Disable password reset as temporary fix to vulnerability (#396)

Disabled password reset and left message notifying user of problem. In response to CVE-2019-19844
2026-01-24 08:52:15 +00:00 · 2020-01-17 13:13:16 +00:00
parent 4ad12ab40a
commit e0c6a56263
3 changed files with 14 additions and 1 deletions
--- a/RIGS/urls.py
+++ b/RIGS/urls.py
@@ -19,7 +19,7 @@ urlpatterns = [
    url('^user/login/$', views.login, name='login'),
    url('^user/login/embed/$', xframe_options_exempt(views.login_embed), name='login_embed'),

-    url(r'^user/password_reset/$', password_reset, {'password_reset_form': forms.PasswordReset}),
+    url(r'^user/password_reset/$', views.PasswordResetDisabled.as_view()),

    # People
    url(r'^people/$', permission_required_with_403('RIGS.view_person')(views.PersonList.as_view()),