1
0
mirror of https://github.com/django/django.git synced 2024-12-30 13:05:45 +00:00
Commit Graph

334 Commits

Author SHA1 Message Date
David Wobrock
6937c92169 [4.2.x] Fixed #34384 -- Fixed session validation when rotation secret keys.
Bug in 0dcd549bbe.

Thanks Eric Zarowny for the report.

Backport of 2396933ca9 from main
2023-03-08 11:33:03 +01:00
django-bot
62510f01e7 [4.2.x] Fixed #34140 -- Reformatted code blocks in docs with blacken-docs. 2023-03-01 13:39:03 +01:00
Joseph Victor Zammit
5bdd6223a2 [4.2.x] Refs #34140 -- Corrected rst code-block and various formatting issues in docs.
Backport of ba755ca131 from main
2023-02-28 12:54:33 +01:00
Carlton Gibson
b784768eef [4.2.x] Refs #34140 -- Applied rst code-block to non-Python examples.
Thanks to J.V. Zammit, Paolo Melchiorre, and Mariusz Felisiak for
reviews.

Backport of 534ac48297 from main.
2023-02-10 21:12:06 +01:00
fschwebel
5159e05e40 [4.2.x] Fixed typo in docs/topics/auth/passwords.txt.
Wrapped hashing is only possible if the inner wrapped function is the
same as the previous hasher.
Backport of 0265b1b49b from main
2023-01-30 08:32:13 +01:00
Paul Schilling
298d02a77a Fixed #25617 -- Added case-insensitive unique username validation in UserCreationForm.
Co-Authored-By: Neven Mundar <nmundar@gmail.com>
2022-12-29 09:42:22 +01:00
sdolemelipone
9d726c7902 Fixed #34187 -- Made UserCreationForm save many-to-many fields. 2022-11-29 05:56:53 +01:00
Mariusz Felisiak
662497cece
Doc's check_password()'s setter and preferred arguments.
Follow up to 90e05aaeac.
2022-11-28 08:13:51 +01:00
Tony Lechner
b088cc2fea
Fixed #34154 -- Made mixin headers consistent in auth docs. 2022-11-14 05:28:27 +01:00
Trey Hunner
fad070b07b
Improved readability of string interpolation in frequently used examples in docs. 2022-11-10 13:18:38 +01:00
Paolo Melchiorre
fa3afc5d86 Fixed #34056 -- Updated the list of common passwords for CommonPasswordValidator. 2022-09-28 18:40:05 +02:00
Ritik Soni
c11336cd99
Fixed #34017 -- Doc'd that Argon2id variant is used by Argon2PasswordHasher. 2022-09-17 09:49:09 +02:00
DevilsAutumn
6b0bbaf453 Fixed #34019 -- Removed obsolete references to "model design considerations" note. 2022-09-17 08:02:13 +02:00
Alex Morega
de6c9c7054 Refs #30947 -- Changed tuples to lists where appropriate. 2022-08-30 09:57:17 +02:00
Claude Paroz
3b79dab19a Refs #33691 -- Deprecated insecure password hashers.
SHA1PasswordHasher, UnsaltedSHA1PasswordHasher, and UnsaltedMD5PasswordHasher
are now deprecated.
2022-07-23 21:29:31 +02:00
Ciaran McCormick
286e7d076c Fixed #33764 -- Deprecated BaseUserManager.make_random_password(). 2022-06-03 07:30:57 +02:00
Mariusz Felisiak
ac90529cc5 Fixed docs build with sphinxcontrib-spelling 7.5.0+.
sphinxcontrib-spelling 7.5.0+ includes captions of figures in the set
of nodes for which the text is checked.
2022-05-31 11:17:01 +02:00
Carlton Gibson
ca1c3151c3 Removed versionadded/changed annotations for 4.0. 2022-05-17 14:22:06 +02:00
Mariusz Felisiak
02dbf1667c
Fixed #33691 -- Deprecated django.contrib.auth.hashers.CryptPasswordHasher. 2022-05-11 09:13:45 +02:00
David
ce586ed693 Removed hyphen from pre-/re- prefixes.
"prepopulate", "preload", and "preprocessing" are already in the
spelling_wordlist.

This also removes hyphen from double "e" combinations with "pre" and
"re", e.g. preexisting, preempt, reestablish, or reenter.

