From 2be88c89275b9f97c9fbf51154c93fd9e04db935 Mon Sep 17 00:00:00 2001 From: FreneticScribbler Date: Wed, 19 Feb 2020 16:41:25 +0000 Subject: [PATCH] Revert "Disable password reset as temporary fix to vulnerability (#396)" This reverts commit e0c6a56263d4e6b1034d9bfe42b14f04624cbdfe. # Conflicts: # RIGS/urls.py --- RIGS/templates/RIGS/password_reset_disable.html | 9 --------- RIGS/urls.py | 2 -- RIGS/views.py | 4 ---- 3 files changed, 15 deletions(-) delete mode 100644 RIGS/templates/RIGS/password_reset_disable.html diff --git a/RIGS/templates/RIGS/password_reset_disable.html b/RIGS/templates/RIGS/password_reset_disable.html deleted file mode 100644 index eec6e791..00000000 --- a/RIGS/templates/RIGS/password_reset_disable.html +++ /dev/null @@ -1,9 +0,0 @@ -{% extends 'base_rigs.html' %} - -{% block title %}Password Reset Disabled{% endblock %} - -{% block content %} -

Password reset is disabled

-

We are very sorry for the inconvenience, but due to a security vulnerability, password reset is currently disabled until the vulnerability can be patched.

-

If you are locked out of your account, please contact an administrator and we can manually perform a reset

-{% endblock %} \ No newline at end of file diff --git a/RIGS/urls.py b/RIGS/urls.py index 34d97b14..fc2c912b 100644 --- a/RIGS/urls.py +++ b/RIGS/urls.py @@ -19,8 +19,6 @@ urlpatterns = [ path('user/login/embed/', xframe_options_exempt(views.LoginEmbed.as_view()), name='login_embed'), - url(r'^user/password_reset/$', PasswordResetView.as_view()), - # People url(r'^people/$', permission_required_with_403('RIGS.view_person')(views.PersonList.as_view()), name='person_list'), diff --git a/RIGS/views.py b/RIGS/views.py index a7655ccc..658e3565 100644 --- a/RIGS/views.py +++ b/RIGS/views.py @@ -380,7 +380,3 @@ class ResetApiKey(generic.RedirectView): self.request.user.save() return reverse_lazy('profile_detail') - - -class PasswordResetDisabled(generic.TemplateView): - template_name = "RIGS/password_reset_disable.html"