Commit Graph

55 Commits

Author SHA1 Message Date
Roy Zheng 804f2b7024 Added note about password updates on argon2 attributes change. 2020-08-11 07:51:27 +02:00
Hasan Ramezani 8aa71f4e87 Fixed #31375 -- Made contrib.auth.hashers.make_password() accept only bytes or strings. 2020-03-31 10:52:56 +02:00
Jon Dufresne 85efc14a2e Fixed #30948 -- Changed packaging to use declarative config in setup.cfg.
Co-authored-by: Nick Pope <nick.pope@flightdataservices.com>
2019-11-08 14:14:13 +01:00
Tobias Kunze 4a954cfd11 Fixed #30573 -- Rephrased documentation to avoid words that minimise the involved difficulty.
This patch does not remove all occurrences of the words in question.
Rather, I went through all of the occurrences of the words listed
below, and judged if they a) suggested the reader had some kind of
knowledge/experience, and b) if they added anything of value (including
tone of voice, etc). I left most of the words alone. I looked at the
following words:

- simply/simple
- easy/easier/easiest
- obvious
- just
- merely
- straightforward
- ridiculous

Thanks to Carlton Gibson for guidance on how to approach this issue, and
to Tim Bell for providing the idea. But the enormous lion's share of
thanks go to Adam Johnson for his patient and helpful review.
2019-09-06 13:27:46 +02:00
Ramiro Morales aed89adad5 Fixed #30367 -- Changed "pip install" to "python -m pip install" in docs, comments and hints. 2019-04-18 14:41:15 +02:00
Mariusz Felisiak 25829197bb
Removed extra characters in docs header underlines. 2019-02-08 21:38:30 +01:00
Tim Graham ec7e179aeb Removed versionadded/changed annotations for 2.1. 2019-01-17 10:50:25 -05:00
François Freitag 9b15ff08ba Used auto-numbered lists in documentation. 2018-11-15 13:54:28 -05:00
Curtis Maloney c49ea6f591 Refs #20910 -- Replaced snippet directive with code-block. 2018-09-10 13:00:34 -04:00
adamth acf9d64045 Fixed typos in docs/topics/auth/passwords.txt. 2018-04-23 07:37:26 -04:00
Brett Cannon 64b74804c5 Fixed #29334 -- Updated pypi.python.org URLs to pypi.org. 2018-04-17 20:24:27 -04:00
GS-14 93331877c8 Fixed #29274 -- Increased the number of common passwords from 1k to 20k. 2018-04-16 11:01:47 -04:00
Tim Graham a4f0e9aec7 Fixed #28718 -- Allowed user to request a password reset if their password doesn't use an enabled hasher.
Regression in aeb1389442.
Reverted changes to is_password_usable() from
703c266682 and documentation changes from
92f48680db.
2018-03-22 10:03:43 -04:00
Tim Graham 5b589a47b9
Fixed #29161 -- Removed BCryptPasswordHasher from PASSWORD_HASHERS. 2018-02-26 09:05:18 -05:00
Karmen 4fcd28d442 Fixed #28881 -- Doc'd that CommonPasswordValidator's password list must be lowercase. 2018-01-15 10:16:27 -05:00
Mariusz Felisiak 081e787160 Refs #23919 -- Stopped inheriting from object to define new style classes.
Tests and docs complement to cecc079168.
2017-06-26 10:30:31 -04:00
Claude Paroz c651331b34 Converted usage of ugettext* functions to their gettext* aliases
Thanks Tim Graham for the review.
2017-02-07 09:04:04 +01:00
chillaranand dc165ec8e5 Refs #23919 -- Replaced super(ClassName, self) with super() in docs. 2017-01-25 11:53:05 -05:00
Tim Graham e27e4c0339 Removed versionadded/changed annotations for 1.10. 2017-01-17 20:52:05 -05:00
Tim Graham 0d9ff873d9 Fixed #27467 -- Made UserAttributeSimilarityValidator max_similarity=0/1 work as documented.
Thanks goblinJoel for the report and feedback.
2016-11-16 17:40:37 -05:00
Tim Graham 9f27735612 Fixed #27013 -- Clarified commands to install argon2/bcrypt packages. 2016-08-19 19:23:12 -04:00
