Mariusz Felisiak
05ba4130ee
Fixed CVE-2023-46695 -- Fixed potential DoS in UsernameField on Windows.
...
Thanks MProgrammer (https://hackerone.com/mprogrammer ) for the report.
2023-11-01 06:10:30 +01:00
Lily Foote
45078a204b
Defined PASSWORD_HASHERS for auth_tests.test_views.ChangelistTests.
...
auth_tests.test_views.ChangelistTests.test_view_user_password_is_readonly
depends on the password hasher having the three components algorithm,
salt and hash.
The default password hasher (PBKDF2PasswordHasher) has an extra
iterations component, breaking the test.
2023-09-20 05:35:49 +02:00
Mariusz Felisiak
0e560edf32
Increased the default PBKDF2 iterations for Django 5.1.
2023-09-18 22:12:40 +02:00
Mariusz Felisiak
6e4e5523a8
Refs #33691 -- Removed insecure password hashers per deprecation timeline.
2023-09-18 22:12:40 +02:00
Mariusz Felisiak
00e1879610
Refs #33764 -- Removed BaseUserManager.make_random_password() per deprecation timeline.
2023-09-18 22:12:40 +02:00
konsti
48a1929ca0
Removed unnecessary trailing commas in tests.
2023-08-22 12:42:57 +02:00
Mateusz Więckowski
5aa4c0b675
Fixed #34542 -- Made createsuperuser handle required blank fields in non-interactive mode.
2023-08-08 09:26:28 +02:00
Jon Janzen
5e98959d92
Fixed #34391 -- Added async-compatible interface to auth functions and related methods test clients.
2023-06-27 11:17:17 +02:00
HappyDingning
674c23999c
Fixed #34565 -- Added support for async checking of user passwords.
2023-05-18 09:39:04 +02:00
Gary Jarrel
fcc7dc5781
Fixed #34438 -- Reallowed extending UserCreationForm.
...
Regression in 298d02a77a69321af8c0023df3250663e9d1362d.
2023-03-28 11:33:20 +02:00
Liyang Zhang
f9f9215d3e
Fixed some typos in comments, docstrings, and tests.
2023-03-20 08:07:23 +01:00
Hrushikesh Vaidya
a52bdea5a2
Fixed #33985 -- Used app_config.verbose_name in ContentType.__str__().
2023-03-09 10:27:08 +01:00
David Wobrock
2396933ca9
Fixed #34384 -- Fixed session validation when rotation secret keys.
...
Bug in 0dcd549bbe36c060f536ec270d34d9e7d4b8e6c7.
Thanks Eric Zarowny for the report.
2023-03-08 10:48:04 +01:00
Jon Janzen
e846c5e724
Fixed #31920 -- Made AuthenticationMiddleware add request.auser().
2023-03-07 13:11:22 +01:00
Mariusz Felisiak
5e9aded33f
Increased the default PBKDF2 iterations for Django 5.0.
...
Follow up to 9a1848f48c1f7f627a52b2063a8a8428e77765d6.
2023-02-04 13:37:44 +01:00
David Smith
097e3a70c1
Refs #33476 -- Applied Black's 2023 stable style.
...
Black 23.1.0 is released which, as the first release of the year,
introduces the 2023 stable style. This incorporates most of last year's
preview style.
https://github.com/psf/black/releases/tag/23.1.0
2023-02-01 11:04:38 +01:00
Mariusz Felisiak
4fc711a108
Increased the default PBKDF2 iterations for Django 5.0.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
b5ac6e78f8
Refs #33691 -- Removed django.contrib.auth.hashers.CryptPasswordHasher per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
9a01311d20
Refs #15619 -- Removed support for logging out via GET requests.
...
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
ba082e0952
Refs #33561 -- Made created=True required in signature of RemoteUserBackend.configure_user() subclasses.
...
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
David Wobrock
99bd5fb4c2
Refs #34074 -- Used headers argument for RequestFactory and Client in docs and tests.
2023-01-04 09:11:36 +01:00
Paul Schilling
298d02a77a
Fixed #25617 -- Added case-insensitive unique username validation in UserCreationForm.
...
Co-Authored-By: Neven Mundar <nmundar@gmail.com>
2022-12-29 09:42:22 +01:00
David Wobrock
5aaad5f39c
Fixed #34165 -- Made permissions creation respect the "using" parameter.
2022-12-24 11:58:33 +01:00
sdolemelipone
9d726c7902
Fixed #34187 -- Made UserCreationForm save many-to-many fields.
2022-11-29 05:56:53 +01:00
Nick Pope
9bd174b9a7
Updated documentation and comments for RFC updates.
...
- Updated references to RFC 1123 to RFC 5322
- Only partial as RFC 5322 sort of sub-references RFC 1123.
- Updated references to RFC 2388 to RFC 7578
- Except RFC 2388 Section 5.3 which has no equivalent.
- Updated references to RFC 2396 to RFC 3986
- Updated references to RFC 2616 to RFC 9110
- Updated references to RFC 3066 to RFC 5646
- Updated references to RFC 7230 to RFC 9112
- Updated references to RFC 7231 to RFC 9110
- Updated references to RFC 7232 to RFC 9110
- Updated references to RFC 7234 to RFC 9111
- Tidied up style of text when referring to RFC documents
2022-11-10 13:52:17 +01:00
Simon Kern
de2c2127b6
Fixed #34066 -- Fixed link to password reset view in UserChangeForm.password's help text when using to_field.
