1
0
mirror of https://github.com/django/django.git synced 2024-12-23 01:25:58 +00:00
Commit Graph

200 Commits

Author SHA1 Message Date
Tim Graham
af33fb250e Fixed CVE-2018-6188 -- Fixed information leakage in AuthenticationForm.
Reverted 359370a8b8 (refs #28645).

This is a security fix.
2018-02-01 09:05:14 -05:00
shanghui
3333d935d2 Fixed #28757 -- Allowed using contrib.auth forms without installing contrib.auth.
Also fixed #28608 -- Allowed UserCreationForm and UserChangeForm to
work with custom user models.

Thanks Sagar Chalise and Rômulo Collopy for reports, and Tim Graham
and Tim Martin for reviews.
2018-01-05 14:47:37 -05:00
Дилян Палаузов
d7b2aa24f7 Fixed #28982 -- Simplified code with and/or. 2018-01-03 20:12:23 -05:00
Tim Graham
acc8dd4142
Fixed #28984 -- Made assorted code simplifications. 2018-01-03 13:24:02 -05:00
Alvin Lindstam
2cb6b7732d Fixed #28902 -- Fixed password_validators_help_text_html() double escaping. 2018-01-02 19:51:06 -05:00
shanghui
359370a8b8 Fixed #28645 -- Reallowed AuthenticationForm to raise the inactive user error when using ModelBackend.
Regression in e0a3d93730.

Thanks Guilherme Junqueira for the report and Tim Graham for the review.
2017-11-08 09:39:12 -05:00
Дилян Палаузов
6c0042430e Fixed #28776 -- Fixed a/an/and typos in docs and comments. 2017-11-06 22:41:03 -05:00
Tom
b81905bfd4 Fixed #28571 -- Added a prompt to bypass password validation in createsuperuser. 2017-11-03 20:00:08 -04:00
Tim Graham
872be5976d Improved technique for matching input prompts in contrib.auth management tests. 2017-11-03 20:00:08 -04:00
Jon Dufresne
6ed347d851 Fixed #28706 -- Moved AuthenticationFormn invalid login ValidationError to a method for reuse. 2017-10-23 09:10:45 -04:00
Lucas Connors
5ceaf14686 Fixed #27515 -- Made AuthenticationForm's username field use the max_length from the model field.
Thanks Ramin Farajpour Cami for the report.
2017-10-20 11:13:26 -04:00
Lucas Connors
d233391208 Refs #19130 -- Added a test for AuthenticationForm.username max_length.
This will be a more useful regression test after refs #27515.
2017-10-20 11:10:32 -04:00
Yuri Kaszubowski Lopes
d98210c255 Fixed #28713 -- Prevented ModelBackend.get_all_permissions() from mutating get_user_permissions(). 2017-10-14 20:47:49 -04:00
Hasan Ramezani
6aec130a4c Fixed #28591 -- Added an error message for createsuperuser --username= (blank). 2017-10-09 21:49:35 -04:00
Mads Jensen
3e72f4b7b6 Completed test coverage for BasePasswordHasher. 2017-09-29 09:28:25 -04:00
Mads Jensen
776f6902d9 Moved BasePasswordHasher tests to its own test case. 2017-09-29 09:28:24 -04:00
Mads Jensen
d917c17a3b Completed test coverage for AnonymousUser. 2017-09-28 13:11:23 -04:00
Mads Jensen
7fce4dc5ff Moved AnonymousUser tests to its own test case. 2017-09-28 13:11:07 -04:00
Mads Jensen
4803834aaa Added a test for PermWrapper.__iter__(). 2017-09-26 19:42:50 -04:00
Tim Graham
67a6ba391b Reverted "Fixed #28248 -- Fixed password reset tokens being valid for 1 day longer than PASSWORD_RESET_TIMEOUT_DAYS."
This reverts commit 95993a89ce.
2017-09-25 09:05:00 -04:00
Tim Graham
5e31be1b96 Refs #25187 -- Required the authenticate() method of authentication backends to have request as the first positional argument.
Per deprecation timeline.
2017-09-22 12:51:18 -04:00
Tim Graham
6e40b70bf4 Refs #26929 -- Removed extra_context parameter of contrib.auth.views.logout_then_login().
Per deprecation timeline.
2017-09-22 12:51:17 -04:00
Tim Graham
4f313e284e Refs #17209 -- Removed login/logout and password reset/change function-based views.
Per deprecation timeline.
2017-09-22 12:51:17 -04:00
Luoxzhg
ffbee67f8e Fixed some comments referring to a nonexistent TestClient class. 2017-09-09 11:21:15 -04:00
ZachLiuGIS
2dacc2ccd9 Fixed #28550 -- Restored contrib.auth's login() and logout() views' respect of positional arguments.
Regression in 78963495d0.

