id summary reporter owner description type status component version severity resolution keywords cc stage has_patch needs_docs needs_tests needs_better_patch easy ui_ux 8404 Auth password reset tests are too restrictive about template requirements Malcolm Tredinnick nobody "The tests in `django.contrib.auth.tests.views.PasswordResetTest` check for a correct ""failure to submit"" with an invalid email address by looking for a particular error message string. The problem is that this string actually reveals that a particular email address isn't on the system. So if somebody writes a password reset template for their own sites that doesn't reveal the presence or absence of a user (an ITS requirement in some organisations, e.g. financial sites), there is no way to have that test pass. So we need to come up with a better way to test for ""success"" (i.e. failure to submit the form) when the email address doesn't exist in the system. Possibly just easing back and checking for the existence of form.errors in the template rendering will be enough (or the existence of that error message in the context used for rendering), rather than checking the actual string output so carefully is enough. But maybe somebody has another idea." Bug closed contrib.auth dev Normal fixed siddhartag@… Accepted 0 0 0 0 0 0