Jon Janzen
50f89ae850
Fixed #35303 -- Implemented async auth backends and utils.
2024-10-07 14:19:41 +02:00
Carlton Gibson
c0128e3a81
Fixed #35767 -- Adjusted customizing User model docs.
2024-09-16 17:40:11 -03:00
Natalia
8c35a0a903
Fixed CVE-2024-45231 -- Avoided server error on password reset when email sending fails.
...
On successful submission of a password reset request, an email is sent
to the accounts known to the system. If sending this email fails (due to
email backend misconfiguration, service provider outage, network issues,
etc.), an attacker might exploit this by detecting which password reset
requests succeed and which ones generate a 500 error response.
Thanks to Thibaut Spriet for the report, and to Mariusz Felisiak, Adam
Johnson, and Sarah Boyce for the reviews.
2024-09-03 09:22:32 -03:00
nessita
7adb6dd98d
Sorted alphabetically forms list in docs/topics/auth/default.txt.
2024-08-22 09:14:11 -03:00
Natalia
0ebed5fa95
Fixed #35678 -- Removed "usable_password" field from BaseUserCreationForm.
...
Refs #34429 : Following the implementation allowing the setting of
unusable passwords via the admin site, the `BaseUserCreationForm` and
`UserCreationForm` were extended to include a new field for choosing
whether password-based authentication for the new user should be enabled
or disabled at creation time.
Given that these forms are designed to be extended when implementing
custom user models, this branch ensures that this new field is moved to
a new, admin-dedicated, user creation form `AdminUserCreationForm`.
Regression in e626716c28
.
Thanks Simon Willison for the report, Fabian Braun and Sarah Boyce for
the review.
2024-08-19 12:39:57 -03:00
Adam Johnson
49815f70e4
Refs #31405 -- Improved LoginRequiredMiddleware documentation.
...
co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-08-08 10:05:31 +02:00
Claude Paroz
4686541691
Migrated setuptools configuration to pyproject.toml.
...
This branch migrates setuptools configuration from setup.py/setup.cfg to
pyproject.toml. In order to ensure that the generated binary files have
consistent casing (both the tarball and the wheel), setuptools version
is limited to ">=61.0.0,<69.3.0".
Configuration for flake8 was moved to a dedicated .flake8 file since
it cannot be configured via pyproject.toml.
Also, __pycache__ exclusion was removed from MANIFEST and the
extras/Makefile was replaced with a simpler build command.
Co-authored-by: Nick Pope <nick@nickpope.me.uk>
2024-06-24 15:34:43 -03:00
Natalia
05cce083ad
Removed versionadded/changed annotations for 5.0.
...
This also removes remaining versionadded/changed annotations for older
versions.
2024-05-22 15:44:07 -03:00
Hisham Mahmood
c7fc9f20b4
Fixed #31405 -- Added LoginRequiredMiddleware.
...
Co-authored-by: Adam Johnson <me@adamj.eu>
Co-authored-by: Mehmet İnce <mehmet@mehmetince.net>
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-05-22 08:51:17 +02:00
Dingning
549320946d
Fixed #35030 -- Made django.contrib.auth decorators to work with async functions.
2024-03-07 09:59:33 +01:00
Fabian Braun
e626716c28
Fixed #34429 -- Allowed setting unusable passwords for users in the auth forms.
...
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2024-02-20 12:13:32 -03:00
Mariusz Felisiak
305757aec1
Applied Black's 2024 stable style.
...
https://github.com/psf/black/releases/tag/24.1.0
2024-01-26 12:45:07 +01:00
Adrienne Franke
8570e091d0
Fixed typo in docs/topics/auth/default.txt.
2024-01-22 17:43:13 +01:00
Mariusz Felisiak
86c45d8bc6
Fixed typos in docs.
2023-12-15 07:54:02 +01:00
Markus Amalthea Magnuson
61c305f298
Fixed #34970 -- Clarified Password Validation docs regarding the password_changed callback.
2023-11-15 15:35:25 -03:00
Mariusz Felisiak
00e1879610
Refs #33764 -- Removed BaseUserManager.make_random_password() per deprecation timeline.
2023-09-18 22:12:40 +02:00
Mariusz Felisiak
295467c04a
Removed versionadded/changed annotations for 4.2.
...
This also removes remaining versionadded/changed annotations for older
versions.
2023-09-18 22:12:40 +02:00
Mariusz Felisiak
e2a3a896cf
Refs #15619 -- Removed deprecated annotation about logging out via GET requests.
...
Follow up to 6c57c08ae5
.
2023-09-14 19:49:06 +02:00
Jon Janzen
5e98959d92
Fixed #34391 -- Added async-compatible interface to auth functions and related methods test clients.
2023-06-27 11:17:17 +02:00
HappyDingning
674c23999c
Fixed #34565 -- Added support for async checking of user passwords.
2023-05-18 09:39:04 +02:00
Tim Graham
2c4dc64760
Used extlinks for PyPI links.
...
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2023-04-17 06:55:32 +02:00
David Wobrock
2396933ca9
Fixed #34384 -- Fixed session validation when rotation secret keys.
...
Bug in 0dcd549bbe
.
Thanks Eric Zarowny for the report.
2023-03-08 10:48:04 +01:00
Jon Janzen
e846c5e724
Fixed #31920 -- Made AuthenticationMiddleware add request.auser().
2023-03-07 13:11:22 +01:00
django-bot
14459f80ee
Fixed #34140 -- Reformatted code blocks in docs with blacken-docs.
