Florian Apolloner
67b46ba701
Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login.
...
This is a security fix.
2016-03-01 11:25:28 -05:00
Olivier Le Thanh Duong
10781b4c6f
Fixed #12233 -- Allowed redirecting authenticated users away from the login view.
...
contrib.auth.views.login() has a new parameter `redirect_authenticated_user`
to automatically redirect authenticated users visiting the login page.
Thanks to dmathieu and Alex Buchanan for the original code and to Carl Meyer
for the help and review.
2016-02-25 07:18:33 -05:00
Tim Graham
441c537b66
Fixed a function signature in docs/topics/auth/default.txt.
2016-02-24 16:24:33 -05:00
Tim Graham
47b5a6a43c
Fixed #26187 -- Removed weak password hashers from PASSWORD_HASHERS.
2016-02-22 18:59:23 -05:00
Markus Holtermann
b14470c7b7
Fixed spelling error
2016-02-23 10:24:38 +11:00
Tim Graham
5a541e2e6c
Fixed #26188 -- Documented how to wrap password hashers.
2016-02-22 17:21:45 -05:00
Daniel Quinn
de7edc005f
Fixed import location of check_password() in docs.
2016-02-22 12:42:47 -05:00
Berker Peksag
f0425c7260
Refs #19353 -- Added tests for using custom user models with built-in auth forms.
...
Also updated topics/auth/customizing.txt to reflect that subclasses of
UserCreationForm and UserChangeForm can be used with custom user models.
Thanks Baptiste Mispelon for the initial documentation.
2016-02-17 10:26:07 -05:00
Hugo Osvaldo Barrera
dcee1dfc79
Fixed #12405 -- Added LOGOUT_REDIRECT_URL setting.
...
After a user logs out via auth.views.logout(), they're redirected
to LOGOUT_REDIRECT_URL if no `next_page` argument is provided.
2016-02-04 10:35:37 -05:00
Tim Graham
1e9150443e
Refs #26089 -- Removed obsolete docs about custom user model testing.
2016-02-02 08:12:08 -05:00
Tim Graham
8ce8beb3f2
Unified some doc links to OneToOneField and ManyToManyField.
2016-02-01 11:02:26 -05:00
rowanv
a6ef025dfb
Fixed #26124 -- Added missing code formatting to docs headers.
2016-02-01 10:42:05 -05:00
Tim Graham
e519aab43a
Fixed #23868 -- Added support for non-unique django-admin-options in docs.
...
Also documented missing short command line options to fix #24134 . This bumps
the minimum sphinx version required to build the docs to 1.3.4.
Thanks Simon Charette for review.
2016-01-14 18:21:33 -05:00
Paulo Poiati
b643386668
Fixed #24855 -- Allowed using contrib.auth.login() without credentials.
...
Added an optional `backend` argument to login().
2016-01-07 08:56:07 -05:00
Gavin Wahl
ec708803f7
Fixed user_passes_test() signature in docs.
2015-12-08 15:56:10 -05:00
Tim Graham
166e0490d3
Fixed #25895 -- Used a consistent style for UserAdmin overrides.
...
Thanks Justin Abrahms for the report.
2015-12-08 14:40:55 -05:00
Florian Apolloner
105028eec6
Removed deprecated usage of url tag from auth docs.
2015-12-05 19:21:30 +01:00
Josh Soref
93452a70e8
Fixed many spelling mistakes in code, comments, and docs.
2015-12-03 12:48:24 -05:00
Eliezer Kanal
d3b488f5bd
Updated link to 1000 common passwords.
...
xato.net is dead; replaced with link to archive.org.
2015-12-02 12:57:02 -05:00
Agnieszka Lasyk
1f8dad6915
Fixed #25755 -- Unified spelling of "website".
2015-11-16 06:44:14 -05:00
Anderson Resende
ce4914eab4
Fixed #25744 -- Corrected reference to User object in auth docs.
2015-11-12 19:22:30 -05:00
Bryan Marty
9788625277
Fixed #25169 -- Documented stacking of permission_required and login_required.
2015-11-12 14:23:59 -05:00
japrogramer
a10cbbbc17
Fixed typo in docs/topics/auth/default.txt.
2015-11-03 08:56:23 +00:00
Tim Graham
9c5e272860
Fixed #25550 -- Deprecated direct assignment to the reverse side of a related set.
2015-10-27 07:57:15 -04:00
Tim Graham
c14b6b52ff
Documented auth's login/logout function parameters.
