1
0
mirror of https://github.com/django/django.git synced 2024-12-23 09:36:06 +00:00
Commit Graph

420 Commits

Author SHA1 Message Date
Michael Manfre
5d86458579 Fixed CVE-2024-39329 -- Standarized timing of verify_password() when checking unusuable passwords.
Refs #20760.

Thanks Michael Manfre for the fix and to Adam Johnson for the review.
2024-07-09 09:21:19 -03:00
Jake Howard
53e674d574 Fixed #35520 -- Avoided opening transaction for read-only ModelAdmin requests. 2024-07-04 11:38:58 +02:00
Jacob Walls
31837dbcb3 Fixed #35569 -- Improved wording of invalid ForeignKey error message. 2024-07-04 11:35:03 +02:00
Fabian Braun
339977d444 Fixed #35477 -- Corrected 'required' errors in auth password set/change forms.
The auth forms using SetPasswordMixin were incorrectly including the
'This field is required.' error when additional validations (e.g.,
overriding `clean_password1`) were performed and failed.
This fix ensures accurate error reporting for password fields.

Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2024-05-30 16:31:01 -03:00
Natalia
04a208d7f1 Increased the default PBKDF2 iterations for Django 5.2. 2024-05-22 15:44:07 -03:00
Hisham Mahmood
c7fc9f20b4 Fixed #31405 -- Added LoginRequiredMiddleware.
Co-authored-by: Adam Johnson <me@adamj.eu>
Co-authored-by: Mehmet İnce <mehmet@mehmetince.net>
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-05-22 08:51:17 +02:00
SaJH
8f205acea9 Fixed #35428 -- Increased parallelism of the ScryptPasswordHasher. 2024-05-17 17:13:58 +02:00
Adam Johnson
d2c5a30e5a Fixed #35408 -- Optimized post-migrate permission creation.
co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2024-05-13 08:34:57 +02:00
Fabian Braun
944745afe2 Fixed #34977 -- Improved accessibility in the UserChangeForm by replacing the reset password link with a button.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2024-03-27 16:40:41 -03:00
Dingning
549320946d Fixed #35030 -- Made django.contrib.auth decorators to work with async functions. 2024-03-07 09:59:33 +01:00
Mariusz Felisiak
c4df2a7776
Refs #35030 -- Added more tests for @user_passes_test decorator. 2024-03-06 13:28:32 +01:00
Fabian Braun
e626716c28 Fixed #34429 -- Allowed setting unusable passwords for users in the auth forms.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2024-02-20 12:13:32 -03:00
Natalia
8a757244f9 Refs #34429 -- Defined test user with unusable password for auth forms tests. 2024-02-20 12:12:37 -03:00
Mariusz Felisiak
305757aec1
Applied Black's 2024 stable style.
https://github.com/psf/black/releases/tag/24.1.0
2024-01-26 12:45:07 +01:00
nessita
02eaee1209
Added test ensuring that validate_password is used in AdminPasswordChangeForm.
Co-authored-by: Fabian Braun <fsbraun@gmx.de>
2024-01-12 17:27:55 -03:00
Mariusz Felisiak
0c5456ef37
Used enterClassContext() where appropriate. 2024-01-04 05:55:29 +01:00
Mariusz Felisiak
d88ec42bd0
Used addCleanup() in tests where appropriate. 2023-12-31 10:01:31 +01:00
Mariusz Felisiak
05ba4130ee Fixed CVE-2023-46695 -- Fixed potential DoS in UsernameField on Windows.
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
2023-11-01 06:10:30 +01:00
Lily Foote
45078a204b Defined PASSWORD_HASHERS for auth_tests.test_views.ChangelistTests.
auth_tests.test_views.ChangelistTests.test_view_user_password_is_readonly
depends on the password hasher having the three components algorithm,
salt and hash.

The default password hasher (PBKDF2PasswordHasher) has an extra
iterations component, breaking the test.
2023-09-20 05:35:49 +02:00
Mariusz Felisiak
0e560edf32 Increased the default PBKDF2 iterations for Django 5.1. 2023-09-18 22:12:40 +02:00
Mariusz Felisiak
6e4e5523a8 Refs #33691 -- Removed insecure password hashers per deprecation timeline. 2023-09-18 22:12:40 +02:00
Mariusz Felisiak
00e1879610 Refs #33764 -- Removed BaseUserManager.make_random_password() per deprecation timeline. 2023-09-18 22:12:40 +02:00
konsti
48a1929ca0
Removed unnecessary trailing commas in tests. 2023-08-22 12:42:57 +02:00
Mateusz Więckowski
5aa4c0b675 Fixed #34542 -- Made createsuperuser handle required blank fields in non-interactive mode. 2023-08-08 09:26:28 +02:00
Jon Janzen
5e98959d92 Fixed #34391 -- Added async-compatible interface to auth functions and related methods test clients. 2023-06-27 11:17:17 +02:00
HappyDingning
674c23999c Fixed #34565 -- Added support for async checking of user passwords. 2023-05-18 09:39:04 +02:00
Gary Jarrel
fcc7dc5781 Fixed #34438 -- Reallowed extending UserCreationForm.
Regression in 298d02a77a.
2023-03-28 11:33:20 +02:00
Liyang Zhang
f9f9215d3e
Fixed some typos in comments, docstrings, and tests. 2023-03-20 08:07:23 +01:00
Hrushikesh Vaidya
a52bdea5a2 Fixed #33985 -- Used app_config.verbose_name in ContentType.__str__(). 2023-03-09 10:27:08 +01:00
David Wobrock
2396933ca9 Fixed #34384 -- Fixed session validation when rotation secret keys.
Bug in 0dcd549bbe.

