1
0
mirror of https://github.com/django/django.git synced 2024-11-18 07:26:04 +00:00
Commit Graph

231 Commits

Author SHA1 Message Date
Carlton Gibson
bf39978a53 Fixed CVE-2018-16984 -- Fixed password hash disclosure to admin "view only" users.
Thanks Claude Paroz & Tim Graham for collaborating on the patch.
2018-10-01 10:05:01 +02:00
Ramon Saraiva
2349cbd909 Fixed #29782 -- Added better error message when filtering queryset with AnonymousUser. 2018-09-26 15:36:19 -04:00
Jon Dufresne
82f286cf6f Refs #29784 -- Switched to https:// links where available. 2018-09-26 08:48:47 +02:00
Alexey
8624459586 Added a test for password_changed() with a custom validator. 2018-09-25 11:58:05 -04:00
Josh Schneier
3daac76cfb Simplified how createsuperuser tests generate passwords. 2018-08-18 16:26:13 -04:00
Alexander Todorov
53ebd4cb13 Fixed #29686 -- Made UserAdmin.user_change_password() pass user to has_change_permission(). 2018-08-17 17:43:00 -04:00
Josh Schneier
8b43e9b1af Fixed #29616 -- Fixed createsuperuser for user models that don't have a password field. 2018-08-05 14:26:03 -04:00
Josh Schneier
793e9bb35a Fixed #29628 -- Made createsuperuser validate password against username and required fields. 2018-08-04 08:44:25 -04:00
Tim Graham
f3fa86a89b Fixed #29449 -- Reverted "Fixed #28757 -- Allowed using contrib.auth forms without installing contrib.auth."
This reverts commit 3333d935d2 due to
a crash if USERNAME_FIELD isn't a CharField.
2018-07-02 18:39:26 -04:00
Tim Graham
5d98d53fab Refs #27398 -- Simplified some tests with assertRedirects(). 2018-06-20 14:08:56 -04:00
Jan Pieter Waagmeester
24959e48d9 Fixed #27398 -- Added an assertion to compare URLs, ignoring the order of their query strings. 2018-06-20 13:26:12 -04:00
Hasan Ramezani
6df3d36801 Added a missing test for createsuperuser management command. 2018-06-07 19:49:25 -04:00
Claude Paroz
bec651a427 Fixed #10827 -- Ensured ContentTypes are created before permission creation. 2018-06-03 22:19:04 -04:00
Dohyeon Kim
f1f4aeb22e Fixed #28044 -- Unified the logic for createsuperuser's interactive and --noinput modes. 2018-05-29 08:41:32 -04:00
Hasan Ramezani
e0ff88be4f Added test for createsuperuser's handling of KeyboardInterrupt. 2018-05-27 19:24:07 -04:00
Tim Graham
9792af3648 Increased the default PBKDF2 iterations for Django 2.2. 2018-05-17 11:05:45 -04:00
olivierdalang
825f0beda8 Fixed #8936 -- Added a view permission and a read-only admin.
Co-authored-by: Petr Dlouhy <petr.dlouhy@email.cz>
Co-authored-by: Olivier Dalang <olivier.dalang@gmail.com>
2018-05-16 06:44:55 -04:00
Tim Graham
cae0107287 Increased the default PBKDF2 iterations for Django 2.1. 2018-05-13 20:06:20 -04:00
Claude Paroz
607970f31c Replaced django.test.utils.patch_logger() with assertLogs().
Thanks Tim Graham for the review.
2018-05-07 09:34:00 -04:00
Nick Pope
df90e462d9 Fixed #29212 -- Doc'd redirect loop if @permission_required used with redirect_authenticated_user. 2018-04-19 10:21:24 -04:00
Mads Jensen
9c651641f1 Added additional AdminPasswordChangeForm tests. 2018-04-04 11:25:28 -04:00
Malte Gerth
874977d388 Fixed #29270 -- Fixed UserChangeForm crash if password field is excluded. 2018-03-29 15:25:54 -04:00
Abeer Upadhyay
1bf4646f91 Fixed #29258 -- Added type checking for login()'s backend argument. 2018-03-28 10:10:18 -04:00
Tim Graham
a4f0e9aec7 Fixed #28718 -- Allowed user to request a password reset if their password doesn't use an enabled hasher.
Regression in aeb1389442.
Reverted changes to is_password_usable() from
703c266682 and documentation changes from
92f48680db.
2018-03-22 10:03:43 -04:00
Mariusz Felisiak
362813d628
Fixed hanging indentation in various code. 2018-03-16 10:54:34 +01:00
Mattia Procopio
aeb8c38178 Fixed #29206 -- Fixed PasswordResetConfirmView crash when the URL contains a non-UUID where one is expected. 2018-03-15 21:33:15 -04:00
Christophe Mehay
40bac28faa Fixed #29176 -- Fixed AbstractBaseUser.normalize_username() crash if username isn't a string. 2018-03-02 11:32:53 -05:00
Tim Graham
5b589a47b9
Fixed #29161 -- Removed BCryptPasswordHasher from PASSWORD_HASHERS. 2018-02-26 09:05:18 -05:00
Mikhail Porokhovnichenko
14e34dcf8c Fixed #29132 -- Avoided connecting update_last_login() handler if User.last_login isn't a field. 2018-02-21 10:36:31 -05:00
Dylan Verheul
9b1125bfc7 Fixed #28379 -- Made AccessMixin raise Permissiondenied for authenticated users. 2018-02-16 13:58:55 -05:00
Tim Graham
fa75b2cb51
Refs #27795 -- Removed force_bytes/text() usage in tests. 2018-02-07 14:20:04 -05:00
Tim Graham
af33fb250e Fixed CVE-2018-6188 -- Fixed information leakage in AuthenticationForm.
Reverted 359370a8b8 (refs #28645).

