splitlines())
    270             email = loader.render_to_string(email_template_name, c)
     272            email = loader.render_to_string(
     273                email_template_name, c, context_instance)
    272275            if html_email_template_name:
    273276                html_email = loader.render_to_string(html_email_template_name, c)

Change History (6)

comment:1 Changed 6 years ago by Ben Davis

Correction, PasswordResetForm does not have current_app built in. That needs to be added as well.

comment:2 Changed 6 years ago by Daniele Procida

Easy pickings: unset

comment:3 Changed 6 years ago by Baptiste Mispelon

Has patch: set
Needs documentation: set
Needs tests: set
Patch needs improvement: set
Triage Stage: UnreviewedAccepted
Type: UncategorizedCleanup/optimization


I agree that it would be good to have the current app while rendering the body of the email because it would help with reversing URLs inside it.
However, I don't really understand the use-case behind having the current app when rendering the subject line.

In any case, the provided patch doesn't apply on master and it's also going to require tests and documentation.


comment:4 Changed 6 years ago by Ben Davis

@bmispelon, I think one would expect the context to be identical in both the body and the subject. Whether or not there's a use case, I can't think of any justification for making them separate. I plan on working on this (as well as various other tickets I've submitted) once I get a little more free time.

comment:5 Changed 6 years ago by Ben Davis

Cc: Ben Davis added

comment:6 Changed 12 months ago by Hasan Ramezani

Owner: changed from nobody to Hasan Ramezani
Status: newassigned

@felixxm Do we still need this ticket?

Note: See TracTickets for help on using tickets.
Back to Top