From b55ebe32417e0884b6b8b3e1bc0379033aa221af Mon Sep 17 00:00:00 2001
From: Brad Solomon <25164676+bsolomon1124@users.noreply.github.com>
Date: Thu, 9 Sep 2021 08:11:51 -0400
Subject: [PATCH] Fixed #33443 -- Clarified when PasswordResetView sends an
 email.

---
 docs/topics/auth/default.txt | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/docs/topics/auth/default.txt b/docs/topics/auth/default.txt
index 23e0836d85..d099778836 100644
--- a/docs/topics/auth/default.txt
+++ b/docs/topics/auth/default.txt
@@ -1281,10 +1281,20 @@ implementation details see :ref:`using-the-views`.
     that can be used to reset the password, and sending that link to the
     user's registered email address.
 
-    If the email address provided does not exist in the system, this view
-    won't send an email, but the user won't receive any error message either.
-    This prevents information leaking to potential attackers. If you want to
-    provide an error message in this case, you can subclass
+    This view will send an email if the following conditions are met:
+
+    * The email address provided exists in the system.
+    * The requested user is active (``User.is_active`` is ``True``).
+    * The requested user has a usable password. Users flagged with an unusable
+      password (see
+      :meth:`~django.contrib.auth.models.User.set_unusable_password`) aren't
+      allowed to request a password reset to prevent misuse when using an
+      external authentication source like LDAP.
+
+    If any of these conditions are *not* met, no email will be sent, but the
+    user won't receive any error message either. This prevents information
+    leaking to potential attackers. If you want to provide an error message in
+    this case, you can subclass
     :class:`~django.contrib.auth.forms.PasswordResetForm` and use the
     ``form_class`` attribute.
 
@@ -1298,13 +1308,6 @@ implementation details see :ref:`using-the-views`.
         that allows to send emails asynchronously, e.g. `django-mailer
         <https://pypi.org/project/django-mailer/>`_.
 
-    Users flagged with an unusable password (see
-    :meth:`~django.contrib.auth.models.User.set_unusable_password()` aren't
-    allowed to request a password reset to prevent misuse when using an
-    external authentication source like LDAP. Note that they won't receive any
-    error message since this would expose their account's existence but no
-    mail will be sent either.
-
     **Attributes:**
 
     .. attribute:: template_name