From 1184d077893ff1bc947e45b00a4d565f3df81776 Mon Sep 17 00:00:00 2001 From: Tim Graham Date: Fri, 21 Jun 2013 16:59:33 -0400 Subject: Fixed #14881 -- Modified password reset to work with a non-integer UserModel.pk. uid is now base64 encoded in password reset URLs/views. A backwards compatible password_reset_confirm view/URL will allow password reset links generated before this change to continue to work. This view will be removed in Django 1.7. Thanks jonash for the initial patch and claudep for the review. --- docs/internals/deprecation.txt | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'docs/internals') diff --git a/docs/internals/deprecation.txt b/docs/internals/deprecation.txt index 45f82b49e6..9672746717 100644 --- a/docs/internals/deprecation.txt +++ b/docs/internals/deprecation.txt @@ -326,6 +326,14 @@ these changes. remove calls to this method, and instead ensure that their auth related views are CSRF protected, which ensures that cookies are enabled. +* The version of :func:`django.contrib.auth.views.password_reset_confirm` that + supports base36 encoded user IDs + (``django.contrib.auth.views.password_reset_confirm_uidb36``) will be + removed. If your site has been running Django 1.6 for more than + :setting:`PASSWORD_RESET_TIMEOUT_DAYS`, this change will have no effect. If + not, then any password reset links generated before you upgrade to Django 1.7 + won't work after the upgrade. + 1.8 --- -- cgit v1.3