See also:
- https://ahdictionary.com/word/search.html?q=rerun
- https://ahdictionary.com/word/search.html?q=recreate
- https://ahdictionary.com/word/search.html?q=predetermined
- https://ahdictionary.com/word/search.html?q=reuse
- https://ahdictionary.com/word/search.html?q=reopening
2022-04-28 10:44:14 +02:00
Lucidiot
13a9cde133 Fixed #33613 -- Made createsuperuser detect uniqueness of USERNAME_FIELD when using Meta.constraints. 2022-04-01 11:39:41 +02:00
René Fleschenberg
eb07b5be0c Fixed #15619 -- Deprecated log out via GET requests.
Thanks Florian Apolloner for the implementation idea.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-03-29 06:42:14 +02:00
tschilling
0dcd549bbe Fixed #30360 -- Added support for secret key rotation.
Thanks Florian Apolloner for the implementation idea.

Co-authored-by: Andreas Pelme <andreas@pelme.se>
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com>
2022-02-01 11:12:24 +01:00
Brad Solomon
b55ebe3241 Fixed #33443 -- Clarified when PasswordResetView sends an email. 2022-01-17 07:44:46 +01:00
Adam Johnson
652c68ffee
Clarified how contrib.auth picks a password hasher for verification. 2022-01-13 20:46:18 +01:00
David
cc8e771c64 Fixed malformed attribute directives in docs. 2022-01-05 08:11:13 +01:00
Florian Apolloner
968a3d01fa Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator.
Thanks Chris Bailey for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
2022-01-04 10:02:05 +01:00
Mariusz Felisiak
ad6bb20557
Avoided counting attributes and methods in docs. 2021-12-28 12:36:57 +01:00
Adam Johnson
b0d16d0129 Changed signatures of setting_changed signal receivers. 2021-12-17 13:07:04 +01:00
Adam Johnson
41329b9852
Improved wording in password validators docs and docstrings. 2021-12-13 18:53:07 +01:00
Mariusz Felisiak
fd881e8cd9
Refs #33207 -- Clarified that AUTH_USER_MODEL expects an app label. 2021-10-19 13:05:13 +02:00
Mariusz Felisiak
97237ad3fe Removed versionadded/changed annotations for 3.2. 2021-09-20 21:23:01 +02:00
Andrew Northall
c23aa73626 Fixed #32964 -- Corrected 'setup'/'set up' usage in docs. 2021-08-17 12:18:07 +02:00
David Smith
1024b5e74a Fixed 32956 -- Lowercased spelling of "web" and "web framework" where appropriate. 2021-07-29 06:24:12 +02:00
ryowright
1783b3cb24 Fixed #32275 -- Added scrypt password hasher.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-07-22 12:40:33 +02:00
yyyyyyyan
e197dcca36 Clarified docs about increasing the work factor for bcrypt hasher. 2021-05-20 20:24:51 +02:00
Nick Pope
c156e36955 Refs #32720 -- Updated various links in docs to avoid redirects and use HTTPS. 2021-05-17 09:46:09 +02:00
ThinkChaos
b99d6c9cbc Fixed #28216 -- Added next_page/get_default_redirect_url() to LoginView. 2021-02-08 21:08:05 +01:00
Mariusz Felisiak
59841170ba
Used .. attribute:: directive in authentication views docs. 2021-02-08 18:12:58 +01:00
Mariusz Felisiak
b7dd89ed53 Removed versionadded/changed annotations for 3.1. 2021-01-14 17:50:04 +01:00
Jon Moroney
76ae6ccf85 Fixed #31358 -- Increased salt entropy of password hashers.
Co-authored-by: Florian Apolloner <florian@apolloner.eu>
2021-01-14 11:20:28 +01:00
Timo Ludwig
d8dfff2ab0 Fixed #32235 -- Made ReadOnlyPasswordHashField disabled by default. 2020-12-03 09:32:08 +01:00
Roy Zheng
804f2b7024 Added note about password updates on argon2 attributes change. 2020-08-11 07:51:27 +02:00
Nick Pope
feb91dbda1 Used :mimetype: role in various docs. 2020-05-13 09:14:04 +02:00
Mariusz Felisiak
4c5236ef93 Removed versionadded/changed annotations for 3.0. 2020-05-13 09:07:51 +02:00
Mariusz Felisiak
54646a423b
Refs #27468 -- Made user sessions use SHA-256 algorithm. 2020-04-29 16:45:00 +02:00
François Freitag
9ef4a18dbe Changed django.forms.ValidationError imports to django.core.exceptions.ValidationError.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-04-28 10:49:00 +02:00
Mariusz Felisiak
ca769c8c13
Fixed #31505 -- Doc'd possible email addresses enumeration in PasswordResetView. 2020-04-27 18:06:11 +02:00
Tanmay Vijay
e43abbbd70 Doc'd PasswordChangeView/PasswordResetView.success_url defaults. 2020-04-24 08:21:51 +02:00
Mariusz Felisiak
69e2cd6fed Fixed Sphinx warnings on duplicate object descriptions. 2020-04-07 09:48:52 +02:00