-
Notifications
You must be signed in to change notification settings - Fork 663
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prevent incorrect usage of Token.for_user #804
base: master
Are you sure you want to change the base?
Conversation
It is still possible to call the |
yes, because What has changed:
|
Co-authored-by: Nils Van Zuijlen <[email protected]>
for more information, see https://pre-commit.ci
We have the security issue alerting for almost 4 months now: Is there anything to be done to accelerate the merge and shipping of the new version? |
+1 can we get this shipped ?? |
+1 |
Hi @nils-van-zuijlen is there anything remaining for this to be merged? |
I do not know, I'm not a member / I don't have merge rights. |
This PR probabily is not going to be merged. Please read these comments on the original issue: #779 (comment) and #779 (comment) TL; DR: if you do not use |
Attempt to address #779
for_validated_user()
replaces currentfor_user()
method (no functionality change, it is just a rename)for_user()
now checksuser.is_active
flag thanks theapi_settings.USER_AUTHENTICATION_RULE
callable