1
0
mirror of https://github.com/django/django.git synced 2024-12-27 11:35:53 +00:00
Commit Graph

256 Commits

Author SHA1 Message Date
Lewis Cowles
1d25eb9688 Fixed #27294 -- Documented UserCreationForm's fields. 2016-09-30 13:56:53 -04:00
levental
617e36dc1e Fixed #20705 -- Allowed using PasswordResetForm with user models with an email field not named 'email'. 2016-09-27 11:59:00 -04:00
Berker Peksag
0a6ed6b1d9 Simplified has_perm() example in topics/auth/customizing.txt. 2016-09-23 15:28:32 -04:00
aruseni
cdde2eac5b Fixed a typo in docs/topics/auth/default.txt. 2016-09-17 20:09:15 -04:00
Aleksej Manaev
4b9330ccc0 Fixed #25187 -- Made request available in authentication backends. 2016-09-12 20:11:53 -04:00
Jon Dufresne
1ec1633cb2 Fixed #26401 -- Added BaseAuthConfig to use auth without migrations. 2016-09-10 16:38:05 -07:00
Jon Dufresne
66e1ebbffc Fixed #26956 -- Added success_url_allowed_hosts to LoginView and LogoutView.
Allows specifying additional hosts to redirect after login and log out.
2016-09-07 19:56:25 -07:00
Tim Graham
9f27735612 Fixed #27013 -- Clarified commands to install argon2/bcrypt packages. 2016-08-19 19:23:12 -04:00
Tim Graham
7549eb0004 Fixed #27009 -- Made update_session_auth_hash() rotate the session key. 2016-08-15 19:29:12 -04:00
Tim Graham
4c2a6fe75b Clarified session verification with respect to the current session. 2016-08-11 12:08:50 -04:00
an0o0nym
c412aaca73 Fixed #26957 -- Corrected authenticate() docs regarding User.is_active. 2016-08-10 19:52:01 -04:00
Tim Graham
796cc62026 Fixed #27045 -- Documented that AUTH_PASSWORD_VALIDATORS aren't applied at the model level. 2016-08-10 15:52:16 -04:00
jordij
0814566bf1 Fixed #26960 -- Added PasswordResetConfirmView option to automatically log in after a reset. 2016-08-10 10:23:16 -04:00
Andrew Nester
0ba179194b Fixed #26929 -- Deprecated extra_context parameter of contrib.auth.views.logout_then_login(). 2016-07-28 11:57:02 -04:00
Tim Graham
412b4126d7 Removed a blank line per isort and a trailing whitespace. 2016-07-28 11:56:25 -04:00
Claude Paroz
255fb99284 Fixed #17209 -- Added password reset/change class-based views
Thanks Tim Graham for the review.
2016-07-16 10:36:12 +02:00
Jiang Haiyun
6d61ec0e1a Fixed a typo in auth docs. 2016-07-04 11:02:11 -04:00
Ramiro Morales
c962b9104a Added missing trailing '$' to url() patterns in docs. 2016-06-27 09:18:44 -04:00
Bang Dao + Tam Huynh
09119dff14 Fixed #26719 -- Normalized email in AbstractUser.clean(). 2016-06-24 10:37:38 -04:00
Claude Paroz
78963495d0 Refs #17209 -- Added LoginView and LogoutView class-based views
Thanks Tim Graham for the review.
2016-06-24 10:45:13 +02:00
Tim Graham
39805686b3 Refs #21379, #26719 -- Moved username normalization to AbstractBaseUser.
Thanks Huynh Thanh Tam for the initial patch and Claude Paroz for review.
2016-06-21 16:19:37 -04:00
Ville Skyttä
96f97691ad Fixed broken links in docs and comments. 2016-06-15 21:20:23 -04:00
Ed Henderson
4a4d7f980e Fixed #26021 -- Applied hanging indentation to docs. 2016-06-03 11:44:34 -04:00
Bas Westerbaan
9407cc966b Fixed #26635 -- Clarified Argon2PasswordHasher's memory_cost differs from command line utility. 2016-05-27 18:37:12 -04:00
Tim Graham
46a38307c2 Removed versionadded/changed annotations for 1.9. 2016-05-20 11:44:29 -04:00
Florian Apolloner
9baf692a58 Fixed #26601 -- Improved middleware per DEP 0005.
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-05-17 07:22:22 -04:00
Claude Paroz
9935f97cd2 Refs #21379 -- Normalized unicode username inputs 2016-05-16 19:38:02 +02:00
Tim Graham
5238af3257 Used 'classmethod' annotation in docs/topics/auth/customizing.txt 2016-05-14 18:58:09 -04:00
Tim Graham
2c4c67af94 Fixed #26514 -- Documented that User.refresh_from_db() doesn't clear the permission cache. 2016-04-18 09:02:56 -04:00
Jeremy Lainé
c1aec0feda Fixed #25847 -- Made User.is_(anonymous|authenticated) properties. 2016-04-09 14:54:18 -04:00
Alexander Gaevsky
e0a3d93730 Fixed #25232 -- Made ModelBackend/RemoteUserBackend reject inactive users. 2016-03-23 09:01:48 -04:00
Tim Graham
c41737dc00 Fixed #26392 -- Corrected login_required/permission_required stacking example. 2016-03-21 19:56:15 -04:00
Bas Westerbaan
b4250ea04a Fixed #26033 -- Added Argon2 password hasher. 2016-03-08 11:22:18 -05:00
Florian Apolloner
67b46ba701 Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login.
This is a security fix.
2016-03-01 11:25:28 -05:00
Olivier Le Thanh Duong
10781b4c6f Fixed #12233 -- Allowed redirecting authenticated users away from the login view.
contrib.auth.views.login() has a new parameter `redirect_authenticated_user`
to automatically redirect authenticated users visiting the login page.

