diff options
| author | Hasan Ramezani <hasan.r67@gmail.com> | 2019-08-23 17:14:07 +0200 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2019-09-20 13:52:04 +0200 |
| commit | 226ebb17290b604ef29e82fb5c1fbac3594ac163 (patch) | |
| tree | 6845abde1e47ec7f5d295ab609becce3c7f492a8 /docs | |
| parent | 0719edcd5fed56157ffb3323a8f634aa5e8f9a80 (diff) | |
Fixed #28622 -- Allowed specifying password reset link expiration in seconds and deprecated PASSWORD_RESET_TIMEOUT_DAYS.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/internals/deprecation.txt | 2 | ||||
| -rw-r--r-- | docs/ref/settings.txt | 17 | ||||
| -rw-r--r-- | docs/releases/3.1.txt | 8 |
3 files changed, 26 insertions, 1 deletions
diff --git a/docs/internals/deprecation.txt b/docs/internals/deprecation.txt index 03e9fa93ce..d79641a19c 100644 --- a/docs/internals/deprecation.txt +++ b/docs/internals/deprecation.txt @@ -34,6 +34,8 @@ details on these changes. * ``django.utils.http.is_safe_url()`` will be removed. +* The ``PASSWORD_RESET_TIMEOUT_DAYS`` setting will be removed. + See the :ref:`Django 3.1 release notes <deprecated-features-3.1>` for more details on these changes. diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt index a517a72f2f..fe103162ef 100644 --- a/docs/ref/settings.txt +++ b/docs/ref/settings.txt @@ -2872,6 +2872,19 @@ doesn't have a ``next_page`` attribute. If ``None``, no redirect will be performed and the logout view will be rendered. +.. setting:: PASSWORD_RESET_TIMEOUT + +``PASSWORD_RESET_TIMEOUT`` +-------------------------- + +.. versionadded:: 3.1 + +Default: ``259200`` (3 days, in seconds) + +The minimum number of seconds a password reset link is valid for. + +Used by the :class:`~django.contrib.auth.views.PasswordResetConfirmView`. + .. setting:: PASSWORD_RESET_TIMEOUT_DAYS ``PASSWORD_RESET_TIMEOUT_DAYS`` @@ -2884,6 +2897,10 @@ when the link is generated, it will be valid for up to a day longer. Used by the :class:`~django.contrib.auth.views.PasswordResetConfirmView`. +.. deprecated:: 3.1 + + This setting is deprecated. Use :setting:`PASSWORD_RESET_TIMEOUT` instead. + .. setting:: PASSWORD_HASHERS ``PASSWORD_HASHERS`` diff --git a/docs/releases/3.1.txt b/docs/releases/3.1.txt index 865ae60ec3..d448fc57b0 100644 --- a/docs/releases/3.1.txt +++ b/docs/releases/3.1.txt @@ -46,6 +46,11 @@ Minor features * The default iteration count for the PBKDF2 password hasher is increased from 180,000 to 216,000. +* Added the :setting:`PASSWORD_RESET_TIMEOUT` setting to define the minimum + number of seconds a password reset link is valid for. This is encouraged + instead of deprecated ``PASSWORD_RESET_TIMEOUT_DAYS``, which will be removed + in Django 4.0. + :mod:`django.contrib.contenttypes` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -222,7 +227,8 @@ Features deprecated in 3.1 Miscellaneous ------------- -* ... +* ``PASSWORD_RESET_TIMEOUT_DAYS`` setting is deprecated in favor of + :setting:`PASSWORD_RESET_TIMEOUT`. .. _removed-features-3.1: |