Thanks Eric Zarowny for the report.
2023-03-08 10:48:04 +01:00
Jon Janzen
e846c5e724 Fixed #31920 -- Made AuthenticationMiddleware add request.auser(). 2023-03-07 13:11:22 +01:00
Mariusz Felisiak
5e9aded33f
Increased the default PBKDF2 iterations for Django 5.0.
Follow up to 9a1848f48c.
2023-02-04 13:37:44 +01:00
David Smith
097e3a70c1 Refs #33476 -- Applied Black's 2023 stable style.
Black 23.1.0 is released which, as the first release of the year,
introduces the 2023 stable style. This incorporates most of last year's
preview style.

https://github.com/psf/black/releases/tag/23.1.0
2023-02-01 11:04:38 +01:00
Mariusz Felisiak
4fc711a108 Increased the default PBKDF2 iterations for Django 5.0. 2023-01-17 11:49:15 +01:00
Mariusz Felisiak
b5ac6e78f8 Refs #33691 -- Removed django.contrib.auth.hashers.CryptPasswordHasher per deprecation timeline. 2023-01-17 11:49:15 +01:00
Mariusz Felisiak
9a01311d20 Refs #15619 -- Removed support for logging out via GET requests.
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak
ba082e0952 Refs #33561 -- Made created=True required in signature of RemoteUserBackend.configure_user() subclasses.
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
David Wobrock
99bd5fb4c2 Refs #34074 -- Used headers argument for RequestFactory and Client in docs and tests. 2023-01-04 09:11:36 +01:00
Paul Schilling
298d02a77a Fixed #25617 -- Added case-insensitive unique username validation in UserCreationForm.
Co-Authored-By: Neven Mundar <nmundar@gmail.com>
2022-12-29 09:42:22 +01:00
David Wobrock
5aaad5f39c Fixed #34165 -- Made permissions creation respect the "using" parameter. 2022-12-24 11:58:33 +01:00
sdolemelipone
9d726c7902 Fixed #34187 -- Made UserCreationForm save many-to-many fields. 2022-11-29 05:56:53 +01:00
Nick Pope
9bd174b9a7 Updated documentation and comments for RFC updates.
- Updated references to RFC 1123 to RFC 5322
  - Only partial as RFC 5322 sort of sub-references RFC 1123.
- Updated references to RFC 2388 to RFC 7578
  - Except RFC 2388 Section 5.3 which has no equivalent.
- Updated references to RFC 2396 to RFC 3986
- Updated references to RFC 2616 to RFC 9110
- Updated references to RFC 3066 to RFC 5646
- Updated references to RFC 7230 to RFC 9112
- Updated references to RFC 7231 to RFC 9110
- Updated references to RFC 7232 to RFC 9110
- Updated references to RFC 7234 to RFC 9111
- Tidied up style of text when referring to RFC documents
2022-11-10 13:52:17 +01:00
Simon Kern
de2c2127b6 Fixed #34066 -- Fixed link to password reset view in UserChangeForm.password's help text when using to_field.
Co-Authored-By: David Sanders <shang.xiao.sanders@gmail.com>
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-10-27 09:23:34 +02:00
Marcelo Galigniana
b440493eaa Completed test coverage for contrib.auth.forms. 2022-10-26 12:52:18 +02:00
HieuPham9720
3e928de8ad
Skipped scrypt tests when OpenSSL 1.1+ is not installed. 2022-10-20 18:50:48 -07:00
Marcelo Galigniana
67c34c1a37 Completed test coverage for createsuperuser command. 2022-09-27 09:57:16 +02:00
Shai Berger
fdf0f62521 Fixed ReadOnlyPasswordHashWidget's template for RTL languages. 2022-09-01 21:20:15 +02:00
Claude Paroz
3b79dab19a Refs #33691 -- Deprecated insecure password hashers.
SHA1PasswordHasher, UnsaltedSHA1PasswordHasher, and UnsaltedMD5PasswordHasher
are now deprecated.
2022-07-23 21:29:31 +02:00
Ciaran McCormick
286e7d076c Fixed #33764 -- Deprecated BaseUserManager.make_random_password(). 2022-06-03 07:30:57 +02:00
Aymeric Augustin
6485894157 Renamed wrapped functions to wrapper.
All these functions are wrapping another function. They're the wrapper,
while the function they're wrapping is the wrapped.
2022-05-25 10:53:52 +02:00