[ckan-changes] [ckan/ckan] 8a5beb: Password reset request - generally tighten it up

Ed noreply at github.com
Fri Feb 8 11:17:46 UTC 2019


  Branch: refs/heads/security_dont_confirm_if_user_exists_2
  Home:   https://github.com/ckan/ckan
  Commit: 8a5beb9b53d23173c8d072926a6b84f76131fcd8
      https://github.com/ckan/ckan/commit/8a5beb9b53d23173c8d072926a6b84f76131fcd8
  Author: David Read <david.read at hackneyworkshop.com>
  Date:   2019-02-08 (Fri, 08 Feb 2019)

  Changed paths:
    M ckan/logic/action/get.py
    M ckan/logic/auth/get.py
    M ckan/templates/user/request_reset.html
    M ckan/tests/controllers/test_user.py
    M ckan/tests/logic/action/test_get.py
    M ckan/tests/logic/auth/test_get.py
    M ckan/views/user.py

  Log Message:
  -----------
  Password reset request - generally tighten it up

* Can only specify name or email not - not the looser search done by model.User.search()
  which allowed: partial name, partial fullname (and if sysadmin: partial emails) etc
  (This was originally loose to be helpful, but the balance with security changed)
* Don't confirm whether a user exists or not
* Logging for audit purposes


  Commit: 1197cfa798f1460007eb258a644fd4c10fe4ee13
      https://github.com/ckan/ckan/commit/1197cfa798f1460007eb258a644fd4c10fe4ee13
  Author: Edward Robinson <proteenx11 at gmail.com>
  Date:   2019-02-08 (Fri, 08 Feb 2019)

  Changed paths:
    M ckan/views/user.py

  Log Message:
  -----------
  fix internal server error being shown instead of flash message


  Commit: dad061b25607676d4df7e108396cf7662f7795df
      https://github.com/ckan/ckan/commit/dad061b25607676d4df7e108396cf7662f7795df
  Author: Edward Robinson <proteenx11 at gmail.com>
  Date:   2019-02-08 (Fri, 08 Feb 2019)

  Changed paths:
    M ckan/views/user.py

  Log Message:
  -----------
  fix change no email warning to flash message


  Commit: 25b4d329b7b62caf3b55e4d54731691e030d01b3
      https://github.com/ckan/ckan/commit/25b4d329b7b62caf3b55e4d54731691e030d01b3
  Author: Edward Robinson <proteenx11 at gmail.com>
  Date:   2019-02-08 (Fri, 08 Feb 2019)

  Changed paths:
    M ckan/views/user.py

  Log Message:
  -----------
  add why @ check works for username/email


  Commit: c4707dc8c39f22ce4dd1cf3c33c18df91d3bacb2
      https://github.com/ckan/ckan/commit/c4707dc8c39f22ce4dd1cf3c33c18df91d3bacb2
  Author: Edward Robinson <proteenx11 at gmail.com>
  Date:   2019-02-08 (Fri, 08 Feb 2019)

  Changed paths:
    M ckan/tests/controllers/test_user.py

  Log Message:
  -----------
  update test


Compare: https://github.com/ckan/ckan/compare/8b71bd7f02a2...c4707dc8c39f


More information about the ckan-changes mailing list