Thanks to dmathieu and Alex Buchanan for the original code and to Carl Meyer
for the help and review.
2016-02-25 07:18:33 -05:00
Tim Graham
441c537b66 Fixed a function signature in docs/topics/auth/default.txt. 2016-02-24 16:24:33 -05:00
Tim Graham
47b5a6a43c Fixed #26187 -- Removed weak password hashers from PASSWORD_HASHERS. 2016-02-22 18:59:23 -05:00
Markus Holtermann
b14470c7b7 Fixed spelling error 2016-02-23 10:24:38 +11:00
Tim Graham
5a541e2e6c Fixed #26188 -- Documented how to wrap password hashers. 2016-02-22 17:21:45 -05:00
Daniel Quinn
de7edc005f Fixed import location of check_password() in docs. 2016-02-22 12:42:47 -05:00
Berker Peksag
f0425c7260 Refs #19353 -- Added tests for using custom user models with built-in auth forms.
Also updated topics/auth/customizing.txt to reflect that subclasses of
UserCreationForm and UserChangeForm can be used with custom user models.

Thanks Baptiste Mispelon for the initial documentation.
2016-02-17 10:26:07 -05:00
Hugo Osvaldo Barrera
dcee1dfc79 Fixed #12405 -- Added LOGOUT_REDIRECT_URL setting.
After a user logs out via auth.views.logout(), they're redirected
to LOGOUT_REDIRECT_URL if no `next_page` argument is provided.
2016-02-04 10:35:37 -05:00
Tim Graham
1e9150443e Refs #26089 -- Removed obsolete docs about custom user model testing. 2016-02-02 08:12:08 -05:00
Tim Graham
8ce8beb3f2 Unified some doc links to OneToOneField and ManyToManyField. 2016-02-01 11:02:26 -05:00
rowanv
a6ef025dfb Fixed #26124 -- Added missing code formatting to docs headers. 2016-02-01 10:42:05 -05:00
Tim Graham
e519aab43a Fixed #23868 -- Added support for non-unique django-admin-options in docs.
Also documented missing short command line options to fix #24134. This bumps
the minimum sphinx version required to build the docs to 1.3.4.

