mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2024-11-18 15:34:16 +00:00
Code Issues 24 Releases Wiki Activity
24,974 Commits 28 Branches 423 Tags 636 MiB
3e72f4b7b6
Commit Graph

186 Commits

Author SHA1 Message Date
Claude Paroz
9935f97cd2 Refs #21379 -- Normalized unicode username inputs 2016-05-16 19:38:02 +02:00
Claude Paroz
526575c641 Fixed #21379 -- Created auth-specific username validators 
Thanks Tim Graham for the review.
 2016-05-16 19:37:57 +02:00
Simon Charette
61a16e0270 Fixed #24075 -- Used post-migration models in contrib apps receivers. 
Thanks Markus and Tim for the review.
 2016-05-15 19:51:16 -04:00
Claude Paroz
b26fedacef Fixed #26544 -- Delayed translations of SetPasswordForm help_texts 
Thanks Michael Bitzi for the reporti and Tim Graham for the review.
 2016-05-07 10:17:49 +02:00
Tim Graham
03efa304bc Refs #25847 -- Added system check for UserModel.is_anonymous/is_authenticated methods. 2016-05-06 08:56:06 -04:00
Tim Graham
f945fb24a3 Fixed #26554 -- Updated docs URLs to readthedocs.io 2016-04-28 10:09:57 -04:00
Bas Westerbaan
a5033dbc58 Refs #26033 -- Added password hasher support for Argon2 v1.3. 
The previous version of Argon2 uses encoded hashes of the form:
   $argon2d$m=8,t=1,p=1$<salt>$<data>

The new version of Argon2 adds its version into the hash:
   $argon2d$v=19$m=8,t=1,p=1$<salt>$<data>

This lets Django handle both version properly.
 2016-04-25 21:17:53 -04:00
Jeremy Lainé
c1aec0feda Fixed #25847 -- Made User.is_(anonymous|authenticated) properties. 2016-04-09 14:54:18 -04:00
Tim Graham
92053acbb9 Fixed E128 flake8 warnings in tests/. 2016-04-08 10:12:33 -04:00
Simon Charette
a872194802 Fixed #26470 -- Converted auth permission validation to system checks. 
Thanks Tim for the review.
 2016-04-06 22:40:43 -04:00
Simon Charette
fc34be896d Extracted auth checks tests into their own module. 2016-04-06 22:40:43 -04:00
Alexander Gaevsky
e0a3d93730 Fixed #25232 -- Made ModelBackend/RemoteUserBackend reject inactive users. 2016-03-23 09:01:48 -04:00
Tim Graham
1243fdf5cb Fixed #26395 -- Skipped the CryptPasswordHasher tests on platforms with a dummy crypt module. 2016-03-22 11:22:21 -04:00
Berker Peksag
efa9539787 Fixed #26381 -- Made UserCreationForm reusable with custom user models that define USERNAME_FIELD. 2016-03-21 12:32:42 -04:00
Vincenzo Pandolfo
d0fe6c9156 Fixed #26334 -- Removed whitespace stripping from contrib.auth password fields. 2016-03-14 20:20:24 -04:00
ieatkittens
ab8af342b1 Fixed #26343 -- Sent user_login_failed signal if an auth backend raises PermissionDenied. 2016-03-12 16:44:39 -05:00
Tim Graham
5ca045cd25 Moved createsuperuser test app into auth_tests. 2016-03-08 13:06:58 -05:00
Bas Westerbaan
b4250ea04a Fixed #26033 -- Added Argon2 password hasher. 2016-03-08 11:22:18 -05:00
Jon Dufresne
4115288b4f Fixed #26315 -- Allowed call_command() to accept a Command object as the first argument. 2016-03-05 13:05:10 -05:00
Jon Dufresne
8d3fcfa39e Cleaned up tests to use call_command() instead of Command.execute(). 2016-03-05 12:59:30 -05:00
Alasdair Nicol
8c42cf0cbd Fixed #26303 -- Updated links to mod_wsgi docs. 2016-03-01 19:22:32 -05:00
Florian Apolloner
67b46ba701 Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login. 
This is a security fix.
 2016-03-01 11:25:28 -05:00
Jon Dufresne
eac1423f9e Removed obsolete test CreatesuperuserManagementCommandTestCase.test_nolocale. 
Test was added in 4c934f3921 to verify that
the commend works when locale.getdefaultlocale() doesn't return a locale.
getdefaultlocale() no longer runs at runtime, so the test isn't needed.
 2016-02-29 08:46:37 -05:00
Olivier Le Thanh Duong
10781b4c6f Fixed #12233 -- Allowed redirecting authenticated users away from the login view. 
contrib.auth.views.login() has a new parameter `redirect_authenticated_user`
to automatically redirect authenticated users visiting the login page.

