mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2024-12-28 20:16:19 +00:00
Code Issues 30 Releases Wiki Activity
31,374 Commits 28 Branches 426 Tags 680 MiB
1452e7cb7f
Commit Graph

72 Commits

Author SHA1 Message Date
Mariusz Felisiak
662497cece
Doc's check_password()'s setter and preferred arguments. 
Follow up to 90e05aaeac.
 2022-11-28 08:13:51 +01:00
Paolo Melchiorre
fa3afc5d86 Fixed #34056 -- Updated the list of common passwords for CommonPasswordValidator. 2022-09-28 18:40:05 +02:00
Ritik Soni
c11336cd99
Fixed #34017 -- Doc'd that Argon2id variant is used by Argon2PasswordHasher. 2022-09-17 09:49:09 +02:00
Claude Paroz
3b79dab19a Refs #33691 -- Deprecated insecure password hashers. 
SHA1PasswordHasher, UnsaltedSHA1PasswordHasher, and UnsaltedMD5PasswordHasher
are now deprecated.
 2022-07-23 21:29:31 +02:00
Mariusz Felisiak
ac90529cc5 Fixed docs build with sphinxcontrib-spelling 7.5.0+. 
sphinxcontrib-spelling 7.5.0+ includes captions of figures in the set
of nodes for which the text is checked.
 2022-05-31 11:17:01 +02:00
Carlton Gibson
ca1c3151c3 Removed versionadded/changed annotations for 4.0. 2022-05-17 14:22:06 +02:00
Mariusz Felisiak
02dbf1667c
Fixed #33691 -- Deprecated django.contrib.auth.hashers.CryptPasswordHasher. 2022-05-11 09:13:45 +02:00
Adam Johnson
652c68ffee
Clarified how contrib.auth picks a password hasher for verification. 2022-01-13 20:46:18 +01:00
Florian Apolloner
968a3d01fa Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator. 
Thanks Chris Bailey for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
 2022-01-04 10:02:05 +01:00
Mariusz Felisiak
ad6bb20557
Avoided counting attributes and methods in docs. 2021-12-28 12:36:57 +01:00
Adam Johnson
41329b9852
Improved wording in password validators docs and docstrings. 2021-12-13 18:53:07 +01:00
Mariusz Felisiak
97237ad3fe Removed versionadded/changed annotations for 3.2. 2021-09-20 21:23:01 +02:00
ryowright
1783b3cb24 Fixed #32275 -- Added scrypt password hasher. 
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2021-07-22 12:40:33 +02:00
yyyyyyyan
e197dcca36 Clarified docs about increasing the work factor for bcrypt hasher. 2021-05-20 20:24:51 +02:00
Nick Pope
c156e36955 Refs #32720 -- Updated various links in docs to avoid redirects and use HTTPS. 2021-05-17 09:46:09 +02:00
Mariusz Felisiak
b7dd89ed53 Removed versionadded/changed annotations for 3.1. 2021-01-14 17:50:04 +01:00
Jon Moroney
76ae6ccf85 Fixed #31358 -- Increased salt entropy of password hashers. 
Co-authored-by: Florian Apolloner <florian@apolloner.eu>
 2021-01-14 11:20:28 +01:00
Roy Zheng
804f2b7024 Added note about password updates on argon2 attributes change. 2020-08-11 07:51:27 +02:00
Hasan Ramezani
8aa71f4e87 Fixed #31375 -- Made contrib.auth.hashers.make_password() accept only bytes or strings. 2020-03-31 10:52:56 +02:00
Jon Dufresne
85efc14a2e Fixed #30948 -- Changed packaging to use declarative config in setup.cfg. 
Co-authored-by: Nick Pope <nick.pope@flightdataservices.com>
 2019-11-08 14:14:13 +01:00
Tobias Kunze
4a954cfd11 Fixed #30573 -- Rephrased documentation to avoid words that minimise the involved difficulty. 
This patch does not remove all occurrences of the words in question.
Rather, I went through all of the occurrences of the words listed
below, and judged if they a) suggested the reader had some kind of
knowledge/experience, and b) if they added anything of value (including
tone of voice, etc). I left most of the words alone. I looked at the
following words:

- simply/simple
- easy/easier/easiest
- obvious
- just
- merely
- straightforward
- ridiculous