...
Co-Authored-By: David Sanders <shang.xiao.sanders@gmail.com>
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-10-27 09:23:34 +02:00
Marcelo Galigniana
b440493eaa
Completed test coverage for contrib.auth.forms.
2022-10-26 12:52:18 +02:00
HieuPham9720
3e928de8ad
Skipped scrypt tests when OpenSSL 1.1+ is not installed.
2022-10-20 18:50:48 -07:00
Marcelo Galigniana
67c34c1a37
Completed test coverage for createsuperuser command.
2022-09-27 09:57:16 +02:00
Shai Berger
fdf0f62521
Fixed ReadOnlyPasswordHashWidget's template for RTL languages.
2022-09-01 21:20:15 +02:00
Claude Paroz
3b79dab19a
Refs #33691 -- Deprecated insecure password hashers.
...
SHA1PasswordHasher, UnsaltedSHA1PasswordHasher, and UnsaltedMD5PasswordHasher
are now deprecated.
2022-07-23 21:29:31 +02:00
Ciaran McCormick
286e7d076c
Fixed #33764 -- Deprecated BaseUserManager.make_random_password().
2022-06-03 07:30:57 +02:00
Aymeric Augustin
6485894157
Renamed wrapped functions to wrapper.
...
All these functions are wrapping another function. They're the wrapper,
while the function they're wrapping is the wrapped.
2022-05-25 10:53:52 +02:00
Carlton Gibson
3c6f1fd1f8
Increased the default PBKDF2 iterations for Django 4.2.
2022-05-17 14:22:06 +02:00
Mariusz Felisiak
02dbf1667c
Fixed #33691 -- Deprecated django.contrib.auth.hashers.CryptPasswordHasher.
2022-05-11 09:13:45 +02:00
Aymeric Augustin
5dfa6fca96
Refactored out RedirectURLMixin.get_success_url().
...
This also adds a default implementation of get_default_redirect_url().
2022-04-20 10:04:29 +02:00
Aymeric Augustin
04bc2564b6
Simplified LogoutView.get_success_url().
...
This preserves the behavior of redirecting to the logout URL without
query string parameters when an insecure ?next=... parameter is given.
It changes the behavior of a POST to the logout URL, as shown by the
test that is changed. Currently, this results in a GET to the logout
URL. However, such GET requests are deprecated. This change would be
necessary in Django 5.0 anyway. This commit merely anticipates it.
2022-04-20 10:04:29 +02:00
Aymeric Augustin
5591a72571
Fixed #33648 -- Prevented extra redirect in LogoutView on invalid next page when LOGOUT_REDIRECT_URL is set.
2022-04-18 16:33:10 +02:00
Mariusz Felisiak
8e89dfe1c2
Fixed various tests on MySQL with MyISAM storage engine.
2022-04-18 07:05:52 +02:00
Lucidiot
13a9cde133
Fixed #33613 -- Made createsuperuser detect uniqueness of USERNAME_FIELD when using Meta.constraints.
2022-04-01 11:39:41 +02:00
René Fleschenberg
eb07b5be0c
Fixed #15619 -- Deprecated log out via GET requests.
...
Thanks Florian Apolloner for the implementation idea.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-03-29 06:42:14 +02:00
Mariusz Felisiak
94d8ed55fa
Refs #15619 -- Logged out with POST requests in admin.
2022-03-24 17:41:53 +01:00
Carlton Gibson
bb61f0186d
Refs #32365 -- Removed internal uses of utils.timezone.utc alias.
...
Remaining test case ensures that uses of the alias are mapped
canonically by the migration writer.
2022-03-24 06:29:50 +01:00
Adrian Torres
d90e34c61b
Fixed #33561 -- Allowed synchronization of user attributes in RemoteUserBackend.
2022-03-10 12:57:19 +01:00
Nick Pope
847f46e9bf
Removed redundant QuerySet.all() calls in docs and tests.
...
Most QuerySet methods are mapped onto the Manager and, in general,
it isn't necessary to call .all() on the manager.
2022-02-22 10:29:38 +01:00
Mariusz Felisiak
7119f40c98
Refs #33476 -- Refactored code to strictly match 88 characters line length.
2022-02-07 20:37:05 +01:00
django-bot
9c19aff7c7
Refs #33476 -- Reformatted code with Black.
2022-02-07 20:37:05 +01:00
tschilling
0dcd549bbe
Fixed #30360 -- Added support for secret key rotation.
...
Thanks Florian Apolloner for the implementation idea.
Co-authored-by: Andreas Pelme <andreas@pelme.se>
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com>
2022-02-01 11:12:24 +01:00
Florian Apolloner
968a3d01fa
Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator.
...
Thanks Chris Bailey for the report.
Co-authored-by: Adam Johnson <me@adamj.eu>
2022-01-04 10:02:05 +01:00
Lie Ryan
05cde4764d
Fixed #33269 -- Made AnonymousUser/PermissionsMixin.has_perms() raise ValueError on string or non-iterable perm_list.
2021-11-11 20:26:29 +01:00