Files
@ 8b47181750a8
Branch filter:
Location: kallithea/docs/api/models.rst - annotation
8b47181750a8
573 B
text/prs.fallenstein.rst
login: fix incorrect CSRF rejection of "Reset Your Password" form (Issue #350)
htmlfill would remove the CSRF token from the form when substituting the query
parameters, causing password reset to break.
By default, htmlfill will clear all input fields that doesn't have a new
"default" value provided. It could be fixed by setting force_defaults to False
- see http://www.formencode.org/en/1.2-branch/modules/htmlfill.html . It could
also be fixed by providing the CSRF token in the defaults to be substituted in
the form.
Instead, refactor password_reset_confirmation to have more explicitly safe
handling of query parameters. Replace htmlfill with the usual template
variables.
The URLs are generated in kallithea/model/user.py send_reset_password_email()
and should only contain email, timestamp (integer as digit string) and a hex
token from get_reset_password_token() .
htmlfill would remove the CSRF token from the form when substituting the query
parameters, causing password reset to break.
By default, htmlfill will clear all input fields that doesn't have a new
"default" value provided. It could be fixed by setting force_defaults to False
- see http://www.formencode.org/en/1.2-branch/modules/htmlfill.html . It could
also be fixed by providing the CSRF token in the defaults to be substituted in
the form.
Instead, refactor password_reset_confirmation to have more explicitly safe
handling of query parameters. Replace htmlfill with the usual template
variables.
The URLs are generated in kallithea/model/user.py send_reset_password_email()
and should only contain email, timestamp (integer as digit string) and a hex
token from get_reset_password_token() .
64a5386216c5 bb35ad076e2f 17c9393e9645 22a3fa3c4254 bb35ad076e2f bb35ad076e2f 7e5f8c12a3fc bb35ad076e2f 8b8edfc25856 7e5f8c12a3fc 9da24750f563 8b8edfc25856 7e5f8c12a3fc bb35ad076e2f 9da24750f563 7e5f8c12a3fc 8b8edfc25856 9da24750f563 7e5f8c12a3fc 8b8edfc25856 bb35ad076e2f 499c513967a1 9da24750f563 8b8edfc25856 7e5f8c12a3fc bb35ad076e2f 8b8edfc25856 7e5f8c12a3fc 8b8edfc25856 8b8edfc25856 499c513967a1 8b8edfc25856 | .. _models:
========================
The :mod:`models` module
========================
.. automodule:: kallithea.model
:members:
.. automodule:: kallithea.model.comment
:members:
.. automodule:: kallithea.model.permission
:members:
.. automodule:: kallithea.model.repo_permission
:members:
.. automodule:: kallithea.model.repo
:members:
.. automodule:: kallithea.model.repo_group
:members:
.. automodule:: kallithea.model.scm
:members:
.. automodule:: kallithea.model.user
:members:
.. automodule:: kallithea.model.user_group
:members:
|