Version 1 (modified by jonash, 4 years ago) (diff)


Auth password reset URLs

#14881, Patch

django.contrib.auth's password reset URLs contain a base36-encoded user ID (/reset/<user-id>/<token>/). The password reset feature breaks if the user ID is not an integer (because base36 can only express integers).
Encode the user ID in a URL-safe variant of base64. This is a backwards-incompatible change that breaks "old-style" password reset URLs, but backwards compatibility should be very easy to implement if required.
Alternative proposals

Back to Top