Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Add `SECURITY_SEND_PASSWORD_RESET_NOTICE_EMAIL` config option to opti…

…onally send password reset notice emails. Addresses #199
  • Loading branch information...
commit 11b8222ec5db5428d941297a656f183cc962564a 1 parent be8448a
@mattupstate authored
View
94 docs/configuration.rst
@@ -207,43 +207,57 @@ Miscellaneous
.. tabularcolumns:: |p{6.5cm}|p{8.5cm}|
-======================================= ========================================
-``SECURITY_SEND_REGISTER_EMAIL`` Specifies whether registration email is
- sent. Defaults to ``True``.
-``SECURITY_SEND_PASSWORD_CHANGE_EMAIL`` Specifies whether password change email is
- sent. Defaults to ``True``.
-``SECURITY_CONFIRM_EMAIL_WITHIN`` Specifies the amount of time a user has
- before their confirmation link expires.
- Always pluralized the time unit for this
- value. Defaults to ``5 days``.
-``SECURITY_RESET_PASSWORD_WITHIN`` Specifies the amount of time a user has
- before their password reset link
- expires. Always pluralized the time unit
- for this value. Defaults to ``5 days``.
-``SECURITY_LOGIN_WITHIN`` Specifies the amount of time a user has
- before a login link expires. This is
- only used when the passwordless login
- feature is enabled. Always pluralized
- the time unit for this value. Defaults
- to ``1 days``.
-``SECURITY_LOGIN_WITHOUT_CONFIRMATION`` Specifies if a user may login before
- confirming their email when the value
- of ``SECURITY_CONFIRMABLE`` is set to
- ``True``. Defaults to ``False``.
-``SECURITY_CONFIRM_SALT`` Specifies the salt value when generating
- confirmation links/tokens. Defaults to
- ``confirm-salt``.
-``SECURITY_RESET_SALT`` Specifies the salt value when generating
- password reset links/tokens. Defaults to
- ``reset-salt``.
-``SECURITY_LOGIN_SALT`` Specifies the salt value when generating
- login links/tokens. Defaults to
- ``login-salt``.
-``SECURITY_REMEMBER_SALT`` Specifies the salt value when generating
- remember tokens. Remember tokens are
- used instead of user ID's as it is more
- secure. Defaults to ``remember-salt``.
-``SECURITY_DEFAULT_REMEMBER_ME`` Specifies the default "remember me"
- value used when logging in a user.
- Defaults to ``False``.
-======================================= ========================================
+============================================= ==================================
+``SECURITY_SEND_REGISTER_EMAIL`` Specifies whether registration
+ email is sent. Defaults to
+ ``True``.
+``SECURITY_SEND_PASSWORD_CHANGE_EMAIL`` Specifies whether password change
+ email is sent. Defaults to
+ ``True``.
+``SECURITY_SEND_PASSWORD_RESET_NOTICE_EMAIL`` Specifies whether password reset
+ notice email is sent. Defaults to
+ ``True``.
+
+``SECURITY_CONFIRM_EMAIL_WITHIN`` Specifies the amount of time a
+ user has before their confirmation
+ link expires. Always pluralized
+ the time unit for this value.
+ Defaults to ``5 days``.
+``SECURITY_RESET_PASSWORD_WITHIN`` Specifies the amount of time a
+ user has before their password
+ reset link expires. Always
+ pluralized the time unit for this
+ value. Defaults to ``5 days``.
+``SECURITY_LOGIN_WITHIN`` Specifies the amount of time a
+ user has before a login link
+ expires. This is only used when
+ the passwordless login feature is
+ enabled. Always pluralized the
+ time unit for this value.
+ Defaults to ``1 days``.
+``SECURITY_LOGIN_WITHOUT_CONFIRMATION`` Specifies if a user may login
+ before confirming their email when
+ the value of
+ ``SECURITY_CONFIRMABLE`` is set to
+ ``True``. Defaults to ``False``.
+``SECURITY_CONFIRM_SALT`` Specifies the salt value when
+ generating confirmation
+ links/tokens. Defaults to
+ ``confirm-salt``.
+``SECURITY_RESET_SALT`` Specifies the salt value when
+ generating password reset
+ links/tokens. Defaults to
+ ``reset-salt``.
+``SECURITY_LOGIN_SALT`` Specifies the salt value when
+ generating login links/tokens.
+ Defaults to ``login-salt``.
+``SECURITY_REMEMBER_SALT`` Specifies the salt value when
+ generating remember tokens.
+ Remember tokens are used instead
+ of user ID's as it is more
+ secure. Defaults to
+ ``remember-salt``.
+``SECURITY_DEFAULT_REMEMBER_ME`` Specifies the default "remember
+ me" value used when logging in
+ a user. Defaults to ``False``.
+============================================= ==================================
View
1  flask_security/core.py
@@ -66,6 +66,7 @@
'CHANGEABLE': False,
'SEND_REGISTER_EMAIL': True,
'SEND_PASSWORD_CHANGE_EMAIL': True,
+ 'SEND_PASSWORD_RESET_EMAIL': True,
'LOGIN_WITHIN': '1 days',
'CONFIRM_EMAIL_WITHIN': '5 days',
'RESET_PASSWORD_WITHIN': '5 days',
View
5 flask_security/recoverable.py
@@ -44,8 +44,9 @@ def send_password_reset_notice(user):
:param user: The user to send the notice to
"""
- send_mail(config_value('EMAIL_SUBJECT_PASSWORD_NOTICE'), user.email,
- 'reset_notice', user=user)
+ if config_value('SEND_PASSWORD_RESET_NOTICE_EMAIL'):
+ send_mail(config_value('EMAIL_SUBJECT_PASSWORD_NOTICE'), user.email,
+ 'reset_notice', user=user)
def generate_reset_password_token(user):
Please sign in to comment.
Something went wrong with that request. Please try again.