Skip to content
  • me5na7qbjqbrp's avatar
    Override Django Contrib Auth templates · f4c9ac19
    me5na7qbjqbrp authored
    This override Django Contrib Auth templates to make them more integrated
    with the user site.
    
    More precisely the breadcrumb now redirects to the index page rather to
    the Django Contrib Admin index page.
    
    *It also fix a security vulnerability in Re2o.* Without this patch users
    are able to request for a new password AND the existing login name. So
    just with access to someone mail, it would be possible to hack into his
    account.
    
    And yes, Re2o implements another password system. But this one is not
    disabled (see by yourself : https://intranet.crans.org/password_reset/).
    
    This also is part of the Aube patch-set for Re2o and one of Aube goal is
    to drop the custom admin password reset system and use the Django
    Contrib Auth one.
    f4c9ac19