Skip to content

Commit 11b8222

Browse files
author
Matt Wright
committed
Add SECURITY_SEND_PASSWORD_RESET_NOTICE_EMAIL config option to optionally send password reset notice emails. Addresses pallets-eco#199 
1 parent be8448a commit 11b8222

3 files changed

Lines changed: 58 additions & 42 deletions

File tree

docs/configuration.rst

Lines changed: 54 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -207,43 +207,57 @@ Miscellaneous
207207

208208
.. tabularcolumns:: |p{6.5cm}|p{8.5cm}|
209209

210-
======================================= ========================================
211-
``SECURITY_SEND_REGISTER_EMAIL`` Specifies whether registration email is
212-
sent. Defaults to ``True``.
213-
``SECURITY_SEND_PASSWORD_CHANGE_EMAIL`` Specifies whether password change email is
214-
sent. Defaults to ``True``.
215-
``SECURITY_CONFIRM_EMAIL_WITHIN`` Specifies the amount of time a user has
216-
before their confirmation link expires.
217-
Always pluralized the time unit for this
218-
value. Defaults to ``5 days``.
219-
``SECURITY_RESET_PASSWORD_WITHIN`` Specifies the amount of time a user has
220-
before their password reset link
221-
expires. Always pluralized the time unit
222-
for this value. Defaults to ``5 days``.
223-
``SECURITY_LOGIN_WITHIN`` Specifies the amount of time a user has
224-
before a login link expires. This is
225-
only used when the passwordless login
226-
feature is enabled. Always pluralized
227-
the time unit for this value. Defaults
228-
to ``1 days``.
229-
``SECURITY_LOGIN_WITHOUT_CONFIRMATION`` Specifies if a user may login before
230-
confirming their email when the value
231-
of ``SECURITY_CONFIRMABLE`` is set to
232-
``True``. Defaults to ``False``.
233-
``SECURITY_CONFIRM_SALT`` Specifies the salt value when generating
234-
confirmation links/tokens. Defaults to
235-
``confirm-salt``.
236-
``SECURITY_RESET_SALT`` Specifies the salt value when generating
237-
password reset links/tokens. Defaults to
238-
``reset-salt``.
239-
``SECURITY_LOGIN_SALT`` Specifies the salt value when generating
240-
login links/tokens. Defaults to
241-
``login-salt``.
242-
``SECURITY_REMEMBER_SALT`` Specifies the salt value when generating
243-
remember tokens. Remember tokens are
244-
used instead of user ID's as it is more
245-
secure. Defaults to ``remember-salt``.
246-
``SECURITY_DEFAULT_REMEMBER_ME`` Specifies the default "remember me"
247-
value used when logging in a user.
248-
Defaults to ``False``.
249-
======================================= ========================================
210+
============================================= ==================================
211+
``SECURITY_SEND_REGISTER_EMAIL`` Specifies whether registration
212+
email is sent. Defaults to
213+
``True``.
214+
``SECURITY_SEND_PASSWORD_CHANGE_EMAIL`` Specifies whether password change
215+
email is sent. Defaults to
216+
``True``.
217+
``SECURITY_SEND_PASSWORD_RESET_NOTICE_EMAIL`` Specifies whether password reset
218+
notice email is sent. Defaults to
219+
``True``.
220+
221+
``SECURITY_CONFIRM_EMAIL_WITHIN`` Specifies the amount of time a
222+
user has before their confirmation
223+
link expires. Always pluralized
224+
the time unit for this value.
225+
Defaults to ``5 days``.
226+
``SECURITY_RESET_PASSWORD_WITHIN`` Specifies the amount of time a
227+
user has before their password
228+
reset link expires. Always
229+
pluralized the time unit for this
230+
value. Defaults to ``5 days``.
231+
``SECURITY_LOGIN_WITHIN`` Specifies the amount of time a
232+
user has before a login link
233+
expires. This is only used when
234+
the passwordless login feature is
235+
enabled. Always pluralized the
236+
time unit for this value.
237+
Defaults to ``1 days``.
238+
``SECURITY_LOGIN_WITHOUT_CONFIRMATION`` Specifies if a user may login
239+
before confirming their email when
240+
the value of
241+
``SECURITY_CONFIRMABLE`` is set to
242+
``True``. Defaults to ``False``.
243+
``SECURITY_CONFIRM_SALT`` Specifies the salt value when
244+
generating confirmation
245+
links/tokens. Defaults to
246+
``confirm-salt``.
247+
``SECURITY_RESET_SALT`` Specifies the salt value when
248+
generating password reset
249+
links/tokens. Defaults to
250+
``reset-salt``.
251+
``SECURITY_LOGIN_SALT`` Specifies the salt value when
252+
generating login links/tokens.
253+
Defaults to ``login-salt``.
254+
``SECURITY_REMEMBER_SALT`` Specifies the salt value when
255+
generating remember tokens.
256+
Remember tokens are used instead
257+
of user ID's as it is more
258+
secure. Defaults to
259+
``remember-salt``.
260+
``SECURITY_DEFAULT_REMEMBER_ME`` Specifies the default "remember
261+
me" value used when logging in
262+
a user. Defaults to ``False``.
263+
============================================= ==================================

flask_security/core.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -66,6 +66,7 @@
6666
'CHANGEABLE': False,
6767
'SEND_REGISTER_EMAIL': True,
6868
'SEND_PASSWORD_CHANGE_EMAIL': True,
69+
'SEND_PASSWORD_RESET_EMAIL': True,
6970
'LOGIN_WITHIN': '1 days',
7071
'CONFIRM_EMAIL_WITHIN': '5 days',
7172
'RESET_PASSWORD_WITHIN': '5 days',

flask_security/recoverable.py

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -44,8 +44,9 @@ def send_password_reset_notice(user):
4444
4545
:param user: The user to send the notice to
4646
"""
47-
send_mail(config_value('EMAIL_SUBJECT_PASSWORD_NOTICE'), user.email,
48-
'reset_notice', user=user)
47+
if config_value('SEND_PASSWORD_RESET_NOTICE_EMAIL'):
48+
send_mail(config_value('EMAIL_SUBJECT_PASSWORD_NOTICE'), user.email,
49+
'reset_notice', user=user)
4950

5051

5152
def generate_reset_password_token(user):

0 commit comments

Comments
 (0)