Don't be as restrictive in token lengths for reset tokens

Django 3.2 changed the length of the token. And the original URLs from
the django files aren't more restrictive, so there should be no need for
us to be -- so allow a more flexible token length, making it work on
both old and new django.

diff --git a/pgweb/account/urls.py b/pgweb/account/urls.py
index 50eaebc077fe08314edb6c1e1d5434544d0fae86..a5c647d51d832ccb740be369b0172ad9520067cf 100644 (file)
--- a/pgweb/account/urls.py
+++ b/pgweb/account/urls.py
@@ -45,7 +45,7 @@ urlpatterns = [
     url(r'^changepwd/done/$', pgweb.account.views.change_done),
     url(r'^reset/$', pgweb.account.views.resetpwd),
     url(r'^reset/done/$', pgweb.account.views.reset_done),
-    url(r'^reset/(?P<uidb64>[0-9A-Za-z_\-]+)-(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/$', pgweb.account.views.reset_confirm),
+    url(r'^reset/(?P<uidb64>[0-9A-Za-z_\-]+)-(?P<token>[0-9A-Za-z]+-[0-9A-Za-z]+)/$', pgweb.account.views.reset_confirm),
     url(r'^reset/complete/$', pgweb.account.views.reset_complete),
     url(r'^signup/$', pgweb.account.views.signup),
     url(r'^signup/complete/$', pgweb.account.views.signup_complete),