mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-25 14:46:09 +00:00
Code Issues 32 Releases Wiki Activity

Fixed CVE-2018-6188 -- Fixed information leakage in AuthenticationForm.

Browse Source 
Reverted 359370a8b8 (refs #28645).

This is a security fix.
This commit is contained in:
Tim Graham
2018-01-23 13:20:18 -05:00
parent 552abffab1
commit af33fb250e
5 changed files with 67 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
tests/admin_views/test_forms.py
View File

@@ -1,8 +1,11 @@
from django.contrib.admin.forms import AdminAuthenticationForm
from django.contrib.auth.models import User
from django.test import TestCase
from django.test import TestCase, override_settings
# To verify that the login form rejects inactive users, use an authentication
# backend that allows them.
@override_settings(AUTHENTICATION_BACKENDS=['django.contrib.auth.backends.AllowAllUsersModelBackend'])
class AdminAuthenticationFormTests(TestCase):
@classmethod
def setUpTestData(cls):