ryowright 
							
						 
					 
					
						
						
							
						
						1783b3cb24 
					 
					
						
						
							
							Fixed   #32275  -- Added scrypt password hasher.  
						
						... 
						
						
						
						Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com > 
						
						
					 
					
						2021-07-22 12:40:33 +02:00 
						 
				 
			
				
					
						
							
							
								yyyyyyyan 
							
						 
					 
					
						
						
							
						
						e197dcca36 
					 
					
						
						
							
							Clarified docs about increasing the work factor for bcrypt hasher.  
						
						
						
						
					 
					
						2021-05-20 20:24:51 +02:00 
						 
				 
			
				
					
						
							
							
								Nick Pope 
							
						 
					 
					
						
						
							
						
						c156e36955 
					 
					
						
						
							
							Refs  #32720  -- Updated various links in docs to avoid redirects and use HTTPS.  
						
						
						
						
					 
					
						2021-05-17 09:46:09 +02:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						b7dd89ed53 
					 
					
						
						
							
							Removed versionadded/changed annotations for 3.1.  
						
						
						
						
					 
					
						2021-01-14 17:50:04 +01:00 
						 
				 
			
				
					
						
							
							
								Jon Moroney 
							
						 
					 
					
						
						
							
						
						76ae6ccf85 
					 
					
						
						
							
							Fixed   #31358  -- Increased salt entropy of password hashers.  
						
						... 
						
						
						
						Co-authored-by: Florian Apolloner <florian@apolloner.eu > 
						
						
					 
					
						2021-01-14 11:20:28 +01:00 
						 
				 
			
				
					
						
							
							
								Roy Zheng 
							
						 
					 
					
						
						
							
						
						804f2b7024 
					 
					
						
						
							
							Added note about password updates on argon2 attributes change.  
						
						
						
						
					 
					
						2020-08-11 07:51:27 +02:00 
						 
				 
			
				
					
						
							
							
								Hasan Ramezani 
							
						 
					 
					
						
						
							
						
						8aa71f4e87 
					 
					
						
						
							
							Fixed   #31375  -- Made contrib.auth.hashers.make_password() accept only bytes or strings.  
						
						
						
						
					 
					
						2020-03-31 10:52:56 +02:00 
						 
				 
			
				
					
						
							
							
								Jon Dufresne 
							
						 
					 
					
						
						
							
						
						85efc14a2e 
					 
					
						
						
							
							Fixed   #30948  -- Changed packaging to use declarative config in setup.cfg.  
						
						... 
						
						
						
						Co-authored-by: Nick Pope <nick.pope@flightdataservices.com > 
						
						
					 
					
						2019-11-08 14:14:13 +01:00 
						 
				 
			
				
					
						
							
							
								Tobias Kunze 
							
						 
					 
					
						
						
							
						
						4a954cfd11 
					 
					
						
						
							
							Fixed   #30573  -- Rephrased documentation to avoid words that minimise the involved difficulty.  
						
						... 
						
						
						
						This patch does not remove all occurrences of the words in question.
Rather, I went through all of the occurrences of the words listed
below, and judged if they a) suggested the reader had some kind of
knowledge/experience, and b) if they added anything of value (including
tone of voice, etc). I left most of the words alone. I looked at the
following words:
- simply/simple
- easy/easier/easiest
- obvious
- just
- merely
- straightforward
- ridiculous
Thanks to Carlton Gibson for guidance on how to approach this issue, and
to Tim Bell for providing the idea. But the enormous lion's share of
thanks go to Adam Johnson for his patient and helpful review. 
						
						
					 
					
						2019-09-06 13:27:46 +02:00 
						 
				 
			
				
					
						
							
							
								Ramiro Morales 
							
						 
					 
					
						
						
							
						
						aed89adad5 
					 
					
						
						
							
							Fixed   #30367  -- Changed "pip install" to "python -m pip install" in docs, comments and hints.  
						
						
						
						
					 
					
						2019-04-18 14:41:15 +02:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						25829197bb 
					 
					
						
						
							
							Removed extra characters in docs header underlines.  
						
						
						
						
					 
					
						2019-02-08 21:38:30 +01:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						ec7e179aeb 
					 
					
						
						
							
							Removed versionadded/changed annotations for 2.1.  
						
						
						
						
					 
					
						2019-01-17 10:50:25 -05:00 
						 
				 
			
				
					
						
							
							
								François Freitag 
							
						 
					 
					
						
						
							
						
						9b15ff08ba 
					 
					
						
						
							
							Used auto-numbered lists in documentation.  
						
						
						
						
					 
					
						2018-11-15 13:54:28 -05:00 
						 
				 
			
				
					
						
							
							
								Curtis Maloney 
							
						 
					 
					
						
						
							
						
						c49ea6f591 
					 
					
						
						
							
							Refs  #20910  -- Replaced snippet directive with code-block.  
						