2015-09-28 14:11:54 -04:00
Tim Graham
54848a96dd
Removed versionadded/changed annotations for 1.8.
2015-09-23 19:31:11 -04:00
Tim Graham
849037af36
Refs #23957 -- Required session verification per deprecation timeline.
2015-09-23 19:31:10 -04:00
Tim Graham
f1761e3fef
Refs #21648 -- Removed is_admin_site option from password_reset() view.
...
Per deprecation timeline.
2015-09-23 19:31:10 -04:00
Tim Graham
cb1e779ceb
Refs #24115 -- Added docs for password updates on bcrypt rounds change.
2015-09-22 19:30:31 -04:00
sujayskumar
d8d853378b
Fixed #24944 -- Added extra_email_context parameter to password_reset() view.
2015-09-18 18:56:04 -04:00
Tim Graham
6c6eb8a691
Refs #24914 -- Added docs for more auth mixin methods.
2015-08-20 17:57:47 -04:00
Claude Paroz
64982cc2fb
Updated Wikipedia links to use https
2015-08-08 12:02:32 +02:00
Tim Graham
16a8d01308
Fixed #25229 -- Clarified how an iterable works with @permission_required
2015-08-05 17:13:45 -04:00
Alasdair Nicol
6d7a9d96fe
Fixed password_reset signature in docs
2015-08-04 13:54:32 -04:00
Tim Graham
5d0961fdfc
Fixed #25202 -- Fixed typo in docs/topics/auth/customizing.txt
2015-07-31 07:33:38 -04:00
Flavio Curella
c2e70f0265
Fixed #21127 -- Started deprecation toward requiring on_delete for ForeignKey/OneToOneField
2015-07-27 18:28:13 -04:00
Tim Graham
87d55081ea
Fixed #25159 -- Removed brackets from class/function/method signatures in docs.
...
Thanks hellbeast for the initial patch.
2015-07-27 10:32:47 -04:00
Akis Kesoglou
29465d438e
Fixed #25142 -- Added PermissionRequiredMixin.has_permission() to allow customization.
2015-07-27 10:23:56 -04:00
Tim Graham
217f173be0
Fixed #25166 -- Clarified how auth permissions are created.
...
Thanks Baptiste Mispelon for report and review.
2015-07-25 09:30:54 -04:00
Tim Graham
e3d1f2422c
Fixed malformed Sphinx directives.
2015-07-25 06:37:51 -04:00
Tim Graham
03aec35a12
Converted tabs to spaces in topics/auth/default.txt
2015-07-24 11:48:57 -04:00
lukasz.wojcik
927b30a6ab
Fixed #24126 -- Deprecated current_app parameter to auth views.
2015-07-21 08:26:41 -04:00
Tim Graham
5fd83db255
Normalized indentation and line lengths in docs/topics/auth/default.txt.
2015-07-21 08:11:28 -04:00
Tim Graham
f5e9d67907
Refs #16860 -- Moved password_changed() logic to AbstractBaseUser.
...
Thanks Carl Meyer for review.
2015-07-20 13:44:26 -04:00
Nick Sweeting
f0857c09fb
Fixed #25083 -- Added SessionAuthenticationMiddleware to auth installation docs
2015-07-10 08:40:57 -04:00
Tim Graham
aaacaeb096
Renamed RemovedInDjangoXYWarnings for new roadmap.
...
Forwardport of ae1d663b79
from stable/1.8.x plus more.
2015-06-24 16:08:20 -04:00
Markus Holtermann
e5cb4e1411
Fixed #24914 -- Added authentication mixins for CBVs
...
Added the mixins LoginRequiredMixin, PermissionRequiredMixin and
UserPassesTestMixin to contrib.auth as counterparts to the respective
view decorators.
The authentication mixins UserPassesTestMixin, LoginRequiredMixin and
PermissionRequiredMixin have been inspired by django-braces
<https://github.com/brack3t/django-braces/ >
Thanks Raphael Michel for the initial patch, tests and docs on the PR
and Ana Balica, Kenneth Love, Marc Tamlyn, and Tim Graham for the
review.
2015-06-17 23:19:10 +02:00
Tim Graham
58665dded0
Removed usage of string-based url() in auth docs.
2015-06-17 09:45:03 -04:00
Tim Graham
55b3bd8468
Refs #16860 -- Minor edits and fixes to password validation.
2015-06-10 07:41:01 -04:00
Raphael Michel
39937de7e6
Fixed #24929 -- Allowed permission_required decorator to take any iterable
2015-06-08 13:44:39 -04:00