From 2619dc828510cf36791fcf87705d2f9ce3176c86 Mon Sep 17 00:00:00 2001 From: Jannis Leidel Date: Sun, 26 Jun 2011 16:51:34 +0000 Subject: Fixed #14674 -- Prevent user accounts with an unusable password from resetting passwords. Thanks, summerisgone, thejaswi_puthraya and lrekucki. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16455 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- docs/topics/auth.txt | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'docs') diff --git a/docs/topics/auth.txt b/docs/topics/auth.txt index 4d40458379..e7f606b3d0 100644 --- a/docs/topics/auth.txt +++ b/docs/topics/auth.txt @@ -1011,6 +1011,12 @@ includes a few other useful built-in views located in * ``form``: The form for resetting the user's password. + .. versionchanged:: 1.4 + Users flagged with an unusable password (see + :meth:`~django.contrib.auth.models.User.set_unusable_password()` + will not be able to request a password reset to prevent misuse + when using an external authentication source like LDAP. + .. function:: password_reset_done(request[, template_name]) The page shown after a user has been emailed a link to reset their -- cgit v1.3