Fixed #14881 -- Modified password reset to work with a non-integer UserModel.pk.

uid is now base64 encoded in password reset URLs/views. A backwards compatible password_reset_confirm view/URL will allow password reset links generated before this change to continue to work. This view will be removed in Django 1.7. Thanks jonash for the initial patch and claudep for the review.
2025-08-03 18:38:50 +00:00 · 2013-06-21 16:59:33 -04:00 · 2013-06-21 16:59:33 -04:00 · 1184d07789
commit 1184d07789
parent b6a87f5c93
13 changed files with 164 additions and 23 deletions
--- a/docs/internals/deprecation.txt
+++ b/docs/internals/deprecation.txt
@ -326,6 +326,14 @@ these changes.
  remove calls to this method, and instead ensure that their auth related views
  are CSRF protected, which ensures that cookies are enabled.

+* The version of :func:`django.contrib.auth.views.password_reset_confirm` that
+  supports base36 encoded user IDs
+  (``django.contrib.auth.views.password_reset_confirm_uidb36``) will be
+  removed. If your site has been running Django 1.6 for more than
+  :setting:`PASSWORD_RESET_TIMEOUT_DAYS`, this change will have no effect. If
+  not, then any password reset links generated before you upgrade to Django 1.7
+  won't work after the upgrade.
+
 1.8
 ---