use normal login form for admin3.0.1

2 files changed, 9 insertions, 1 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2218a87870..2e2fdc2c86 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,12 @@
 
 ## [Unreleased] 
 
+## [3.0.1] - 2017-11-15
+
+### Security
+
+- Require admin users to log in over the rate limited default login form
+
 ## [3.0.0] - 2017-11-15
 
 ### Security
diff --git a/nextcloudappstore/urls.py b/nextcloudappstore/urls.py
index 857ef751fb..878f05e2a5 100644
--- a/nextcloudappstore/urls.py
+++ b/nextcloudappstore/urls.py
@@ -5,8 +5,8 @@ from django.conf import settings
 from django.conf.urls import url, include
 from django.conf.urls.i18n import i18n_patterns
 from django.contrib import admin
+from django.contrib.auth.decorators import login_required
 from django.views.decorators.http import etag
-from django.views.generic import RedirectView
 
 from nextcloudappstore.core.caching import app_rating_etag
 from nextcloudappstore.core.feeds import AppReleaseAtomFeed, AppReleaseRssFeed
@@ -15,6 +15,8 @@ from nextcloudappstore.core.views import CategoryAppListView, AppDetailView, \
     AppRegisterView
 from nextcloudappstore.scaffolding.views import AppScaffoldingView
 
+admin.site.login = login_required(admin.site.login)
+
 urlpatterns = [
     url(r'^$', CategoryAppListView.as_view(), {'id': None}, name='home'),
     url(r"^signup/$", csp_update(**settings.CSP_SIGNUP)(signup),