Merge pull request #163 from joehand/develop

Add option to disable password change email.

docs/configuration.rst

@@ -207,6 +207,8 @@ Miscellaneous
 ======================================= ========================================
 ``SECURITY_SEND_REGISTER_EMAIL``        Specifies whether registration email is
                                         sent. Defaults to ``True``.
+``SECURITY_SEND_PASSWORD_CHANGE_EMAIL`` Specifies whether password change email is
+                                        sent. Defaults to ``True``.
 ``SECURITY_CONFIRM_EMAIL_WITHIN``       Specifies the amount of time a user has
                                         before their confirmation link expires.
                                         Always pluralized the time unit for this

flask_security/changeable.py

@@ -28,7 +28,8 @@ def send_password_changed_notice(user):
 
     :param user: The user to send the notice to
     """
-    send_mail(config_value('EMAIL_SUBJECT_PASSWORD_CHANGE_NOTICE'), user.email,
+    if config_value('SEND_PASSWORD_CHANGE_EMAIL'):
+        send_mail(config_value('EMAIL_SUBJECT_PASSWORD_CHANGE_NOTICE'), user.email,
               'change_notice', user=user)
 
 

flask_security/core.py

@@ -64,6 +64,7 @@ _default_config = {
     'PASSWORDLESS': False,
     'CHANGEABLE': False,
     'SEND_REGISTER_EMAIL': True,
+    'SEND_PASSWORD_CHANGE_EMAIL': True,
     'LOGIN_WITHIN': '1 days',
     'CONFIRM_EMAIL_WITHIN': '5 days',
     'RESET_PASSWORD_WITHIN': '5 days',

tests/configured_tests.py

@@ -493,6 +493,29 @@ class ChangePasswordTest(SecurityTest):
         self.assertIn("/reset", outbox[0].html)
 
 
+class EmailConfigTest(SecurityTest):
+
+    AUTH_CONFIG = {
+        'SECURITY_SEND_REGISTER_EMAIL': False,
+        'SECURITY_SEND_PASSWORD_CHANGE_EMAIL': False,
+    }
+
+    def test_change_password_success_email_option(self):
+        """Test the change password email can be turned off w/ configuration."""
+
+        data = {
+            'password': 'password',
+            'new_password': 'newpassword',
+            'new_password_confirm': 'newpassword'
+        }
+
+        self.authenticate()
+        with self.app.extensions['mail'].record_messages() as outbox:
+            r = self._post('/change', data=data, follow_redirects=True)
+
+        self.assertEqual(len(outbox), 0)
+
+
 class ChangePasswordPostViewTest(SecurityTest):
 
     AUTH_CONFIG = {