Thanks to dmathieu and Alex Buchanan for the original code and to Carl Meyer
for the help and review.
 2016-02-25 07:18:33 -05:00
Tim Graham
c62807968d Fixed a stray __unicode__() method in auth_tests. 2016-02-23 13:20:50 -05:00
Tim Graham
47b5a6a43c Fixed #26187 -- Removed weak password hashers from PASSWORD_HASHERS. 2016-02-22 18:59:23 -05:00
Berker Peksag
f0425c7260 Refs #19353 -- Added tests for using custom user models with built-in auth forms. 
Also updated topics/auth/customizing.txt to reflect that subclasses of
UserCreationForm and UserChangeForm can be used with custom user models.

Thanks Baptiste Mispelon for the initial documentation.
 2016-02-17 10:26:07 -05:00
Jon Dufresne
fcd08c1757 Fixed #11665 -- Made TestCase check deferrable constraints after each test. 2016-02-13 06:53:39 -05:00
Tim Graham
004ba0f99e Removed unneeded hint=None/obj=None in system check messages. 2016-02-12 13:01:25 -05:00
Tim Graham
015fad9060 Fixed #26175 -- Removed SHA1 password hashes in tests. 2016-02-06 08:47:21 -05:00
Simon Charette
6eb3ce11e4 Fixed #26089 -- Removed custom user test models from public API. 
Thanks to Tim Graham for the review.
 2016-02-04 12:30:34 -05:00
Hugo Osvaldo Barrera
dcee1dfc79 Fixed #12405 -- Added LOGOUT_REDIRECT_URL setting. 
After a user logs out via auth.views.logout(), they're redirected
to LOGOUT_REDIRECT_URL if no `next_page` argument is provided.
 2016-02-04 10:35:37 -05:00
Hasan
26ad01719d Refs #26022 -- Replaced six.assertRaisesRegex with assertRaisesMessage as appropriate. 2016-01-29 13:37:33 -05:00
Hasan
253adc2b8a Refs #26022 -- Used context manager version of assertRaisesMessage in tests. 2016-01-29 13:03:39 -05:00
Hasan
3d0dcd7f5a Refs #26022 -- Used context manager version of assertRaises in tests. 2016-01-29 12:32:18 -05:00
Claude Paroz
cf7894be88 Fixed #21113 -- Made LogEntry.change_message language independent 
Thanks Tim Graham for the review.
 2016-01-08 20:34:59 +01:00
Paulo Poiati
b643386668 Fixed #24855 -- Allowed using contrib.auth.login() without credentials. 
Added an optional `backend` argument to login().
 2016-01-07 08:56:07 -05:00
Simon Charette
a08fda2111 Fixed #25746 -- Isolated inlined test models registration. 
Thanks to Tim for the review.
 2016-01-06 20:00:07 -05:00
Simon Charette
3096f4b082 Imported required models directly in auth management tests. 2016-01-06 20:00:07 -05:00
Marten Kenbeek
16411b8400 Fixed #26013 -- Moved django.core.urlresolvers to django.urls. 
Thanks to Tim Graham for the review.
 2015-12-31 14:21:29 -05:00
Josh Soref
93452a70e8 Fixed many spelling mistakes in code, comments, and docs. 2015-12-03 12:48:24 -05:00
Tim Graham
9350616211 Removed explicit User ids in tests. 2015-11-24 09:59:20 -05:00
Tim Graham
590b8c1c57 Removed unnecessary app_label='auth' on auth_tests models. 
This is a relic of when the tests were stored in contrib.auth.tests.
 2015-10-27 08:19:45 -04:00
Tim Graham
5acf203db2 Fixed #25596 -- Fixed regression in password change view with custom user model. 
