Mariusz Felisiak
12ac4916af
Refs #28622 -- Removed settings.PASSWORD_RESET_TIMEOUT_DAYS per deprecation timeline.
2021-01-14 17:50:04 +01:00
Jon Moroney
76ae6ccf85
Fixed #31358 -- Increased salt entropy of password hashers.
...
Co-authored-by: Florian Apolloner <florian@apolloner.eu>
2021-01-14 11:20:28 +01:00
Jon Moroney
6bd206e1ff
Refs #31358 -- Added bcrypt password hashers tests for must_update() with salt().
2021-01-14 11:20:28 +01:00
Florian Apolloner
c76d51b3ad
Refs #31358 -- Fixed decoding salt in Argon2PasswordHasher.
...
Argon2 encodes the salt as base64 for representation in the final hash
output. To be able to accurately return the used salt from decode(),
add padding, b64decode, and decode from latin1 (for the remote
possibility that someone supplied a custom hash consisting solely of
bytes -- this would require a manual construction of the hash though,
Django's interface does not allow for that).
2020-12-28 11:02:08 +01:00
Timo Ludwig
d8dfff2ab0
Fixed #32235 -- Made ReadOnlyPasswordHashField disabled by default.
2020-12-03 09:32:08 +01:00
Mariusz Felisiak
3828427f63
Refs #31978 -- Fixed hint in admin's password reset confirmation form for custom username fields.
...
Thanks Jaap Roes for the report.
2020-11-30 06:34:22 +01:00
Mariusz Felisiak
58740c0d7f
Refs #22909 -- Removed camelCasing in auth_tests.test_templates tests.
2020-11-30 06:34:22 +01:00
Claude Paroz
187482d743
Avoided direct styles in admin templates.
...
Direct styles might be forbidden by Content Security Policies.
2020-11-10 21:32:15 +01:00
Hasan Ramezani
4eb756793b
Refs #28215 -- Marked auth credentials as sensitive variables.
...
Co-authored-by: Collin Anderson <collin@onetencommunications.com>
2020-10-28 14:21:53 +01:00
Mariusz Felisiak
3418092238
Fixed #32130 -- Fixed pre-Django 3.1 password reset tokens validation.
...
Thanks Gordon Wrigley for the report and implementation idea.
Regression in 226ebb1729
.
2020-10-22 13:21:14 +02:00
Jacob Walls
0362b0e986
Fixed #26615 -- Made password reset token invalidate when changing email.
...
Co-Authored-By: Silas Barta <sbarta@gmail.com>
2020-10-21 09:29:53 +02:00
Hannes Ljungberg
f7963615eb
Fixed #32121 -- Fixed detecting uniqueness of USERNAME_FIELD when using Meta.constraints.
...
Co-authored-by: Simon Charette <charettes@users.noreply.github.com>
2020-10-20 07:23:51 +02:00
Alexander Todorov
5fab16392f
Fixed #32003 -- Added obj argument to has_perm() methods in tests.
2020-09-14 12:28:17 +02:00
Tom Carrick
bcc2befd0e
Fixed #31789 -- Added a new headers interface to HttpResponse.
2020-09-14 08:41:59 +02:00
Jon Dufresne
53c0d16ac1
Fixed #31992 -- Made admin password reset templates use title/content_title blocks from the base template.
2020-09-10 11:53:09 +02:00
Collin Anderson
daa26acc4e
Fixed #31978 -- Added username hint to admin's password reset confirmation form.
2020-09-03 09:25:21 +02:00
Yan Mitrofanov
b88f98738f
Fixed #31878 -- Made createsuperuser respect --database option in default usernames.
2020-08-14 11:08:20 +02:00
Yan Mitrofanov
552bb82928
Fixed typo in tests/auth_tests/test_management.py docstring.
2020-08-14 11:08:12 +02:00
Jacob Walls
c7e7f176c1
Fixed #26977 -- Made abstract models raise TypeError when instantiating.
2020-08-05 06:37:04 +02:00
Mariusz Felisiak
d907371ef9
Fixed #31842 -- Added DEFAULT_HASHING_ALGORITHM transitional setting.
...
It's a transitional setting helpful in migrating multiple instance of
the same project to Django 3.1+.
Thanks Markus Holtermann for the report and review, Florian
Apolloner for the implementation idea and review, and Carlton Gibson
for the review.
