Prevent leaking password reset token through Referrer header #30
Conversation
users/urls.py
Outdated
|
|
||
| from .views import (activate, activation_complete, register, | ||
| registration_closed, registration_complete) | ||
|
|
||
| # Attempt to use the auth class based views if available. | ||
| try: | ||
| login_view = auth_views.LoginView.as_view() |
There was a problem hiding this comment.
AFAIK this won't work. e.g. LoginView.as_view() need to called w/ template_name as kwarg.
Same issue w/ all the views being called without kwags.
I would prefer that we simply use the class based views.. and add a warning to README for folks to pin their requirements to use version 0.2.1 or earlier for older django.
|
Thanks for your pull request. Please see comments. |
|
@mishbahr let me know if you need any other changes! |
README.rst
Outdated
| @@ -21,8 +21,9 @@ django-users2 | |||
| :target: https://coveralls.io/r/mishbahr/django-users2?branch=master | |||
|
|
|||
|
|
|||
| Custom user model for django >=1.5 with support for multiple user types and | |||
| lots of other awesome utils (mostly borrowed from other projects). | |||
| Custom user model for django >=1.11 with support for multiple user types and | |||
There was a problem hiding this comment.
Please can we change the wording to something like this:
Custom user model for django >=1.5 with support for multiple user types and lots of other awesome utils (mostly borrowed from other projects). If you are using django < 1.11, please install v0.2.1 or earlier (
pip install django-users2<=0.2.1).
So it's clearer that, it still works for the older versions of django.
Fixes #28