Merge 1e00b23 into 4ad12ab

nottinghamtec · Jan 17, 2020 · 7b368c6 · 7b368c6
2 parents 4ad12ab + 1e00b23
commit 7b368c6
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 1 deletion.
diff --git a/RIGS/templates/RIGS/password_reset_disable.html b/RIGS/templates/RIGS/password_reset_disable.html
@@ -0,0 +1,9 @@
+{% extends 'base_rigs.html' %}
+
+{% block title %}Password Reset Disabled{% endblock %}
+
+{% block content %}
+<h1>Password reset is disabled</h1>
+<p> We are very sorry for the inconvenience, but due to a security vulnerability, password reset is currently disabled until the vulnerability can be patched.</p>
+<p> If you are locked out of your account, please contact an administrator and we can manually perform a reset</p>
+{% endblock %}
diff --git a/RIGS/urls.py b/RIGS/urls.py
@@ -19,7 +19,7 @@
     url('^user/login/$', views.login, name='login'),
     url('^user/login/embed/$', xframe_options_exempt(views.login_embed), name='login_embed'),
 
-    url(r'^user/password_reset/$', password_reset, {'password_reset_form': forms.PasswordReset}),
+    url(r'^user/password_reset/$', views.PasswordResetDisabled.as_view()),
 
     # People
     url(r'^people/$', permission_required_with_403('RIGS.view_person')(views.PersonList.as_view()),

diff --git a/RIGS/views.py b/RIGS/views.py
@@ -392,3 +392,7 @@ def get_redirect_url(self, *args, **kwargs):
         self.request.user.save()
 
         return reverse_lazy('profile_detail')
+
+
+class PasswordResetDisabled(generic.TemplateView):
+    template_name = "RIGS/password_reset_disable.html"