2020-08-04 09:35:24 +02:00
Jon Dufresne
5a3d7cf462
Used urllib.parse.urljoin() in auth_tests to join URLs.
...
As the strings represent URLs and not paths, should use urllib to
manipulate them.
2020-07-09 12:03:03 +02:00
Hasan Ramezani
7af8f41273
Refs #26445 -- Allowed using UserManager.create_user()/create_superuser() in migrations.
...
Used app config to lookup user model in _create_user().
Thanks Markus Holtermann for the review and initial patch.
Thanks Simon Charette for the implementation idea.
2020-07-06 11:47:22 +02:00
Frantisek Holop
cc7c16af98
Fixed #31443 -- Fixed login redirection in auth mixins when LOGIN_URL is off-site URL.
2020-06-23 10:38:35 +02:00
Jon Moroney
136ec9b62b
Refs #31358 -- Added decode() to password hashers.
...
By convention a hasher which does not use a salt should populate the
decode dict with `None` rather than omit the dict key.
Co-Authored-By: Florian Apolloner <apollo13@users.noreply.github.com>
2020-06-23 08:36:59 +02:00
Florian Apolloner
1621f06051
Fixed #30472 -- Made Argon2PasswordHasher use Argon2id.
2020-06-17 08:10:41 +02:00
Florian Apolloner
ee49cf4f35
Added test for old Argon2i hashes with version attribute.
2020-06-17 08:10:41 +02:00
Simon Charette
94f63b926f
Refs #31395 -- Relied on setUpTestData() test data isolation in various tests.
2020-05-15 20:22:56 +02:00
Jon Dufresne
d522b51c40
Fixed #31575 -- Added system check for admin sidebar request context processor dependency.
...
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
2020-05-14 11:00:51 +02:00
François Freitag
c8bebbd541
Disabled management commands output with verbosity 0 in various tests.
2020-05-13 09:12:43 +02:00
Mariusz Felisiak
f2187a227f
Increased the default PBKDF2 iterations for Django 3.2.
2020-05-13 09:07:51 +02:00
Jon Dufresne
d6aff369ad
Refs #30116 -- Simplified regex match group access with Match.__getitem__().
...
The method has been available since Python 3.6. The shorter syntax is
also marginally faster.
2020-05-11 12:01:28 +02:00
François Freitag
a0df5dea33
Removed unnecessary inner methods in CreatesuperuserManagementCommandTestCase.
2020-05-01 20:51:44 +02:00
Mariusz Felisiak
54646a423b
Refs #27468 -- Made user sessions use SHA-256 algorithm.
2020-04-29 16:45:00 +02:00
François Freitag
9ef4a18dbe
Changed django.forms.ValidationError imports to django.core.exceptions.ValidationError.
...
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-04-28 10:49:00 +02:00
Jon Dufresne
505fec6bad
Capitalized Unicode in docs, strings, and comments.
2020-04-20 12:10:33 +02:00
François Freitag
c86201b6ed
Disabled management commands output with verbosity 0 in various tests.
...
Instead of capturing the command output and discard it immediately,
tell the command not to log.
2020-04-20 09:09:26 +02:00
François Freitag
45e96b4d9d
Removed unnecessary capturing of stdout/stderr in auth_tests.test_management.
2020-04-20 09:08:43 +02:00
Hasan Ramezani
8aa71f4e87
Fixed #31375 -- Made contrib.auth.hashers.make_password() accept only bytes or strings.
2020-03-31 10:52:56 +02:00
Hasan Ramezani
b3ab92cc5a
Refs #31375 -- Added test for contrib.auth.hashers.make_password() bytes support.
2020-03-31 10:49:39 +02:00
Jon Dufresne
3857a08bdb
Fixed #31361 -- Fixed invalid action="" in admin forms.
...
The attribute action="" (empty string) on the <form> element is invalid
HTML5. The spec (https://html.spec.whatwg.org/#attr-fs-action ) says:
> The action and formaction content attributes, if specified, must have
> a value that is a valid non-empty URL potentially surrounded by
> spaces.
Emphasis on non-empty. The action attribute is allowed to be omitted, in
which case the current URL is used which is the same behavior as now.
