| 1050 | | In [8162], the password reset views and templates were overhauled. If you have were using the existing views with a customised !PasswordResetForm, or with any customised templates (such as the password reset email, or any of the related forms), then you will probably have to update your code (note that these forms/templates had already been updated recently to use newforms). The new system has much better security (#7723 is fixed). It does not reset the password, but sends an emails to the user with a link to click on. It also has much better usability -- the user is then prompted to enter their own password, rather than given a random one (which many users often forget to change). The link for resetting the password will expire as soon as it is used, or after a timeout -- default 3 days. |
| | 1050 | In [8162], the password reset views and templates were overhauled. If you have were using the existing views with a customised !PasswordResetForm, or with any customised templates (such as the password reset email, or any of the related forms), then you will probably have to update your code (note that these forms/templates had already been updated recently to use newforms). If you manually included the URLs for these views into your project (which is currently the only way to get them), you will need to update -- see the URLs in [http://code.djangoproject.com/browser/django/trunk/django/contrib/auth/urls.py django.contrib.auth.urls] |
| | 1051 | |
| | 1052 | The new system has much better security (#7723 is fixed). It does not reset the password, but sends an emails to the user with a link to click on. It also has much better usability -- the user is then prompted to enter their own password, rather than given a random one (which many users often forget to change). The link for resetting the password will expire as soon as it is used, or after a timeout -- default 3 days. |