1
0
mirror of https://github.com/django/django.git synced 2024-12-22 17:16:24 +00:00
Commit Graph

181 Commits

Author SHA1 Message Date
Natalia
8c35a0a903 Fixed CVE-2024-45231 -- Avoided server error on password reset when email sending fails.
On successful submission of a password reset request, an email is sent
to the accounts known to the system. If sending this email fails (due to
email backend misconfiguration, service provider outage, network issues,
etc.), an attacker might exploit this by detecting which password reset
requests succeed and which ones generate a 500 error response.

Thanks to Thibaut Spriet for the report, and to Mariusz Felisiak, Adam
Johnson, and Sarah Boyce for the reviews.
2024-09-03 09:22:32 -03:00
nessita
7adb6dd98d
Sorted alphabetically forms list in docs/topics/auth/default.txt. 2024-08-22 09:14:11 -03:00
Natalia
0ebed5fa95 Fixed #35678 -- Removed "usable_password" field from BaseUserCreationForm.
Refs #34429: Following the implementation allowing the setting of
unusable passwords via the admin site, the `BaseUserCreationForm` and
`UserCreationForm` were extended to include a new field for choosing
whether password-based authentication for the new user should be enabled
or disabled at creation time.
Given that these forms are designed to be extended when implementing
custom user models, this branch ensures that this new field is moved to
a new, admin-dedicated, user creation form `AdminUserCreationForm`.

Regression in e626716c28.

Thanks Simon Willison for the report, Fabian Braun and Sarah Boyce for
the review.
2024-08-19 12:39:57 -03:00
Adam Johnson
49815f70e4 Refs #31405 -- Improved LoginRequiredMiddleware documentation.
co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-08-08 10:05:31 +02:00
Natalia
05cce083ad Removed versionadded/changed annotations for 5.0.
This also removes remaining versionadded/changed annotations for older
versions.
2024-05-22 15:44:07 -03:00
Hisham Mahmood
c7fc9f20b4 Fixed #31405 -- Added LoginRequiredMiddleware.
Co-authored-by: Adam Johnson <me@adamj.eu>
Co-authored-by: Mehmet İnce <mehmet@mehmetince.net>
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-05-22 08:51:17 +02:00
Dingning
549320946d Fixed #35030 -- Made django.contrib.auth decorators to work with async functions. 2024-03-07 09:59:33 +01:00
Fabian Braun
e626716c28 Fixed #34429 -- Allowed setting unusable passwords for users in the auth forms.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2024-02-20 12:13:32 -03:00
Mariusz Felisiak
305757aec1
Applied Black's 2024 stable style.
https://github.com/psf/black/releases/tag/24.1.0
2024-01-26 12:45:07 +01:00
Adrienne Franke
8570e091d0
Fixed typo in docs/topics/auth/default.txt. 2024-01-22 17:43:13 +01:00
Mariusz Felisiak
86c45d8bc6
Fixed typos in docs. 2023-12-15 07:54:02 +01:00
Mariusz Felisiak
295467c04a Removed versionadded/changed annotations for 4.2.
This also removes remaining versionadded/changed annotations for older
versions.
2023-09-18 22:12:40 +02:00
Mariusz Felisiak
e2a3a896cf
Refs #15619 -- Removed deprecated annotation about logging out via GET requests.
Follow up to 6c57c08ae5.
2023-09-14 19:49:06 +02:00
Jon Janzen
5e98959d92 Fixed #34391 -- Added async-compatible interface to auth functions and related methods test clients. 2023-06-27 11:17:17 +02:00
Tim Graham
2c4dc64760 Used extlinks for PyPI links.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2023-04-17 06:55:32 +02:00
Jon Janzen
e846c5e724 Fixed #31920 -- Made AuthenticationMiddleware add request.auser(). 2023-03-07 13:11:22 +01:00
django-bot
14459f80ee Fixed #34140 -- Reformatted code blocks in docs with blacken-docs. 2023-03-01 13:03:56 +01:00
Joseph Victor Zammit
ba755ca131 Refs #34140 -- Corrected rst code-block and various formatting issues in docs. 2023-02-28 12:21:37 +01:00
Carlton Gibson
534ac48297 Refs #34140 -- Applied rst code-block to non-Python examples.
Thanks to J.V. Zammit, Paolo Melchiorre, and Mariusz Felisiak for
reviews.
2023-02-10 19:19:13 +01:00
Mariusz Felisiak
9a01311d20 Refs #15619 -- Removed support for logging out via GET requests.
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Paul Schilling
298d02a77a Fixed #25617 -- Added case-insensitive unique username validation in UserCreationForm.
Co-Authored-By: Neven Mundar <nmundar@gmail.com>
2022-12-29 09:42:22 +01:00
sdolemelipone
9d726c7902 Fixed #34187 -- Made UserCreationForm save many-to-many fields. 2022-11-29 05:56:53 +01:00
Tony Lechner
b088cc2fea
Fixed #34154 -- Made mixin headers consistent in auth docs. 2022-11-14 05:28:27 +01:00
Trey Hunner
fad070b07b
Improved readability of string interpolation in frequently used examples in docs. 2022-11-10 13:18:38 +01:00
Alex Morega
de6c9c7054 Refs #30947 -- Changed tuples to lists where appropriate. 2022-08-30 09:57:17 +02:00
Carlton Gibson
ca1c3151c3 Removed versionadded/changed annotations for 4.0. 2022-05-17 14:22:06 +02:00
René Fleschenberg
eb07b5be0c Fixed #15619 -- Deprecated log out via GET requests.
Thanks Florian Apolloner for the implementation idea.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-03-29 06:42:14 +02:00
tschilling
0dcd549bbe Fixed #30360 -- Added support for secret key rotation.
Thanks Florian Apolloner for the implementation idea.

