fix pep8

Disabled password reset and left message notifying user of problem. In response to CVE-2019-19844
2026-01-17 13:32:15 +00:00 · 2020-01-17 12:38:02 +00:00 · 2020-01-17 12:29:24 +00:00
3 changed files with 14 additions and 1 deletions
--- a/RIGS/templates/RIGS/password_reset_disable.html
+++ b/RIGS/templates/RIGS/password_reset_disable.html
@@ -0,0 +1,9 @@
+{% extends 'base_rigs.html' %}
+
+{% block title %}Password Reset Disabled{% endblock %}
+
+{% block content %}
+<h1>Password reset is disabled</h1>
+<p> We are very sorry for the inconvenience, but due to a security vulnerability, password reset is currently disabled until the vulnerability can be patched.</p>
+<p> If you are locked out of your account, please contact an administrator and we can manually perform a reset</p>
+{% endblock %}
--- a/RIGS/urls.py
+++ b/RIGS/urls.py
@@ -19,7 +19,7 @@ urlpatterns = [
    url('^user/login/$', views.login, name='login'),
    url('^user/login/embed/$', xframe_options_exempt(views.login_embed), name='login_embed'),

-    url(r'^user/password_reset/$', password_reset, {'password_reset_form': forms.PasswordReset}),
+    url(r'^user/password_reset/$', views.PasswordResetDisabled.as_view()),

    # People
    url(r'^people/$', permission_required_with_403('RIGS.view_person')(views.PersonList.as_view()),
--- a/RIGS/views.py
+++ b/RIGS/views.py
@@ -392,3 +392,7 @@ class ResetApiKey(generic.RedirectView):
        self.request.user.save()

        return reverse_lazy('profile_detail')
+
+
+class PasswordResetDisabled(generic.TemplateView):
+    template_name = "RIGS/password_reset_disable.html"
Author	SHA1	Message	Date
Matthew Smith	1e00b23479	fix pep8	2020-01-17 12:38:02 +00:00
Matthew Smith	b5e61adde5	Disabled password reset and left message notifying user of problem. In response to CVE-2019-19844	2020-01-17 12:29:24 +00:00