2020-03-16 07:31:19 +01:00
Mariusz Felisiak
8725d04764
Fixed random auth_tests.test_tokens.TokenGeneratorTest.test_timeout failures.
...
Random failures depended on the current timestamp.
Thanks Matthijs Kooijman for the review.
2020-03-12 10:56:38 +01:00
Colton Hicks
f283ffaa84
Fixed #28699 -- Fixed CSRF validation with remote user middleware.
...
Ensured process_view() always accesses the CSRF token from the session
or cookie, rather than the request, as rotate_token() may have been called
by an authentication middleware during the process_request() phase.
2020-02-26 17:25:20 +01:00
aryan
fba5d3b6e6
Fixed #31289 -- Added hint for USERNAME_FIELD/REQUIRED_FIELDS system check.
2020-02-26 08:40:36 +01:00
Claude Paroz
4d973f5939
Refs #26601 -- Deprecated passing None as get_response arg to middleware classes.
...
This is the new contract since middleware refactoring in Django 1.10.
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-02-18 20:03:44 +01:00
Claude Paroz
da4923ea87
Refs #27468 -- Made PasswordResetTokenGenerator use SHA-256 algorithm.
2020-02-12 21:46:56 +01:00
Claude Paroz
27f67317da
Removed unnecessary token regex in auth_tests URLs.
...
All URLs in django.contrib.auth use a "<uidb64>/<token>" pattern.
2020-02-12 10:45:53 +01:00
Hasan Ramezani
fc4f45ebdc
Used assertRaisesMessage() in various tests.
2020-02-07 12:46:23 +01:00
Hasan Ramezani
579f33eb79
Replaced assertWarns() with SimpleTestCase.assertWarnsMessage() in tests.
2020-01-30 11:19:50 +01:00
Jon Dufresne
f791673537
Made token tests in auth_tests use assertIs() rather than assertTrue/False().
2020-01-29 09:01:18 +01:00
Michael Mulholland
5a68a223c7
Fixed #31200 -- Added system checks for permissions codenames max length.
2020-01-23 12:22:59 +01:00
Matthijs Kooijman
2a2ea4ee18
Refs #31117 -- Made various tests properly handle unexpected databases aliases.
...
- Used selected "databases" instead of django.db.connections.
- Made routers in tests.migrations skip migrations on unexpected
databases.
- Added DiscoverRunnerGetDatabasesTests.assertSkippedDatabases() hook
which properly asserts messages about skipped databases.
2020-01-20 14:39:02 +01:00
Mariusz Felisiak
1960d55f8b
Refs #31040 -- Fixed crypt.crypt() call in test_hashers.py.
...
An empty string is invalid salt in Python 3 and raises exception since
Python 3.9, see https://bugs.python.org/issue38402 .
2020-01-03 07:47:04 +01:00
Simon Charette
5b1fbcef7a
Fixed CVE-2019-19844 -- Used verified user email for password reset requests.
...
Co-Authored-By: Florian Apolloner <florian@apolloner.eu>
2019-12-18 09:11:39 +01:00
Baptiste Mispelon
3df3c5e670
Fixed #26480 -- Fixed crash of contrib.auth.authenticate() on decorated authenticate() methods of authentication backends.
...
The Signature API (PEP 362) has better support for decorated functions
(by default, it follows the __wrapped__ attribute set by
functools.wraps for example).
2019-12-10 09:36:30 +01:00
Carlton Gibson
11c5e0609b
Fixed CVE-2019-19118 -- Required edit permissions on parent model for editable inlines in admin.
...
Thank you to Shen Ying for reporting this issue.
2019-12-02 08:56:08 +01:00
Mariusz Felisiak
e8fcdaad5c
Fixed #31021 -- Fixed proxy model permissions data migration crash with a multiple databases setup.
...
Regression in 98296f86b3
.
2019-11-29 08:23:01 +01:00
Jon Dufresne
7f0946298e
Replaced encode() usage with bytes literals.
2019-11-18 15:31:42 +01:00
Mariusz Felisiak
ca0d50f34a
Fixed random auth_tests.test_tokens.TokenGeneratorTest.test_10265 failures.
...
Random failures depended on the current timestamp.
2019-11-13 14:22:23 +01:00
Mariusz Felisiak
3b4b36fb1d
Moved MockedPasswordResetTokenGenerator outside of TokenGeneratorTest.test_timeout().
