1
votes

I registered a user in a Weblate installation (a Django based translation system) and input an incorrect email address for the user. After trying to send a reset password email, I received a Delivery Status Notification (Failure) email from the mail provider, with the error code 550 Requested action not taken: mailbox unavailable.

Afterwards, no matter which email address I input into the reset password email form (even other users already registered), Django tries to send the reset email to that incorrect email address. I receive similar bounce messages from the mail provider. The emails sent have the same target address, and the same id parameter in the verification url, but different verification_codes.

I tried looking in logs, and the only thing of interest is:

INFO:weblate:sending notification reset on 2414792abd0d4bcb92fd654c2f020ac0 to [email protected]

…which didn't help me in searching through Django's source code either.

Is there some sort of email queue that contains the incorrect address that I need to flush?

1
Can you try clearing your session cookies and see if that works?solarissmoke
@solarissmoke That worked. Thanks, that didn't occur to me. Would you care to write it as an answer, so I can award you your points?Dag Høidahl
I'm just trying to work out why this is the case, and will post an answer with explanation.solarissmoke

1 Answers

2
votes

Weblate doesn't use Django's built in password reset functionality but uses python-social-auth instead. Looking at the code it seems like it uses session variables to pass information to/from python-social-auth.

The problem is that if a session already exists (i.e., a user has requested a password reset) then it will not refresh the session if you submit a new request, regardless of what email address you submit in the form.

Solution: clear your cookies. Might also be worth filing a bug report?