Add logs around all password reset requests.

VAN-192

openedx/core/djangoapps/user_authn/views/login.py

@@ -151,6 +151,7 @@ def _enforce_password_policy_compliance(request, user):
         # Allow login, but warn the user that they will be required to reset their password soon.
         PageLevelMessages.register_warning_message(request, six.text_type(e))
     except password_policy_compliance.NonCompliantPasswordException as e:
+        AUDIT_LOG.info("Password reset initiated for email %s.", user.email)
         send_password_reset_email_for_user(user, request)
         # Prevent the login attempt.
         raise AuthFailedError(HTML(six.text_type(e)), error_code=e.__class__.__name__)

openedx/core/djangoapps/user_authn/views/password_reset.py

@@ -597,7 +597,7 @@ def password_change_request_handler(request):
     user = request.user
     # Prefer logged-in user's email
     email = user.email if user.is_authenticated else request.POST.get('email')
-    AUDIT_LOG.info("Password reset initiated for user %s.", email)
+    AUDIT_LOG.info("Password reset initiated for email %s.", email)
 
     if getattr(request, 'limited', False):
         AUDIT_LOG.warning("Password reset rate limit exceeded for email %s.", email)

openedx/core/djangoapps/user_authn/views/tests/test_password.py

@@ -269,7 +269,7 @@ class TestPasswordChange(CreateAccountMixin, CacheIsolationTestCase):
             self.assertEqual(response.status_code, 200)
 
             expected_logs = (
-                (LOGGER_NAME, 'INFO', 'Password reset initiated for user {}.'.format(self.NEW_EMAIL)),
+                (LOGGER_NAME, 'INFO', 'Password reset initiated for email {}.'.format(self.NEW_EMAIL)),
                 (LOGGER_NAME, 'INFO', 'Invalid password reset attempt')
             )
             logger.check(*expected_logs)