mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-01-01 05:56:09 +00:00
Code Issues 30 Releases Wiki Activity
22,211 Commits 28 Branches 426 Tags 623 MiB
67b46ba701
Commit Graph

65 Commits

Author SHA1 Message Date
Florian Apolloner
67b46ba701 Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login. 
This is a security fix.
 2016-03-01 11:25:28 -05:00
Jon Dufresne
eac1423f9e Removed obsolete test CreatesuperuserManagementCommandTestCase.test_nolocale. 
Test was added in 4c934f3921 to verify that
the commend works when locale.getdefaultlocale() doesn't return a locale.
getdefaultlocale() no longer runs at runtime, so the test isn't needed.
 2016-02-29 08:46:37 -05:00
Olivier Le Thanh Duong
10781b4c6f Fixed #12233 -- Allowed redirecting authenticated users away from the login view. 
contrib.auth.views.login() has a new parameter `redirect_authenticated_user`
to automatically redirect authenticated users visiting the login page.

Thanks to dmathieu and Alex Buchanan for the original code and to Carl Meyer
for the help and review.
 2016-02-25 07:18:33 -05:00
Tim Graham
c62807968d Fixed a stray __unicode__() method in auth_tests. 2016-02-23 13:20:50 -05:00
Tim Graham
47b5a6a43c Fixed #26187 -- Removed weak password hashers from PASSWORD_HASHERS. 2016-02-22 18:59:23 -05:00
Berker Peksag
f0425c7260 Refs #19353 -- Added tests for using custom user models with built-in auth forms. 
Also updated topics/auth/customizing.txt to reflect that subclasses of
UserCreationForm and UserChangeForm can be used with custom user models.

