Code


Version 1 (modified by jonash, 3 years ago) (diff)

--

Auth password reset URLs

#14881, Patch

Problem
django.contrib.auth's password reset URLs contain a base36-encoded user ID (/reset/<user-id>/<token>/). The password reset feature breaks if the user ID is not an integer (because base36 can only express integers).
Solution
Encode the user ID in a URL-safe variant of base64. This is a backwards-incompatible change that breaks "old-style" password reset URLs, but backwards compatibility should be very easy to implement if required.
Alternative proposals
None