Thanks Simon Charette for review.
2016-01-14 18:21:33 -05:00
Paulo Poiati
b643386668 Fixed #24855 -- Allowed using contrib.auth.login() without credentials.
Added an optional `backend` argument to login().
2016-01-07 08:56:07 -05:00
Gavin Wahl
ec708803f7 Fixed user_passes_test() signature in docs. 2015-12-08 15:56:10 -05:00
Tim Graham
166e0490d3 Fixed #25895 -- Used a consistent style for UserAdmin overrides.
Thanks Justin Abrahms for the report.
2015-12-08 14:40:55 -05:00
Florian Apolloner
105028eec6 Removed deprecated usage of url tag from auth docs. 2015-12-05 19:21:30 +01:00
Josh Soref
93452a70e8 Fixed many spelling mistakes in code, comments, and docs. 2015-12-03 12:48:24 -05:00
Eliezer Kanal
d3b488f5bd Updated link to 1000 common passwords.
xato.net is dead; replaced with link to archive.org.
2015-12-02 12:57:02 -05:00
Agnieszka Lasyk
1f8dad6915 Fixed #25755 -- Unified spelling of "website". 2015-11-16 06:44:14 -05:00
Anderson Resende
ce4914eab4 Fixed #25744 -- Corrected reference to User object in auth docs. 2015-11-12 19:22:30 -05:00
Bryan Marty
9788625277 Fixed #25169 -- Documented stacking of permission_required and login_required. 2015-11-12 14:23:59 -05:00
japrogramer
a10cbbbc17 Fixed typo in docs/topics/auth/default.txt. 2015-11-03 08:56:23 +00:00
Tim Graham
9c5e272860 Fixed #25550 -- Deprecated direct assignment to the reverse side of a related set. 2015-10-27 07:57:15 -04:00
Tim Graham
c14b6b52ff Documented auth's login/logout function parameters. 2015-09-28 14:11:54 -04:00
Tim Graham
54848a96dd Removed versionadded/changed annotations for 1.8. 2015-09-23 19:31:11 -04:00
Tim Graham
849037af36 Refs #23957 -- Required session verification per deprecation timeline. 2015-09-23 19:31:10 -04:00
Tim Graham
f1761e3fef Refs #21648 -- Removed is_admin_site option from password_reset() view.
Per deprecation timeline.
2015-09-23 19:31:10 -04:00
Tim Graham
cb1e779ceb Refs #24115 -- Added docs for password updates on bcrypt rounds change. 2015-09-22 19:30:31 -04:00
sujayskumar
d8d853378b Fixed #24944 -- Added extra_email_context parameter to password_reset() view. 2015-09-18 18:56:04 -04:00
Tim Graham
6c6eb8a691 Refs #24914 -- Added docs for more auth mixin methods. 2015-08-20 17:57:47 -04:00
Claude Paroz
64982cc2fb Updated Wikipedia links to use https 2015-08-08 12:02:32 +02:00
Tim Graham
16a8d01308 Fixed #25229 -- Clarified how an iterable works with @permission_required 2015-08-05 17:13:45 -04:00
Alasdair Nicol
6d7a9d96fe Fixed password_reset signature in docs 2015-08-04 13:54:32 -04:00
Tim Graham
5d0961fdfc Fixed #25202 -- Fixed typo in docs/topics/auth/customizing.txt 2015-07-31 07:33:38 -04:00
Flavio Curella
c2e70f0265 Fixed #21127 -- Started deprecation toward requiring on_delete for ForeignKey/OneToOneField 2015-07-27 18:28:13 -04:00
Tim Graham
87d55081ea Fixed #25159 -- Removed brackets from class/function/method signatures in docs.
Thanks hellbeast for the initial patch.
2015-07-27 10:32:47 -04:00
Akis Kesoglou
29465d438e Fixed #25142 -- Added PermissionRequiredMixin.has_permission() to allow customization. 2015-07-27 10:23:56 -04:00
Tim Graham
217f173be0 Fixed #25166 -- Clarified how auth permissions are created.
Thanks Baptiste Mispelon for report and review.
2015-07-25 09:30:54 -04:00
Tim Graham
e3d1f2422c Fixed malformed Sphinx directives. 2015-07-25 06:37:51 -04:00
Tim Graham
03aec35a12 Converted tabs to spaces in topics/auth/default.txt 2015-07-24 11:48:57 -04:00
lukasz.wojcik
927b30a6ab Fixed #24126 -- Deprecated current_app parameter to auth views. 2015-07-21 08:26:41 -04:00
Tim Graham
5fd83db255 Normalized indentation and line lengths in docs/topics/auth/default.txt. 2015-07-21 08:11:28 -04:00
Tim Graham
f5e9d67907 Refs #16860 -- Moved password_changed() logic to AbstractBaseUser.
Thanks Carl Meyer for review.
2015-07-20 13:44:26 -04:00
Nick Sweeting
f0857c09fb Fixed #25083 -- Added SessionAuthenticationMiddleware to auth installation docs 2015-07-10 08:40:57 -04:00
Tim Graham
aaacaeb096 Renamed RemovedInDjangoXYWarnings for new roadmap.
Forwardport of ae1d663b79
from stable/1.8.x plus more.
2015-06-24 16:08:20 -04:00
Markus Holtermann
e5cb4e1411 Fixed #24914 -- Added authentication mixins for CBVs
Added the mixins LoginRequiredMixin, PermissionRequiredMixin and
UserPassesTestMixin to contrib.auth as counterparts to the respective
view decorators.