2023-03-01 13:03:56 +01:00
Joseph Victor Zammit
ba755ca131
Refs #34140 -- Corrected rst code-block and various formatting issues in docs.
2023-02-28 12:21:37 +01:00
Carlton Gibson
534ac48297
Refs #34140 -- Applied rst code-block to non-Python examples.
...
Thanks to J.V. Zammit, Paolo Melchiorre, and Mariusz Felisiak for
reviews.
2023-02-10 19:19:13 +01:00
fschwebel
0265b1b49b
Fixed typo in docs/topics/auth/passwords.txt.
...
Wrapped hashing is only possible if the inner wrapped function is the
same as the previous hasher.
2023-01-30 08:31:39 +01:00
Mariusz Felisiak
9a01311d20
Refs #15619 -- Removed support for logging out via GET requests.
...
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Paul Schilling
298d02a77a
Fixed #25617 -- Added case-insensitive unique username validation in UserCreationForm.
...
Co-Authored-By: Neven Mundar <nmundar@gmail.com>
2022-12-29 09:42:22 +01:00
sdolemelipone
9d726c7902
Fixed #34187 -- Made UserCreationForm save many-to-many fields.
2022-11-29 05:56:53 +01:00
Mariusz Felisiak
662497cece
Doc's check_password()'s setter and preferred arguments.
...
Follow up to 90e05aaeac
.
2022-11-28 08:13:51 +01:00
Tony Lechner
b088cc2fea
Fixed #34154 -- Made mixin headers consistent in auth docs.
2022-11-14 05:28:27 +01:00
Trey Hunner
fad070b07b
Improved readability of string interpolation in frequently used examples in docs.
2022-11-10 13:18:38 +01:00
Paolo Melchiorre
fa3afc5d86
Fixed #34056 -- Updated the list of common passwords for CommonPasswordValidator.
2022-09-28 18:40:05 +02:00
Ritik Soni
c11336cd99
Fixed #34017 -- Doc'd that Argon2id variant is used by Argon2PasswordHasher.
2022-09-17 09:49:09 +02:00
DevilsAutumn
6b0bbaf453
Fixed #34019 -- Removed obsolete references to "model design considerations" note.
2022-09-17 08:02:13 +02:00
Alex Morega
de6c9c7054
Refs #30947 -- Changed tuples to lists where appropriate.
2022-08-30 09:57:17 +02:00
Claude Paroz
3b79dab19a
Refs #33691 -- Deprecated insecure password hashers.
...
SHA1PasswordHasher, UnsaltedSHA1PasswordHasher, and UnsaltedMD5PasswordHasher
are now deprecated.
2022-07-23 21:29:31 +02:00
Ciaran McCormick
286e7d076c
Fixed #33764 -- Deprecated BaseUserManager.make_random_password().
2022-06-03 07:30:57 +02:00
Mariusz Felisiak
ac90529cc5
Fixed docs build with sphinxcontrib-spelling 7.5.0+.
...
sphinxcontrib-spelling 7.5.0+ includes captions of figures in the set
of nodes for which the text is checked.
2022-05-31 11:17:01 +02:00
Carlton Gibson
ca1c3151c3
Removed versionadded/changed annotations for 4.0.
2022-05-17 14:22:06 +02:00
Mariusz Felisiak
02dbf1667c
Fixed #33691 -- Deprecated django.contrib.auth.hashers.CryptPasswordHasher.
2022-05-11 09:13:45 +02:00
David
ce586ed693
Removed hyphen from pre-/re- prefixes.
...
"prepopulate", "preload", and "preprocessing" are already in the
spelling_wordlist.
This also removes hyphen from double "e" combinations with "pre" and
"re", e.g. preexisting, preempt, reestablish, or reenter.
See also:
- https://ahdictionary.com/word/search.html?q=rerun
- https://ahdictionary.com/word/search.html?q=recreate
- https://ahdictionary.com/word/search.html?q=predetermined
- https://ahdictionary.com/word/search.html?q=reuse
- https://ahdictionary.com/word/search.html?q=reopening
2022-04-28 10:44:14 +02:00
Lucidiot
13a9cde133
Fixed #33613 -- Made createsuperuser detect uniqueness of USERNAME_FIELD when using Meta.constraints.
2022-04-01 11:39:41 +02:00
René Fleschenberg
eb07b5be0c
Fixed #15619 -- Deprecated log out via GET requests.
...
Thanks Florian Apolloner for the implementation idea.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-03-29 06:42:14 +02:00
tschilling
0dcd549bbe
Fixed #30360 -- Added support for secret key rotation.
...
Thanks Florian Apolloner for the implementation idea.
Co-authored-by: Andreas Pelme <andreas@pelme.se>
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com>
2022-02-01 11:12:24 +01:00
Brad Solomon
b55ebe3241
Fixed #33443 -- Clarified when PasswordResetView sends an email.
2022-01-17 07:44:46 +01:00
Adam Johnson
652c68ffee
Clarified how contrib.auth picks a password hasher for verification.
2022-01-13 20:46:18 +01:00
David
cc8e771c64
Fixed malformed attribute directives in docs.
2022-01-05 08:11:13 +01:00
Florian Apolloner
968a3d01fa
Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator.
...
Thanks Chris Bailey for the report.
Co-authored-by: Adam Johnson <me@adamj.eu>
2022-01-04 10:02:05 +01:00