Tim Graham 796cc62026 Fixed #27045 -- Documented that AUTH_PASSWORD_VALIDATORS aren't applied at the model level. 2016-08-10 15:52:16 -04:00
Jiang Haiyun 6d61ec0e1a Fixed a typo in auth docs. 2016-07-04 11:02:11 -04:00
Ville Skyttä 96f97691ad Fixed broken links in docs and comments. 2016-06-15 21:20:23 -04:00
Bas Westerbaan 9407cc966b Fixed #26635 -- Clarified Argon2PasswordHasher's memory_cost differs from command line utility. 2016-05-27 18:37:12 -04:00
Tim Graham 46a38307c2 Removed versionadded/changed annotations for 1.9. 2016-05-20 11:44:29 -04:00
Bas Westerbaan b4250ea04a Fixed #26033 -- Added Argon2 password hasher. 2016-03-08 11:22:18 -05:00
Florian Apolloner 67b46ba701 Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login.
This is a security fix.
2016-03-01 11:25:28 -05:00
Tim Graham 47b5a6a43c Fixed #26187 -- Removed weak password hashers from PASSWORD_HASHERS. 2016-02-22 18:59:23 -05:00
Markus Holtermann b14470c7b7 Fixed spelling error 2016-02-23 10:24:38 +11:00
Tim Graham 5a541e2e6c Fixed #26188 -- Documented how to wrap password hashers. 2016-02-22 17:21:45 -05:00
rowanv a6ef025dfb Fixed #26124 -- Added missing code formatting to docs headers. 2016-02-01 10:42:05 -05:00
Eliezer Kanal d3b488f5bd Updated link to 1000 common passwords.
xato.net is dead; replaced with link to archive.org.
2015-12-02 12:57:02 -05:00
Tim Graham cb1e779ceb Refs #24115 -- Added docs for password updates on bcrypt rounds change. 2015-09-22 19:30:31 -04:00
Claude Paroz 64982cc2fb Updated Wikipedia links to use https 2015-08-08 12:02:32 +02:00
Tim Graham f5e9d67907 Refs #16860 -- Moved password_changed() logic to AbstractBaseUser.
Thanks Carl Meyer for review.
2015-07-20 13:44:26 -04:00
Tim Graham 55b3bd8468 Refs #16860 -- Minor edits and fixes to password validation. 2015-06-10 07:41:01 -04:00
Erik Romijn 1daae25bdc Fixed #16860 -- Added password validation to django.contrib.auth. 2015-06-07 19:31:20 +02:00
Sam Thursfield 1119063c69 Fixed #24556 -- Added reminder about HTTPS to passwords docs. 2015-04-03 10:55:11 -04:00
darkryder 9ec8aa5e5d Fixed #24149 -- Normalized tuple settings to lists. 2015-02-03 14:59:45 -05:00
Ilya Baryshev ed7c4df1ee Fixed documentation of make_password kwargs. 2014-10-27 06:36:55 -04:00
Alex Gaynor 0e27882b3a Stray paren 2014-04-17 11:29:07 -07:00
Alex Gaynor 464b98b1fe Include an 'extra_requires' for bcrypt 2014-04-17 11:28:09 -07:00
Tim Graham 51c8045145 Removed versionadded/changed annotations for 1.6. 2014-03-24 11:42:56 -04:00
Tim Graham 7f2505ad9e Fixed doc typos. 2014-02-28 11:44:03 -05:00
Tim Graham 28b70425af Added docs for the hasher's iteration count changes. 2013-10-21 20:32:02 +02:00
Erik Romijn 2c4fe761a0 Fixed #20593 -- Allow blank passwords in check_password() and set_password() 2013-06-18 13:32:54 -04:00
Donald Stufft 8f0a4665d6 Recommend using the bcrypt library instead of py-bcrypt
* py-bcrypt has not been updated in some time
* py-bcrypt does not support Python3
* py3k-bcrypt, a port of py-bcrypt to python3 is not compatible
  with Django
* bcrypt is supported on all versions of Python that Django
  supports
2013-05-13 23:49:00 -04:00
Donald Stufft f2a0be6151 Fix a missing " character in the password documentation 2013-03-26 15:26:20 -04:00
Donald Stufft 25f2acfed0 Fixed #20138 -- Added BCryptSHA256PasswordHasher
BCryptSHA256PasswordHasher pre-hashes the users password using
SHA256 to prevent the 72 byte truncation inherient in the BCrypt
algorithm.
2013-03-26 13:26:57 -04:00