#23793: Password Reset is confusing
-------------------------------------+-------------------------------------
Reporter: collinanderson | Owner:
Type: | yigitguler
Cleanup/optimization | Status: closed
Component: contrib.auth | Version: 1.6
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by erikr):
Upon closer review, we decided not to add additional documentation on how
to restore the behaviour where error messages are enabled. The proper
solution turns out to already be documented in the docs: inherit from the
password reset form, and pass your new form as a view parameter. Any
deeper suggestion or code sample would quickly be very specific and full
of assumptions. What if someone wants to return an error for accounts that
do not exist, but not for accounts that are disabled?
Considering the security sensitive nature of errors in this area, this is
not a place where a copy-pastable standard solution is appropriate, and
the general approach is already documented.
--
Ticket URL: <https://code.djangoproject.com/ticket/23793#comment:11>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/072.f2f79b2df9a426a9f5c5f57bb3a7c821%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
