Commit Graph

238 Commits

Author SHA1 Message Date
Jannis Leidel 751888ece3 Fixed #11223 -- Fixed logout view to use the 'next' GET parameter correctly as described in the docs, while only allowing redirection to the same host.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15706 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-02 12:47:44 +00:00
Jannis Leidel ec193224d3 Fixed #12534 -- Loosened the the security check for "next" redirects after logins slightly to allow paths that contain spaces. Thanks for the patch, jnns and aaugustin.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15702 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-01 22:49:18 +00:00
Jannis Leidel f3ed462822 Updated auth translations from transifex.net. Refs #15300.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15684 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-01 08:56:02 +00:00
Ramiro Morales 4b13e76deb Fixed #14012 (again) -- Admin app: Don't show the full user edition view after adding a user in a FK popup. Thanks dburke for reporting this regression introduced in r14628.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15637 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-24 01:00:57 +00:00
Russell Keith-Magee 7aa84917a4 Fixed #15299 -- Started the process of migrating the auth context processor support classes into the auth context processor module. Thanks to shailesh for the report, and v1v3kn for the draft patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15635 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-23 13:36:58 +00:00
Russell Keith-Magee b9a20d1e3b Fixed #15371 -- Ensure that a superuser created with the createsuperuser management command with --noinput has an invalid password, not a blank password. Thanks to yishaibeeri for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15631 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-22 11:33:04 +00:00
Russell Keith-Magee 7536f63b32 Fixed #14768 -- Added an es_MX locale and initial translation. Thanks to Alonso Bautista Villalobos and the rest of the Mexican translation team.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15433 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-06 06:06:29 +00:00
Russell Keith-Magee 7a60b41130 Fixed #15111 -- Ensured that the auth, contenttypes and sitemaps tests will run when the sites app isn't installed. Thanks to Waldemar Kornewald for the report and draft patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15418 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-05 03:49:03 +00:00
Russell Keith-Magee d053624aa8 Fixed #15067 -- Modified the range checks on base36_to_int so you are guaranteed to always get an int, avoiding possible OverflowErrors. Thanks to Garthex for the report, jboutros for the patch, and kfrazier for the feedback.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15288 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-24 08:02:40 +00:00
Jannis Leidel b3ab63d66b Added new translation files to auth contrib app.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15261 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-21 17:59:27 +00:00
Chris Beaven faa4a98f27 Change the lack of supports_inactive_user on an auth backend to a
!PendingDeprecationWarning (refs #14249), fixing some bad links in the
1.3 release docs and a typo.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15204 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-14 08:31:14 +00:00
Russell Keith-Magee 8781ea6cd7 Fixed #14975, #14925 -- Added some cache flushing to avoid some cross-test effects. Thanks to jsdalton and rpbarlow for the reports.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15192 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-13 16:22:03 +00:00
Jannis Leidel 937548bba4 Fixed #15043 -- Updated the login function to send the user_logged_in signal after the user's session got recycled instead of before. Thanks, Rob Hudson.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15168 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-10 08:15:52 +00:00
Alex Gaynor 6819be1ea1 Fix a security issue in the auth system. Disclosure and new release forthcoming.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15032 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-23 03:45:08 +00:00
Jannis Leidel 745c255a19 Fixed #14249 -- Added support for inactive users to the auth backend system. Thanks, Harro van der Klauw.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15010 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-21 19:18:12 +00:00
Russell Keith-Magee 059d9205d4 Fixed #14920 -- Fixed some test failures caused by caching contenttypes that were loaded during a contenttype fixture test. Thanks to Karen for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14985 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-19 13:01:51 +00:00
Jannis Leidel 674c671cae Fixed #14731 -- Respect ordering when creating the default permissions. Thanks, chipx86.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14891 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-12 22:59:28 +00:00
Jannis Leidel 867e935c51 Fixed #14446 -- Prevented the password reset confirmation view to be cached. Thanks, Paul and Gabriel.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14890 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-12 22:59:03 +00:00
Russell Keith-Magee 5b8ef18dcc Fixed #14795 -- Ensure that get_all_permissions() returns the right result (i.e., all permissions) for superusers. Thanks to jay.halleaux@gmail.com for the report, and Brett Haydon for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14797 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-04 05:59:56 +00:00
Russell Keith-Magee 34a386378f Fixed #13190 -- Improved error handling for the case where no authentication backends are defined. Thanks to Joel3000 for the report, and Łukasz Rekucki for the final patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14793 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-04 04:47:59 +00:00
Jannis Leidel cc64fb5c4b Fixed #8342 -- Removed code from the admin that assumed that you can't login with an email address (nixed by r12634). Also refactored login code slightly to be DRY by using more of auth app's forms and views.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14769 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-02 00:44:35 +00:00
Jannis Leidel 07705ca129 Fixed #5298 -- Added extra_context to contrib auth views.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14768 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-02 00:43:52 +00:00
Chris Beaven dceaa82dec Fixed #14809 -- broken login related tests after r14733.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14764 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-01 22:25:17 +00:00
Chris Beaven e74edb4d53 Fixes #11025 -- ability to specify LOGIN_URL as full qualified absolute URL.
auth.views.login now allows for login redirections for different schemes
with the same host (or no host even, e.g. 'https:///login/')

