Commit Graph

60 Commits

Author SHA1 Message Date
Tim Graham 849037af36 Refs #23957 -- Required session verification per deprecation timeline. 2015-09-23 19:31:10 -04:00
Tim Graham 0f7f5bc9e7 Fixed #24161 -- Stored the user primary key as a serialized value in the session.
This allows using a UUIDField primary key along with the JSON session
serializer.

Thanks to Trac alias jamesbeith for the report and Simon Charette
for the initial patch.
2015-02-12 07:38:16 -05:00
Tim Graham b06dfad88f Fixed #23939 -- Moved session verification out of SessionAuthenticationMiddleware.
Thanks andrewbadr for the report and Carl Meyer for the review.
2014-12-03 13:11:47 -05:00
sdeprez 9e80c5f457 Fixed #23925 -- Allowed settings.AUTHENTICATION_BACKENDS to reference import aliases 2014-11-28 10:47:33 -05:00
Tim Graham 1101467ce0 Limited lines to 119 characters in django/
refs #23395.
2014-09-05 09:22:16 -04:00
Tim Graham 11e30b684d Fixed a KeyError on login with legacy sessions; refs #21649.
Thanks Loic for the report.
2014-04-17 19:57:20 -04:00
Tim Graham fd23c06023 Fixed #21649 -- Added optional invalidation of sessions when user password changes.
Thanks Paul McMillan, Aymeric Augustin, and Erik Romijn for reviews.
2014-04-05 12:50:51 -04:00
Tim Graham 6d1ae5e27c Removed reading of old 'django_language' session variable per deprecation timeline.
refs #5789.
2014-03-21 09:53:16 -04:00
Erik Romijn 8cd32f0965 Fixed #22120 -- Documented persistent activation of languages and cleaned up language session key use 2014-02-22 18:29:06 +01:00
Tim Graham e1c8bc8fea Fixed #21790 -- Removed reliance on an assert in auth.get_user().
Thanks matklad for the report.
2014-02-18 14:23:38 -05:00
Berker Peksag 5d263dee30 Fixed #21674 -- Deprecated the import_by_path() function in favor of import_string().
Thanks Aymeric Augustin for the suggestion and review.
2014-02-08 11:12:19 -05:00
Aymeric Augustin f901b4d6c8 Took advantage of the new get_model API. Refs #21702. 2014-01-26 13:08:05 +01:00
Aymeric Augustin 2ff93e027c Fixed #21829 -- Added default AppConfigs.
Thanks Russell for the report, Marc for the initial patch, Carl for the
final review, and everyone who contributed to the design discussion.
2014-01-25 10:41:56 +01:00
Russell Keith-Magee d818e0c9b2 Fixed #16905 -- Added extensible checks (nee validation) framework
This is the result of Christopher Medrela's 2013 Summer of Code project.

Thanks also to Preston Holmes, Tim Graham, Anssi Kääriäinen, Florian
Apolloner, and Alex Gaynor for review notes along the way.

Also: Fixes #8579, fixes #3055, fixes #19844.
2014-01-20 10:45:21 +08:00
Aymeric Augustin ba7206cd81 Changed get_model to raise an exception on errors.
Returning None on errors required unpythonic error checking and was
inconsistent with get_app_config.

get_model was a private API until the previous commit, but given that it
was certainly used in third party software, the change is explained in
the release notes.

Applied the same change to get_registered_model, which is a new private
API introduced during the recent refactoring.
2013-12-28 20:53:00 +01:00
Aymeric Augustin 1716b7ce5a Renamed AppCache to Apps.
Also renamed app_cache to apps and "app cache" to "app registry".

Deprecated AppCache.app_cache_ready() in favor of Apps.ready().
2013-12-24 12:25:17 +01:00
Aymeric Augustin 2fef9e5375 Moved apps back in the toplevel django namespace.
Reverted 4a56a93cc4.
2013-12-22 11:39:55 +01:00
Aymeric Augustin 4a56a93cc4 Moved the new app cache inside core. 2013-12-17 10:17:46 +01:00
Aymeric Augustin 8662654d6d Removed module-level functions for the app cache.
Since the original ones in django.db.models.loading were kept only for
backwards compatibility, there's no need to recreate them. However, many
internals of Django still relied on them.

They were also imported in django.db.models. They never appear in the
documentation, except a quick mention of get_models and get_app in the
1.2 release notes to document an edge case in GIS. I don't think that
makes them a public API.

This commit doesn't change the overall amount of global state but
clarifies that it's tied to the app_cache object instead of hiding it
behind half a dozen functions.
2013-12-17 10:17:44 +01:00
Ludwik Trammer 9922ed46e2 Fixed #21473 -- Limited language preservation to logout
Current language is no longer saved to session by LocaleMiddleware
on  every response (the behavior introduced in #14825).
Instead language stored in session is reintroduced into new session
after logout.

