Re: New Feature: Allow password reset token to expire in under a day

I think we shouldn't shoe-horn a timedelta into the existing setting, so my vote is with the second option, but I think a timedelta is much more readable than just an integer. Also, the existing 3 day timeout for password links is quite surprising from a security point of view. The consultants I w

Re: New Feature: Allow password reset token to expire in under a day

To be honest, I'm quite surprised that the password reset feature does not use `TimestampSigner` which already supports timedeltas explicitly. Is the Signing backend overkill for this? Probably yes. But I think using the signing backend still makes sense since it's already there. So if one were

Re: New Feature: Allow password reset token to expire in under a day

I think Minute, with default value 30 or 60, is the best unit for this setting. 3 minutes (even 1) is short enough for edge case and 720 (12 hours) also looks good. On Thursday, September 21, 2017 at 6:22:20 PM UTC+10, Tom Forbes wrote: > > I think we shouldn't shoe-horn a timedelta into the ex

Re: New Feature: Allow password reset token to expire in under a day

Why not just keep PASSWORD_RESET_TIMEOUT_DAYS and allow floats? Then you can just do 1/24 for an hour. On 21 September 2017 at 09:50, Eddy C wrote: > I think Minute, with default value 30 or 60, is the best unit for this > setting. > > 3 minutes (even 1) is short enough for edge case and 720 (12

There should be a way to make Templates substitution to raise an exception on error

Hi All, What is your opinion on having an option to raise an error in template if variable is not found in context. This may be useful for automated tests as discussed in ticket. reference ticket #28618 ; Thanks regards Shreyas -- You receive

Re: New Feature: Allow password reset token to expire in under a day

I agree about deprecating PASSWORD_RESET_TIMEOUT_DAYS, with no rush to remove. Then if PASSWORD_RESET_TIMEOUT it takes precedent. Now for the input to PASSWORD_RESET_TIMEOUT looking at current settings in django, anything I found that is time/age based is expressed in integer seconds. I would say s

Re: New Feature: Allow password reset token to expire in under a day

That's what I proposed on the ticket but I feel like it felt odd to me, the setting name does't suggest this is possible and it might be hard to achieve exact second precious because of float rounding? In my opinion introducing PASSWORD_RESET_TIMEOUT with timedelta support would be the best opt

Re: New Feature: Allow password reset token to expire in under a day

Yeah I don't think float number of days is a good choice because the calculation will be weird with precision issues. I think it makes sense to use PASSWORD_RESET_TIMEOUT. For timedelta vs. integer seconds. Timedelta has the benefit of readability, but integer has the benefit of simplicity. I t

Re: There should be a way to make Templates substitution to raise an exception on error

This is not 100% related to the ticket, but something to think about. In ReactJS, there a concept called propTypes, which will check all props (they are similar to context in concept I think) listed with types in UI component. So maybe we can have something similar in django template system tha

Re: There should be a way to make Templates substitution to raise an exception on error

To continue the previous comment. template can raise error give warning if required contexts are not provided or the types are not correct. You can have something not isRequired in contextTypes too but types can be check if the context is actually passed to template. On Thursday, September 21

Re: There should be a way to make Templates substitution to raise an exception on error

You could perhaps emulate something like that with a template tag, couldn't you? @register.simple_tag(takes_context=True) def requires(context, *names): for name in names: if name not in context: raise RuntimeError('{0} is not in the template context'.format(name)) And in

Re: There should be a way to make Templates substitution to raise an exception on error

You could perhaps emulate that with a template tag, it seems it would be best if this was kept in the template rather than in some associated Python file: @register.simple_tag(takes_context=True) def requires(context, *names): for name in names: if name not in context: rais

Re: New Feature: Allow password reset token to expire in under a day

I still think seconds are the way to go, but maybe the documentation could give a clue that timedelta().seconds can be used for readability PASSWORD_RESET_TIMEOUT = datetime.timedelta(hours=6, minutes=30).seconds Dylan On Thu, Sep 21, 2017 at 6:14 AM, Zhiqiang Liu wrote: > Yeah I don't think fl

CONTRIBUTION TO DJANGO

Hello! I'm an undergrad student of B.Tech. in Computer Science and we've been assigned a project to contribute in an open source project. My team members and I decided to pick Django since it is one of the most well known and widely used open source projects. We need help in deciding what con

Re: CONTRIBUTION TO DJANGO

There's a whole documentation page on this: https://docs.djangoproject.com/en/dev/internals/contributing/ There aren't many easy pickings tickets, plus most of the effort right now is being put into features for the 2.0 feature freeze. I'd suggest the biggest contribution you can make right now is

