1
0
mirror of https://github.com/django/django.git synced 2024-12-23 01:25:58 +00:00
Commit Graph

360 Commits

Author SHA1 Message Date
Adam Johnson
652c68ffee
Clarified how contrib.auth picks a password hasher for verification. 2022-01-13 20:46:18 +01:00
David
cc8e771c64 Fixed malformed attribute directives in docs. 2022-01-05 08:11:13 +01:00
Florian Apolloner
968a3d01fa Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator.
Thanks Chris Bailey for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
2022-01-04 10:02:05 +01:00
Mariusz Felisiak
ad6bb20557
Avoided counting attributes and methods in docs. 2021-12-28 12:36:57 +01:00
Adam Johnson
b0d16d0129 Changed signatures of setting_changed signal receivers. 2021-12-17 13:07:04 +01:00
Adam Johnson
41329b9852
Improved wording in password validators docs and docstrings. 2021-12-13 18:53:07 +01:00
Mariusz Felisiak
fd881e8cd9
Refs #33207 -- Clarified that AUTH_USER_MODEL expects an app label. 2021-10-19 13:05:13 +02:00
Mariusz Felisiak
97237ad3fe Removed versionadded/changed annotations for 3.2. 2021-09-20 21:23:01 +02:00
Andrew Northall
c23aa73626 Fixed #32964 -- Corrected 'setup'/'set up' usage in docs. 2021-08-17 12:18:07 +02:00
David Smith
1024b5e74a Fixed 32956 -- Lowercased spelling of "web" and "web framework" where appropriate. 2021-07-29 06:24:12 +02:00
ryowright
1783b3cb24 Fixed #32275 -- Added scrypt password hasher.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-07-22 12:40:33 +02:00
yyyyyyyan
e197dcca36 Clarified docs about increasing the work factor for bcrypt hasher. 2021-05-20 20:24:51 +02:00
Nick Pope
c156e36955 Refs #32720 -- Updated various links in docs to avoid redirects and use HTTPS. 2021-05-17 09:46:09 +02:00
ThinkChaos
b99d6c9cbc Fixed #28216 -- Added next_page/get_default_redirect_url() to LoginView. 2021-02-08 21:08:05 +01:00
Mariusz Felisiak
59841170ba
Used .. attribute:: directive in authentication views docs. 2021-02-08 18:12:58 +01:00
Mariusz Felisiak
b7dd89ed53 Removed versionadded/changed annotations for 3.1. 2021-01-14 17:50:04 +01:00
Jon Moroney
76ae6ccf85 Fixed #31358 -- Increased salt entropy of password hashers.
Co-authored-by: Florian Apolloner <florian@apolloner.eu>
2021-01-14 11:20:28 +01:00
Timo Ludwig
d8dfff2ab0 Fixed #32235 -- Made ReadOnlyPasswordHashField disabled by default. 2020-12-03 09:32:08 +01:00
Roy Zheng
804f2b7024 Added note about password updates on argon2 attributes change. 2020-08-11 07:51:27 +02:00
Nick Pope
feb91dbda1 Used :mimetype: role in various docs. 2020-05-13 09:14:04 +02:00
Mariusz Felisiak
4c5236ef93 Removed versionadded/changed annotations for 3.0. 2020-05-13 09:07:51 +02:00
Mariusz Felisiak
54646a423b
Refs #27468 -- Made user sessions use SHA-256 algorithm. 2020-04-29 16:45:00 +02:00
François Freitag
9ef4a18dbe Changed django.forms.ValidationError imports to django.core.exceptions.ValidationError.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-04-28 10:49:00 +02:00
Mariusz Felisiak
ca769c8c13
Fixed #31505 -- Doc'd possible email addresses enumeration in PasswordResetView. 2020-04-27 18:06:11 +02:00
Tanmay Vijay
e43abbbd70 Doc'd PasswordChangeView/PasswordResetView.success_url defaults. 2020-04-24 08:21:51 +02:00
Mariusz Felisiak
69e2cd6fed Fixed Sphinx warnings on duplicate object descriptions. 2020-04-07 09:48:52 +02:00
Hasan Ramezani
8aa71f4e87 Fixed #31375 -- Made contrib.auth.hashers.make_password() accept only bytes or strings. 2020-03-31 10:52:56 +02:00
Hasan Ramezani
b7795d7673 Fixed #30040 -- Used default permission name in docs examples to avoid confusion. 2020-02-19 15:39:47 +01:00
Jon Dufresne
85efc14a2e Fixed #30948 -- Changed packaging to use declarative config in setup.cfg.
