fddb0131d3
Fixed #21535 -- Fixed password hash iteration upgrade.
...
Thanks jared_mess for the report.
2013-11-30 14:18:37 -05:00
f3e7ab366c
Removed gender-based pronouns per [ c0a2daad78].
2013-11-30 08:37:15 -05:00
3560ef043e
Propagate get_user_model exception from get_user
...
Fixes #21439
2013-11-14 12:02:26 -08:00
36ded01527
Fixed #21302 -- Fixed unused imports and import *.
2013-11-02 15:24:56 -04:00
726ded5708
Started attackign the next flake8 violation
2013-10-31 08:42:28 -07:00
9bf5610890
Start attacking E231 violations
2013-10-24 10:30:03 -07:00
c3aa2948c6
Fixed #21298 -- Fixed E301 pep8 warnings
2013-10-23 13:45:03 +01:00
1597503a01
Fixed E221 pep8 warnings.
2013-10-22 09:51:39 -04:00
7d0d0dbf26
Force update of the password on iteration count changes.
2013-10-21 20:31:28 +02:00
b289fcf1bf
Fixed #21288 -- Fixed E126 pep8 warnings
2013-10-21 08:31:30 -04:00
5f52590368
Fixed #21291 -- Ensured inactive users cannot reset their passwords
...
Thanks kz26 for the report and the suggested fix. Refs #19758 .
2013-10-19 10:43:06 +02:00
59a8808632
Cleaned formatting/comments in PasswordResetFormTest
2013-10-19 10:43:06 +02:00
ac4fec5ca2
Fixed bug causing CSRF token not to rotate on login.
...
Thanks Gavin McQuillan for the report.
2013-10-18 08:31:19 -04:00
a800036981
Fixed #21287 -- Fixed E123 pep8 warnings
2013-10-18 10:07:39 +01:00
bab9123daa
Fixed #21268 -- Fixed E303 pep8 warnings
2013-10-18 01:46:24 +01:00
dfb4cb9970
Fixed #21285 -- Fixed E121,E122 pep8 warnings
2013-10-17 20:20:11 -04:00
2fb5a51fa3
Fixed #18659 -- Deprecated request.REQUEST and MergeDict
...
Thanks Aymeric Augustin for the suggestion.
2013-10-17 09:42:28 -04:00
1ab27e9a65
Fixed #18866 -- added validation error for verbose_name longer than 39 characters
...
Added a validation error check when creating the permissions for model, to avoid
cryptic database error when the verbose_name is longer than 39 characters
thanks elena for reporting it
2013-10-14 14:19:35 +01:00
ef22d512b5
Imported custom user classes in tests depending on it
...
Without those imports, affected test files cannot be run
independently. Refs #21164 .
2013-10-14 10:14:24 +02:00
1dae4ac177
Whitespace cleanup.
...
* Removed trailing whitespace.
* Added newline to EOF if missing.
* Removed blank lines at EOF.
* Removed some stray tabs.
2013-10-10 16:49:20 -04:00
adedc31072
Fixed "redefinition of unused 'foo' from line X" pyflakes warnings.
2013-10-10 11:09:42 -04:00
ddb53856b6
Fixed #21164 -- Added documentation for issue with test users.
...
The package renaming restores the older package names (which were also the
documented package names). This doesn't affect test discovery because the
module in question doesn't contain any tests.
Thanks to Carl for the design discussion.
2013-10-08 10:32:56 +08:00
1285ca67eb
Fixed #16919 -- Passed user to set_password_form in GET requests.
...
Thanks Jaime Irurzun for the report and initial patch and
ejucovy for the test.
2013-10-02 13:28:15 -04:00
5d74853e15
Revert "Ensure that passwords are never long enough for a DoS."
...
This reverts commit aae5a96d57
2013-09-24 21:01:21 +02:00
a5b062576b
Removed a few trailing backslashes.
...
We have always been at war with trailing backslashes.
2013-09-22 14:04:10 +02:00
a075e2ad0d
Increase default PBKDF2 iterations
...
Increases the default PBKDF2 iterations, since computers have gotten
faster since 2011. In the future, we plan to increment by 10% per
major version.
2013-09-19 18:02:25 +01:00
aae5a96d57
Ensure that passwords are never long enough for a DoS.
...
* Limit the password length to 4096 bytes
* Password hashers will raise a ValueError
* django.contrib.auth forms will fail validation
* Document in release notes that this is a backwards incompatible change
Thanks to Josh Wright for the report, and Donald Stufft for the patch.
This is a security fix; disclosure to follow shortly.
