Changed the password reset URL which is sent out in the password reset email

message to use https: instead of http:. This is generally a good idea, and also silences Google Chrome's phishing warning. Fixes issue #1204. This commit should have contained only changes to a template file; by mistake, changes to two django files were also committed here. That change has been undone in [6725]. - Legacy-Id: 6724 Note: SVN reference [6725] has been migrated to Git commit ca1a04f660aa0473bf8f3aadc7809d462ac4cac0
2013-11-21 16:35:22 +00:00 · 2013-11-21 16:35:22 +00:00 · 8f67ca6826
parent afb09a0c71
commit 8f67ca6826
3 changed files with 18 additions and 5 deletions
--- a/django/core/handlers/base.py
+++ b/django/core/handlers/base.py
@ -176,7 +176,8 @@ class BaseHandler(object):
            request_repr = "Request repr() unavailable"
        message = "%s\n\n%s" % (self._get_traceback(exc_info), request_repr)
        extra_emails = self._get_extra_emails(exc_info)
-        mail_admins(subject, message, fail_silently=True, html_message=html, extra_emails=extra_emails)
+        admin_emails = self._get_admin_emails(exc_info)
+        mail_admins(subject, message, fail_silently=True, html_message=html, extra_emails=extra_emails, admin_emails=admin_emails)
        # If Http500 handler is not installed, re-raise last exception
        if resolver.urlconf_module is None:
            raise exc_info[1], None, exc_info[2]
@ -200,6 +201,18 @@ class BaseHandler(object):
            tb = tb.tb_next
        return admins

+    def _get_admin_emails(self, exc_info=None):
+        """Helper function to retrieve app-specific admin email overrides.
+        Here we stop as soon as we've found a setting, since the purpose
+        here is to be able to limit the distribution of email notifications
+        for especially sensitive modules."""
+        etype, value, tb = exc_info or sys.exc_info()
+        while tb is not None:
+            f = tb.tb_frame
+            if "ADMIN_EMAILS" in f.f_globals:
+                return f.f_globals["ADMIN_EMAILS"]
+        return None
+
    def apply_response_fixes(self, request, response):
        """
        Applies each of the functions in self.response_fixes to the request and
--- a/django/core/mail/init.py
+++ b/django/core/mail/init.py
@ -83,11 +83,11 @@ def send_mass_mail(datatuple, fail_silently=False, auth_user=None,
    return connection.send_messages(messages)


-def mail_admins(subject, message, fail_silently=False, connection=None, html_message=None, extra_emails=[]):
+def mail_admins(subject, message, fail_silently=False, connection=None, html_message=None, extra_emails=[], admin_emails=None):
    """Sends a message to the admins, as defined by the ADMINS setting."""
-    if not (settings.ADMINS or extra_emails):
+    if not (settings.ADMINS or extra_emails or admin_emails):
        return
-    emails = set(list(settings.ADMINS) + extra_emails)
+    emails = admin_emails if admin_emails else set(list(settings.ADMINS) + extra_emails)
    from django.core.mail import EmailMultiAlternatives
    msg = EmailMultiAlternatives(settings.EMAIL_SUBJECT_PREFIX + subject, message, settings.SERVER_EMAIL, [a[1] for a in emails])
    if html_message:
--- a/ietf/templates/registration/password_reset_email.txt
+++ b/ietf/templates/registration/password_reset_email.txt
@ -6,7 +6,7 @@ at {{ domain }}.  In order to set a new password for the
 {{ username }} account, please go to the following link and
 follow the instructions there:

-   http://{{ domain }}{% url confirm_password_reset username today realm auth %}
+   https://{{ domain }}{% url confirm_password_reset username today realm auth %}

 This link will expire in {{ expire }} days.