Forward port of c558a43fd6 to master.
2013-12-12 10:24:43 +01:00
Michał Górny b89c2a5d9e Fixed #18171 -- Checked signature of authenticate() to avoid supressing TypeErrors.
The current auth backend code catches TypeError to detect backends that
do not support specified argumetnts. As a result, any TypeErrors raised
within the actual backend code are silenced.

In Python 2.7+ and 3.2+ this can be avoided by using inspect.getcallargs().
With this method, we can test whether arguments match the signature without
actually calling the function.

Thanks David Eyk for the report.
2013-08-28 07:51:45 -04:00
Simon Charette b91787910c Fixed #20642 -- Deprecated `Option.get_(add|change|delete)_permission`.
Those methods were only used by `contrib.admin` internally and exclusively
related to `contrib.auth`. Since they were undocumented but used
in the wild the raised deprecation warning point to an also undocumented
alternative that lives in `contrib.auth`.

Also did some PEP8 and other cleanups in the affected modules.
2013-06-25 12:22:37 -04:00
Andrew Godwin 1514f17aa6 Rotate CSRF token on login 2013-05-24 22:15:08 +01:00
Claude Paroz 710c59bf9b Slightly reworked imports in contrib.auth.__init__ 2013-05-18 16:01:47 +02:00
Jorge Bastida dc43fbc2f2 Fixed #18998 - Prevented session crash when auth backend removed
Removing a backend configured in AUTHENTICATION_BACKENDS should not
raise an exception for existing sessions, but should make already
logged-in users disconnect.
Thanks Bradley Ayers for the report.
2013-05-18 15:58:29 +02:00
Claude Paroz 7c5b244826 Fixed #17061 -- Factored out importing object from a dotted path
Thanks Carl Meyer for the report.
2013-02-04 16:38:25 +01:00
Claude Paroz 0eeae15056 Fixed #19354 -- Do not assume usermodel.pk == usermodel.id
Thanks markteisman at hotmail.com for the report.
2012-11-29 21:45:43 +01:00
Jannis Leidel 1520748dac Fixed #2550 -- Allow the auth backends to raise the PermissionDenied exception to completely stop the authentication chain. Many thanks to namn, danielr, Dan Julius, Łukasz Rekucki, Aashu Dwivedi and umbrae for working this over the years. 2012-11-17 20:24:54 +01:00
Michael Farrell 7cc4068c44 Fixed #18616 -- added user_login_fail signal to contrib.auth
Thanks to Brad Pitcher for documentation
2012-09-30 22:34:50 -07:00
Russell Keith-Magee 70a0de37d1 Fixed #3011 -- Added swappable auth.User models.
Thanks to the many people that contributed to the development and review of
this patch, including (but not limited to) Jacob Kaplan-Moss, Anssi
Kääriäinen, Ramiro Morales, Preston Holmes, Josh Ourisman, Thomas Sutton,
and Roger Barnes, as well as the many, many people who have contributed to
the design discussion around this ticket over many years.

Squashed commit of the following:

commit d84749a0f0
Merge: 531e771 7c11b1a
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Wed Sep 26 18:37:04 2012 +0800

    Merge remote-tracking branch 'django/master' into t3011

commit 531e7715da
Merge: 29d1abb 1f84b04
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Wed Sep 26 07:09:23 2012 +0800

    Merged recent trunk changes.

commit 29d1abbe35
Merge: 8a527dd 54c81a1
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Mon Sep 24 07:49:46 2012 +0800

    Merge remote-tracking branch 'django/master' into t3011

commit 8a527dda13
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Mon Sep 24 07:48:05 2012 +0800

    Ensure sequences are reset correctly in the presence of swapped models.

commit e2b6e22f29
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 23 17:53:05 2012 +0800

    Modifications to the handling and docs for auth forms.

commit 98aba856b5
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 23 15:28:57 2012 +0800

    Improved error handling and docs for get_user_model()

commit 0229209c84
Merge: 6494bf9 8599f64
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 23 14:50:11 2012 +0800

    Merged recent Django trunk changes.

commit 6494bf91f2
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Mon Sep 17 21:38:44 2012 +0800

    Improved validation of swappable model settings.

commit 5a04cde342
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Mon Sep 17 07:15:14 2012 +0800

    Removed some unused imports.

commit ffd535e413
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 16 20:31:28 2012 +0800

    Corrected attribute access on for get_by_natural_key

commit 913e1ac84c
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 16 20:12:34 2012 +0800

    Added test for proxy model safeguards on swappable models.

