diff options
author | Stephen Finucane <stephen@that.guru> | 2021-02-20 12:22:08 +0000 |
---|---|---|
committer | Stephen Finucane <stephen@that.guru> | 2021-02-20 14:10:06 +0000 |
commit | 8d988f15b8a3c433aa385de7e5ba5129fdba4f40 (patch) | |
tree | 5afd038312cbe9774e8d1d0f001c68922f164049 /releasenotes | |
parent | d11ac34e9f0f2a86901ed74da27fa7a2df109728 (diff) | |
download | patchwork-8d988f15b8a3c433aa385de7e5ba5129fdba4f40.tar patchwork-8d988f15b8a3c433aa385de7e5ba5129fdba4f40.tar.gz |
urls: Support sha256-based tokens
Django 3.1 changed the default hashing algorithm used for things like
password reset tokens from SHA-1 to SHA-256. As noted in the release
notes [1], this is configurable via the 'DEFAULT_HASHING_ALGORITHM'
transitional setting, but that's only intended to allow upgrades of
multiple instances in a HA deployment and shouldn't be used post
upgrade. Instead, we need to fix our URLs to support the longer tokens
generated by SHA-256.
Long term, we want to replace these regex-based routes with the simpler
flask-style template string routes. That's not really backportable so
we'll do that separately.
[1] https://docs.djangoproject.com/en/3.1/releases/3.1/#default-hashing-algorithm-settings
Signed-off-by: Stephen Finucane <stephen@that.guru>
Closes: #394
Diffstat (limited to 'releasenotes')
-rw-r--r-- | releasenotes/notes/issue-394-722c1e6384684469.yaml | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/releasenotes/notes/issue-394-722c1e6384684469.yaml b/releasenotes/notes/issue-394-722c1e6384684469.yaml new file mode 100644 index 0000000..eda4f12 --- /dev/null +++ b/releasenotes/notes/issue-394-722c1e6384684469.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Fixed a compatability issue with Django 3.1 that prevented users from + resetting their password. + (`#394 <https://github.com/getpatchwork/patchwork/issues/394>`__) |