						
						
						
					 
					
						2018-09-10 13:00:34 -04:00 
						 
				 
			
				
					
						
							
							
								adamth 
							
						 
					 
					
						
						
							
						
						acf9d64045 
					 
					
						
						
							
							Fixed typos in docs/topics/auth/passwords.txt.  
						
						
						
						
					 
					
						2018-04-23 07:37:26 -04:00 
						 
				 
			
				
					
						
							
							
								Brett Cannon 
							
						 
					 
					
						
						
							
						
						64b74804c5 
					 
					
						
						
							
							Fixed   #29334  -- Updated pypi.python.org URLs to pypi.org.  
						
						
						
						
					 
					
						2018-04-17 20:24:27 -04:00 
						 
				 
			
				
					
						
							
							
								GS-14 
							
						 
					 
					
						
						
							
						
						93331877c8 
					 
					
						
						
							
							Fixed   #29274  -- Increased the number of common passwords from 1k to 20k.  
						
						
						
						
					 
					
						2018-04-16 11:01:47 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						a4f0e9aec7 
					 
					
						
						
							
							Fixed   #28718  -- Allowed user to request a password reset if their password doesn't use an enabled hasher.  
						
						... 
						
						
						
						Regression in aeb1389442703c26668292f48680db 
						
						
					 
					
						2018-03-22 10:03:43 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						5b589a47b9 
					 
					
						
						
							
							Fixed   #29161  -- Removed BCryptPasswordHasher from PASSWORD_HASHERS.  
						
						
						
						
					 
					
						2018-02-26 09:05:18 -05:00 
						 
				 
			
				
					
						
							
							
								Karmen 
							
						 
					 
					
						
						
							
						
						4fcd28d442 
					 
					
						
						
							
							Fixed   #28881  -- Doc'd that CommonPasswordValidator's password list must be lowercase.  
						
						
						
						
					 
					
						2018-01-15 10:16:27 -05:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						081e787160 
					 
					
						
						
							
							Refs  #23919  -- Stopped inheriting from object to define new style classes.  
						
						... 
						
						
						
						Tests and docs complement to cecc079168 
						
						
					 
					
						2017-06-26 10:30:31 -04:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						c651331b34 
					 
					
						
						
							
							Converted usage of ugettext* functions to their gettext* aliases  
						
						... 
						
						
						
						Thanks Tim Graham for the review. 
						
						
					 
					
						2017-02-07 09:04:04 +01:00 
						 
				 
			
				
					
						
							
							
								chillaranand 
							
						 
					 
					
						
						
							
						
						dc165ec8e5 
					 
					
						
						
							
							Refs  #23919  -- Replaced super(ClassName, self) with super() in docs.  
						
						
						
						
					 
					
						2017-01-25 11:53:05 -05:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						e27e4c0339 
					 
					
						
						
							
							Removed versionadded/changed annotations for 1.10.  
						
						
						
						
					 
					
						2017-01-17 20:52:05 -05:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						0d9ff873d9 
					 
					
						
						
							
							Fixed   #27467  -- Made UserAttributeSimilarityValidator max_similarity=0/1 work as documented.  
						
						... 
						
						
						
						Thanks goblinJoel for the report and feedback. 
						
						
					 
					
						2016-11-16 17:40:37 -05:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						9f27735612 
					 
					
						
						
							
							Fixed   #27013  -- Clarified commands to install argon2/bcrypt packages.  
						
						
						
						
					 
					
						2016-08-19 19:23:12 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						796cc62026 
					 
					
						
						
							
							Fixed   #27045  -- Documented that AUTH_PASSWORD_VALIDATORS aren't applied at the model level.  
						
						
						
						
					 
					
						2016-08-10 15:52:16 -04:00 
						 
				 
			
				
					
						
							
							
								Jiang Haiyun 
							
						 
					 
					
						
						
							
						
						6d61ec0e1a 
					 
					
						
						
							
							Fixed a typo in auth docs.  
						
						
						
						
					 
					
						2016-07-04 11:02:11 -04:00 
						 
				 
			
				
					
						
							
							
								Ville Skyttä 
							
						 
					 
					
						
						
							
						
						96f97691ad 
					 
					
						
						
							
							Fixed broken links in docs and comments.  
						
						
						
						
					 
					
						2016-06-15 21:20:23 -04:00 
						 
				 
			
				
					
						
							
							
								Bas Westerbaan 
							
						 
					 
					
						
						
							
						
						9407cc966b 
					 
					
						
						
							
							Fixed   #26635  -- Clarified Argon2PasswordHasher's memory_cost differs from command line utility.  
						
						
						
						
					 
					
						2016-05-27 18:37:12 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						46a38307c2 
					 
					
						
						
							
							Removed versionadded/changed annotations for 1.9.  
						
						
						
						
					 
					
						2016-05-20 11:44:29 -04:00 
						 
				 
			
				
					
						
							
							
								Bas Westerbaan 
							
						 
					 
					
						
						
							
						
						b4250ea04a 
					 
					
						
						
							
							Fixed   #26033  -- Added Argon2 password hasher.  
						
