8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-11-24 12:23:11 +00:00
Commit graph

1 commit

Author SHA1 Message Date
Alexandre Iooss
f4c9ac19cf Override Django Contrib Auth templates
This override Django Contrib Auth templates to make them more integrated
with the user site.

More precisely the breadcrumb now redirects to the index page rather to
the Django Contrib Admin index page.

*It also fix a security vulnerability in Re2o.* Without this patch users
are able to request for a new password AND the existing login name. So
just with access to someone mail, it would be possible to hack into his
account.

And yes, Re2o implements another password system. But this one is not
disabled (see by yourself : https://intranet.crans.org/password_reset/).

This also is part of the Aube patch-set for Re2o and one of Aube goal is
to drop the custom admin password reset system and use the Django
Contrib Auth one.
2019-04-20 19:30:49 +02:00