commit 280bf19e94
Merge: dbb3900 935a863
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 16 18:16:49 2012 +0800

    Merge remote-tracking branch 'django/master' into t3011

commit dbb3900775
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 16 18:09:27 2012 +0800

    Fixes for Python 3 compatibility.

commit dfd72131d8
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 16 15:54:30 2012 +0800

    Added protection against proxying swapped models.

commit abcb027190
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 16 15:11:10 2012 +0800

    Cleanup and documentation of AbstractUser base class.

commit a9491a8776
Merge: fd8bb4e 08bcb4a
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 16 14:46:49 2012 +0800

    Merge commit '08bcb4aec1ed154cefc631b8510ee13e9af0c19d' into t3011

commit fd8bb4e3e4
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 16 14:20:14 2012 +0800

    Documentation improvements coming from community review.

commit b550a6d06d
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 16 13:52:47 2012 +0800

    Refactored skipIfCustomUser into the contrib.auth tests.

commit 52a02f1110
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 16 13:46:10 2012 +0800

    Refactored common 'get' pattern into manager method.

commit b441a6bbc7
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 16 13:41:33 2012 +0800

    Added note about backwards incompatible change to admin login messages.

commit 08bcb4aec1
Author: Anssi Kääriäinen <akaariai@gmail.com>
Date:   Sat Sep 15 18:30:33 2012 +0300

    Splitted User to AbstractUser and User

commit d9f5e5addb
Author: Anssi Kääriäinen <akaariai@gmail.com>
Date:   Sat Sep 15 18:30:02 2012 +0300

    Reworked REQUIRED_FIELDS + create_user() interaction

commit 579f152e4a
Merge: 9184972 93e6733
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sat Sep 15 20:18:37 2012 +0800

    Merge remote-tracking branch 'django/master' into t3011

commit 918497218c
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sat Sep 15 20:18:19 2012 +0800

    Deprecate AUTH_PROFILE_MODULE and get_profile().

commit 334cdfc1bb
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sat Sep 15 20:00:12 2012 +0800

    Added release notes for new swappable User feature.

commit 5d7bb22e8d
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sat Sep 15 19:59:49 2012 +0800

    Ensure swapped models can't be queried.

commit 57ac6e3d32
Merge: f2ec915 abfba3b
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sat Sep 15 14:31:54 2012 +0800

    Merge remote-tracking branch 'django/master' into t3011

commit f2ec915b20
Merge: 1952656 5e99a3d
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 9 08:29:51 2012 +0800

    Merge remote-tracking branch 'django/master' into t3011

commit 19526563b5
Merge: 2c5e833 c4aa26a
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 9 08:22:26 2012 +0800

    Merge recent changes from master.

commit 2c5e833a30
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 9 07:53:46 2012 +0800

    Corrected admin_views tests following removal of the email fallback on admin logins.

commit 20d1892491
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 9 01:00:37 2012 +0800

    Added conditional skips for all tests dependent on the default User model

commit 40ea8b8882
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sat Sep 8 23:47:02 2012 +0800

    Added documentation for REQUIRED_FIELDS in custom auth.

commit e6aaf65970
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sat Sep 8 23:20:02 2012 +0800

    Added first draft of custom User docs.

    Thanks to Greg Turner for the initial text.

commit 75118bd242
Author: Thomas Sutton <me@thomas-sutton.id.au>
Date:   Mon Aug 20 11:17:26 2012 +0800

    Admin app should not allow username discovery

    The admin app login form should not allow users to discover the username
    associated with an email address.

commit d088b3af58
Author: Thomas Sutton <me@thomas-sutton.id.au>
Date:   Mon Aug 20 10:32:13 2012 +0800

    Admin app login form should use swapped user model

commit 7e82e83d67
Merge: e29c010 39aa890
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Fri Sep 7 23:45:03 2012 +0800

    Merged master changes.

commit e29c010beb
Merge: 8e3fd70 30bdf22
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Mon Aug 20 13:12:57 2012 +0800

    Merge remote-tracking branch 'django/master' into t3011

commit 8e3fd703d0
Merge: 507bb50 26e0ba0
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Mon Aug 20 13:09:09 2012 +0800

    Merged recent changes from trunk.

commit 507bb50a92
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Mon Jun 4 20:41:37 2012 +0800

    Modified auth app so that login with alternate auth app is possible.

commit dabe362836
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Mon Jun 4 20:10:51 2012 +0800

    Modified auth management commands to handle custom user definitions.

commit 7cc0baf89d
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Mon Jun 4 14:17:28 2012 +0800

