1
0
mirror of https://github.com/django/django.git synced 2024-12-23 01:25:58 +00:00
Commit Graph

360 Commits

Author SHA1 Message Date
Maria Hynes
7e759d9af7 Fixed #17430 -- Documented access to the Django admin when using a custom auth backend. 2024-11-14 10:29:32 +01:00
Ben Cail
ec7d69035a Fixed #35782 -- Allowed overriding password validation error messages. 2024-10-15 17:23:39 +02:00
Ben Cail
80c3697e96 Refs #35782 -- Documented the get_help_text methods in password validators. 2024-10-15 12:48:45 +02:00
Jon Janzen
50f89ae850 Fixed #35303 -- Implemented async auth backends and utils. 2024-10-07 14:19:41 +02:00
Carlton Gibson
c0128e3a81
Fixed #35767 -- Adjusted customizing User model docs. 2024-09-16 17:40:11 -03:00
Natalia
8c35a0a903 Fixed CVE-2024-45231 -- Avoided server error on password reset when email sending fails.
On successful submission of a password reset request, an email is sent
to the accounts known to the system. If sending this email fails (due to
email backend misconfiguration, service provider outage, network issues,
etc.), an attacker might exploit this by detecting which password reset
requests succeed and which ones generate a 500 error response.

Thanks to Thibaut Spriet for the report, and to Mariusz Felisiak, Adam
Johnson, and Sarah Boyce for the reviews.
2024-09-03 09:22:32 -03:00
nessita
7adb6dd98d
Sorted alphabetically forms list in docs/topics/auth/default.txt. 2024-08-22 09:14:11 -03:00
Natalia
0ebed5fa95 Fixed #35678 -- Removed "usable_password" field from BaseUserCreationForm.
Refs #34429: Following the implementation allowing the setting of
unusable passwords via the admin site, the `BaseUserCreationForm` and
`UserCreationForm` were extended to include a new field for choosing
whether password-based authentication for the new user should be enabled
or disabled at creation time.
Given that these forms are designed to be extended when implementing
custom user models, this branch ensures that this new field is moved to
a new, admin-dedicated, user creation form `AdminUserCreationForm`.

Regression in e626716c28.

Thanks Simon Willison for the report, Fabian Braun and Sarah Boyce for
the review.
2024-08-19 12:39:57 -03:00
Adam Johnson
49815f70e4 Refs #31405 -- Improved LoginRequiredMiddleware documentation.
co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-08-08 10:05:31 +02:00
Claude Paroz
4686541691
Migrated setuptools configuration to pyproject.toml.
This branch migrates setuptools configuration from setup.py/setup.cfg to
pyproject.toml. In order to ensure that the generated binary files have
consistent casing (both the tarball and the wheel), setuptools version
is limited to ">=61.0.0,<69.3.0".

Configuration for flake8 was moved to a dedicated .flake8 file since
it cannot be configured via pyproject.toml.

Also, __pycache__ exclusion was removed from MANIFEST and the
extras/Makefile was replaced with a simpler build command.

Co-authored-by: Nick Pope <nick@nickpope.me.uk>
2024-06-24 15:34:43 -03:00
Natalia
05cce083ad Removed versionadded/changed annotations for 5.0.
This also removes remaining versionadded/changed annotations for older
versions.
2024-05-22 15:44:07 -03:00
Hisham Mahmood
c7fc9f20b4 Fixed #31405 -- Added LoginRequiredMiddleware.
Co-authored-by: Adam Johnson <me@adamj.eu>
Co-authored-by: Mehmet İnce <mehmet@mehmetince.net>
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-05-22 08:51:17 +02:00
Dingning
549320946d Fixed #35030 -- Made django.contrib.auth decorators to work with async functions. 2024-03-07 09:59:33 +01:00
Fabian Braun
e626716c28 Fixed #34429 -- Allowed setting unusable passwords for users in the auth forms.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2024-02-20 12:13:32 -03:00
Mariusz Felisiak
305757aec1
Applied Black's 2024 stable style.
https://github.com/psf/black/releases/tag/24.1.0
2024-01-26 12:45:07 +01:00
Adrienne Franke
8570e091d0
Fixed typo in docs/topics/auth/default.txt. 2024-01-22 17:43:13 +01:00
Mariusz Felisiak
86c45d8bc6
Fixed typos in docs. 2023-12-15 07:54:02 +01:00
Markus Amalthea Magnuson
61c305f298 Fixed #34970 -- Clarified Password Validation docs regarding the password_changed callback. 2023-11-15 15:35:25 -03:00
Mariusz Felisiak
00e1879610 Refs #33764 -- Removed BaseUserManager.make_random_password() per deprecation timeline. 2023-09-18 22:12:40 +02:00
Mariusz Felisiak
295467c04a Removed versionadded/changed annotations for 4.2.
This also removes remaining versionadded/changed annotations for older
versions.
2023-09-18 22:12:40 +02:00
Mariusz Felisiak
e2a3a896cf
Refs #15619 -- Removed deprecated annotation about logging out via GET requests.
Follow up to 6c57c08ae5.
2023-09-14 19:49:06 +02:00
Jon Janzen
5e98959d92 Fixed #34391 -- Added async-compatible interface to auth functions and related methods test clients. 2023-06-27 11:17:17 +02:00
HappyDingning
674c23999c Fixed #34565 -- Added support for async checking of user passwords. 2023-05-18 09:39:04 +02:00
Tim Graham
2c4dc64760 Used extlinks for PyPI links.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2023-04-17 06:55:32 +02:00
David Wobrock
2396933ca9 Fixed #34384 -- Fixed session validation when rotation secret keys.
Bug in 0dcd549bbe.

