> I think that patch was just an example of bad abstraction. For instance,
_log_and_response was strange and confusingly named, and seemed to be there
mostly for vanity, to mask the imperative nature of the top level of
control.
Proposed patch author here. Yes, I agree that wasn't a very successfu
> I found it much more difficult to follow to the point where I didn't feel it
> was an improvement.
I think that patch was just an example of bad abstraction. For instance,
_log_and_response was strange and confusingly named, and seemed to be there
mostly for vanity, to mask the imperative nat
I haven't extended these views much, so I can't talk about the pain points
of extending the function-based views compared to the ease of extending the
classes. I'm certainly more confident about reasoning with function-based
code. There was a draft patch [0] a few months ago that converted some
We don't normally give security advisories for issues that affect only
the master branch, but in this case we've made an exception as the issue
could be high impact.
Please see the blog post for details:
https://www.djangoproject.com/weblog/2016/nov/21/passwordresetconfirmview-security-advisory/
Just to be absolutely clear, in case it's needed...
> is to hold off the deprecation of the function-based views.
Markus is specifically referring to the FBV implementations of the
contrib.auth views here.
(Not to FBVs generally, which we've no intention of deprecating whatsoever)
- Tom
>
-
Hi all,
As it turned out [1], due to their complexity, using class-based generic
views for security-sensitive functionality can result in unintended
behavior. Essentially, the reset token was only checked on GET requests,
not on POST. This was due to the check being in `get_context_data()` (whi
On Saturday, November 19, 2016 at 3:44:11 AM UTC+5:30, Jeremy Spencer wrote:
>
> There is extensive details on the django project website on this topic:
>
>- https://docs.djangoproject.com/en/dev/internals/contributing/
>-
>
> https://docs.djangoproject.com/en/dev/internals/contribu
On Saturday, November 19, 2016 at 5:01:45 AM UTC+5:30, sste...@gmail.com
wrote:
>
> Probably want to change that 'secret key' you used on the live site a bit
> more private:
>
> # SECURITY WARNING: keep the secret key used in production secret!
> S
> S
>
Thank you for your response. Please el
I'm working on a django ticket and my changes lead to errors in the django
test suite. How can you debug the test suite of django itself in PyCharm?
I can run the tests:
runtests.py staticfiles_tests
I tried Python tests -> Unittests and it says:
django.core.exceptions.ImproperlyConfigured: Requ