    Added model Meta option for swappable models, and made auth.User a swappable model
2012-09-26 18:48:09 +08:00
Claude Paroz 3904b74a3f Fixed #18013 -- Use the new 'as' syntax for exceptions.
Thanks Clueless for the initial patch.
Note that unittest has been purposely left out (external package only used by Python 2.6).
2012-04-29 20:57:15 +02:00
Claude Paroz be12c9e908 Fixed #18038 -- Removed the 'supports_inactive_user' backwards-compatibility flag. Thanks Aymeric Augustin for the initial patch and Ramiro Morales for the review.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17938 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-26 17:15:40 +00:00
Claude Paroz 3dc946e49e Fixed #17236 -- Clarified that anonymous session data are retained after login. Thanks krzysiumed for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17704 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-13 19:23:52 +00:00
Jannis Leidel 24f4764a48 Fixed #16225 -- Removed unused imports. Many thanks to Aymeric Augustin for the work on the patch and Alex for reviewing.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16539 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-07-13 09:35:51 +00:00
Russell Keith-Magee 48edaf17a3 Advanced deprecations in contrib.auth.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15970 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-02 08:33:01 +00:00
Russell Keith-Magee 22347c89d8 Fixed #15532 -- Clarified the error message for unknown auth backends. Thanks to kmike for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15713 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-03 00:25:02 +00:00
Chris Beaven faa4a98f27 Change the lack of supports_inactive_user on an auth backend to a
!PendingDeprecationWarning (refs #14249), fixing some bad links in the
1.3 release docs and a typo.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15204 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-14 08:31:14 +00:00
Jannis Leidel 937548bba4 Fixed #15043 -- Updated the login function to send the user_logged_in signal after the user's session got recycled instead of before. Thanks, Rob Hudson.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15168 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-10 08:15:52 +00:00
Jannis Leidel 745c255a19 Fixed #14249 -- Added support for inactive users to the auth backend system. Thanks, Harro van der Klauw.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15010 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-21 19:18:12 +00:00
Russell Keith-Magee 34a386378f Fixed #13190 -- Improved error handling for the case where no authentication backends are defined. Thanks to Joel3000 for the report, and Łukasz Rekucki for the final patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14793 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-04 04:47:59 +00:00
Jannis Leidel 132afbf8ee Fixed #5612 -- Added login and logout signals to contrib auth app. Thanks SmileyChris and pterk.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14710 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-26 13:33:27 +00:00
Russell Keith-Magee 1070c57b83 Fixed #14436 -- Escalated 1.2 PendingDeprecationWarnings to DeprecationWarnings, and removed 1.1 deprecated code.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14138 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-11 12:20:07 +00:00
Jannis Leidel 1df1378f9e Fixed #13827 -- Cleaned up a few unnecessary function calls.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13876 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-26 21:36:22 +00:00
Luke Plant 8daec78cfd Fixed #12557 - AnonymousUser should check auth backends for permissions
Thanks to hvdklauw for the idea and work on the patch.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@12316 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-28 01:47:23 +00:00
Adrian Holovaty 5ceed0a053 Changed a whole bunch of places to raise exception instances instead of old-style raising exception classes plus a comma. Good for the future Python 3 conversion
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12180 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-10 18:36:20 +00:00
Jannis Leidel 9bf652dfd6 Fixed #11010 - Add a foundation for object permissions to authentication backends. Thanks to Florian Apolloner for writing the initial patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11807 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-12-10 01:05:35 +00:00
Jacob Kaplan-Moss c485e236bd Fixed #8193: all dynamic imports in Django are now done correctly. I know this because Brett Cannon borrowed the time machine and brought Python 2.7's '`importlib` back for inclusion in Django. Thanks for the patch-from-the-future, Brett!
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10088 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-18 16:55:59 +00:00
Malcolm Tredinnick c8c159cbba When logging in, change the session key whilst preserving any existing
sesssion. This means the user will see their session preserved across a login
boundary, but somebody snooping the anonymous session key won't be able to view
the authenticated session data.

This is the final piece of the session key handling changes.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8459 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-21 13:54:53 +00:00
Malcolm Tredinnick 97a7dab2b1 Fixed #6941 -- When logging a user out, or when logging in with an existing
session and a different user id to the current session owner, flush the session
data to avoid leakage. Logging in and moving from an anonymous user to a
validated user still keeps existing session data.

Backwards incompatible if you were assuming sessions persisted past logout.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8343 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-14 03:58:00 +00:00
Russell Keith-Magee 6335317a42 Fixed #3505 -- Added handling for the error raised when the user forgets the comma in a single element tuple when defining AUTHENTICATION_BACKENDS. Thanks for the help identifying this problem, Mario Gonzalez <gonzalemario@gmail.com>.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5678 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-07-13 05:03:33 +00:00