summaryrefslogtreecommitdiff
path: root/docs/ref
diff options
context:
space:
mode:
authorTim Graham <timograham@gmail.com>2018-03-20 17:19:27 -0400
committerTim Graham <timograham@gmail.com>2018-03-22 10:03:43 -0400
commita4f0e9aec76ee40c938d3bf450ff63211b7ba1f1 (patch)
tree65c8d99ed6a2ef86f6ff4773c87900a349e1c735 /docs/ref
parentd97cce34096043b019e818a7fb98c0f9f073704c (diff)
Fixed #28718 -- Allowed user to request a password reset if their password doesn't use an enabled hasher.
Regression in aeb1389442d0f9669edf6660b747fd10693b63a7. Reverted changes to is_password_usable() from 703c266682be39f7153498ad0d8031231f12ee79 and documentation changes from 92f48680dbd2e02f2b33f6ad0e35b7d337889fb2.
Diffstat (limited to 'docs/ref')
-rw-r--r--docs/ref/contrib/auth.txt12
1 files changed, 9 insertions, 3 deletions
diff --git a/docs/ref/contrib/auth.txt b/docs/ref/contrib/auth.txt
index e05280367c..2b1aa9ae08 100644
--- a/docs/ref/contrib/auth.txt
+++ b/docs/ref/contrib/auth.txt
@@ -212,9 +212,15 @@ Methods
Returns ``False`` if
:meth:`~django.contrib.auth.models.User.set_unusable_password()` has
- been called for this user, or if the password is ``None``, or if the
- password uses a hasher that's not in the :setting:`PASSWORD_HASHERS`
- setting.
+ been called for this user.
+
+ .. versionchanged:: 2.1
+
+ In older versions, this also returns ``False`` if the password is
+ ``None`` or an empty string, or if the password uses a hasher
+ that's not in the :setting:`PASSWORD_HASHERS` setting. That
+ behavior is considered a bug as it prevents users with such
+ passwords from requesting a password reset.
.. method:: get_group_permissions(obj=None)