2019-11-13 14:22:23 +01:00
Sergey Fedoseev
d4e767911f
Added tests for middlewares' checks.
2019-10-23 08:18:02 +02:00
Hasan Ramezani
226ebb1729
Fixed #28622 -- Allowed specifying password reset link expiration in seconds and deprecated PASSWORD_RESET_TIMEOUT_DAYS.
2019-09-20 13:52:04 +02:00
Sam Reynolds
6c9778a58e
Fixed #30776 -- Restored max length validation on AuthenticationForm.UsernameField.
...
Regression in 5ceaf14686
.
Thanks gopackgo90 for the report and Mariusz Felisiak for tests.
2019-09-18 11:37:38 +02:00
Carlton Gibson
b5db65c4fb
Increased the default PBKDF2 iterations for Django 3.1.
2019-09-12 17:24:01 +02:00
Mariusz Felisiak
d17be88afd
Refs #30037 -- Required the RemoteUserBackend.configure_user() to have request as the first positional argument.
...
Per deprecation timeline.
2019-09-10 12:01:00 +02:00
Berker Peksag
400ec5125e
Fixed #18763 -- Added ModelBackend/UserManager.with_perm() methods.
...
Co-authored-by: Nick Pope <nick.pope@flightdataservices.com>
2019-08-29 19:32:12 +02:00
daniel a rios
b5a5c92c72
Fixed #30066 -- Enabled super user creation without email and password
2019-08-29 12:49:16 +02:00
Carlton Gibson
57b9604451
Converted auth test to use subTest().
2019-08-29 12:49:16 +02:00
Hasan Ramezani
03dbdfd9bb
Fixed #29019 -- Added ManyToManyField support to REQUIRED_FIELDS.
2019-08-26 14:48:40 +02:00
Hasan Ramezani
a5308514fb
Fixed #27801 -- Made createsuperuser fall back to environment variables for password and required fields.
2019-07-02 12:55:09 +02:00
Jon Dufresne
42b9a23267
Fixed #30400 -- Improved typography of user facing strings.
...
Thanks Claude Paroz for assistance with translations.
2019-06-28 16:46:18 +02:00
Sanyam Khurana
87f5d07eed
Fixed #12952 -- Adjusted admin log change messages to use form labels instead of field names.
2019-06-14 18:20:29 +02:00
Aymeric Augustin
3ee0834a46
Fixed #30556 -- Avoided useless query and hasher call in ModelBackend.authenticate() when credentials aren't provided.
...
There's no need to fetch a user instance from the database unless
a username and a password are provided as credentials.
2019-06-10 11:12:31 +02:00
Hasan Ramezani
dcb8f00d06
Fixed #29379 -- Added autocomplete attribute to contrib.auth.forms fields.
...
Thank you to Nick Pope for review.
Co-authored-by: CHI Cheng <cloudream@gmail.com>
2019-06-07 12:44:39 +02:00
Tobias Bengfort
581a0f4545
Refs #30226 -- Added User.get_user_permissions() method.
...
Added to mirror the existing User.get_group_permissions().
2019-06-05 13:56:37 +02:00
Tobias Bengfort
75337a6050
Fixed #30226 -- Added BaseBackend for authentication.
2019-06-05 13:39:46 +02:00
Mattia Procopio
aff61790a3
Refs #24944 -- Added test for overriding domain in email context in PasswordResetView.
2019-05-27 11:50:30 +02:00
Rob
58df8aa40f
Fixed #28780 -- Allowed specyfing a token parameter displayed in password reset URLs.
...
Co-authored-by: Tim Givois <tim.givois.mendez@gmail.com>
2019-05-24 08:40:25 +02:00
Ally Weir
bd228cb599
Fixed mis-capitalisation in comment.
2019-05-15 12:14:59 +02:00
Carlton Gibson
98296f86b3
Fixed #30351 -- Handled pre-existing permissions in proxy model permissions data migration.
...
Regression in 181fb60159
.
2019-04-27 20:18:22 +02:00
Jon Dufresne
8d76443aba
Fixed #30399 -- Changed django.utils.html.escape()/urlize() to use html.escape()/unescape().
