0362b0e986
Fixed #26615 -- Made password reset token invalidate when changing email.
...
Co-Authored-By: Silas Barta <sbarta@gmail.com>
2020-10-21 09:29:53 +02:00
f7963615eb
Fixed #32121 -- Fixed detecting uniqueness of USERNAME_FIELD when using Meta.constraints.
...
Co-authored-by: Simon Charette <charettes@users.noreply.github.com>
2020-10-20 07:23:51 +02:00
5fcfe5361e
Updated translations from Transifex.
...
Forwardport of f7397bb7c8
2020-09-30 10:25:48 +02:00
e39e727ded
Fixed #31912 -- Removed strict=True in Path.resolve() in project template and CommonPasswordValidator.
...
This caused permission errors when user didn't have permissions to
all intermediate directories in a Django installation path.
Thanks tytusd and leonyxz for reports.
Regression in edeec1247e26554cf5d1
2020-08-28 05:57:36 +02:00
e02738bf55
Refs #31913 -- Corrected comment in PasswordResetTokenGenerator.
...
Follow up to da4923ea87
2020-08-27 12:57:16 +02:00
b88f98738f
Fixed #31878 -- Made createsuperuser respect --database option in default usernames.
2020-08-14 11:08:20 +02:00
d907371ef9
Fixed #31842 -- Added DEFAULT_HASHING_ALGORITHM transitional setting.
...
It's a transitional setting helpful in migrating multiple instance of
the same project to Django 3.1+.
Thanks Markus Holtermann for the report and review, Florian
Apolloner for the implementation idea and review, and Carlton Gibson
for the review.
2020-08-04 09:35:24 +02:00
1a60838fa6
Updated translations from Transifex
2020-08-01 20:41:11 +02:00
948a874425
Fixed #29324 -- Made SECRET_KEY validation lazy (on first access).
2020-07-29 09:06:54 +02:00
3f2821af6b
Fixed #31180 -- Configured applications automatically.
2020-07-21 10:35:12 +02:00
7af8f41273
Refs #26445 -- Allowed using UserManager.create_user()/create_superuser() in migrations.
...
Used app config to lookup user model in _create_user().
Thanks Markus Holtermann for the review and initial patch.
Thanks Simon Charette for the implementation idea.
2020-07-06 11:47:22 +02:00
cc7c16af98
Fixed #31443 -- Fixed login redirection in auth mixins when LOGIN_URL is off-site URL.
2020-06-23 10:38:35 +02:00
136ec9b62b
Refs #31358 -- Added decode() to password hashers.
...
By convention a hasher which does not use a salt should populate the
decode dict with `None` rather than omit the dict key.
Co-Authored-By: Florian Apolloner <apollo13@users.noreply.github.com>
2020-06-23 08:36:59 +02:00
1621f06051
Fixed #30472 -- Made Argon2PasswordHasher use Argon2id.
2020-06-17 08:10:41 +02:00
faad809e09
Refs #30472 -- Simplified Argon2PasswordHasher with argon2-cffi 19.1+ API.
2020-06-17 08:10:41 +02:00
69a78a4a63
Fixed comment in django/contrib/auth/urls.py.
2020-06-10 08:39:09 +02:00
578b3046e3
Reverted "Refs #23919 -- Removed obsolete __init__.py files in management command directories."
...
This reverts commit ccc25bfe4fhttps://groups.google.com/d/topic/django-developers/GVHMH2ciAnk/discussion
2020-06-01 10:55:41 +02:00
c60524c658
Fixed #31546 -- Allowed specifying list of tags in Command.requires_system_checks.
2020-05-21 12:34:54 +02:00
f2187a227f
Increased the default PBKDF2 iterations for Django 3.2.
2020-05-13 09:07:51 +02:00
54646a423b
Refs #27468 -- Made user sessions use SHA-256 algorithm.
2020-04-29 16:45:00 +02:00
9ef4a18dbe
Changed django.forms.ValidationError imports to django.core.exceptions.ValidationError.
...
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-04-28 10:49:00 +02:00
71d9876e39
Refs #18325 -- Removed unnecessary line endings in management commands.
...
The OutputWrapper automatically adds \n when it’s not present.
2020-04-27 10:10:36 +02:00
8aa71f4e87
Fixed #31375 -- Made contrib.auth.hashers.make_password() accept only bytes or strings.
2020-03-31 10:52:56 +02:00
5f8495a40a
Fixed #31371 -- Increased User.first_name max_length to 150 characters.
2020-03-18 08:22:49 +01:00
e663f695fb
Fixed #31359 -- Deprecated get_random_string() calls without an explicit length.
2020-03-11 13:16:44 +01:00
769cee5252
Fixed #31327 -- Deprecated providing_args argument for Signal.