The reverse() added in 50aa1a790c
crashed on a custom user model.
 2015-10-27 08:18:22 -04:00
Kaleb Elwert
adcf823359 Fixed #25490 -- Made the logout() view send "no-cache" headers. 2015-10-02 12:29:54 -04:00
Antoine Catton
53ccffdb8c Refs #16860 -- Fixed password help text when there aren't any validators. 
This avoids creating an empty list which is invalid HTML 4.
 2015-09-28 15:30:16 -04:00
Tzu-ping Chung
7372cdebed Fixed #25457 -- Improved formatting of password validation errors in management command output. 2015-09-24 19:45:19 -04:00
Tim Graham
593c9eb660 Increased the default PBKDF2 iterations for the 1.10 release cycle. 2015-09-23 19:31:11 -04:00
Tim Graham
849037af36 Refs #23957 -- Required session verification per deprecation timeline. 2015-09-23 19:31:10 -04:00
Tim Graham
f1761e3fef Refs #21648 -- Removed is_admin_site option from password_reset() view. 
Per deprecation timeline.
 2015-09-23 19:31:10 -04:00
Claude Paroz
8dc3ba5ceb Removed obsolete supports_* auth backend attributes in tests 2015-09-20 12:16:28 +02:00
Tim Graham
c21410aeeb Fixed typo in "pbkdf2" test names. 2015-09-19 20:44:37 -04:00
sujayskumar
d8d853378b Fixed #24944 -- Added extra_email_context parameter to password_reset() view. 2015-09-18 18:56:04 -04:00
Dražen Odobašić
b1e33ceced Fixed #23395 -- Limited line lengths to 119 characters. 2015-09-12 11:40:50 -04:00
David Gibbons
39b55537ec Added two more tests for user-entered passwords when creating a superuser. 2015-08-18 16:22:14 -04:00
Tim Graham
fa14fb9771 Fixed flake8 warning. 2015-08-02 21:30:13 -04:00
Alex Becker
53d28f8339 Fixed #25089 -- Added password validation to createsuperuser/changepassword. 2015-08-01 20:18:26 -04:00
Flavio Curella
c2e70f0265 Fixed #21127 -- Started deprecation toward requiring on_delete for ForeignKey/OneToOneField 2015-07-27 18:28:13 -04:00
Tim Graham
774c16d16e Fixed #25052; refs #16860 -- Added password validation to UserCreationForm. 2015-07-20 13:44:34 -04:00
Tim Graham
f5e9d67907 Refs #16860 -- Moved password_changed() logic to AbstractBaseUser. 
Thanks Carl Meyer for review.
 2015-07-20 13:44:26 -04:00
Jan Pazdziora
a570701e02 Fixed #25029 -- Added PersistentRemoteUserMiddleware for login-page-only external authentication. 2015-07-02 17:38:10 -04:00
Tim Graham
7da3923ba0 Sorted imports in __init__.py files. 2015-06-27 11:53:33 -04:00
Tim Graham
aaacaeb096 Renamed RemovedInDjangoXYWarnings for new roadmap. 
Forwardport of ae1d663b79
from stable/1.8.x plus more.
 2015-06-24 16:08:20 -04:00
Francisco Albarran
e75b614640 Fixed #25009 -- Allowed User.objects.create_user(...,is_staff=True) to work. 2015-06-22 11:34:26 -04:00
Tim Graham
7f1168e387 Removed support for Python 3.3. 2015-06-18 08:36:50 -04:00
Markus Holtermann
e5cb4e1411 Fixed #24914 -- Added authentication mixins for CBVs 
Added the mixins LoginRequiredMixin, PermissionRequiredMixin and
UserPassesTestMixin to contrib.auth as counterparts to the respective
view decorators.

