Natalia
8c35a0a903
Fixed CVE-2024-45231 -- Avoided server error on password reset when email sending fails.
...
On successful submission of a password reset request, an email is sent
to the accounts known to the system. If sending this email fails (due to
email backend misconfiguration, service provider outage, network issues,
etc.), an attacker might exploit this by detecting which password reset
requests succeed and which ones generate a 500 error response.
Thanks to Thibaut Spriet for the report, and to Mariusz Felisiak, Adam
Johnson, and Sarah Boyce for the reviews.
2024-09-03 09:22:32 -03:00
nessita
7adb6dd98d
Sorted alphabetically forms list in docs/topics/auth/default.txt.
2024-08-22 09:14:11 -03:00
Natalia
0ebed5fa95
Fixed #35678 -- Removed "usable_password" field from BaseUserCreationForm.
...
Refs #34429 : Following the implementation allowing the setting of
unusable passwords via the admin site, the `BaseUserCreationForm` and
`UserCreationForm` were extended to include a new field for choosing
whether password-based authentication for the new user should be enabled
or disabled at creation time.
Given that these forms are designed to be extended when implementing
custom user models, this branch ensures that this new field is moved to
a new, admin-dedicated, user creation form `AdminUserCreationForm`.
Regression in e626716c28
.
Thanks Simon Willison for the report, Fabian Braun and Sarah Boyce for
the review.
2024-08-19 12:39:57 -03:00
Adam Johnson
49815f70e4
Refs #31405 -- Improved LoginRequiredMiddleware documentation.
...
co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-08-08 10:05:31 +02:00
Natalia
05cce083ad
Removed versionadded/changed annotations for 5.0.
...
This also removes remaining versionadded/changed annotations for older
versions.
2024-05-22 15:44:07 -03:00
Hisham Mahmood
c7fc9f20b4
Fixed #31405 -- Added LoginRequiredMiddleware.
...
Co-authored-by: Adam Johnson <me@adamj.eu>
Co-authored-by: Mehmet İnce <mehmet@mehmetince.net>
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-05-22 08:51:17 +02:00
Dingning
549320946d
Fixed #35030 -- Made django.contrib.auth decorators to work with async functions.
2024-03-07 09:59:33 +01:00
Fabian Braun
e626716c28
Fixed #34429 -- Allowed setting unusable passwords for users in the auth forms.
...
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2024-02-20 12:13:32 -03:00
Mariusz Felisiak
305757aec1
Applied Black's 2024 stable style.
...
https://github.com/psf/black/releases/tag/24.1.0
2024-01-26 12:45:07 +01:00
Adrienne Franke
8570e091d0
Fixed typo in docs/topics/auth/default.txt.
2024-01-22 17:43:13 +01:00
Mariusz Felisiak
86c45d8bc6
Fixed typos in docs.
2023-12-15 07:54:02 +01:00
Mariusz Felisiak
295467c04a
Removed versionadded/changed annotations for 4.2.
...
This also removes remaining versionadded/changed annotations for older
versions.
2023-09-18 22:12:40 +02:00
Mariusz Felisiak
e2a3a896cf
Refs #15619 -- Removed deprecated annotation about logging out via GET requests.
...
Follow up to 6c57c08ae5
.
2023-09-14 19:49:06 +02:00
Jon Janzen
5e98959d92
Fixed #34391 -- Added async-compatible interface to auth functions and related methods test clients.
2023-06-27 11:17:17 +02:00
Tim Graham
2c4dc64760
Used extlinks for PyPI links.
...
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2023-04-17 06:55:32 +02:00
Jon Janzen
e846c5e724
Fixed #31920 -- Made AuthenticationMiddleware add request.auser().
2023-03-07 13:11:22 +01:00
django-bot
14459f80ee
Fixed #34140 -- Reformatted code blocks in docs with blacken-docs.
2023-03-01 13:03:56 +01:00
Joseph Victor Zammit
ba755ca131
Refs #34140 -- Corrected rst code-block and various formatting issues in docs.
2023-02-28 12:21:37 +01:00
Carlton Gibson
534ac48297
Refs #34140 -- Applied rst code-block to non-Python examples.
...
Thanks to J.V. Zammit, Paolo Melchiorre, and Mariusz Felisiak for
reviews.
2023-02-10 19:19:13 +01:00
Mariusz Felisiak
9a01311d20
Refs #15619 -- Removed support for logging out via GET requests.
...
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Paul Schilling
298d02a77a
Fixed #25617 -- Added case-insensitive unique username validation in UserCreationForm.
...
Co-Authored-By: Neven Mundar <nmundar@gmail.com>
2022-12-29 09:42:22 +01:00
sdolemelipone
9d726c7902
Fixed #34187 -- Made UserCreationForm save many-to-many fields.
2022-11-29 05:56:53 +01:00
Tony Lechner
b088cc2fea
Fixed #34154 -- Made mixin headers consistent in auth docs.
2022-11-14 05:28:27 +01:00
Trey Hunner
fad070b07b
Improved readability of string interpolation in frequently used examples in docs.