2020-03-05 09:38:52 +01:00
fba5d3b6e6
Fixed #31289 -- Added hint for USERNAME_FIELD/REQUIRED_FIELDS system check.
2020-02-26 08:40:36 +01:00
da4923ea87
Refs #27468 -- Made PasswordResetTokenGenerator use SHA-256 algorithm.
2020-02-12 21:46:56 +01:00
335c9c94ac
Simplified imports from django.db and django.contrib.gis.db.
2020-02-04 13:20:06 +01:00
5dabb6002e
Updated translations from Transifex.
...
Forwardport of ca4f87027e
2020-01-31 20:59:10 +01:00
b7a3a6c9ef
Used model's Options.label/label_lower where applicable.
2020-01-29 12:09:20 +01:00
5a68a223c7
Fixed #31200 -- Added system checks for permissions codenames max length.
2020-01-23 12:22:59 +01:00
35d36d9462
Refs #30585 -- Updated project templates and tests to use (block)translate tags.
2019-12-18 13:15:38 +01:00
5b1fbcef7a
Fixed CVE-2019-19844 -- Used verified user email for password reset requests.
...
Co-Authored-By: Florian Apolloner <florian@apolloner.eu>
2019-12-18 09:11:39 +01:00
3df3c5e670
Fixed #26480 -- Fixed crash of contrib.auth.authenticate() on decorated authenticate() methods of authentication backends.
...
The Signature API (PEP 362) has better support for decorated functions
(by default, it follows the __wrapped__ attribute set by
functools.wraps for example).
2019-12-10 09:36:30 +01:00
6376278a90
Updated contrib translations from Transifex.
...
Forward port of 4afa0e5d2a
2019-12-02 11:25:23 +01:00
e8fcdaad5c
Fixed #31021 -- Fixed proxy model permissions data migration crash with a multiple databases setup.
...
Regression in 98296f86b3
2019-11-29 08:23:01 +01:00
aa12cf07c9
Removed unnecessary numeric indexes in format strings.
2019-11-19 08:29:47 +01:00
6e99585c19
Fixed #30941 -- Reverted "Simplified AuthenticationMiddleware a bit."
...
This reverts commit 2f010795e6
2019-11-13 16:33:25 +01:00
4cec3cc82a
Fixed #30977 -- Optimized PasswordResetForm.save() a bit.
...
Moved site variables assignment outside of the loop.
2019-11-11 10:40:04 +01:00
edeec1247e
Passed strict=True to Path.resolve() to enforce that the path must exist.
2019-11-05 14:22:20 +01:00
b9fe7f9294
Fixed #30947 -- Changed tuples to lists in model Meta options in django.contrib modules.
...
The Django "Model Meta options" docs provide examples and generally
point the reader to use lists for the unique_together and ordering
options. Follow our own advice for contrib models.
More generally, lists should be used for homogeneous sequences of
arbitrary lengths of which both unique_together and ordering are.
2019-11-05 08:16:31 +01:00
2f010795e6
Simplified AuthenticationMiddleware a bit.
...
SimpleLazyObject already caches value in _wrapped.
2019-10-29 13:20:13 +01:00
0315c18fe1
Refs #26601 -- Removed obsolete workarounds for MIDDLEWARE_CLASSES setting.
2019-10-23 08:18:48 +02:00
226ebb1729
Fixed #28622 -- Allowed specifying password reset link expiration in seconds and deprecated PASSWORD_RESET_TIMEOUT_DAYS.
2019-09-20 13:52:04 +02:00
6c9778a58e
Fixed #30776 -- Restored max length validation on AuthenticationForm.UsernameField.
...
Regression in 5ceaf14686
2019-09-18 11:37:38 +02:00
b5db65c4fb
Increased the default PBKDF2 iterations for Django 3.1.
2019-09-12 17:24:01 +02:00
d17be88afd
Refs #30037 -- Required the RemoteUserBackend.configure_user() to have request as the first positional argument.
...
Per deprecation timeline.
2019-09-10 12:01:00 +02:00
5495ea3ae0
Updated translation catalogs
2019-09-08 17:35:32 +02:00
4f61810751
Fixed #30747 -- Renamed is_safe_url() to url_has_allowed_host_and_scheme().
2019-09-02 15:32:23 +02:00
Jacob Walls
Hannes Ljungberg
Claude Paroz
Mariusz Felisiak
Phil Gyford
Yan Mitrofanov
Florian Apolloner
Aymeric Augustin
Hasan Ramezani
Frantisek Holop
Jon Moroney
Florian Apolloner
Tom Carrick
René Fleschenberg
François Freitag
Ryan Petrello
Jon Dufresne
aryan
Nick Pope
Michael Mulholland
Mike Hansen
Simon Charette
Baptiste Mispelon
Carlton Gibson
Sergey Fedoseev
Sam Reynolds