auth.decorators.login_required can now use lazy urls (refs #5925)

git-svn-id: http://code.djangoproject.com/svn/django/trunk@14733 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-27 22:43:33 +00:00
Jannis Leidel 132afbf8ee Fixed #5612 -- Added login and logout signals to contrib auth app. Thanks SmileyChris and pterk.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14710 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-26 13:33:27 +00:00
Ramiro Morales 0e26f58dae Corrected change in behavior regarding the page shown after the 'Save' button is pressed when adding a user through the admin.
It had been introduced in trunk (r13503) and between 1.2.1 and 1.2.2 (r13504). The original fix intended to correct a similar problem introduced between 1.1 and 1.2 (r12218) this time in the 'Save and add another' button.
We have now tests for the three buttons present in the Add User admin form to avoid future regressions.
Thanks to Juan Pedro Fisanotti and Cesar H. Roldan for their work.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@14628 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-19 22:45:51 +00:00
Jannis Leidel 9b6535b894 Fixed #7077 and #7431 -- Use getpass.getuser instead of pwd.getpwuid to determine the current system user's username in the createsuperuser management command to enable the feature on Windows. getpass.getuser automatically falls back to the previous method.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14607 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-17 20:28:33 +00:00
Luke Plant 02fc6276d7 Fixed #14508 - test suite silences warnings.
Utility functions get_warnings_state and save_warnings_state have been added
to django.test.utils, and methods to django.test.TestCase for convenience.

The implementation is based on the catch_warnings context manager from
Python 2.6.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@14526 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-11 15:06:20 +00:00
Luke Plant 6feef0c13e Fixed #14612 - Password reset page leaks valid user ids publicly.
Thanks to PaulM for the report.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@14456 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-04 12:36:55 +00:00
Luke Plant 7d4a3991f3 Fixed a test setup and isolation bug that was causing PasswordResetTest to fail when run individually
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14455 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-04 12:31:57 +00:00
Alex Gaynor 877033b479 Sped up the create_permissions signal handler (and thus the test suite) by restructuring its queries.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14446 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-04 00:01:54 +00:00
Alex Gaynor 34e545a938 Restructure the create_permission signal handler to perform fewer SQL queries, this speeds up the test suite dramatically.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14413 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-01 20:54:39 +00:00
Alex Gaynor 282e53b499 Reflow django/contrib/auth/management/__init__.py for readability.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14408 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-31 16:49:36 +00:00
Alex Gaynor 15b3350d30 Fixed the auth tests so they work when the AUTHENTICATION_BACKENDS setting is a list. Thanks to Patrick Altman for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14406 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-31 16:25:29 +00:00
Luke Plant 45c7f427ce Fixed #14445 - Use HMAC and constant-time comparison functions where needed.
All adhoc MAC applications have been updated to use HMAC, using SHA1 to
generate unique keys for each application based on the SECRET_KEY, which is
common practice for this situation. In all cases, backwards compatibility
with existing hashes has been maintained, aiming to phase this out as per
the normal deprecation process. In this way, under most normal
circumstances the old hashes will have expired (e.g. by session expiration
etc.) before they become invalid.

