David Wobrock
6937c92169
[4.2.x] Fixed #34384 -- Fixed session validation when rotation secret keys.
...
Bug in 0dcd549bbe36c060f536ec270d34d9e7d4b8e6c7.
Thanks Eric Zarowny for the report.
Backport of 2396933ca99c6bfb53bda9e53968760316646e01 from main
2023-03-08 11:33:03 +01:00
django-bot
62510f01e7
[4.2.x] Fixed #34140 -- Reformatted code blocks in docs with blacken-docs.
2023-03-01 13:39:03 +01:00
Joseph Victor Zammit
5bdd6223a2
[4.2.x] Refs #34140 -- Corrected rst code-block and various formatting issues in docs.
...
Backport of ba755ca13123d2691a0926ddb64e5d0a2906a880 from main
2023-02-28 12:54:33 +01:00
Carlton Gibson
b784768eef
[4.2.x] Refs #34140 -- Applied rst code-block to non-Python examples.
...
Thanks to J.V. Zammit, Paolo Melchiorre, and Mariusz Felisiak for
reviews.
Backport of 534ac4829764f317cf2fbc4a18354fcc998c1425 from main.
2023-02-10 21:12:06 +01:00
fschwebel
5159e05e40
[4.2.x] Fixed typo in docs/topics/auth/passwords.txt.
...
Wrapped hashing is only possible if the inner wrapped function is the
same as the previous hasher.
Backport of 0265b1b49ba10f957abfd1311d0bae0ecefc3111 from main
2023-01-30 08:32:13 +01:00
Paul Schilling
298d02a77a
Fixed #25617 -- Added case-insensitive unique username validation in UserCreationForm.
...
Co-Authored-By: Neven Mundar <nmundar@gmail.com>
2022-12-29 09:42:22 +01:00
sdolemelipone
9d726c7902
Fixed #34187 -- Made UserCreationForm save many-to-many fields.
2022-11-29 05:56:53 +01:00
Mariusz Felisiak
662497cece
Doc's check_password()'s setter and preferred arguments.
...
Follow up to 90e05aaeac612a4251640564aa65f103ac635e12.
2022-11-28 08:13:51 +01:00
Tony Lechner
b088cc2fea
Fixed #34154 -- Made mixin headers consistent in auth docs.
2022-11-14 05:28:27 +01:00
Trey Hunner
fad070b07b
Improved readability of string interpolation in frequently used examples in docs.
2022-11-10 13:18:38 +01:00
Paolo Melchiorre
fa3afc5d86
Fixed #34056 -- Updated the list of common passwords for CommonPasswordValidator.
2022-09-28 18:40:05 +02:00
Ritik Soni
c11336cd99
Fixed #34017 -- Doc'd that Argon2id variant is used by Argon2PasswordHasher.
2022-09-17 09:49:09 +02:00
DevilsAutumn
6b0bbaf453
Fixed #34019 -- Removed obsolete references to "model design considerations" note.
2022-09-17 08:02:13 +02:00
Alex Morega
de6c9c7054
Refs #30947 -- Changed tuples to lists where appropriate.
2022-08-30 09:57:17 +02:00
Claude Paroz
3b79dab19a
Refs #33691 -- Deprecated insecure password hashers.
...
SHA1PasswordHasher, UnsaltedSHA1PasswordHasher, and UnsaltedMD5PasswordHasher
are now deprecated.
2022-07-23 21:29:31 +02:00
Ciaran McCormick
286e7d076c
Fixed #33764 -- Deprecated BaseUserManager.make_random_password().
2022-06-03 07:30:57 +02:00
Mariusz Felisiak
ac90529cc5
Fixed docs build with sphinxcontrib-spelling 7.5.0+.
...
sphinxcontrib-spelling 7.5.0+ includes captions of figures in the set
of nodes for which the text is checked.
2022-05-31 11:17:01 +02:00
Carlton Gibson
ca1c3151c3
Removed versionadded/changed annotations for 4.0.
2022-05-17 14:22:06 +02:00
Mariusz Felisiak
02dbf1667c
Fixed #33691 -- Deprecated django.contrib.auth.hashers.CryptPasswordHasher.
2022-05-11 09:13:45 +02:00
David
ce586ed693
Removed hyphen from pre-/re- prefixes.
...
"prepopulate", "preload", and "preprocessing" are already in the
spelling_wordlist.
This also removes hyphen from double "e" combinations with "pre" and
"re", e.g. preexisting, preempt, reestablish, or reenter.
See also:
- https://ahdictionary.com/word/search.html?q=rerun
- https://ahdictionary.com/word/search.html?q=recreate
- https://ahdictionary.com/word/search.html?q=predetermined
- https://ahdictionary.com/word/search.html?q=reuse
- https://ahdictionary.com/word/search.html?q=reopening
2022-04-28 10:44:14 +02:00
Lucidiot
13a9cde133
Fixed #33613 -- Made createsuperuser detect uniqueness of USERNAME_FIELD when using Meta.constraints.
