Possible Bug in password_reset_form
55 views
Skip to first unread message
mwidman
Oct 5, 2015, 5:48:57 PM10/5/15
to Django users
Not sure if this intentional or not, but in Django 1.8.4 the PasswordResetForm's save function only passes a dictionary as the context to "send_mail()".
Because of that, there is now way to add any extra information (i.e. from a RequestContext).
Can anyone say if this is done for some security reason or if the context dictionary should be made into a RequestContext via "make_context"?
Tim Graham
Oct 5, 2015, 7:11:59 PM10/5/15
to Django users
In Django 1.9, the "extra_email_context" parameter was added to achieve this.
https://docs.djangoproject.com/en/1.9/topics/auth/default/#django.contrib.auth.views.password_reset
https://docs.djangoproject.com/en/1.9/topics/auth/default/#django.contrib.auth.views.password_reset
mwidman
Oct 7, 2015, 1:05:12 PM10/7/15
to Django users
Thank you.
I am not sure that solves the problem though (or I just don't understand how to do this): If I am calling password_reset directly from my urls, how do I pass a requestContext into the "extra_email_context"? There is no request sent to "render_to_string" so the RequestContext would need to be created before that point, which either requires subclassing PasswordResetForm's save function or somehow getting access to the request in urls.py to build a RequestContext.
Regards,
Mike
Tim Graham
Oct 7, 2015, 1:14:56 PM10/7/15
to Django users
You could create a custom view function that wraps password_reset() and adds a RequestContext.
Reply all
Reply to author
Forward
0 new messages