Changed the password reset URL which is sent out in the password reset email

message to use https: instead of http:.  This is generally a good idea, and
also silences Google Chrome's phishing warning.  Fixes issue ietf-tools#1204.

This commit should have contained only changes to a template file; by
mistake, changes to two django files were also committed here.  That
change has been undone in [6725].
 - Legacy-Id: 6724
Note: SVN reference [6725] has been migrated to Git commit ca1a04f660aa0473bf8f3aadc7809d462ac4cac0

Author: levkowetz

django/core/handlers/base.py

@@ -176,7 +176,8 @@ def handle_uncaught_exception(self, request, resolver, exc_info):
             request_repr = "Request repr() unavailable"
         message = "%s\n\n%s" % (self._get_traceback(exc_info), request_repr)
         extra_emails = self._get_extra_emails(exc_info)
-        mail_admins(subject, message, fail_silently=True, html_message=html, extra_emails=extra_emails)
+        admin_emails = self._get_admin_emails(exc_info)
+        mail_admins(subject, message, fail_silently=True, html_message=html, extra_emails=extra_emails, admin_emails=admin_emails)
         # If Http500 handler is not installed, re-raise last exception
         if resolver.urlconf_module is None:
             raise exc_info[1], None, exc_info[2]
@@ -200,6 +201,18 @@ def _get_extra_emails(self, exc_info=None):
             tb = tb.tb_next
         return admins
 
+    def _get_admin_emails(self, exc_info=None):
+        """Helper function to retrieve app-specific admin email overrides.
+        Here we stop as soon as we've found a setting, since the purpose
+        here is to be able to limit the distribution of email notifications
+        for especially sensitive modules."""
+        etype, value, tb = exc_info or sys.exc_info()
+        while tb is not None:
+            f = tb.tb_frame
+            if "ADMIN_EMAILS" in f.f_globals:
+                return f.f_globals["ADMIN_EMAILS"]
+        return None
+
     def apply_response_fixes(self, request, response):
         """
         Applies each of the functions in self.response_fixes to the request and

django/core/mail/__init__.py

@@ -83,11 +83,11 @@ def send_mass_mail(datatuple, fail_silently=False, auth_user=None,
     return connection.send_messages(messages)
 
 
-def mail_admins(subject, message, fail_silently=False, connection=None, html_message=None, extra_emails=[]):
+def mail_admins(subject, message, fail_silently=False, connection=None, html_message=None, extra_emails=[], admin_emails=None):
     """Sends a message to the admins, as defined by the ADMINS setting."""
-    if not (settings.ADMINS or extra_emails):
+    if not (settings.ADMINS or extra_emails or admin_emails):
         return
-    emails = set(list(settings.ADMINS) + extra_emails)
+    emails = admin_emails if admin_emails else set(list(settings.ADMINS) + extra_emails)
     from django.core.mail import EmailMultiAlternatives
     msg = EmailMultiAlternatives(settings.EMAIL_SUBJECT_PREFIX + subject, message, settings.SERVER_EMAIL, [a[1] for a in emails])
     if html_message:

ietf/templates/registration/password_reset_email.txt

@@ -6,7 +6,7 @@ at {{ domain }}.  In order to set a new password for the
 {{ username }} account, please go to the following link and
 follow the instructions there:
 
-   http://{{ domain }}{% url confirm_password_reset username today realm auth %}
+   https://{{ domain }}{% url confirm_password_reset username today realm auth %}
 
 This link will expire in {{ expire }} days.