Co-authored-by: Nick Pope <nick.pope@flightdataservices.com>
2019-11-08 14:14:13 +01:00
Mariusz Felisiak
416c584cab Removed versionadded/changed annotations for 2.2. 2019-09-10 12:01:00 +02:00
Tobias Kunze
4a954cfd11 Fixed #30573 -- Rephrased documentation to avoid words that minimise the involved difficulty.
This patch does not remove all occurrences of the words in question.
Rather, I went through all of the occurrences of the words listed
below, and judged if they a) suggested the reader had some kind of
knowledge/experience, and b) if they added anything of value (including
tone of voice, etc). I left most of the words alone. I looked at the
following words:

- simply/simple
- easy/easier/easiest
- obvious
- just
- merely
- straightforward
- ridiculous

Thanks to Carlton Gibson for guidance on how to approach this issue, and
to Tim Bell for providing the idea. But the enormous lion's share of
thanks go to Adam Johnson for his patient and helpful review.
2019-09-06 13:27:46 +02:00
Berker Peksag
400ec5125e Fixed #18763 -- Added ModelBackend/UserManager.with_perm() methods.
Co-authored-by: Nick Pope <nick.pope@flightdataservices.com>
2019-08-29 19:32:12 +02:00
Carlton Gibson
fa7ffc6cb3 Removed unneeded * markers from parameter names. 2019-08-29 12:49:16 +02:00
daniel a rios
b5a5c92c72 Fixed #30066 -- Enabled super user creation without email and password 2019-08-29 12:49:16 +02:00
Hasan Ramezani
03dbdfd9bb Fixed #29019 -- Added ManyToManyField support to REQUIRED_FIELDS. 2019-08-26 14:48:40 +02:00
Nuno
34a88b21da Fixed #30620 -- Made an example of admin-compliant custom user app pep8 compliant. 2019-07-08 07:39:28 +02:00
swatantra
c13e3715f5 Fixed #28667 -- Clarified how to override list of forms fields for custom UserAdmin with a custom user model. 2019-07-04 08:05:20 +02:00
Mariusz Felisiak
9aeac29949
Removed unnecessary backslashes from docs. 2019-06-20 14:04:36 +02:00
Tobias Bengfort
581a0f4545 Refs #30226 -- Added User.get_user_permissions() method.
Added to mirror the existing User.get_group_permissions().
2019-06-05 13:56:37 +02:00
Tobias Bengfort
75337a6050 Fixed #30226 -- Added BaseBackend for authentication. 2019-06-05 13:39:46 +02:00
Mariusz Felisiak
8bdc7a6778
Doc'd that extra_email_context can be used to override default template context values in PasswordResetView. 2019-05-27 12:05:48 +02:00
Rob
58df8aa40f Fixed #28780 -- Allowed specyfing a token parameter displayed in password reset URLs.
Co-authored-by: Tim Givois <tim.givois.mendez@gmail.com>
2019-05-24 08:40:25 +02:00
Tobias Kunze
eb16c7260e Fixed #20629 -- Rephrased custom user models admonition. 2019-04-30 09:09:16 +02:00
Luke Plant
0c916255eb Changed tuple Mate.unique_together/permissions to lists in docs. 2019-04-24 10:06:00 +02:00
Ramiro Morales
aed89adad5 Fixed #30367 -- Changed "pip install" to "python -m pip install" in docs, comments and hints. 2019-04-18 14:41:15 +02:00
Tim Graham
a68c029e22
Used extlinks for Django's source code. 2019-03-28 20:32:17 -04:00
Tobias Bengfort
632d4861dd Clarified permission-related docs. 2019-02-28 15:27:15 +01:00
Mariusz Felisiak
25829197bb
Removed extra characters in docs header underlines. 2019-02-08 21:38:30 +01:00
Tim Graham
ec7e179aeb Removed versionadded/changed annotations for 2.1. 2019-01-17 10:50:25 -05:00
Arthur Rio
181fb60159 Fixed #11154, #22270 -- Made proxy model permissions use correct content type.