Co-authored-by: Andreas Pelme <andreas@pelme.se>
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com>
2022-02-01 11:12:24 +01:00
Brad Solomon
b55ebe3241 Fixed #33443 -- Clarified when PasswordResetView sends an email. 2022-01-17 07:44:46 +01:00
David
cc8e771c64 Fixed malformed attribute directives in docs. 2022-01-05 08:11:13 +01:00
Andrew Northall
c23aa73626 Fixed #32964 -- Corrected 'setup'/'set up' usage in docs. 2021-08-17 12:18:07 +02:00
David Smith
1024b5e74a Fixed 32956 -- Lowercased spelling of "web" and "web framework" where appropriate. 2021-07-29 06:24:12 +02:00
ThinkChaos
b99d6c9cbc Fixed #28216 -- Added next_page/get_default_redirect_url() to LoginView. 2021-02-08 21:08:05 +01:00
Mariusz Felisiak
59841170ba
Used .. attribute:: directive in authentication views docs. 2021-02-08 18:12:58 +01:00
Nick Pope
feb91dbda1 Used :mimetype: role in various docs. 2020-05-13 09:14:04 +02:00
Mariusz Felisiak
4c5236ef93 Removed versionadded/changed annotations for 3.0. 2020-05-13 09:07:51 +02:00
François Freitag
9ef4a18dbe Changed django.forms.ValidationError imports to django.core.exceptions.ValidationError.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-04-28 10:49:00 +02:00
Mariusz Felisiak
ca769c8c13
Fixed #31505 -- Doc'd possible email addresses enumeration in PasswordResetView. 2020-04-27 18:06:11 +02:00
Tanmay Vijay
e43abbbd70 Doc'd PasswordChangeView/PasswordResetView.success_url defaults. 2020-04-24 08:21:51 +02:00
Hasan Ramezani
b7795d7673 Fixed #30040 -- Used default permission name in docs examples to avoid confusion. 2020-02-19 15:39:47 +01:00
Mariusz Felisiak
416c584cab Removed versionadded/changed annotations for 2.2. 2019-09-10 12:01:00 +02:00
Tobias Kunze
4a954cfd11 Fixed #30573 -- Rephrased documentation to avoid words that minimise the involved difficulty.
This patch does not remove all occurrences of the words in question.
Rather, I went through all of the occurrences of the words listed
below, and judged if they a) suggested the reader had some kind of
knowledge/experience, and b) if they added anything of value (including
tone of voice, etc). I left most of the words alone. I looked at the
following words:

- simply/simple
- easy/easier/easiest
- obvious
- just
- merely
- straightforward
- ridiculous

Thanks to Carlton Gibson for guidance on how to approach this issue, and
to Tim Bell for providing the idea. But the enormous lion's share of
thanks go to Adam Johnson for his patient and helpful review.
2019-09-06 13:27:46 +02:00
Mariusz Felisiak
9aeac29949
Removed unnecessary backslashes from docs. 2019-06-20 14:04:36 +02:00
Mariusz Felisiak
8bdc7a6778
Doc'd that extra_email_context can be used to override default template context values in PasswordResetView. 2019-05-27 12:05:48 +02:00
Rob
58df8aa40f Fixed #28780 -- Allowed specyfing a token parameter displayed in password reset URLs.
Co-authored-by: Tim Givois <tim.givois.mendez@gmail.com>
2019-05-24 08:40:25 +02:00
Luke Plant
0c916255eb Changed tuple Mate.unique_together/permissions to lists in docs. 2019-04-24 10:06:00 +02:00
Tim Graham
ec7e179aeb Removed versionadded/changed annotations for 2.1. 2019-01-17 10:50:25 -05:00
Arthur Rio
181fb60159 Fixed #11154, #22270 -- Made proxy model permissions use correct content type.
Co-Authored-By: Simon Charette <charette.s@gmail.com>
Co-Authored-By: Antoine Catton <acatton@fusionbox.com>
2019-01-16 10:07:28 -05:00
Tim Graham
043407ec7e Fixed #29880 -- Fixed typo in docs/topics/auth/default.txt. 2018-10-22 15:16:11 -04:00
Stephen James
e40e7026ca Fixed #29683 -- Added view permission to docs. 2018-09-26 15:06:43 -04:00