2022-11-10 13:18:38 +01:00
Alex Morega
de6c9c7054
Refs #30947 -- Changed tuples to lists where appropriate.
2022-08-30 09:57:17 +02:00
Carlton Gibson
ca1c3151c3
Removed versionadded/changed annotations for 4.0.
2022-05-17 14:22:06 +02:00
René Fleschenberg
eb07b5be0c
Fixed #15619 -- Deprecated log out via GET requests.
...
Thanks Florian Apolloner for the implementation idea.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-03-29 06:42:14 +02:00
tschilling
0dcd549bbe
Fixed #30360 -- Added support for secret key rotation.
...
Thanks Florian Apolloner for the implementation idea.
Co-authored-by: Andreas Pelme <andreas@pelme.se>
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com>
2022-02-01 11:12:24 +01:00
Brad Solomon
b55ebe3241
Fixed #33443 -- Clarified when PasswordResetView sends an email.
2022-01-17 07:44:46 +01:00
David
cc8e771c64
Fixed malformed attribute directives in docs.
2022-01-05 08:11:13 +01:00
Andrew Northall
c23aa73626
Fixed #32964 -- Corrected 'setup'/'set up' usage in docs.
2021-08-17 12:18:07 +02:00
David Smith
1024b5e74a
Fixed 32956 -- Lowercased spelling of "web" and "web framework" where appropriate.
2021-07-29 06:24:12 +02:00
ThinkChaos
b99d6c9cbc
Fixed #28216 -- Added next_page/get_default_redirect_url() to LoginView.
2021-02-08 21:08:05 +01:00
Mariusz Felisiak
59841170ba
Used .. attribute:: directive in authentication views docs.
2021-02-08 18:12:58 +01:00
Nick Pope
feb91dbda1
Used :mimetype: role in various docs.
2020-05-13 09:14:04 +02:00
Mariusz Felisiak
4c5236ef93
Removed versionadded/changed annotations for 3.0.
2020-05-13 09:07:51 +02:00
François Freitag
9ef4a18dbe
Changed django.forms.ValidationError imports to django.core.exceptions.ValidationError.
...
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-04-28 10:49:00 +02:00
Mariusz Felisiak
ca769c8c13
Fixed #31505 -- Doc'd possible email addresses enumeration in PasswordResetView.
2020-04-27 18:06:11 +02:00
Tanmay Vijay
e43abbbd70
Doc'd PasswordChangeView/PasswordResetView.success_url defaults.
2020-04-24 08:21:51 +02:00
Hasan Ramezani
b7795d7673
Fixed #30040 -- Used default permission name in docs examples to avoid confusion.
2020-02-19 15:39:47 +01:00
Mariusz Felisiak
416c584cab
Removed versionadded/changed annotations for 2.2.
2019-09-10 12:01:00 +02:00
Tobias Kunze
4a954cfd11
Fixed #30573 -- Rephrased documentation to avoid words that minimise the involved difficulty.
...
This patch does not remove all occurrences of the words in question.
Rather, I went through all of the occurrences of the words listed
below, and judged if they a) suggested the reader had some kind of
knowledge/experience, and b) if they added anything of value (including
tone of voice, etc). I left most of the words alone. I looked at the
following words:
- simply/simple
- easy/easier/easiest
- obvious
- just
- merely
- straightforward
- ridiculous
Thanks to Carlton Gibson for guidance on how to approach this issue, and
to Tim Bell for providing the idea. But the enormous lion's share of
thanks go to Adam Johnson for his patient and helpful review.
2019-09-06 13:27:46 +02:00
Mariusz Felisiak
9aeac29949
Removed unnecessary backslashes from docs.
2019-06-20 14:04:36 +02:00
Mariusz Felisiak
8bdc7a6778
Doc'd that extra_email_context can be used to override default template context values in PasswordResetView.
2019-05-27 12:05:48 +02:00
Rob
58df8aa40f
Fixed #28780 -- Allowed specyfing a token parameter displayed in password reset URLs.
...
Co-authored-by: Tim Givois <tim.givois.mendez@gmail.com>
2019-05-24 08:40:25 +02:00
Luke Plant
0c916255eb
Changed tuple Mate.unique_together/permissions to lists in docs.
2019-04-24 10:06:00 +02:00
Tim Graham
ec7e179aeb
Removed versionadded/changed annotations for 2.1.
2019-01-17 10:50:25 -05:00
Arthur Rio
181fb60159
Fixed #11154 , #22270 -- Made proxy model permissions use correct content type.
...
Co-Authored-By: Simon Charette <charette.s@gmail.com>
Co-Authored-By: Antoine Catton <acatton@fusionbox.com>
2019-01-16 10:07:28 -05:00
Tim Graham
043407ec7e
Fixed #29880 -- Fixed typo in docs/topics/auth/default.txt.
2018-10-22 15:16:11 -04:00
Stephen James
e40e7026ca
Fixed #29683 -- Added view permission to docs.
2018-09-26 15:06:43 -04:00