arona/PyRIGS
1
0
Fork 0
mirror of https://github.com/nottinghamtec/PyRIGS.git synced 2026-01-17 13:32:15 +00:00
Code Issues Projects Releases Wiki Activity

Disabled password reset and left message notifying user of problem. In response to CVE-2019-19844

Browse Source
This commit is contained in:
Matthew Smith
2020-01-17 12:29:15 +00:00
parent 4ad12ab40a
commit b5e61adde5
3 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
RIGS/templates/RIGS/password_reset_disable.html Normal file
View File

@@ -0,0 +1,9 @@
{% extends 'base_rigs.html' %}
{% block title %}Password Reset Disabled{% endblock %}
{% block content %}
<h1>Password reset is disabled</h1>
<p> We are very sorry for the inconvenience, but due to a security vulnerability, password reset is currently disabled until the vulnerability can be patched.</p>
<p> If you are locked out of your account, please contact an administrator and we can manually perform a reset</p>
{% endblock %}

2
RIGS/urls.py
View File

@@ -19,7 +19,7 @@ urlpatterns = [
url('^user/login/$', views.login, name='login'),
url('^user/login/embed/$', xframe_options_exempt(views.login_embed), name='login_embed'),
url(r'^user/password_reset/$', password_reset, {'password_reset_form': forms.PasswordReset}),
url(r'^user/password_reset/$', views.PasswordResetDisabled.as_view()),
# People
url(r'^people/$', permission_required_with_403('RIGS.view_person')(views.PersonList.as_view()),

3
RIGS/views.py
View File

@@ -392,3 +392,6 @@ class ResetApiKey(generic.RedirectView):
self.request.user.save()
return reverse_lazy('profile_detail')
class PasswordResetDisabled(generic.TemplateView):
template_name = "RIGS/password_reset_disable.html"