This is a security fix.
2018-02-01 09:05:14 -05:00
shanghui
3333d935d2 Fixed #28757 -- Allowed using contrib.auth forms without installing contrib.auth.
Also fixed #28608 -- Allowed UserCreationForm and UserChangeForm to
work with custom user models.

Thanks Sagar Chalise and Rômulo Collopy for reports, and Tim Graham
and Tim Martin for reviews.
2018-01-05 14:47:37 -05:00
Дилян Палаузов
d7b2aa24f7 Fixed #28982 -- Simplified code with and/or. 2018-01-03 20:12:23 -05:00
Tim Graham
acc8dd4142
Fixed #28984 -- Made assorted code simplifications. 2018-01-03 13:24:02 -05:00
Alvin Lindstam
2cb6b7732d Fixed #28902 -- Fixed password_validators_help_text_html() double escaping. 2018-01-02 19:51:06 -05:00
shanghui
359370a8b8 Fixed #28645 -- Reallowed AuthenticationForm to raise the inactive user error when using ModelBackend.
Regression in e0a3d93730.

Thanks Guilherme Junqueira for the report and Tim Graham for the review.
2017-11-08 09:39:12 -05:00
Дилян Палаузов
6c0042430e Fixed #28776 -- Fixed a/an/and typos in docs and comments. 2017-11-06 22:41:03 -05:00
Tom
b81905bfd4 Fixed #28571 -- Added a prompt to bypass password validation in createsuperuser. 2017-11-03 20:00:08 -04:00
Tim Graham
872be5976d Improved technique for matching input prompts in contrib.auth management tests. 2017-11-03 20:00:08 -04:00
Jon Dufresne
6ed347d851 Fixed #28706 -- Moved AuthenticationFormn invalid login ValidationError to a method for reuse. 2017-10-23 09:10:45 -04:00
Lucas Connors
5ceaf14686 Fixed #27515 -- Made AuthenticationForm's username field use the max_length from the model field.
Thanks Ramin Farajpour Cami for the report.
2017-10-20 11:13:26 -04:00
Lucas Connors
d233391208 Refs #19130 -- Added a test for AuthenticationForm.username max_length.
This will be a more useful regression test after refs #27515.
2017-10-20 11:10:32 -04:00
Yuri Kaszubowski Lopes
d98210c255 Fixed #28713 -- Prevented ModelBackend.get_all_permissions() from mutating get_user_permissions(). 2017-10-14 20:47:49 -04:00
Hasan Ramezani
6aec130a4c Fixed #28591 -- Added an error message for createsuperuser --username= (blank). 2017-10-09 21:49:35 -04:00
Mads Jensen
3e72f4b7b6 Completed test coverage for BasePasswordHasher. 2017-09-29 09:28:25 -04:00
Mads Jensen
776f6902d9 Moved BasePasswordHasher tests to its own test case. 2017-09-29 09:28:24 -04:00
Mads Jensen
d917c17a3b Completed test coverage for AnonymousUser. 2017-09-28 13:11:23 -04:00
Mads Jensen
7fce4dc5ff Moved AnonymousUser tests to its own test case. 2017-09-28 13:11:07 -04:00
Mads Jensen
4803834aaa Added a test for PermWrapper.__iter__(). 2017-09-26 19:42:50 -04:00