mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-04-15 04:44:37 +00:00
Code Issues 32 Releases Wiki Activity
31,764 Commits 29 Branches 441 Tags
Commit Graph

337 Commits

Author SHA1 Message Date
Natalia
bf4888d317 [4.2.x] Fixed CVE-2024-45231 -- Avoided server error on password reset when email sending fails. 
On successful submission of a password reset request, an email is sent
to the accounts known to the system. If sending this email fails (due to
email backend misconfiguration, service provider outage, network issues,
etc.), an attacker might exploit this by detecting which password reset
requests succeed and which ones generate a 500 error response.

Thanks to Thibaut Spriet for the report, and to Mariusz Felisiak, Adam
Johnson, and Sarah Boyce for the reviews.
 2024-09-03 09:42:25 -03:00
Markus Amalthea Magnuson
47f9b8dca1 [4.2.x] Fixed #34970 -- Clarified Password Validation docs regarding the password_changed callback. 
Backport of 61c305f298da1b4079a80721c861d0663dc8717e from main
 2023-11-15 21:51:32 -03:00
Tim Graham
26f181939e [4.2.x] Used extlinks for PyPI links. 
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>

Backport of 2c4dc6476083c853b654e462c7ff65dbe0334c9e from main
 2023-04-17 07:44:29 +02:00
David Wobrock
6937c92169 [4.2.x] Fixed #34384 -- Fixed session validation when rotation secret keys. 
Bug in 0dcd549bbe36c060f536ec270d34d9e7d4b8e6c7.

Thanks Eric Zarowny for the report.

Backport of 2396933ca99c6bfb53bda9e53968760316646e01 from main
 2023-03-08 11:33:03 +01:00
django-bot
62510f01e7 [4.2.x] Fixed #34140 -- Reformatted code blocks in docs with blacken-docs. 2023-03-01 13:39:03 +01:00
Joseph Victor Zammit
5bdd6223a2 [4.2.x] Refs #34140 -- Corrected rst code-block and various formatting issues in docs. 
Backport of ba755ca13123d2691a0926ddb64e5d0a2906a880 from main
 2023-02-28 12:54:33 +01:00
Carlton Gibson
b784768eef [4.2.x] Refs #34140 -- Applied rst code-block to non-Python examples. 
Thanks to J.V. Zammit, Paolo Melchiorre, and Mariusz Felisiak for
reviews.

Backport of 534ac4829764f317cf2fbc4a18354fcc998c1425 from main.
 2023-02-10 21:12:06 +01:00
fschwebel
5159e05e40 [4.2.x] Fixed typo in docs/topics/auth/passwords.txt. 
Wrapped hashing is only possible if the inner wrapped function is the
same as the previous hasher.
Backport of 0265b1b49ba10f957abfd1311d0bae0ecefc3111 from main
 2023-01-30 08:32:13 +01:00
Paul Schilling
298d02a77a Fixed #25617 -- Added case-insensitive unique username validation in UserCreationForm. 
Co-Authored-By: Neven Mundar <nmundar@gmail.com>
 2022-12-29 09:42:22 +01:00
sdolemelipone
9d726c7902 Fixed #34187 -- Made UserCreationForm save many-to-many fields. 2022-11-29 05:56:53 +01:00
Mariusz Felisiak
662497cece
Doc's check_password()'s setter and preferred arguments. 
Follow up to 90e05aaeac612a4251640564aa65f103ac635e12.
 2022-11-28 08:13:51 +01:00
Tony Lechner
b088cc2fea
Fixed #34154 -- Made mixin headers consistent in auth docs. 2022-11-14 05:28:27 +01:00
Trey Hunner
fad070b07b
Improved readability of string interpolation in frequently used examples in docs. 2022-11-10 13:18:38 +01:00
Paolo Melchiorre
fa3afc5d86 Fixed #34056 -- Updated the list of common passwords for CommonPasswordValidator. 2022-09-28 18:40:05 +02:00
Ritik Soni
c11336cd99
Fixed #34017 -- Doc'd that Argon2id variant is used by Argon2PasswordHasher. 2022-09-17 09:49:09 +02:00
DevilsAutumn
6b0bbaf453 Fixed #34019 -- Removed obsolete references to "model design considerations" note. 2022-09-17 08:02:13 +02:00
Alex Morega
de6c9c7054 Refs #30947 -- Changed tuples to lists where appropriate. 2022-08-30 09:57:17 +02:00
Claude Paroz
3b79dab19a Refs #33691 -- Deprecated insecure password hashers. 
SHA1PasswordHasher, UnsaltedSHA1PasswordHasher, and UnsaltedMD5PasswordHasher
are now deprecated.
 2022-07-23 21:29:31 +02:00
Ciaran McCormick
286e7d076c Fixed #33764 -- Deprecated BaseUserManager.make_random_password(). 2022-06-03 07:30:57 +02:00
Mariusz Felisiak
ac90529cc5 Fixed docs build with sphinxcontrib-spelling 7.5.0+. 
sphinxcontrib-spelling 7.5.0+ includes captions of figures in the set
of nodes for which the text is checked.
 2022-05-31 11:17:01 +02:00
Carlton Gibson
ca1c3151c3 Removed versionadded/changed annotations for 4.0. 2022-05-17 14:22:06 +02:00
Mariusz Felisiak
02dbf1667c
Fixed #33691 -- Deprecated django.contrib.auth.hashers.CryptPasswordHasher. 2022-05-11 09:13:45 +02:00
David
ce586ed693 Removed hyphen from pre-/re- prefixes. 
"prepopulate", "preload", and "preprocessing" are already in the
spelling_wordlist.

