Tim Graham 
							
						 
					 
					
						
						
							
						
						7c0c3fb6b1 
					 
					
						
						
							
							[1.10.x]  Fixed   #27013  -- Clarified commands to install argon2/bcrypt packages.  
						
						... 
						
						
						
						Backport of 9f27735612 
						
						
					 
					
						2016-08-19 19:23:51 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						ff1f46444c 
					 
					
						
						
							
							[1.10.x] Clarified session verification with respect to the current session.  
						
						... 
						
						
						
						Backport of 4c2a6fe75b 
						
						
					 
					
						2016-08-11 12:12:26 -04:00 
						 
				 
			
				
					
						
							
							
								an0o0nym 
							
						 
					 
					
						
						
							
						
						c52350bc6c 
					 
					
						
						
							
							[1.10.x]  Fixed   #26957  -- Corrected authenticate() docs regarding User.is_active.  
						
						... 
						
						
						
						Backport of c412aaca73 
						
						
					 
					
						2016-08-10 19:52:49 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						3fff7d3abb 
					 
					
						
						
							
							[1.10.x]  Fixed   #27045  -- Documented that AUTH_PASSWORD_VALIDATORS aren't applied at the model level.  
						
						... 
						
						
						
						Backport of 796cc62026 
						
						
					 
					
						2016-08-10 15:52:37 -04:00 
						 
				 
			
				
					
						
							
							
								Jiang Haiyun 
							
						 
					 
					
						
						
							
						
						aa777cdaaa 
					 
					
						
						
							
							[1.10.x] Fixed a typo in auth docs.  
						
						... 
						
						
						
						Backport of 6d61ec0e1a 
						
						
					 
					
						2016-07-04 11:03:28 -04:00 
						 
				 
			
				
					
						
							
							
								Ramiro Morales 
							
						 
					 
					
						
						
							
						
						b2c28a3770 
					 
					
						
						
							
							[1.10.x] Added missing trailing '$' to url() patterns in docs.  
						
						... 
						
						
						
						Backport of c962b9104a 
						
						
					 
					
						2016-06-27 09:26:10 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						1b0b6f0342 
					 
					
						
						
							
							[1.10.x] Refs  #21379 ,  #26719  -- Moved username normalization to AbstractBaseUser.  
						
						... 
						
						
						
						Thanks Huynh Thanh Tam for the initial patch and Claude Paroz for review.
Backport of 39805686b3 
						
						
					 
					
						2016-06-21 16:20:00 -04:00 
						 
				 
			
				
					
						
							
							
								Ville Skyttä 
							
						 
					 
					
						
						
							
						
						efe9874371 
					 
					
						
						
							
							[1.10.x] Fixed broken links in docs and comments.  
						
						... 
						
						
						
						Backport of 96f97691ad 
						
						
					 
					
						2016-06-15 21:20:38 -04:00 
						 
				 
			
				
					
						
							
							
								Ed Henderson 
							
						 
					 
					
						
						
							
						
						521772ff07 
					 
					
						
						
							
							[1.10.x]  Fixed   #26021  -- Applied hanging indentation to docs.  
						
						... 
						
						
						
						Backport of 4a4d7f980e 
						
						
					 
					
						2016-06-03 11:49:24 -04:00 
						 
				 
			
				
					
						
							
							
								Bas Westerbaan 
							
						 
					 
					
						
						
							
						
						c6aa941978 
					 
					
						
						
							
							[1.10.x]  Fixed   #26635  -- Clarified Argon2PasswordHasher's memory_cost differs from command line utility.  
						
						... 
						
						
						
						Backport of 9407cc966b 
						
						
					 
					
						2016-05-27 18:37:37 -04:00 
						 
				 
			
				
					
						
							
							
								Florian Apolloner 
							
						 
					 
					
						
						
							
						
						9baf692a58 
					 
					
						
						
							
							Fixed   #26601  -- Improved middleware per DEP 0005.  
						
						... 
						
						
						
						Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP. 
						
						
					 
					
						2016-05-17 07:22:22 -04:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						9935f97cd2 
					 
					
						
						
							
							Refs  #21379  -- Normalized unicode username inputs  
						
						
						
						
					 
					
						2016-05-16 19:38:02 +02:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						5238af3257 
					 
					
						
						
							
							Used 'classmethod' annotation in docs/topics/auth/customizing.txt  
						
						
						
						
					 
					
						2016-05-14 18:58:09 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						2c4c67af94 
					 
					
						
						
							
							Fixed   #26514  -- Documented that User.refresh_from_db() doesn't clear the permission cache.  
						
						
						
						
					 
					
						2016-04-18 09:02:56 -04:00 
						 
				 
			
				
					
						
							
							
								Jeremy Lainé 
							
						 
					 
					
						
						
							
						
						c1aec0feda 
					 
					
						
						
							
							Fixed   #25847  -- Made User.is_(anonymous|authenticated) properties.  
						
						
						
						
					 
					
						2016-04-09 14:54:18 -04:00 
						 
				 
			
				
					
						
							
							
								Alexander Gaevsky 
							
						 
					 
					
						
						
							
						
						e0a3d93730 
					 
					
						
						
							
							Fixed   #25232  -- Made ModelBackend/RemoteUserBackend reject inactive users.  
						
