git.ipfire.org Git - thirdparty/patchwork.git/commit

author	Stephen Finucane <stephen@that.guru>
	Sat, 20 Feb 2021 12:22:08 +0000 (12:22 +0000)
committer	Stephen Finucane <stephen@that.guru>
	Sat, 20 Feb 2021 14:10:57 +0000 (14:10 +0000)
commit	2253147891d9ddc3e18c590187df204cea23aaaf
tree	4e93d6ab96a5c8f1ebfb76a92d51d59cfecdd4f7	tree \| snapshot
parent	d3aaec83559c9575fff85fb4c743ce5330eb96ff	commit \| diff

urls: Support sha256-based tokens

Django 3.1 changed the default hashing algorithm used for things like
password reset tokens from SHA-1 to SHA-256. As noted in the release
notes [1], this is configurable via the 'DEFAULT_HASHING_ALGORITHM'
transitional setting, but that's only intended to allow upgrades of
multiple instances in a HA deployment and shouldn't be used post
upgrade. Instead, we need to fix our URLs to support the longer tokens
generated by SHA-256.

Long term, we want to replace these regex-based routes with the simpler
flask-style template string routes. That's not really backportable so
we'll do that separately.

[1] https://docs.djangoproject.com/en/3.1/releases/3.1/#default-hashing-algorithm-settings

Signed-off-by: Stephen Finucane <stephen@that.guru>
Closes: #394
(cherry picked from commit 8d988f15b8a3c433aa385de7e5ba5129fdba4f40)

patchwork/urls.py		diff \| blob \| blame \| history
releasenotes/notes/issue-394-722c1e6384684469.yaml	[new file with mode: 0644]	blob