summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorJannis Leidel <jannis@leidel.info>2011-06-26 16:51:34 +0000
committerJannis Leidel <jannis@leidel.info>2011-06-26 16:51:34 +0000
commit2619dc828510cf36791fcf87705d2f9ce3176c86 (patch)
tree5fe13b0c2a8fcf19cbb7152bc2f4e2adcb0ba2bc /docs
parent821d8aaaaad3f4d11f29eb54a7812f363b5f07cb (diff)
Fixed #14674 -- Prevent user accounts with an unusable password from resetting passwords. Thanks, summerisgone, thejaswi_puthraya and lrekucki.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16455 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'docs')
-rw-r--r--docs/topics/auth.txt6
1 files changed, 6 insertions, 0 deletions
diff --git a/docs/topics/auth.txt b/docs/topics/auth.txt
index 4d40458379..e7f606b3d0 100644
--- a/docs/topics/auth.txt
+++ b/docs/topics/auth.txt
@@ -1011,6 +1011,12 @@ includes a few other useful built-in views located in
* ``form``: The form for resetting the user's password.
+ .. versionchanged:: 1.4
+ Users flagged with an unusable password (see
+ :meth:`~django.contrib.auth.models.User.set_unusable_password()`
+ will not be able to request a password reset to prevent misuse
+ when using an external authentication source like LDAP.
+
.. function:: password_reset_done(request[, template_name])
The page shown after a user has been emailed a link to reset their