2019-04-25 15:09:07 +02:00
Markus Holtermann
da0b2554ec
Renamed camelCaseTestMethods to snake_case_test_methods
2019-04-14 16:14:14 +02:00
pmisteli
9410db9683
Fixed #30236 -- Made UsernameField render with autocapitalize="none" HTML attribute.
...
This prevents automatic capitalization, which is the default behavior in
some browsers.
2019-03-29 15:24:44 +01:00
Ryan J Schave
cbf7e71558
Fixed #30257 -- Made UsernameValidators prohibit trailing newlines.
2019-03-22 13:16:25 -04:00
Jon Dufresne
95b7699ffc
Cleaned up exception message checking in some tests.
2019-03-15 19:27:57 -04:00
Claude Paroz
a8e2a9bac6
Refs #15902 -- Deprecated storing user's language in the session.
2019-02-14 10:23:02 -05:00
Tim Graham
06670015f7
Increased the default PBKDF2 iterations for Django 3.0.
2019-01-17 11:15:27 -05:00
Arthur Rio
181fb60159
Fixed #11154 , #22270 -- Made proxy model permissions use correct content type.
...
Co-Authored-By: Simon Charette <charette.s@gmail.com>
Co-Authored-By: Antoine Catton <acatton@fusionbox.com>
2019-01-16 10:07:28 -05:00
Simon Charette
8c775391b7
Refs #28478 -- Deprecated TestCase's allow_database_queries and multi_db in favor of databases.
2019-01-10 19:11:21 -05:00
Joshua Cannon
db1b10ef0d
Fixed #30037 -- Added request arg to RemoteUserBackend.configure_user().
2019-01-09 20:01:04 -05:00
Tim Graham
043bd70942
Updated test URL patterns to use path() and re_path().
2018-12-31 10:47:32 -05:00
Tim Graham
194a4b526c
Added tests for ContentType/Group/Permission.__str__().
2018-12-21 12:45:02 -05:00
Simon Charette
0f212db29d
Made reused RequestFactory instances class attributes.
2018-11-27 09:49:02 -05:00
Simon Charette
84e7a9f4a7
Switched setUp() to setUpTestData() where possible in Django's tests.
2018-11-27 09:35:17 -05:00
Tim Graham
193c109327
Switched TestCase to SimpleTestCase where possible in Django's tests.
2018-11-27 08:58:44 -05:00
Mathew Payne
26bb2611a5
Fixed #29952 -- Lowercased all passwords in contrib.auth's auth/common-passwords.txt.gz.
2018-11-15 14:11:03 -05:00
Jon Dufresne
c82893cb8c
Refs #27795 -- Removed force_bytes() usage from django/utils/http.py.
...
django.utils.http.urlsafe_base64_encode() now returns a string, not a
bytestring. Since URLs are represented as strings,
urlsafe_base64_encode() should return a string. All uses immediately
decoded the bytestring to a string anyway.
As the inverse operation, urlsafe_base64_decode() accepts a string.
2018-10-10 14:38:22 -04:00
Tim Graham
a7284cc0c3
Fixed #29809 -- Fixed a crash when a "view only" user POSTs to the admin user change form.
2018-10-01 10:09:50 +02:00
Carlton Gibson
bf39978a53
Fixed CVE-2018-16984 -- Fixed password hash disclosure to admin "view only" users.
...
Thanks Claude Paroz & Tim Graham for collaborating on the patch.
2018-10-01 10:05:01 +02:00
Ramon Saraiva
2349cbd909
Fixed #29782 -- Added better error message when filtering queryset with AnonymousUser.
2018-09-26 15:36:19 -04:00
Jon Dufresne
82f286cf6f
Refs #29784 -- Switched to https:// links where available.
2018-09-26 08:48:47 +02:00
Alexey
8624459586
Added a test for password_changed() with a custom validator.
2018-09-25 11:58:05 -04:00
Josh Schneier
3daac76cfb
Simplified how createsuperuser tests generate passwords.
2018-08-18 16:26:13 -04:00
Alexander Todorov
53ebd4cb13
Fixed #29686 -- Made UserAdmin.user_change_password() pass user to has_change_permission().
2018-08-17 17:43:00 -04:00
Josh Schneier
8b43e9b1af
Fixed #29616 -- Fixed createsuperuser for user models that don't have a password field.