2013-09-15 13:42:23 +08:00
96fd5557f9
Removed a ton of unused local vars
2013-09-08 08:05:16 -07:00
6a6428a36f
Took advantage of django.utils.six.moves.urllib.*.
2013-09-05 14:39:23 -05:00
365c3e8b73
Replaced "not PY3" by "PY2", new in six 1.4.0.
2013-09-02 12:11:02 +02:00
b89c2a5d9e
Fixed #18171 -- Checked signature of authenticate() to avoid supressing TypeErrors.
...
The current auth backend code catches TypeError to detect backends that
do not support specified argumetnts. As a result, any TypeErrors raised
within the actual backend code are silenced.
In Python 2.7+ and 3.2+ this can be avoided by using inspect.getcallargs().
With this method, we can test whether arguments match the signature without
actually calling the function.
Thanks David Eyk for the report.
2013-08-28 07:51:45 -04:00
165f44aaaa
Combine consecutive with statements
...
Python 2.7 allows to combine several 'with' instructions.
2013-08-16 20:12:10 +02:00
71c491972e
Fixed #11400 -- Passed kwargs from AbstractUser.email_user() to send_mail()
...
Thanks Jug_ for suggestion, john_scott for the initial patch,
and Tim Graham for code review.
2013-08-14 07:46:11 -04:00
ae3535169a
Fixed is_safe_url() to reject URLs that use a scheme other than HTTP/S.
...
This is a security fix; disclosure to follow shortly.
2013-08-13 11:06:22 -05:00
00d23a13eb
Fixed #20828 -- Allowed @permission_required to take a list of permissions
...
Thanks Giggaflop for the suggestion.
2013-08-10 10:10:18 -04:00
453915bb12
SQLite test fix -- refs #9057
2013-08-09 10:57:25 -04:00
ddae74b64c
Fixed #9057 -- Added default_permissions model meta option.
...
Thanks hvendelbo for the suggestion and koenb for the draft patch.
2013-08-09 09:19:52 -04:00
6d88d47be6
Fixed #20832 -- Enabled HTML password reset email
...
Added optional html_email_template_name parameter to password_reset view
and PasswordResetForm.
2013-08-05 09:47:28 -04:00
3e0eb2d788
Fixed a number of lint warnings, particularly around unused variables.
2013-08-04 09:17:10 -07:00
a1889397a9
Fixed #12103 -- Added AuthenticationForm.confirm_login_allowed to allow customizing the logic policy.
...
Thanks ejucovy and lasko for work on the patch.
2013-07-31 13:54:05 -04:00
5b47a9c5a0
Fixed a test that could fail depending on PASSWORD_HASHERS.
...
Thanks Claude. Refs #20760 .
2013-07-30 16:14:53 +02:00
e07e4030b9
Fixed #18511 -- Cleaned up admin password reset template titles.
2013-07-27 14:23:04 -04:00
5dbca13f3b
Fixed #20760 -- Reduced timing variation in ModelBackend.
...
Thanks jpaglier and erikr.
2013-07-23 15:43:12 +02:00
33242fe015
Fixed #19019 -- Fixed UserAdmin to log password change.
...
Thanks Tuttle for the report.
2013-07-23 08:33:07 -04:00
8759778185
Fixed #20675 -- `check_password` should work when no password is specified.
...
The regression was introduced by 2c4fe761a#20593 .
2013-07-03 14:09:58 -04:00
cfcf4b3605
Stopped using django.utils.unittest in the test suite.
...
Refs #20680 .
2013-07-01 14:29:33 +02:00
d51b7794bf
Removed django.contrib.auth.views.password_reset_confirm_uidb36() view to finish its accelerated deprecation schedule.
2013-06-29 12:22:15 -03:00
6118d6d1c9
More import removals
...
Following the series of commits removing deprecated features in
Django 1.7, here are some more unneeded imports removed and other
minor cleanups.
2013-06-29 11:58:36 +02:00
c196564132
Removed custom profile model functionality as per deprecation TL.
2013-06-28 21:48:16 -03:00
f325f86971
Fixed #20244 : PermissionsMixin now defines a related_query_name for M2Ms
2013-06-27 15:44:22 +01:00
Tim Graham
Matt Robenolt
Alex Gaynor
Alasdair Nicol
Florian Apolloner
Alasdair Nicol
Claude Paroz
Bouke Haarsma
joaoxsouls
Russell Keith-Magee
Aymeric Augustin
Paul McMillan
Michał Górny
SusanTan
Jacob Kaplan-Moss
ersran9
Justin Michalicek
Serge G. Spaolonzi
Kirill Fomichev
Simon Charette
Ramiro Morales
Andrew Godwin