Thanks Eric Zarowny for the report.
2023-03-08 10:48:04 +01:00
Jon Janzen
e846c5e724 Fixed #31920 -- Made AuthenticationMiddleware add request.auser(). 2023-03-07 13:11:22 +01:00
django-bot
14459f80ee Fixed #34140 -- Reformatted code blocks in docs with blacken-docs. 2023-03-01 13:03:56 +01:00
Joseph Victor Zammit
ba755ca131 Refs #34140 -- Corrected rst code-block and various formatting issues in docs. 2023-02-28 12:21:37 +01:00
Carlton Gibson
534ac48297 Refs #34140 -- Applied rst code-block to non-Python examples.
Thanks to J.V. Zammit, Paolo Melchiorre, and Mariusz Felisiak for
reviews.
2023-02-10 19:19:13 +01:00
fschwebel
0265b1b49b
Fixed typo in docs/topics/auth/passwords.txt.
Wrapped hashing is only possible if the inner wrapped function is the
same as the previous hasher.
2023-01-30 08:31:39 +01:00
Mariusz Felisiak
9a01311d20 Refs #15619 -- Removed support for logging out via GET requests.
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Paul Schilling
298d02a77a Fixed #25617 -- Added case-insensitive unique username validation in UserCreationForm.
Co-Authored-By: Neven Mundar <nmundar@gmail.com>
2022-12-29 09:42:22 +01:00
sdolemelipone
9d726c7902 Fixed #34187 -- Made UserCreationForm save many-to-many fields. 2022-11-29 05:56:53 +01:00
Mariusz Felisiak
662497cece
Doc's check_password()'s setter and preferred arguments.
Follow up to 90e05aaeac.
2022-11-28 08:13:51 +01:00
Tony Lechner
b088cc2fea
Fixed #34154 -- Made mixin headers consistent in auth docs. 2022-11-14 05:28:27 +01:00
Trey Hunner
fad070b07b
Improved readability of string interpolation in frequently used examples in docs. 2022-11-10 13:18:38 +01:00
Paolo Melchiorre
fa3afc5d86 Fixed #34056 -- Updated the list of common passwords for CommonPasswordValidator. 2022-09-28 18:40:05 +02:00
Ritik Soni
c11336cd99
Fixed #34017 -- Doc'd that Argon2id variant is used by Argon2PasswordHasher. 2022-09-17 09:49:09 +02:00
DevilsAutumn
6b0bbaf453 Fixed #34019 -- Removed obsolete references to "model design considerations" note. 2022-09-17 08:02:13 +02:00
Alex Morega
de6c9c7054 Refs #30947 -- Changed tuples to lists where appropriate. 2022-08-30 09:57:17 +02:00
Claude Paroz
3b79dab19a Refs #33691 -- Deprecated insecure password hashers.
SHA1PasswordHasher, UnsaltedSHA1PasswordHasher, and UnsaltedMD5PasswordHasher
are now deprecated.
2022-07-23 21:29:31 +02:00
Ciaran McCormick
286e7d076c Fixed #33764 -- Deprecated BaseUserManager.make_random_password(). 2022-06-03 07:30:57 +02:00
Mariusz Felisiak
ac90529cc5 Fixed docs build with sphinxcontrib-spelling 7.5.0+.
sphinxcontrib-spelling 7.5.0+ includes captions of figures in the set
of nodes for which the text is checked.
2022-05-31 11:17:01 +02:00
Carlton Gibson
ca1c3151c3 Removed versionadded/changed annotations for 4.0. 2022-05-17 14:22:06 +02:00
Mariusz Felisiak
02dbf1667c
Fixed #33691 -- Deprecated django.contrib.auth.hashers.CryptPasswordHasher. 2022-05-11 09:13:45 +02:00
David
ce586ed693 Removed hyphen from pre-/re- prefixes.
"prepopulate", "preload", and "preprocessing" are already in the
spelling_wordlist.

This also removes hyphen from double "e" combinations with "pre" and
"re", e.g. preexisting, preempt, reestablish, or reenter.

See also:
- https://ahdictionary.com/word/search.html?q=rerun
- https://ahdictionary.com/word/search.html?q=recreate
- https://ahdictionary.com/word/search.html?q=predetermined
- https://ahdictionary.com/word/search.html?q=reuse
- https://ahdictionary.com/word/search.html?q=reopening
2022-04-28 10:44:14 +02:00
Lucidiot
13a9cde133 Fixed #33613 -- Made createsuperuser detect uniqueness of USERNAME_FIELD when using Meta.constraints. 2022-04-01 11:39:41 +02:00
René Fleschenberg
eb07b5be0c Fixed #15619 -- Deprecated log out via GET requests.
Thanks Florian Apolloner for the implementation idea.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-03-29 06:42:14 +02:00
tschilling
0dcd549bbe Fixed #30360 -- Added support for secret key rotation.
Thanks Florian Apolloner for the implementation idea.

Co-authored-by: Andreas Pelme <andreas@pelme.se>
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com>
2022-02-01 11:12:24 +01:00
Brad Solomon
b55ebe3241 Fixed #33443 -- Clarified when PasswordResetView sends an email. 2022-01-17 07:44:46 +01:00