Skip to content

Commit

Permalink
Add note about "staff" user skipping pw check
Browse files Browse the repository at this point in the history
  • Loading branch information
@grahamu
grahamu committed Sep 13, 2016
1 parent 40d419d commit 83c9efc
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion docs/usage.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -285,4 +285,5 @@ the user changes their password. This entry links the user with their most recen
are saved forever, allowing password history checking for new passwords.

For an authenticated user, ``ExpiredPasswordMiddleware`` prevents retrieving or posting
to any page (except the password change page!) when the user password is expired.
to any page except the password change page and log out page when the user password is expired.
However, if the user is "staff" (can access the Django admin site), the password check is skipped.

0 comments on commit 83c9efc

Please sign in to comment.