This also removes hyphen from double "e" combinations with "pre" and
"re", e.g. preexisting, preempt, reestablish, or reenter.

See also:
- https://ahdictionary.com/word/search.html?q=rerun
- https://ahdictionary.com/word/search.html?q=recreate
- https://ahdictionary.com/word/search.html?q=predetermined
- https://ahdictionary.com/word/search.html?q=reuse
- https://ahdictionary.com/word/search.html?q=reopening
 2022-04-28 10:44:14 +02:00
Lucidiot
13a9cde133 Fixed #33613 -- Made createsuperuser detect uniqueness of USERNAME_FIELD when using Meta.constraints. 2022-04-01 11:39:41 +02:00
René Fleschenberg
eb07b5be0c Fixed #15619 -- Deprecated log out via GET requests. 
Thanks Florian Apolloner for the implementation idea.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2022-03-29 06:42:14 +02:00
tschilling
0dcd549bbe Fixed #30360 -- Added support for secret key rotation. 
Thanks Florian Apolloner for the implementation idea.

Co-authored-by: Andreas Pelme <andreas@pelme.se>
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com>
 2022-02-01 11:12:24 +01:00
Brad Solomon
b55ebe3241 Fixed #33443 -- Clarified when PasswordResetView sends an email. 2022-01-17 07:44:46 +01:00
Adam Johnson
652c68ffee
Clarified how contrib.auth picks a password hasher for verification. 2022-01-13 20:46:18 +01:00
David
cc8e771c64 Fixed malformed attribute directives in docs. 2022-01-05 08:11:13 +01:00
Florian Apolloner
968a3d01fa Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator. 
Thanks Chris Bailey for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
 2022-01-04 10:02:05 +01:00
Mariusz Felisiak
ad6bb20557
Avoided counting attributes and methods in docs. 2021-12-28 12:36:57 +01:00
Adam Johnson
b0d16d0129 Changed signatures of setting_changed signal receivers. 2021-12-17 13:07:04 +01:00
Adam Johnson
41329b9852
Improved wording in password validators docs and docstrings. 2021-12-13 18:53:07 +01:00
Mariusz Felisiak
fd881e8cd9
Refs #33207 -- Clarified that AUTH_USER_MODEL expects an app label. 2021-10-19 13:05:13 +02:00
Mariusz Felisiak
97237ad3fe Removed versionadded/changed annotations for 3.2. 2021-09-20 21:23:01 +02:00
Andrew Northall
c23aa73626 Fixed #32964 -- Corrected 'setup'/'set up' usage in docs. 2021-08-17 12:18:07 +02:00
David Smith
1024b5e74a Fixed 32956 -- Lowercased spelling of "web" and "web framework" where appropriate. 2021-07-29 06:24:12 +02:00
ryowright
1783b3cb24 Fixed #32275 -- Added scrypt password hasher. 
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2021-07-22 12:40:33 +02:00
yyyyyyyan
e197dcca36 Clarified docs about increasing the work factor for bcrypt hasher. 2021-05-20 20:24:51 +02:00
Nick Pope
c156e36955 Refs #32720 -- Updated various links in docs to avoid redirects and use HTTPS. 2021-05-17 09:46:09 +02:00
ThinkChaos
b99d6c9cbc Fixed #28216 -- Added next_page/get_default_redirect_url() to LoginView. 2021-02-08 21:08:05 +01:00
Mariusz Felisiak
59841170ba
Used .. attribute:: directive in authentication views docs. 2021-02-08 18:12:58 +01:00
Mariusz Felisiak
b7dd89ed53 Removed versionadded/changed annotations for 3.1. 2021-01-14 17:50:04 +01:00
Jon Moroney
76ae6ccf85 Fixed #31358 -- Increased salt entropy of password hashers. 
Co-authored-by: Florian Apolloner <florian@apolloner.eu>
 2021-01-14 11:20:28 +01:00
Timo Ludwig
d8dfff2ab0 Fixed #32235 -- Made ReadOnlyPasswordHashField disabled by default. 2020-12-03 09:32:08 +01:00
Roy Zheng
804f2b7024 Added note about password updates on argon2 attributes change. 2020-08-11 07:51:27 +02:00
Nick Pope
feb91dbda1 Used :mimetype: role in various docs. 2020-05-13 09:14:04 +02:00
Mariusz Felisiak
4c5236ef93 Removed versionadded/changed annotations for 3.0. 2020-05-13 09:07:51 +02:00
Mariusz Felisiak
54646a423b
Refs #27468 -- Made user sessions use SHA-256 algorithm. 2020-04-29 16:45:00 +02:00
François Freitag
9ef4a18dbe Changed django.forms.ValidationError imports to django.core.exceptions.ValidationError. 
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2020-04-28 10:49:00 +02:00