						
						
						
					 
					
						2016-03-08 11:22:18 -05:00 
						 
				 
			
				
					
						
							
							
								Florian Apolloner 
							
						 
					 
					
						
						
							
						
						67b46ba701 
					 
					
						
						
							
							Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login.  
						
						... 
						
						
						
						This is a security fix. 
						
						
					 
					
						2016-03-01 11:25:28 -05:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						47b5a6a43c 
					 
					
						
						
							
							Fixed   #26187  -- Removed weak password hashers from PASSWORD_HASHERS.  
						
						
						
						
					 
					
						2016-02-22 18:59:23 -05:00 
						 
				 
			
				
					
						
							
							
								Markus Holtermann 
							
						 
					 
					
						
						
							
						
						b14470c7b7 
					 
					
						
						
							
							Fixed spelling error  
						
						
						
						
					 
					
						2016-02-23 10:24:38 +11:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						5a541e2e6c 
					 
					
						
						
							
							Fixed   #26188  -- Documented how to wrap password hashers.  
						
						
						
						
					 
					
						2016-02-22 17:21:45 -05:00 
						 
				 
			
				
					
						
							
							
								rowanv 
							
						 
					 
					
						
						
							
						
						a6ef025dfb 
					 
					
						
						
							
							Fixed   #26124  -- Added missing code formatting to docs headers.  
						
						
						
						
					 
					
						2016-02-01 10:42:05 -05:00 
						 
				 
			
				
					
						
							
							
								Eliezer Kanal 
							
						 
					 
					
						
						
							
						
						d3b488f5bd 
					 
					
						
						
							
							Updated link to 1000 common passwords.  
						
						... 
						
						
						
						xato.net is dead; replaced with link to archive.org. 
						
						
					 
					
						2015-12-02 12:57:02 -05:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						cb1e779ceb 
					 
					
						
						
							
							Refs  #24115  -- Added docs for password updates on bcrypt rounds change.  
						
						
						
						
					 
					
						2015-09-22 19:30:31 -04:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						64982cc2fb 
					 
					
						
						
							
							Updated Wikipedia links to use https  
						
						
						
						
					 
					
						2015-08-08 12:02:32 +02:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						f5e9d67907 
					 
					
						
						
							
							Refs  #16860  -- Moved password_changed() logic to AbstractBaseUser.  
						
						... 
						
						
						
						Thanks Carl Meyer for review. 
						
						
					 
					
						2015-07-20 13:44:26 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						55b3bd8468 
					 
					
						
						
							
							Refs  #16860  -- Minor edits and fixes to password validation.  
						
						
						
						
					 
					
						2015-06-10 07:41:01 -04:00 
						 
				 
			
				
					
						
							
							
								Erik Romijn 
							
						 
					 
					
						
						
							
						
						1daae25bdc 
					 
					
						
						
							
							Fixed   #16860  -- Added password validation to django.contrib.auth.  
						
						
						
						
					 
					
						2015-06-07 19:31:20 +02:00 
						 
				 
			
				
					
						
							
							
								Sam Thursfield 
							
						 
					 
					
						
						
							
						
						1119063c69 
					 
					
						
						
							
							Fixed   #24556  -- Added reminder about HTTPS to passwords docs.  
						
						
						
						
					 
					
						2015-04-03 10:55:11 -04:00 
						 
				 
			
				
					
						
							
							
								darkryder 
							
						 
					 
					
						
						
							
						
						9ec8aa5e5d 
					 
					
						
						
							
							Fixed   #24149  -- Normalized tuple settings to lists.  
						
						
						
						
					 
					
						2015-02-03 14:59:45 -05:00 
						 
				 
			
				
					
						
							
							
								Ilya Baryshev 
							
						 
					 
					
						
						
							
						
						ed7c4df1ee 
					 
					
						
						
							
							Fixed documentation of make_password kwargs.  
						
						
						
						
					 
					
						2014-10-27 06:36:55 -04:00 
						 
				 
			
				
					
						
							
							
								Alex Gaynor 
							
						 
					 
					
						
						
							
						
						0e27882b3a 
					 
					
						
						
							
							Stray paren  
						
						
						
						
					 
					
						2014-04-17 11:29:07 -07:00 
						 
				 
			
				
					
						
							
							
								Alex Gaynor 
							
						 
					 
					
						
						
							
						
						464b98b1fe 
					 
					
						
						
							
							Include an 'extra_requires' for bcrypt  
						
						
						
						
					 
					
						2014-04-17 11:28:09 -07:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						51c8045145 
					 
					
						
						
							
							Removed versionadded/changed annotations for 1.6.  
						
						
						
						
					 
					
						2014-03-24 11:42:56 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						7f2505ad9e 
					 
					
						
						
							
							Fixed doc typos.  
						
						
						
						
					 
					
						2014-02-28 11:44:03 -05:00