Thanks to Carlton Gibson for guidance on how to approach this issue, and
to Tim Bell for providing the idea. But the enormous lion's share of
thanks go to Adam Johnson for his patient and helpful review.
 2019-09-06 13:27:46 +02:00
Ramiro Morales
aed89adad5 Fixed #30367 -- Changed "pip install" to "python -m pip install" in docs, comments and hints. 2019-04-18 14:41:15 +02:00
Mariusz Felisiak
25829197bb
Removed extra characters in docs header underlines. 2019-02-08 21:38:30 +01:00
Tim Graham
ec7e179aeb Removed versionadded/changed annotations for 2.1. 2019-01-17 10:50:25 -05:00
François Freitag
9b15ff08ba Used auto-numbered lists in documentation. 2018-11-15 13:54:28 -05:00
Curtis Maloney
c49ea6f591 Refs #20910 -- Replaced snippet directive with code-block. 2018-09-10 13:00:34 -04:00
adamth
acf9d64045 Fixed typos in docs/topics/auth/passwords.txt. 2018-04-23 07:37:26 -04:00
Brett Cannon
64b74804c5 Fixed #29334 -- Updated pypi.python.org URLs to pypi.org. 2018-04-17 20:24:27 -04:00
GS-14
93331877c8 Fixed #29274 -- Increased the number of common passwords from 1k to 20k. 2018-04-16 11:01:47 -04:00
Tim Graham
a4f0e9aec7 Fixed #28718 -- Allowed user to request a password reset if their password doesn't use an enabled hasher. 
Regression in aeb1389442.
Reverted changes to is_password_usable() from
703c266682 and documentation changes from
92f48680db.
 2018-03-22 10:03:43 -04:00
Tim Graham
5b589a47b9
Fixed #29161 -- Removed BCryptPasswordHasher from PASSWORD_HASHERS. 2018-02-26 09:05:18 -05:00
Karmen
4fcd28d442 Fixed #28881 -- Doc'd that CommonPasswordValidator's password list must be lowercase. 2018-01-15 10:16:27 -05:00
Mariusz Felisiak
081e787160 Refs #23919 -- Stopped inheriting from object to define new style classes. 
Tests and docs complement to cecc079168.
 2017-06-26 10:30:31 -04:00
Claude Paroz
c651331b34 Converted usage of ugettext* functions to their gettext* aliases 
Thanks Tim Graham for the review.
 2017-02-07 09:04:04 +01:00
chillaranand
dc165ec8e5 Refs #23919 -- Replaced super(ClassName, self) with super() in docs. 2017-01-25 11:53:05 -05:00
Tim Graham
e27e4c0339 Removed versionadded/changed annotations for 1.10. 2017-01-17 20:52:05 -05:00
Tim Graham
0d9ff873d9 Fixed #27467 -- Made UserAttributeSimilarityValidator max_similarity=0/1 work as documented. 
Thanks goblinJoel for the report and feedback.
 2016-11-16 17:40:37 -05:00
Tim Graham
9f27735612 Fixed #27013 -- Clarified commands to install argon2/bcrypt packages. 2016-08-19 19:23:12 -04:00
Tim Graham
796cc62026 Fixed #27045 -- Documented that AUTH_PASSWORD_VALIDATORS aren't applied at the model level. 2016-08-10 15:52:16 -04:00
Jiang Haiyun
6d61ec0e1a Fixed a typo in auth docs. 2016-07-04 11:02:11 -04:00
Ville Skyttä
96f97691ad Fixed broken links in docs and comments. 2016-06-15 21:20:23 -04:00
Bas Westerbaan
9407cc966b Fixed #26635 -- Clarified Argon2PasswordHasher's memory_cost differs from command line utility. 2016-05-27 18:37:12 -04:00
Tim Graham
46a38307c2 Removed versionadded/changed annotations for 1.9. 2016-05-20 11:44:29 -04:00
Bas Westerbaan
b4250ea04a Fixed #26033 -- Added Argon2 password hasher. 2016-03-08 11:22:18 -05:00
Florian Apolloner
67b46ba701 Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login. 
This is a security fix.
 2016-03-01 11:25:28 -05:00
Tim Graham
47b5a6a43c Fixed #26187 -- Removed weak password hashers from PASSWORD_HASHERS. 2016-02-22 18:59:23 -05:00
Markus Holtermann
b14470c7b7 Fixed spelling error 2016-02-23 10:24:38 +11:00
Tim Graham
5a541e2e6c Fixed #26188 -- Documented how to wrap password hashers. 2016-02-22 17:21:45 -05:00
rowanv
a6ef025dfb Fixed #26124 -- Added missing code formatting to docs headers. 2016-02-01 10:42:05 -05:00
Eliezer Kanal
d3b488f5bd Updated link to 1000 common passwords. 
xato.net is dead; replaced with link to archive.org.
 2015-12-02 12:57:02 -05:00