The authentication mixins UserPassesTestMixin, LoginRequiredMixin and
PermissionRequiredMixin have been inspired by django-braces
<https://github.com/brack3t/django-braces/>

Thanks Raphael Michel for the initial patch, tests and docs on the PR
and Ana Balica, Kenneth Love, Marc Tamlyn, and Tim Graham for the
review.
 2015-06-17 23:19:10 +02:00
Tim Graham
09f2cdbe1a Refs #16860 -- Fixed a resource and deprecation warning in password validation. 2015-06-16 11:02:27 -04:00
Tim Graham
55b3bd8468 Refs #16860 -- Minor edits and fixes to password validation. 2015-06-10 07:41:01 -04:00
Marten Kenbeek
1e82094f1b Fixed #21927 -- Made application and instance namespaces more distinct. 
Made URL application namespaces be set in the included URLconf and
instance namespaces in the call to include(). Deprecated other ways
to set application and instance namespaces.
 2015-06-08 15:12:20 -04:00
Raphael Michel
39937de7e6 Fixed #24929 -- Allowed permission_required decorator to take any iterable 2015-06-08 13:44:39 -04:00
Erik Romijn
1daae25bdc Fixed #16860 -- Added password validation to django.contrib.auth. 2015-06-07 19:31:20 +02:00
Alasdair Nicol
1ea87c8c79 Fixed #24910 -- Added createsuperuser support for non-unique USERNAME_FIELDs 
Clarified docs to say that a non-unique USERNAME_FIELD is permissable
as long as the custom auth backend can support it.
 2015-06-06 09:33:02 -04:00
Simon Charette
be67400b47 Refs #24652 -- Used SimpleTestCase where appropriate. 2015-05-20 13:46:13 -04:00
Riccardo Magliocchetti
ae1efb853c Refs #24553 -- Fixed urlpatterns leakage in auth_tests 2015-05-19 07:43:40 -04:00
Jay Cox
eef95ea96f Fixed #24696 -- Made CSRF_COOKIE computation lazy. 
Only compute the CSRF_COOKIE when it is actually used. This is a
significant speedup for clients not using cookies.

Changed result of the “test_token_node_no_csrf_cookie” test:  It gets
a valid CSRF token now which seems like the correct behavior.

Changed auth_tests.test_views.LoginTest.test_login_csrf_rotate to
use get_token() to trigger CSRF cookie inclusion instead of changing
request.META["CSRF_COOKIE_USED"] directly.
 2015-05-02 19:45:14 -04:00
Curtis Maloney
88d7fcebde Use mock.patch in migrations tests 
Currently some of the migrations tests rely on the fact 'input' is aliased
because of six, instead of using mock.patch.  Replace this code with proper
use of mock.patch.

Also, replace one case of excessively specific python version check with
testing six.PY3
 2015-04-09 11:16:12 +10:00
Tim Graham
b86abbceb9 Fixed #24115 -- Allowed bcrypt hashers to upgrade passwords on rounds change. 
Thanks Florian Apolloner for the review.
 2015-03-30 18:52:59 -04:00
Claude Paroz
c2bfd76ec3 Refs #15779 -- Fixed UserChangeForm regression introduced by 1791a7e75 
Thanks Tim Graham for reporting the regression.
 2015-03-28 09:24:01 +01:00
Joeri Bekker
0ed20d5cc4 Fixed #23926 -- Improved validation error for custom permissions that are too long. 2015-03-16 12:13:49 -04:00
Josh Smeaton
39a7eed1bb Converted test fixtures to setUpTestData methods 2015-03-05 10:10:32 +11:00
Tim Graham
e0b3926026 Isolated auth_tests from contenttypes_tests; refs #11505. 2015-02-14 22:04:48 -05:00
Tim Graham
002425fe39 Fixed #24315 -- Fixed auth.views.password_reset_confirm() with a UUID user. 2015-02-13 09:56:31 -05:00
Tim Graham
fdf20093e0 Fixed #24334 -- Allowed admin password reset to work with non-digit custom user model primary key. 
Thanks Loic for help and Simon for review.
 2015-02-13 09:42:49 -05:00
Tim Graham
0f7f5bc9e7 Fixed #24161 -- Stored the user primary key as a serialized value in the session. 
This allows using a UUIDField primary key along with the JSON session
serializer.

Thanks to Trac alias jamesbeith for the report and Simon Charette
for the initial patch.
 2015-02-12 07:38:16 -05:00
Tim Graham
5ab327a389 Moved non-documented auth test models to the new test location. 2015-02-11 10:29:48 -05:00
Tim Graham
2d7aca3da0 Moved contrib.auth tests out of contrib. 2015-02-11 10:19:22 -05:00