From: Magnus Hagander Date: Mon, 20 Dec 2021 13:25:28 +0000 (+0100) Subject: Don't be as restrictive in token lengths for reset tokens X-Git-Url: http://git.postgresql.org/gitweb/?a=commitdiff_plain;h=0796c5eac0595a89cf68316dbf5b93dfd1d14a94;p=pgweb.git Don't be as restrictive in token lengths for reset tokens Django 3.2 changed the length of the token. And the original URLs from the django files aren't more restrictive, so there should be no need for us to be -- so allow a more flexible token length, making it work on both old and new django. --- diff --git a/pgweb/account/urls.py b/pgweb/account/urls.py index 50eaebc0..a5c647d5 100644 --- a/pgweb/account/urls.py +++ b/pgweb/account/urls.py @@ -45,7 +45,7 @@ urlpatterns = [ url(r'^changepwd/done/$', pgweb.account.views.change_done), url(r'^reset/$', pgweb.account.views.resetpwd), url(r'^reset/done/$', pgweb.account.views.reset_done), - url(r'^reset/(?P[0-9A-Za-z_\-]+)-(?P[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/$', pgweb.account.views.reset_confirm), + url(r'^reset/(?P[0-9A-Za-z_\-]+)-(?P[0-9A-Za-z]+-[0-9A-Za-z]+)/$', pgweb.account.views.reset_confirm), url(r'^reset/complete/$', pgweb.account.views.reset_complete), url(r'^signup/$', pgweb.account.views.signup), url(r'^signup/complete/$', pgweb.account.views.signup_complete),