2018-08-05 14:26:03 -04:00
Josh Schneier
793e9bb35a
Fixed #29628 -- Made createsuperuser validate password against username and required fields.
2018-08-04 08:44:25 -04:00
Tim Graham
f3fa86a89b
Fixed #29449 -- Reverted "Fixed #28757 -- Allowed using contrib.auth forms without installing contrib.auth."
...
This reverts commit 3333d935d2
due to
a crash if USERNAME_FIELD isn't a CharField.
2018-07-02 18:39:26 -04:00
Tim Graham
5d98d53fab
Refs #27398 -- Simplified some tests with assertRedirects().
2018-06-20 14:08:56 -04:00
Jan Pieter Waagmeester
24959e48d9
Fixed #27398 -- Added an assertion to compare URLs, ignoring the order of their query strings.
2018-06-20 13:26:12 -04:00
Hasan Ramezani
6df3d36801
Added a missing test for createsuperuser management command.
2018-06-07 19:49:25 -04:00
Claude Paroz
bec651a427
Fixed #10827 -- Ensured ContentTypes are created before permission creation.
2018-06-03 22:19:04 -04:00
Dohyeon Kim
f1f4aeb22e
Fixed #28044 -- Unified the logic for createsuperuser's interactive and --noinput modes.
2018-05-29 08:41:32 -04:00
Hasan Ramezani
e0ff88be4f
Added test for createsuperuser's handling of KeyboardInterrupt.
2018-05-27 19:24:07 -04:00
Tim Graham
9792af3648
Increased the default PBKDF2 iterations for Django 2.2.
2018-05-17 11:05:45 -04:00
olivierdalang
825f0beda8
Fixed #8936 -- Added a view permission and a read-only admin.
...
Co-authored-by: Petr Dlouhy <petr.dlouhy@email.cz>
Co-authored-by: Olivier Dalang <olivier.dalang@gmail.com>
2018-05-16 06:44:55 -04:00
Tim Graham
cae0107287
Increased the default PBKDF2 iterations for Django 2.1.
2018-05-13 20:06:20 -04:00
Claude Paroz
607970f31c
Replaced django.test.utils.patch_logger() with assertLogs().
...
Thanks Tim Graham for the review.
2018-05-07 09:34:00 -04:00
Nick Pope
df90e462d9
Fixed #29212 -- Doc'd redirect loop if @permission_required used with redirect_authenticated_user.
2018-04-19 10:21:24 -04:00
Mads Jensen
9c651641f1
Added additional AdminPasswordChangeForm tests.
2018-04-04 11:25:28 -04:00
Malte Gerth
874977d388
Fixed #29270 -- Fixed UserChangeForm crash if password field is excluded.
2018-03-29 15:25:54 -04:00
Abeer Upadhyay
1bf4646f91
Fixed #29258 -- Added type checking for login()'s backend argument.
2018-03-28 10:10:18 -04:00
Tim Graham
a4f0e9aec7
Fixed #28718 -- Allowed user to request a password reset if their password doesn't use an enabled hasher.
...
Regression in aeb1389442
.
Reverted changes to is_password_usable() from
703c266682
and documentation changes from
92f48680db
.
2018-03-22 10:03:43 -04:00
Mariusz Felisiak
362813d628
Fixed hanging indentation in various code.
2018-03-16 10:54:34 +01:00
Mattia Procopio
aeb8c38178
Fixed #29206 -- Fixed PasswordResetConfirmView crash when the URL contains a non-UUID where one is expected.
2018-03-15 21:33:15 -04:00
Christophe Mehay
40bac28faa
Fixed #29176 -- Fixed AbstractBaseUser.normalize_username() crash if username isn't a string.
2018-03-02 11:32:53 -05:00
Tim Graham
5b589a47b9
Fixed #29161 -- Removed BCryptPasswordHasher from PASSWORD_HASHERS.
2018-02-26 09:05:18 -05:00
Mikhail Porokhovnichenko
14e34dcf8c
Fixed #29132 -- Avoided connecting update_last_login() handler if User.last_login isn't a field.
2018-02-21 10:36:31 -05:00
Dylan Verheul
9b1125bfc7
Fixed #28379 -- Made AccessMixin raise Permissiondenied for authenticated users.
2018-02-16 13:58:55 -05:00
Tim Graham
fa75b2cb51
Refs #27795 -- Removed force_bytes/text() usage in tests.