Forwardport of f8e0557b01 from stable/1.11.x
2017-09-03 12:06:44 -04:00
François Freitag
18dd9ba481 Fixed test in auth_tests modifying data from setUpTestData(). 2017-09-01 21:43:41 -04:00
hui shang
c0f4c60edd Fixed #28513 -- Added POST request support to LogoutView. 2017-08-24 09:11:16 -04:00
Mads Jensen
a51c4de194 Used assertRaisesMessage() to test Django's error messages. 2017-07-29 19:07:23 -04:00
Andrew Pinkham
a96b981d84 Fixed #28127 -- Allowed UserCreationForm's password validation to check all user fields. 2017-06-21 09:22:15 -04:00
Chandrakant Kumar
2b09e4c88e Fixed #27787 -- Made call_command() validate the options it receives. 2017-06-16 21:28:38 -04:00
Mikhail Golubev
e7dc39fb65 Fixed #28229 -- Fixed the value of LoginView's "next" template variable. 2017-06-13 09:13:22 -04:00
Jon Dufresne
2c69824e5a Refs #23968 -- Removed unnecessary lists, generators, and tuple calls. 2017-06-01 19:08:59 -04:00
Linus Lewandowski
eedc88bd4a Fixed #26823 -- Prevented update_last_login signal receiver from crashing if User model doesn't have last_login field. 2017-05-29 17:31:18 -04:00
Nick Zaccardi
95993a89ce Fixed #28248 -- Fixed password reset tokens being valid for 1 day longer than PASSWORD_RESET_TIMEOUT_DAYS. 2017-05-29 09:22:22 -04:00
jannh
c930c241f8 Fixed #28017 -- Allowed customizing PasswordResetTokenGenerator's secret. 2017-05-26 07:37:36 -04:00
Bruno Alla
6092ea8fa6 Refs #27804 -- Used subTest() in several tests. 2017-05-24 08:36:34 -04:00
Daniel Hahler
a3ba2662cd Refs #28207 -- Fixed contrib.auth.authenticate() if 'backend' is in the credentials.
Regression in 3008f30f19.
2017-05-22 12:24:38 -04:00
Tamas Szabo
3008f30f19 Fixed #28207 -- Fixed contrib.auth.authenticate() if multiple auth backends don't accept a request. 2017-05-15 07:48:15 -04:00
Sławek Ehlert
faaf62f616 Improved test coverage for createsuperuser command. 2017-05-12 10:29:56 -04:00
Josh Schneier
5df0ff4155 Fixed #28089 -- Removed requirement to implement get_short_name() and get_full_name() in AbstractBaseUser subclasses. 2017-05-06 17:05:42 -04:00
Tim Graham
dff559ff83 Fixed #28097 -- Fixed layout of ReadOnlyPasswordHashWidget. 2017-04-19 12:59:30 -04:00
Tim Graham
d4d79d0f20 Refs #27025 -- Fixed "invalid escape sequence" warning in auth_tests on Python 3.6. 2017-04-02 20:02:55 -04:00
Camilo Nova
5db465d5a6 Fixed #27891 -- Added PasswordResetConfirmView.post_reset_login_backend. 2017-03-07 19:52:26 -05:00
Tim Graham
72ff9d53e6 Factored out uid/user tokens in auth_tests urlpatterns. 2017-03-07 18:56:10 -05:00
Anton Samarchyan
7588d7e439 Improved test coverage for django.contrib.auth. 2017-03-01 17:29:50 -05:00
Tim Graham
c31e7ab5a4 Refs #25187 -- Fixed AuthBackend.authenticate() compatibility for signatures that accept a request kwarg. 2017-02-24 10:15:41 -05:00
Markus Holtermann
b9b35f9efa
Fixed #27840 -- Fixed KeyError in PasswordResetConfirmView.form_valid().
When a user is already logged in when submitting the password and
password confirmation to reset a password, a KeyError occurred while
removing the reset session token from the session.

Refs #17209

Thanks Quentin Marlats for the report and Florian Apolloner and Tim
Graham for the review.
2017-02-15 00:35:04 +01:00
Zoltan Gyarmati
41ba27fefd Fixed #27815 -- Made LoginView pass the request kwarg to AuthenticationForm. 2017-02-07 08:54:21 -05:00
Claude Paroz
c651331b34 Converted usage of ugettext* functions to their gettext* aliases
Thanks Tim Graham for the review.
2017-02-07 09:04:04 +01:00
Tim Graham
29f607927f Fixed spelling of "nonexistent". 2017-02-03 08:01:45 -05:00