aboutsummaryrefslogtreecommitdiff
path: root/releasenotes
diff options
context:
space:
mode:
authorStephen Finucane <stephen@that.guru>2021-02-20 12:22:08 +0000
committerStephen Finucane <stephen@that.guru>2021-02-20 14:10:06 +0000
commit8d988f15b8a3c433aa385de7e5ba5129fdba4f40 (patch)
tree5afd038312cbe9774e8d1d0f001c68922f164049 /releasenotes
parentd11ac34e9f0f2a86901ed74da27fa7a2df109728 (diff)
downloadpatchwork-8d988f15b8a3c433aa385de7e5ba5129fdba4f40.tar
patchwork-8d988f15b8a3c433aa385de7e5ba5129fdba4f40.tar.gz
urls: Support sha256-based tokens
Django 3.1 changed the default hashing algorithm used for things like password reset tokens from SHA-1 to SHA-256. As noted in the release notes [1], this is configurable via the 'DEFAULT_HASHING_ALGORITHM' transitional setting, but that's only intended to allow upgrades of multiple instances in a HA deployment and shouldn't be used post upgrade. Instead, we need to fix our URLs to support the longer tokens generated by SHA-256. Long term, we want to replace these regex-based routes with the simpler flask-style template string routes. That's not really backportable so we'll do that separately. [1] https://docs.djangoproject.com/en/3.1/releases/3.1/#default-hashing-algorithm-settings Signed-off-by: Stephen Finucane <stephen@that.guru> Closes: #394
Diffstat (limited to 'releasenotes')
-rw-r--r--releasenotes/notes/issue-394-722c1e6384684469.yaml6
1 files changed, 6 insertions, 0 deletions
diff --git a/releasenotes/notes/issue-394-722c1e6384684469.yaml b/releasenotes/notes/issue-394-722c1e6384684469.yaml
new file mode 100644
index 0000000..eda4f12
--- /dev/null
+++ b/releasenotes/notes/issue-394-722c1e6384684469.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+ - |
+ Fixed a compatability issue with Django 3.1 that prevented users from
+ resetting their password.
+ (`#394 <https://github.com/getpatchwork/patchwork/issues/394>`__)