Thanks Baptiste Mispelon for the initial documentation.
 2016-02-17 10:26:07 -05:00
Jon Dufresne
fcd08c1757 Fixed #11665 -- Made TestCase check deferrable constraints after each test. 2016-02-13 06:53:39 -05:00
Tim Graham
004ba0f99e Removed unneeded hint=None/obj=None in system check messages. 2016-02-12 13:01:25 -05:00
Tim Graham
015fad9060 Fixed #26175 -- Removed SHA1 password hashes in tests. 2016-02-06 08:47:21 -05:00
Simon Charette
6eb3ce11e4 Fixed #26089 -- Removed custom user test models from public API. 
Thanks to Tim Graham for the review.
 2016-02-04 12:30:34 -05:00
Hugo Osvaldo Barrera
dcee1dfc79 Fixed #12405 -- Added LOGOUT_REDIRECT_URL setting. 
After a user logs out via auth.views.logout(), they're redirected
to LOGOUT_REDIRECT_URL if no `next_page` argument is provided.
 2016-02-04 10:35:37 -05:00
Hasan
26ad01719d Refs #26022 -- Replaced six.assertRaisesRegex with assertRaisesMessage as appropriate. 2016-01-29 13:37:33 -05:00
Hasan
253adc2b8a Refs #26022 -- Used context manager version of assertRaisesMessage in tests. 2016-01-29 13:03:39 -05:00
Hasan
3d0dcd7f5a Refs #26022 -- Used context manager version of assertRaises in tests. 2016-01-29 12:32:18 -05:00
Claude Paroz
cf7894be88 Fixed #21113 -- Made LogEntry.change_message language independent 
Thanks Tim Graham for the review.
 2016-01-08 20:34:59 +01:00
Paulo Poiati
b643386668 Fixed #24855 -- Allowed using contrib.auth.login() without credentials. 
Added an optional `backend` argument to login().
 2016-01-07 08:56:07 -05:00
Simon Charette
a08fda2111 Fixed #25746 -- Isolated inlined test models registration. 
Thanks to Tim for the review.
 2016-01-06 20:00:07 -05:00
Simon Charette
3096f4b082 Imported required models directly in auth management tests. 2016-01-06 20:00:07 -05:00
Marten Kenbeek
16411b8400 Fixed #26013 -- Moved django.core.urlresolvers to django.urls. 
Thanks to Tim Graham for the review.
 2015-12-31 14:21:29 -05:00
Josh Soref
93452a70e8 Fixed many spelling mistakes in code, comments, and docs. 2015-12-03 12:48:24 -05:00
Tim Graham
9350616211 Removed explicit User ids in tests. 2015-11-24 09:59:20 -05:00
Tim Graham
590b8c1c57 Removed unnecessary app_label='auth' on auth_tests models. 
This is a relic of when the tests were stored in contrib.auth.tests.
 2015-10-27 08:19:45 -04:00
Tim Graham
5acf203db2 Fixed #25596 -- Fixed regression in password change view with custom user model. 
The reverse() added in 50aa1a790c
crashed on a custom user model.
 2015-10-27 08:18:22 -04:00
Kaleb Elwert
adcf823359 Fixed #25490 -- Made the logout() view send "no-cache" headers. 2015-10-02 12:29:54 -04:00
Antoine Catton
53ccffdb8c Refs #16860 -- Fixed password help text when there aren't any validators. 
This avoids creating an empty list which is invalid HTML 4.
 2015-09-28 15:30:16 -04:00
Tzu-ping Chung
7372cdebed Fixed #25457 -- Improved formatting of password validation errors in management command output. 2015-09-24 19:45:19 -04:00
Tim Graham
593c9eb660 Increased the default PBKDF2 iterations for the 1.10 release cycle. 2015-09-23 19:31:11 -04:00
Tim Graham
849037af36 Refs #23957 -- Required session verification per deprecation timeline. 2015-09-23 19:31:10 -04:00
Tim Graham
f1761e3fef Refs #21648 -- Removed is_admin_site option from password_reset() view. 
Per deprecation timeline.
 2015-09-23 19:31:10 -04:00
Claude Paroz
8dc3ba5ceb Removed obsolete supports_* auth backend attributes in tests 2015-09-20 12:16:28 +02:00
Tim Graham
c21410aeeb Fixed typo in "pbkdf2" test names. 2015-09-19 20:44:37 -04:00
sujayskumar
d8d853378b Fixed #24944 -- Added extra_email_context parameter to password_reset() view. 2015-09-18 18:56:04 -04:00
Dražen Odobašić
b1e33ceced Fixed #23395 -- Limited line lengths to 119 characters. 2015-09-12 11:40:50 -04:00
David Gibbons
39b55537ec Added two more tests for user-entered passwords when creating a superuser. 2015-08-18 16:22:14 -04:00
Tim Graham
fa14fb9771 Fixed flake8 warning. 2015-08-02 21:30:13 -04:00
Alex Becker
53d28f8339 Fixed #25089 -- Added password validation to createsuperuser/changepassword. 2015-08-01 20:18:26 -04:00
Flavio Curella
c2e70f0265 Fixed #21127 -- Started deprecation toward requiring on_delete for ForeignKey/OneToOneField 2015-07-27 18:28:13 -04:00
Tim Graham
774c16d16e Fixed #25052; refs #16860 -- Added password validation to UserCreationForm. 2015-07-20 13:44:34 -04:00
Tim Graham
f5e9d67907 Refs #16860 -- Moved password_changed() logic to AbstractBaseUser. 
Thanks Carl Meyer for review.
 2015-07-20 13:44:26 -04:00
Jan Pazdziora
a570701e02 Fixed #25029 -- Added PersistentRemoteUserMiddleware for login-page-only external authentication. 2015-07-02 17:38:10 -04:00
Tim Graham
7da3923ba0 Sorted imports in __init__.py files. 2015-06-27 11:53:33 -04:00
Tim Graham
aaacaeb096 Renamed RemovedInDjangoXYWarnings for new roadmap. 
Forwardport of ae1d663b79
from stable/1.8.x plus more.
 2015-06-24 16:08:20 -04:00
Francisco Albarran
e75b614640 Fixed #25009 -- Allowed User.objects.create_user(...,is_staff=True) to work. 2015-06-22 11:34:26 -04:00
Tim Graham
7f1168e387 Removed support for Python 3.3. 2015-06-18 08:36:50 -04:00
Markus Holtermann
e5cb4e1411 Fixed #24914 -- Added authentication mixins for CBVs 
Added the mixins LoginRequiredMixin, PermissionRequiredMixin and
UserPassesTestMixin to contrib.auth as counterparts to the respective
view decorators.

The authentication mixins UserPassesTestMixin, LoginRequiredMixin and
PermissionRequiredMixin have been inspired by django-braces
<https://github.com/brack3t/django-braces/>

Thanks Raphael Michel for the initial patch, tests and docs on the PR
and Ana Balica, Kenneth Love, Marc Tamlyn, and Tim Graham for the
review.
 2015-06-17 23:19:10 +02:00
Tim Graham
09f2cdbe1a Refs #16860 -- Fixed a resource and deprecation warning in password validation. 2015-06-16 11:02:27 -04:00
Tim Graham
55b3bd8468 Refs #16860 -- Minor edits and fixes to password validation. 2015-06-10 07:41:01 -04:00
Marten Kenbeek
1e82094f1b Fixed #21927 -- Made application and instance namespaces more distinct. 
Made URL application namespaces be set in the included URLconf and
instance namespaces in the call to include(). Deprecated other ways
to set application and instance namespaces.
 2015-06-08 15:12:20 -04:00
Raphael Michel
39937de7e6 Fixed #24929 -- Allowed permission_required decorator to take any iterable 2015-06-08 13:44:39 -04:00
Erik Romijn
1daae25bdc Fixed #16860 -- Added password validation to django.contrib.auth. 2015-06-07 19:31:20 +02:00