Co-Authored-By: Simon Charette <charette.s@gmail.com>
Co-Authored-By: Antoine Catton <acatton@fusionbox.com>
2019-01-16 10:07:28 -05:00
François Freitag
9b15ff08ba Used auto-numbered lists in documentation. 2018-11-15 13:54:28 -05:00
Tobias Bengfort
b1243a55a5 Doc'd PermissionsMixin's usage of User.is_active and is_superuser. 2018-11-12 10:44:22 -05:00
Tim Graham
043407ec7e Fixed #29880 -- Fixed typo in docs/topics/auth/default.txt. 2018-10-22 15:16:11 -04:00
Stephen James
e40e7026ca Fixed #29683 -- Added view permission to docs. 2018-09-26 15:06:43 -04:00
Curtis Maloney
c49ea6f591 Refs #20910 -- Replaced snippet directive with code-block. 2018-09-10 13:00:34 -04:00
Tim Graham
e9ea49d274 Consolidated docs about handling a ForeignKey in custom user model manager. 2018-08-06 12:25:59 -04:00
Maxime Lorant
31407fa3b3 Removed duplicate words in docs.
.
2018-07-18 11:24:06 -04:00
Tim Graham
f3fa86a89b Fixed #29449 -- Reverted "Fixed #28757 -- Allowed using contrib.auth forms without installing contrib.auth."
This reverts commit 3333d935d2 due to
a crash if USERNAME_FIELD isn't a CharField.
2018-07-02 18:39:26 -04:00
Michael Kiros
b37bac39b3 Fixed typo in docs/topics/auth/customizing.txt. 2018-06-05 21:28:26 -04:00
Tim Graham
7543ab1f8d Removed versionadded/changed annotations for 2.0. 2018-05-17 11:00:10 -04:00
olivierdalang
825f0beda8 Fixed #8936 -- Added a view permission and a read-only admin.
Co-authored-by: Petr Dlouhy <petr.dlouhy@email.cz>
Co-authored-by: Olivier Dalang <olivier.dalang@gmail.com>
2018-05-16 06:44:55 -04:00
adamth
acf9d64045 Fixed typos in docs/topics/auth/passwords.txt. 2018-04-23 07:37:26 -04:00
Nick Pope
df90e462d9 Fixed #29212 -- Doc'd redirect loop if @permission_required used with redirect_authenticated_user. 2018-04-19 10:21:24 -04:00
Brett Cannon
64b74804c5 Fixed #29334 -- Updated pypi.python.org URLs to pypi.org. 2018-04-17 20:24:27 -04:00
GS-14
93331877c8 Fixed #29274 -- Increased the number of common passwords from 1k to 20k. 2018-04-16 11:01:47 -04:00
Tim Graham
a4f0e9aec7 Fixed #28718 -- Allowed user to request a password reset if their password doesn't use an enabled hasher.
Regression in aeb1389442.
Reverted changes to is_password_usable() from
703c266682 and documentation changes from
92f48680db.
2018-03-22 10:03:43 -04:00
Tim Graham
5b589a47b9
Fixed #29161 -- Removed BCryptPasswordHasher from PASSWORD_HASHERS. 2018-02-26 09:05:18 -05:00
Dylan Verheul
9b1125bfc7 Fixed #28379 -- Made AccessMixin raise Permissiondenied for authenticated users. 2018-02-16 13:58:55 -05:00
Jon Dufresne
ff05de760c Fixed #29038 -- Removed closing slash from HTML void tags. 2018-01-21 02:09:10 -05:00
Karmen
4fcd28d442 Fixed #28881 -- Doc'd that CommonPasswordValidator's password list must be lowercase. 2018-01-15 10:16:27 -05:00
shanghui
3333d935d2 Fixed #28757 -- Allowed using contrib.auth forms without installing contrib.auth.
Also fixed #28608 -- Allowed UserCreationForm and UserChangeForm to
work with custom user models.

Thanks Sagar Chalise and Rômulo Collopy for reports, and Tim Graham
and Tim Martin for reviews.
2018-01-05 14:47:37 -05:00
Mariusz Felisiak
83a36ac49a
Removed unnecessary trailing commas and spaces in various code. 2017-12-28 21:07:29 +01:00
Tim Graham
4114b441ee
Fixed #28886 -- Updated prefix for example django.contrib.auth.urls URLs. 2017-12-06 09:23:42 -05:00
Tim Graham
d392fc293c Fixed #28802 -- Fixed typo in docs/topics/auth/default.txt. 2017-11-16 10:37:50 -05:00
Botond Beres
51d7feff87 Fixed #28131 -- Corrected examples of using attribute lookups on the "perms" template variable. 2017-10-28 12:15:07 -04:00
Tim Graham
3642c3758b Suggested LoginView rather than @login_required as an alternative to authenticate(). 2017-10-25 11:17:17 -04:00
Tim Graham
5446b72003 Removed versionadded/changed annotations for 1.11. 2017-09-22 12:51:18 -04:00
Tim Graham
5e31be1b96 Refs #25187 -- Required the authenticate() method of authentication backends to have request as the first positional argument.
