Opened 2 months ago
Closed 2 months ago
#35834 closed Bug (wontfix)
PasswordResetForm doesn't forward exceptions when email sending fails
Reported by: | Olivier LEVILLAIN | Owned by: | |
---|---|---|---|
Component: | contrib.auth | Version: | 5.1 |
Severity: | Normal | Keywords: | |
Cc: | Olivier LEVILLAIN | Triage Stage: | Unreviewed |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | yes | UI/UX: | no |
Description
In PasswordResetForm, the code to send the reset email is:
try: email_message.send() except Exception: logger.exception( "Failed to send password reset email to %s", context["user"].pk )
==> if the email sending fails (because for instance of an email password change), the user who asked for a reset will see it as a success and never receive his email and the admin will have to look at the logs to understand what happened
It would be better if the exception was forwarded and an error appears on the users screen.
Change History (1)
comment:1 by , 2 months ago
Resolution: | → wontfix |
---|---|
Status: | new → closed |
Type: | Uncategorized → Bug |
Note:
See TracTickets
for help on using tickets.
When submitting an issue like this, you should check why the code was added. In this case, your proposal is to revert a security patch:
In 8c35a0a903fd979e3262fe300ca084ffbfb300d6: