New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prevent leaking password reset token through Referrer header #30
Conversation
users/urls.py
Outdated
|
||
from .views import (activate, activation_complete, register, | ||
registration_closed, registration_complete) | ||
|
||
# Attempt to use the auth class based views if available. | ||
try: | ||
login_view = auth_views.LoginView.as_view() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AFAIK this won't work. e.g. LoginView.as_view()
need to called w/ template_name
as kwarg.
Same issue w/ all the views being called without kwags.
I would prefer that we simply use the class based views.. and add a warning to README for folks to pin their requirements to use version 0.2.1 or earlier for older django.
Thanks for your pull request. Please see comments. |
@mishbahr let me know if you need any other changes! |
README.rst
Outdated
@@ -21,8 +21,9 @@ django-users2 | |||
:target: https://coveralls.io/r/mishbahr/django-users2?branch=master | |||
|
|||
|
|||
Custom user model for django >=1.5 with support for multiple user types and | |||
lots of other awesome utils (mostly borrowed from other projects). | |||
Custom user model for django >=1.11 with support for multiple user types and |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please can we change the wording to something like this:
Custom user model for django >=1.5 with support for multiple user types and lots of other awesome utils (mostly borrowed from other projects). If you are using django < 1.11, please install v0.2.1 or earlier (
pip install django-users2<=0.2.1
).
So it's clearer that, it still works for the older versions of django.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done!
Fixes #28