Per deprecation timeline.
2017-09-22 12:51:18 -04:00
Tim Graham
6e40b70bf4 Refs #26929 -- Removed extra_context parameter of contrib.auth.views.logout_then_login().
Per deprecation timeline.
2017-09-22 12:51:17 -04:00
Tim Graham
4f313e284e Refs #17209 -- Removed login/logout and password reset/change function-based views.
Per deprecation timeline.
2017-09-22 12:51:17 -04:00
Sjoerd Job Postmus
df41b5a05d Fixed #28593 -- Added a simplified URL routing syntax per DEP 0201.
Thanks Aymeric Augustin for shepherding the DEP and patch review.
Thanks Marten Kenbeek and Tim Graham for contributing to the code.
Thanks Tom Christie, Shai Berger, and Tim Graham for the docs.
2017-09-20 18:04:42 -04:00
Mariusz Felisiak
081e787160 Refs #23919 -- Stopped inheriting from object to define new style classes.
Tests and docs complement to cecc079168.
2017-06-26 10:30:31 -04:00
Josh Schneier
5df0ff4155 Fixed #28089 -- Removed requirement to implement get_short_name() and get_full_name() in AbstractBaseUser subclasses. 2017-05-06 17:05:42 -04:00
shinriyo
d510971088 Fixed typo in docs/topics/auth/default.txt. 2017-04-29 06:56:28 -04:00
Nauman Tariq
6684af1e43 Added content_type filtering in Permission querying example. 2017-04-26 13:28:06 -04:00
David D Lowe
9269dec05e Fixed #27911 -- Doc'd how to register custom User with admin. 2017-03-08 12:14:58 -05:00
Camilo Nova
5db465d5a6 Fixed #27891 -- Added PasswordResetConfirmView.post_reset_login_backend. 2017-03-07 19:52:26 -05:00
Claude Paroz
c651331b34 Converted usage of ugettext* functions to their gettext* aliases
Thanks Tim Graham for the review.
2017-02-07 09:04:04 +01:00
chillaranand
dc165ec8e5 Refs #23919 -- Replaced super(ClassName, self) with super() in docs. 2017-01-25 11:53:05 -05:00
Tim Graham
f6acd1d271 Refs #23919 -- Removed Python 2 notes in docs. 2017-01-18 11:51:29 -05:00
Tim Graham
e27e4c0339 Removed versionadded/changed annotations for 1.10. 2017-01-17 20:52:05 -05:00
Tim Graham
401c5b2e42 Refs #23957 -- Removed the useless SessionAuthenticationMiddleware. 2017-01-17 20:52:05 -05:00
Tim Graham
eba093e8b0 Refs #25847 -- Removed support for User.is_(anonymous|authenticated) as methods.
Per deprecation timeline.
2017-01-17 20:52:03 -05:00
Tim Graham
9f9a3d643e Refs #24126 -- Removed auth views' current_app parameter per deprecation timeline. 2017-01-17 20:52:00 -05:00
Tim Graham
432b25ace0 Removed nonexistent LogoutView context from docs. 2016-12-31 07:57:39 -05:00
Tim Graham
d7e6b8febd Fixed typo in docs/topics/auth/customizing.txt. 2016-11-28 16:39:54 -05:00
Aymeric Augustin
cb7bbf97a7
Fixed #25966 -- Made get_user_model() work at import time.
This makes it equivalent to: `from django.contrib.auth.models import User`.

Thanks Aymeric Augustin for the initial patch and Tim Graham for the
review.
2016-11-25 14:15:49 +01:00
Alex Scott
da4c0e8cc9 Fixed typo in docs/topics/auth/customizing.txt. 2016-11-24 05:41:21 -05:00
Tim Graham
93a081946d Normalized casing of "custom user model". 2016-11-23 15:14:28 -05:00
Krzysztof Gogolewski
d02a03d574 Fixed #24370 -- Recommended starting with a custom user model. 2016-11-23 14:43:17 -05:00