In the case of the messages framework and the cookie backend, which was
already using HMAC, there is the possibility of a backwards incompatibility
if the SECRET_KEY is shorter than the default 50 bytes, but the low
likelihood and low impact meant compatibility code was not worth it.

All known instances where tokens/hashes were compared using simple string
equality, which could potentially open timing based attacks, have also been
fixed using a constant-time comparison function.

There are no known practical attacks against the existing implementations,
so these security improvements will not be backported.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@14218 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-14 20:54:30 +00:00
Russell Keith-Magee 03f00bcd42 Fixed #14447 -- Modified the auth and sitemaps tests to remove some assumptions about the environment in which the tests are run. Thanks to Gabriel Hurley for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14184 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-12 07:15:47 +00:00
Russell Keith-Magee 1070c57b83 Fixed #14436 -- Escalated 1.2 PendingDeprecationWarnings to DeprecationWarnings, and removed 1.1 deprecated code.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14138 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-11 12:20:07 +00:00
Luke Plant f3429da6a0 Converted contrib/auth/tokens doctests to unittests. We've always said "no more" to doctests.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14100 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-10 01:06:42 +00:00
Russell Keith-Magee a904e55859 Fixed #11509 -- Modified usage of "Web" to match our style guide in various documentation, comments and code. Thanks to timo and Simon Meers for the work on the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14069 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-09 08:12:50 +00:00
Russell Keith-Magee 8755fb1549 Fixed #14354 -- Normalized the handling of empty/null passwords in contrib.auth. This also updates the createsuperuser command to be more testable, and migrates some auth doctests. Thanks to berryp for the report, and Laurent Luce for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14053 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-09 03:34:08 +00:00
Russell Keith-Magee f53491db6e #14374 -- Added some missing template files to ensure that contrib.auth tests will pass when admin isn't installed. Thanks to henriquebastos for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14003 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-08 13:50:54 +00:00
Luke Plant 667d832e90 Fixed #14386, #8960, #10235, #10909, #10608, #13845, #14377 - standardize Site/RequestSite usage in various places.
Many thanks to gabrielhurley for putting most of this together.  Also to
bmihelac, arthurk, qingfeng, hvendelbo, petr.pulc@s-cape.cz, Hraban for
reports and some initial patches.

The patch also contains some whitespace/PEP8 fixes.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@13980 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-04 14:20:47 +00:00
Jannis Leidel 1df1378f9e Fixed #13827 -- Cleaned up a few unnecessary function calls.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13876 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-26 21:36:22 +00:00
Malcolm Tredinnick 4084bc7354 Permit custom from-email address in auth forms email.
Patch from cassidy and Rob Hudson. Fixed #11300.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@13817 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-12 22:38:01 +00:00
Jannis Leidel bb00b28399 Added login_url argument to login_required decorator. Thanks mhlakhani and ericflo for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13723 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-10 19:38:57 +00:00
Luke Plant 303bdc85a7 Fixed #14242 - UserChangeForm subclasses without 'user_permissions' field causes KeyError
This was a regression introduced by [13683]

Thanks to adammckerlie@gmail.com for report.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@13702 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-09 23:31:54 +00:00
Luke Plant 801bb146e8 Converted tests for contrib.auth.forms to unit tests.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13701 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-09 23:21:16 +00:00
Luke Plant bdd13a4daa Fixed #14090 - Many sql queries needed to display change user form
Thanks to Suor for report and patch.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@13683 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-03 18:56:12 +00:00
Jannis Leidel 286ce85e45 Fixed #13569 -- Fixed createsuperuser management command to work with the new relaxed requirements for usernames.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13297 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-05-21 14:08:49 +00:00
Russell Keith-Magee 5211f48ae3 Fixed #12164 -- Removed the Python 2.3 compatibility imports and workarounds. Thanks to timo and claudep for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13094 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-05-04 14:00:30 +00:00