						
						
						
					 
					
						2016-03-23 09:01:48 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						c41737dc00 
					 
					
						
						
							
							Fixed   #26392  -- Corrected login_required/permission_required stacking example.  
						
						
						
						
					 
					
						2016-03-21 19:56:15 -04:00 
						 
				 
			
				
					
						
							
							
								Bas Westerbaan 
							
						 
					 
					
						
						
							
						
						b4250ea04a 
					 
					
						
						
							
							Fixed   #26033  -- Added Argon2 password hasher.  
						
						
						
						
					 
					
						2016-03-08 11:22:18 -05:00 
						 
				 
			
				
					
						
							
							
								Florian Apolloner 
							
						 
					 
					
						
						
							
						
						67b46ba701 
					 
					
						
						
							
							Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login.  
						
						... 
						
						
						
						This is a security fix. 
						
						
					 
					
						2016-03-01 11:25:28 -05:00 
						 
				 
			
				
					
						
							
							
								Olivier Le Thanh Duong 
							
						 
					 
					
						
						
							
						
						10781b4c6f 
					 
					
						
						
							
							Fixed   #12233  -- Allowed redirecting authenticated users away from the login view.  
						
						... 
						
						
						
						contrib.auth.views.login() has a new parameter `redirect_authenticated_user`
to automatically redirect authenticated users visiting the login page.
Thanks to dmathieu and Alex Buchanan for the original code and to Carl Meyer
for the help and review. 
						
						
					 
					
						2016-02-25 07:18:33 -05:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						441c537b66 
					 
					
						
						
							
							Fixed a function signature in docs/topics/auth/default.txt.  
						
						
						
						
					 
					
						2016-02-24 16:24:33 -05:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						47b5a6a43c 
					 
					
						
						
							
							Fixed   #26187  -- Removed weak password hashers from PASSWORD_HASHERS.  
						
						
						
						
					 
					
						2016-02-22 18:59:23 -05:00 
						 
				 
			
				
					
						
							
							
								Markus Holtermann 
							
						 
					 
					
						
						
							
						
						b14470c7b7 
					 
					
						
						
							
							Fixed spelling error  
						
						
						
						
					 
					
						2016-02-23 10:24:38 +11:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						5a541e2e6c 
					 
					
						
						
							
							Fixed   #26188  -- Documented how to wrap password hashers.  
						
						
						
						
					 
					
						2016-02-22 17:21:45 -05:00 
						 
				 
			
				
					
						
							
							
								Daniel Quinn 
							
						 
					 
					
						
						
							
						
						de7edc005f 
					 
					
						
						
							
							Fixed import location of check_password() in docs.  
						
						
						
						
					 
					
						2016-02-22 12:42:47 -05:00 
						 
				 
			
				
					
						
							
							
								Berker Peksag 
							
						 
					 
					
						
						
							
						
						f0425c7260 
					 
					
						
						
							
							Refs  #19353  -- Added tests for using custom user models with built-in auth forms.  
						
						... 
						
						
						
						Also updated topics/auth/customizing.txt to reflect that subclasses of
UserCreationForm and UserChangeForm can be used with custom user models.
Thanks Baptiste Mispelon for the initial documentation. 
						
						
					 
					
						2016-02-17 10:26:07 -05:00 
						 
				 
			
				
					
						
							
							
								Hugo Osvaldo Barrera 
							
						 
					 
					
						
						
							
						
						dcee1dfc79 
					 
					
						
						
							
							Fixed   #12405  -- Added LOGOUT_REDIRECT_URL setting.  
						
						... 
						
						
						
						After a user logs out via auth.views.logout(), they're redirected
to LOGOUT_REDIRECT_URL if no `next_page` argument is provided. 
						
						
					 
					
						2016-02-04 10:35:37 -05:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						1e9150443e 
					 
					
						
						
							
							Refs  #26089  -- Removed obsolete docs about custom user model testing.  
						
						
						
						
					 
					
						2016-02-02 08:12:08 -05:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						8ce8beb3f2 
					 
					
						
						
							
							Unified some doc links to OneToOneField and ManyToManyField.  
						
						
						
						
					 
					
						2016-02-01 11:02:26 -05:00 
						 
				 
			
				
					
						
							
							
								rowanv 
							
						 
					 
					
						
						
							
						
						a6ef025dfb 
					 
					
						
						
							
							Fixed   #26124  -- Added missing code formatting to docs headers.  
						
						
						
						
					 
					
						2016-02-01 10:42:05 -05:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						e519aab43a 
					 
					
						
						
							
							Fixed   #23868  -- Added support for non-unique django-admin-options in docs.  
						
						... 
						
						
						
						Also documented missing short command line options to fix  #24134 . This bumps
the minimum sphinx version required to build the docs to 1.3.4.
Thanks Simon Charette for review. 
						