2022-04-01 11:39:41 +02:00
René Fleschenberg
eb07b5be0c
Fixed #15619 -- Deprecated log out via GET requests.
...
Thanks Florian Apolloner for the implementation idea.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-03-29 06:42:14 +02:00
tschilling
0dcd549bbe
Fixed #30360 -- Added support for secret key rotation.
...
Thanks Florian Apolloner for the implementation idea.
Co-authored-by: Andreas Pelme <andreas@pelme.se>
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com>
2022-02-01 11:12:24 +01:00
Brad Solomon
b55ebe3241
Fixed #33443 -- Clarified when PasswordResetView sends an email.
2022-01-17 07:44:46 +01:00
Adam Johnson
652c68ffee
Clarified how contrib.auth picks a password hasher for verification.
2022-01-13 20:46:18 +01:00
David
cc8e771c64
Fixed malformed attribute directives in docs.
2022-01-05 08:11:13 +01:00
Florian Apolloner
968a3d01fa
Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator.
...
Thanks Chris Bailey for the report.
Co-authored-by: Adam Johnson <me@adamj.eu>
2022-01-04 10:02:05 +01:00
Mariusz Felisiak
ad6bb20557
Avoided counting attributes and methods in docs.
2021-12-28 12:36:57 +01:00
Adam Johnson
b0d16d0129
Changed signatures of setting_changed signal receivers.
2021-12-17 13:07:04 +01:00
Adam Johnson
41329b9852
Improved wording in password validators docs and docstrings.
2021-12-13 18:53:07 +01:00
Mariusz Felisiak
fd881e8cd9
Refs #33207 -- Clarified that AUTH_USER_MODEL expects an app label.
2021-10-19 13:05:13 +02:00
Mariusz Felisiak
97237ad3fe
Removed versionadded/changed annotations for 3.2.
2021-09-20 21:23:01 +02:00
Andrew Northall
c23aa73626
Fixed #32964 -- Corrected 'setup'/'set up' usage in docs.
2021-08-17 12:18:07 +02:00
David Smith
1024b5e74a
Fixed 32956 -- Lowercased spelling of "web" and "web framework" where appropriate.
2021-07-29 06:24:12 +02:00
ryowright
1783b3cb24
Fixed #32275 -- Added scrypt password hasher.
...
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-07-22 12:40:33 +02:00
yyyyyyyan
e197dcca36
Clarified docs about increasing the work factor for bcrypt hasher.
2021-05-20 20:24:51 +02:00
Nick Pope
c156e36955
Refs #32720 -- Updated various links in docs to avoid redirects and use HTTPS.
2021-05-17 09:46:09 +02:00
ThinkChaos
b99d6c9cbc
Fixed #28216 -- Added next_page/get_default_redirect_url() to LoginView.
2021-02-08 21:08:05 +01:00
Mariusz Felisiak
59841170ba
Used .. attribute:: directive in authentication views docs.
2021-02-08 18:12:58 +01:00
Mariusz Felisiak
b7dd89ed53
Removed versionadded/changed annotations for 3.1.
2021-01-14 17:50:04 +01:00
Jon Moroney
76ae6ccf85
Fixed #31358 -- Increased salt entropy of password hashers.
...
Co-authored-by: Florian Apolloner <florian@apolloner.eu>
2021-01-14 11:20:28 +01:00
Timo Ludwig
d8dfff2ab0
Fixed #32235 -- Made ReadOnlyPasswordHashField disabled by default.
2020-12-03 09:32:08 +01:00
Roy Zheng
804f2b7024
Added note about password updates on argon2 attributes change.
2020-08-11 07:51:27 +02:00
Nick Pope
feb91dbda1
Used :mimetype: role in various docs.
2020-05-13 09:14:04 +02:00
Mariusz Felisiak
4c5236ef93
Removed versionadded/changed annotations for 3.0.
2020-05-13 09:07:51 +02:00
Mariusz Felisiak
54646a423b
Refs #27468 -- Made user sessions use SHA-256 algorithm.
2020-04-29 16:45:00 +02:00
François Freitag
9ef4a18dbe
Changed django.forms.ValidationError imports to django.core.exceptions.ValidationError.
...
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-04-28 10:49:00 +02:00
Mariusz Felisiak
ca769c8c13
Fixed #31505 -- Doc'd possible email addresses enumeration in PasswordResetView.
2020-04-27 18:06:11 +02:00
Tanmay Vijay
e43abbbd70
Doc'd PasswordChangeView/PasswordResetView.success_url defaults.
2020-04-24 08:21:51 +02:00
Mariusz Felisiak
69e2cd6fed
Fixed Sphinx warnings on duplicate object descriptions.
2020-04-07 09:48:52 +02:00