diff options
| author | Tim Graham <timograham@gmail.com> | 2018-03-20 17:19:27 -0400 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2018-03-22 10:03:43 -0400 |
| commit | a4f0e9aec76ee40c938d3bf450ff63211b7ba1f1 (patch) | |
| tree | 65c8d99ed6a2ef86f6ff4773c87900a349e1c735 /docs/ref | |
| parent | d97cce34096043b019e818a7fb98c0f9f073704c (diff) | |
Fixed #28718 -- Allowed user to request a password reset if their password doesn't use an enabled hasher.
Regression in aeb1389442d0f9669edf6660b747fd10693b63a7.
Reverted changes to is_password_usable() from
703c266682be39f7153498ad0d8031231f12ee79 and documentation changes from
92f48680dbd2e02f2b33f6ad0e35b7d337889fb2.
Diffstat (limited to 'docs/ref')
| -rw-r--r-- | docs/ref/contrib/auth.txt | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/docs/ref/contrib/auth.txt b/docs/ref/contrib/auth.txt index e05280367c..2b1aa9ae08 100644 --- a/docs/ref/contrib/auth.txt +++ b/docs/ref/contrib/auth.txt @@ -212,9 +212,15 @@ Methods Returns ``False`` if :meth:`~django.contrib.auth.models.User.set_unusable_password()` has - been called for this user, or if the password is ``None``, or if the - password uses a hasher that's not in the :setting:`PASSWORD_HASHERS` - setting. + been called for this user. + + .. versionchanged:: 2.1 + + In older versions, this also returns ``False`` if the password is + ``None`` or an empty string, or if the password uses a hasher + that's not in the :setting:`PASSWORD_HASHERS` setting. That + behavior is considered a bug as it prevents users with such + passwords from requesting a password reset. .. method:: get_group_permissions(obj=None) |