						
					 
					
						2016-01-14 18:21:33 -05:00 
						 
				 
			
				
					
						
							
							
								Paulo Poiati 
							
						 
					 
					
						
						
							
						
						b643386668 
					 
					
						
						
							
							Fixed   #24855  -- Allowed using contrib.auth.login() without credentials.  
						
						... 
						
						
						
						Added an optional `backend` argument to login(). 
						
						
					 
					
						2016-01-07 08:56:07 -05:00 
						 
				 
			
				
					
						
							
							
								Gavin Wahl 
							
						 
					 
					
						
						
							
						
						ec708803f7 
					 
					
						
						
							
							Fixed user_passes_test() signature in docs.  
						
						
						
						
					 
					
						2015-12-08 15:56:10 -05:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						166e0490d3 
					 
					
						
						
							
							Fixed   #25895  -- Used a consistent style for UserAdmin overrides.  
						
						... 
						
						
						
						Thanks Justin Abrahms for the report. 
						
						
					 
					
						2015-12-08 14:40:55 -05:00 
						 
				 
			
				
					
						
							
							
								Florian Apolloner 
							
						 
					 
					
						
						
							
						
						105028eec6 
					 
					
						
						
							
							Removed deprecated usage of url tag from auth docs.  
						
						
						
						
					 
					
						2015-12-05 19:21:30 +01:00 
						 
				 
			
				
					
						
							
							
								Josh Soref 
							
						 
					 
					
						
						
							
						
						93452a70e8 
					 
					
						
						
							
							Fixed many spelling mistakes in code, comments, and docs.  
						
						
						
						
					 
					
						2015-12-03 12:48:24 -05:00 
						 
				 
			
				
					
						
							
							
								Eliezer Kanal 
							
						 
					 
					
						
						
							
						
						d3b488f5bd 
					 
					
						
						
							
							Updated link to 1000 common passwords.  
						
						... 
						
						
						
						xato.net is dead; replaced with link to archive.org. 
						
						
					 
					
						2015-12-02 12:57:02 -05:00 
						 
				 
			
				
					
						
							
							
								Agnieszka Lasyk 
							
						 
					 
					
						
						
							
						
						1f8dad6915 
					 
					
						
						
							
							Fixed   #25755  -- Unified spelling of "website".  
						
						
						
						
					 
					
						2015-11-16 06:44:14 -05:00 
						 
				 
			
				
					
						
							
							
								Anderson Resende 
							
						 
					 
					
						
						
							
						
						ce4914eab4 
					 
					
						
						
							
							Fixed   #25744  -- Corrected reference to User object in auth docs.  
						
						
						
						
					 
					
						2015-11-12 19:22:30 -05:00 
						 
				 
			
				
					
						
							
							
								Bryan Marty 
							
						 
					 
					
						
						
							
						
						9788625277 
					 
					
						
						
							
							Fixed   #25169  -- Documented stacking of permission_required and login_required.  
						
						
						
						
					 
					
						2015-11-12 14:23:59 -05:00 
						 
				 
			
				
					
						
							
							
								japrogramer 
							
						 
					 
					
						
						
							
						
						a10cbbbc17 
					 
					
						
						
							
							Fixed typo in docs/topics/auth/default.txt.  
						
						
						
						
					 
					
						2015-11-03 08:56:23 +00:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						9c5e272860 
					 
					
						
						
							
							Fixed   #25550  -- Deprecated direct assignment to the reverse side of a related set.  
						
						
						
						
					 
					
						2015-10-27 07:57:15 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						c14b6b52ff 
					 
					
						
						
							
							Documented auth's login/logout function parameters.  
						
						
						
						
					 
					
						2015-09-28 14:11:54 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						54848a96dd 
					 
					
						
						
							
							Removed versionadded/changed annotations for 1.8.  
						
						
						
						
					 
					
						2015-09-23 19:31:11 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						849037af36 
					 
					
						
						
							
							Refs  #23957  -- Required session verification per deprecation timeline.  
						
						
						
						
					 
					
						2015-09-23 19:31:10 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						f1761e3fef 
					 
					
						
						
							
							Refs  #21648  -- Removed is_admin_site option from password_reset() view.  
						
						... 
						
						
						
						Per deprecation timeline. 
						
						
					 
					
						2015-09-23 19:31:10 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						cb1e779ceb 
					 
					
						
						
							
							Refs  #24115  -- Added docs for password updates on bcrypt rounds change.  
						
						
						
						
					 
					
						2015-09-22 19:30:31 -04:00 
						 
				 
			
				
					
						
							
							
								sujayskumar 
							
						 
					 
					
						
						
							
						
						d8d853378b 
					 
					
						
						
							
							Fixed   #24944  -- Added extra_email_context parameter to password_reset() view.  
						
						
						
						
					 
					
						2015-09-18 18:56:04 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						6c6eb8a691 
					 
					
						
						
							
							Refs  #24914  -- Added docs for more auth mixin methods.  
						
						
						
						
					 
					
						2015-08-20 17:57:47 -04:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						64982cc2fb 
					 
					
						
						
							
							Updated Wikipedia links to use https  
						
						
						
						
					 
					
						2015-08-08 12:02:32 +02:00