Re: CONTRIBUTION TO DJANGO

Can you suggest a way of how to test Django projects ad third party packages please? On Thursday, 21 September 2017 21:00:36 UTC+5:30, Adam Johnson wrote: > > There's a whole documentation page on this: > https://docs.djangoproject.com/en/dev/internals/contributing/ > > There aren't many easy pi

Re: Methodology for increasing the number of PBKDF2 iterations

It's time to decide how much to bump the iterations for Django 2.1 -- anyone care to make a proposal? My understanding is that we should revisit the current "bump by 20% each release" guideline in Django's release checklist. Django 2.0 uses 100,000 iterations. On Sunday, February 12, 2017 at 1:

New Permissions Scheme

Good day dear fellow Django developers, Current permissions scheme in Django does suffer many flaws Like Inconsistency with permissions for proxy models #11154 and the fact that permission names are not translatable (no translation in the database) a

Re: New Permissions Scheme

There are a lot of issue with your new permissions. Some people have been asking for a view permission in admin. With current system, all one have to do is add a permission per model. With your proposal, the whole system have to be ditched in favor of a more flexible one. I have also seen product

Re: New Feature: Allow password reset token to expire in under a day

If most agree, I will proceed with using seconds. It is a good idea for the potential documentation Dylan! Zach On Thursday, September 21, 2017 at 10:09:50 AM UTC-4, Dylan Reinhold wrote: > > I still think seconds are the way to go, but maybe the documentation could > give a clue that timedelta

Re: New Feature: Allow password reset token to expire in under a day

I would still vote for a timedelta, im not sure if there is a strong consensus in the thread. Representing the time as seconds always irks me, you can make it more readable by using multiplication but you often end up with a comment anyway and it doesn't scan nearly as well. Having to do 'timedelt

Re: New Feature: Allow password reset token to expire in under a day

It also seems odd to express it as seconds, it's often going to be a large value between an hour and several days and the lowest resolution for the value anyone would need is minutes. On 22 Sep 2017 01:29, "Tom Forbes" wrote: > I would still vote for a timedelta, im not sure if there is a strong

Re: New Feature: Allow password reset token to expire in under a day

Seconds is consistent with all of the other settings, even for long ones like CSRF_COOKIE_AGE and SESSION_COOKIE_AGE. It also means you can avoid importing datetime in your settings file. On Thu, Sep 21, 2017 at 8:36 PM, Tom Forbes wrote: > It also seems odd to express it as seconds, it's often

Re: New Permissions Scheme

My proposal is mainly about re-thinking how permissions work with Django as a whole, as It's not the most perfect thing. And fixing it in a backward compatible way is next to impossible, so i would say let's revolutionize it and try to ease the transition. Regarding adding a view permission (for e

Why Django Document site always redirect to an earlier version

Most of the times it is redirected to v1.6, sometimes 1.10, not sure why it happens? Are people aware of that? -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop rece

Re: ConnectionResetError in test_closes_connection_without_content_length

To follow up, I set up a new macbook pro today with python3.6 and OXS10.12, and I got the same error. On Wednesday, September 20, 2017 at 8:39:23 PM UTC-4, Zhiqiang Liu wrote: > > Yeah I believe it is a new test, so I can't test if it is working for 1.11. >> > > I did get it to pass after adding

Re: status of 2.0 release blockers

completed today: https://github.com/django/django/pull/9086 - Refs #28595 -- Added execute wrappers for database queries. I plan to merge this last one early tomorrow, then release the alpha later in the day. https://github.com/django/django/pull/9081 - Fixed #27332 -- Added support for conditi

Re: Why Django Document site always redirect to an earlier version

>From the main site, or from other site like stack-overflow or google? From the main site I get 1.11. >From another site you cant control what links are used. Dylan On Thu, Sep 21, 2017 at 6:07 PM, Zhiqiang Liu wrote: > Most of the times it is redirected to v1.6, sometimes 1.10, not sure why >

Re: CONTRIBUTION TO DJANGO

Django Doc has several pages about testing https://docs.djangoproject.com/en/1.11/intro/tutorial05/ https://docs.djangoproject.com/en/1.11/topics/testing/tools/ https://docs.djangoproject.com/en/1.11/topics/testing/advanced/ On Thursday, September 21, 2017 at 8:55:59 PM UTC+3, Heba Khan wrote: >