The authentication mixins UserPassesTestMixin, LoginRequiredMixin and
PermissionRequiredMixin have been inspired by django-braces
<https://github.com/brack3t/django-braces/>

Thanks Raphael Michel for the initial patch, tests and docs on the PR
and Ana Balica, Kenneth Love, Marc Tamlyn, and Tim Graham for the
review.
2015-06-17 23:19:10 +02:00
Tim Graham
58665dded0 Removed usage of string-based url() in auth docs. 2015-06-17 09:45:03 -04:00
Tim Graham
55b3bd8468 Refs #16860 -- Minor edits and fixes to password validation. 2015-06-10 07:41:01 -04:00
Raphael Michel
39937de7e6 Fixed #24929 -- Allowed permission_required decorator to take any iterable 2015-06-08 13:44:39 -04:00
Erik Romijn
1daae25bdc Fixed #16860 -- Added password validation to django.contrib.auth. 2015-06-07 19:31:20 +02:00
Alasdair Nicol
1ea87c8c79 Fixed #24910 -- Added createsuperuser support for non-unique USERNAME_FIELDs
Clarified docs to say that a non-unique USERNAME_FIELD is permissable
as long as the custom auth backend can support it.
2015-06-06 09:33:02 -04:00
Kevin Marsh
10945ebeb8 Removed unused import in example code in docs/topics/auth/default.txt 2015-05-27 13:26:20 +01:00
Tim Graham
00d763a4fb Fixed typo in docs/topics/auth/default.txt 2015-05-22 06:48:59 -04:00
Laurent Peuch
21efb5eb74 Enhanced registration/login.html example template. 2015-05-21 20:45:51 -04:00
Charles Dee Rice
4f3c444241 Fixed #24789 -- Fixed wrong positional args order in doc example
Arguments shown in example code (signal, sender, instance) appeared to
be the incorrect positional arguments for a post_save signal (which
might start as: sender, instance, created), as documented:
​https://docs.djangoproject.com/en/1.8/ref/signals/#post-save
2015-05-13 10:14:33 +02:00
Tim Graham
8e86d9d3df Fixed #24780 -- Removed outdated discussion of signals and custom users. 2015-05-11 09:10:30 -04:00
Dan Watson
fe914341c8 Fixed #24564 -- Moved AbstractBaseUser and BaseUserManager so they can be used without auth in INSTALLED_APPS 2015-05-05 12:03:48 -04:00
Tim Graham
981e3b9394 Fixed #24429 -- Doc'ed that Django 1.8 doesn't require an integer PK for custom user models. 2015-04-07 10:45:31 -04:00
Christopher Luc
e37d52bd5e Fixed #22993 -- Deprecated skipIfCustomUser decorator 2015-04-07 09:45:32 -04:00
Thomas Güttler
566c936236 Added admonition about reusable apps and AUTH_USER_PROFILE. 2015-04-06 19:49:46 -04:00
Sam Thursfield
1119063c69 Fixed #24556 -- Added reminder about HTTPS to passwords docs. 2015-04-03 10:55:11 -04:00
Tim Graham
3e132406e3 Fixed syntax highlighting in docs/topics/auth/default.txt 2015-03-28 07:49:03 -04:00
Matt Seymour
fca14cd3f2 Fixed #24501 -- Improved auth.decorators.user_passes_test() example. 2015-03-24 10:30:00 -04:00
Andrei Kulakov
e8a758e941 Fixed #24253 -- Documented staff_member_required decorator. 2015-03-13 14:46:13 -04:00
Remco Kranenburg
f6b09a7f85 Refs #23559 -- warned about consequences of letting users edit User model in admin. 2015-03-13 08:50:48 -04:00
Rik
eb9b7abb83 Fixed #21661 -- Expanded authentication views documentation 2015-03-08 20:36:27 +01:00