2018-02-07 14:20:04 -05:00
Tim Graham
af33fb250e
Fixed CVE-2018-6188 -- Fixed information leakage in AuthenticationForm.
...
Reverted 359370a8b8
(refs #28645 ).
This is a security fix.
2018-02-01 09:05:14 -05:00
shanghui
3333d935d2
Fixed #28757 -- Allowed using contrib.auth forms without installing contrib.auth.
...
Also fixed #28608 -- Allowed UserCreationForm and UserChangeForm to
work with custom user models.
Thanks Sagar Chalise and Rômulo Collopy for reports, and Tim Graham
and Tim Martin for reviews.
2018-01-05 14:47:37 -05:00
Дилян Палаузов
d7b2aa24f7
Fixed #28982 -- Simplified code with and/or.
2018-01-03 20:12:23 -05:00
Tim Graham
acc8dd4142
Fixed #28984 -- Made assorted code simplifications.
2018-01-03 13:24:02 -05:00
Alvin Lindstam
2cb6b7732d
Fixed #28902 -- Fixed password_validators_help_text_html() double escaping.
2018-01-02 19:51:06 -05:00
shanghui
359370a8b8
Fixed #28645 -- Reallowed AuthenticationForm to raise the inactive user error when using ModelBackend.
...
Regression in e0a3d93730
.
Thanks Guilherme Junqueira for the report and Tim Graham for the review.
2017-11-08 09:39:12 -05:00
Дилян Палаузов
6c0042430e
Fixed #28776 -- Fixed a/an/and typos in docs and comments.
2017-11-06 22:41:03 -05:00
Tom
b81905bfd4
Fixed #28571 -- Added a prompt to bypass password validation in createsuperuser.
2017-11-03 20:00:08 -04:00
Tim Graham
872be5976d
Improved technique for matching input prompts in contrib.auth management tests.
2017-11-03 20:00:08 -04:00
Jon Dufresne
6ed347d851
Fixed #28706 -- Moved AuthenticationFormn invalid login ValidationError to a method for reuse.
2017-10-23 09:10:45 -04:00
Lucas Connors
5ceaf14686
Fixed #27515 -- Made AuthenticationForm's username field use the max_length from the model field.
...
Thanks Ramin Farajpour Cami for the report.
2017-10-20 11:13:26 -04:00
Lucas Connors
d233391208
Refs #19130 -- Added a test for AuthenticationForm.username max_length.
...
This will be a more useful regression test after refs #27515 .
2017-10-20 11:10:32 -04:00
Yuri Kaszubowski Lopes
d98210c255
Fixed #28713 -- Prevented ModelBackend.get_all_permissions() from mutating get_user_permissions().
2017-10-14 20:47:49 -04:00
Hasan Ramezani
6aec130a4c
Fixed #28591 -- Added an error message for createsuperuser --username= (blank).
2017-10-09 21:49:35 -04:00
Mads Jensen
3e72f4b7b6
Completed test coverage for BasePasswordHasher.
2017-09-29 09:28:25 -04:00
Mads Jensen
776f6902d9
Moved BasePasswordHasher tests to its own test case.
2017-09-29 09:28:24 -04:00
Mads Jensen
d917c17a3b
Completed test coverage for AnonymousUser.
2017-09-28 13:11:23 -04:00
Mads Jensen
7fce4dc5ff
Moved AnonymousUser tests to its own test case.
2017-09-28 13:11:07 -04:00
Mads Jensen
4803834aaa
Added a test for PermWrapper.__iter__().
2017-09-26 19:42:50 -04:00
Tim Graham
67a6ba391b
Reverted "Fixed #28248 -- Fixed password reset tokens being valid for 1 day longer than PASSWORD_RESET_TIMEOUT_DAYS."
...
This reverts commit 95993a89ce
.
2017-09-25 09:05:00 -04:00
Tim Graham
5e31be1b96
Refs #25187 -- Required the authenticate() method of authentication backends to have request as the first positional argument.
...
Per deprecation timeline.
2017-09-22 12:51:18 -04:00
Tim Graham
6e40b70bf4
Refs #26929 -- Removed extra_context parameter of contrib.auth.views.logout_then_login().
...
Per deprecation timeline.
2017-09-22 12:51:17 -04:00