Aymeric Augustin
6a6428a36f
Took advantage of django.utils.six.moves.urllib.*.
2013-09-05 14:39:23 -05:00
Aymeric Augustin
365c3e8b73
Replaced "not PY3" by "PY2", new in six 1.4.0.
2013-09-02 12:11:02 +02:00
Simon Charette
11cd7388f7
Fixed #20989 -- Removed useless explicit list comprehensions.
2013-08-30 10:57:51 -04:00
Tim Graham
c7d0ff0cad
Fixed #20989 -- Removed explicit list comprehension inside dict() and tuple()
...
Thanks jeroen.pulles at redslider.net for the suggestion and
helper script.
2013-08-29 12:11:03 -04:00
Tim Graham
cf8d6e9108
Fixed #20881 -- Removed contrib.auth.models.AbstractUser.get_absolute_url()
...
The definition is arbitrary and creates a broken "view on site"
link in the admin if a project doesn't define such a URL.
2013-08-29 06:36:35 -04:00
Michał Górny
b89c2a5d9e
Fixed #18171 -- Checked signature of authenticate() to avoid supressing TypeErrors.
...
The current auth backend code catches TypeError to detect backends that
do not support specified argumetnts. As a result, any TypeErrors raised
within the actual backend code are silenced.
In Python 2.7+ and 3.2+ this can be avoided by using inspect.getcallargs().
With this method, we can test whether arguments match the signature without
actually calling the function.
Thanks David Eyk for the report.
2013-08-28 07:51:45 -04:00
Andrew Godwin
b6a957f0ba
Merge remote-tracking branch 'core/master' into schema-alteration
...
Conflicts:
docs/ref/django-admin.txt
2013-08-19 18:30:48 +01:00
Claude Paroz
165f44aaaa
Combine consecutive with statements
...
Python 2.7 allows to combine several 'with' instructions.
2013-08-16 20:12:10 +02:00
SusanTan
71c491972e
Fixed #11400 -- Passed kwargs from AbstractUser.email_user() to send_mail()
...
Thanks Jug_ for suggestion, john_scott for the initial patch,
and Tim Graham for code review.
2013-08-14 07:46:11 -04:00
Jacob Kaplan-Moss
ae3535169a
Fixed is_safe_url() to reject URLs that use a scheme other than HTTP/S.
...
This is a security fix; disclosure to follow shortly.
2013-08-13 11:06:22 -05:00
ersran9
00d23a13eb
Fixed #20828 -- Allowed @permission_required to take a list of permissions
...
Thanks Giggaflop for the suggestion.
2013-08-10 10:10:18 -04:00
Tim Graham
453915bb12
SQLite test fix -- refs #9057
2013-08-09 10:57:25 -04:00
Andrew Godwin
588b523233
Merge remote-tracking branch 'core/master' into schema-alteration
...
Conflicts:
django/db/models/options.py
2013-08-09 14:37:37 +01:00
Tim Graham
ddae74b64c
Fixed #9057 -- Added default_permissions model meta option.
...
Thanks hvendelbo for the suggestion and koenb for the draft patch.
2013-08-09 09:19:52 -04:00
Andrew Godwin
de64c4d6e9
Merge remote-tracking branch 'core/master' into schema-alteration
...
Conflicts:
django/core/management/commands/flush.py
django/core/management/commands/syncdb.py
django/db/models/loading.py
docs/internals/deprecation.txt
docs/ref/django-admin.txt
docs/releases/1.7.txt
2013-08-09 14:17:30 +01:00
Justin Michalicek
6d88d47be6
Fixed #20832 -- Enabled HTML password reset email
...
Added optional html_email_template_name parameter to password_reset view
and PasswordResetForm.
2013-08-05 09:47:28 -04:00
Alex Gaynor
3e0eb2d788
Fixed a number of lint warnings, particularly around unused variables.
2013-08-04 09:17:10 -07:00
Curtis Maloney
07876cf02b
Deprecated SortedDict (replaced with collections.OrderedDict)
...
Thanks Loic Bistuer for the review.
2013-08-04 07:09:39 -04:00
Tim Graham
425d076d0c
Fixed #18923 -- Corrected usage of sensitive_post_parameters in contrib.auth
...
Thanks Collin Anderson for the report.
2013-08-02 14:46:17 -04:00
Tim Graham
a1889397a9
Fixed #12103 -- Added AuthenticationForm.confirm_login_allowed to allow customizing the logic policy.
...
Thanks ejucovy and lasko for work on the patch.
2013-07-31 13:54:05 -04:00
Aymeric Augustin
5b47a9c5a0
Fixed a test that could fail depending on PASSWORD_HASHERS.
...
Thanks Claude. Refs #20760 .
2013-07-30 16:14:53 +02:00
Andrew Godwin
12e9804d16
Rename allow_syncdb to allow_migrate
2013-07-30 12:08:59 +01:00
Andrew Godwin
68e0a169c4
Rename pre_ and post_syncdb to *_migrate, with aliases from old names
2013-07-30 11:52:52 +01:00
Claude Paroz
fdd7a355bf
Deprecated django.utils.importlib
...
This was a shim for pre-Python 2.7 support.
2013-07-29 17:10:22 +02:00
Serge G. Spaolonzi
e07e4030b9
Fixed #18511 -- Cleaned up admin password reset template titles.
2013-07-27 14:23:04 -04:00
Aymeric Augustin
5dbca13f3b
Fixed #20760 -- Reduced timing variation in ModelBackend.
...
Thanks jpaglier and erikr.
2013-07-23 15:43:12 +02:00
Kirill Fomichev
33242fe015
Fixed #19019 -- Fixed UserAdmin to log password change.
...
Thanks Tuttle for the report.
2013-07-23 08:33:07 -04:00
Loic Bistuer
3a00229189
Cleaned up UserAdmin.get_form() that worked around a bug fixed in 23e1b59
.
...
Refs #18681 .
2013-07-18 23:59:45 +07:00
Tim Graham
f407f75aae
Fixed #20673 -- Clarified that HttpRequest.user uses AUTH_USER_MODEL.
...
Thanks littlepig for the report.
2013-07-04 09:32:32 -04:00
Simon Charette
8759778185
Fixed #20675 -- `check_password` should work when no password is specified.
...
The regression was introduced by 2c4fe761a
. refs #20593 .
2013-07-03 14:09:58 -04:00
Aymeric Augustin
cfcf4b3605
Stopped using django.utils.unittest in the test suite.
...
Refs #20680 .
2013-07-01 14:29:33 +02:00
Ramiro Morales
d51b7794bf
Removed django.contrib.auth.views.password_reset_confirm_uidb36() view to finish its accelerated deprecation schedule.
2013-06-29 12:22:15 -03:00
Claude Paroz
6118d6d1c9
More import removals
...
Following the series of commits removing deprecated features in
Django 1.7, here are some more unneeded imports removed and other
minor cleanups.
2013-06-29 11:58:36 +02:00
Aymeric Augustin
c8756e17fb
Removed obsolete comment. Refs #20079 .
...
Thanks Gavin Wahl.
2013-06-29 11:42:34 +02:00
Ramiro Morales
c196564132
Removed custom profile model functionality as per deprecation TL.
2013-06-28 21:48:16 -03:00
Ramiro Morales
f02a703ca6
Removed AuthenticationForm.check_for_test_cookie() as per deprecation TL.
2013-06-28 21:48:15 -03:00
Andrew Godwin
f325f86971
Fixed #20244 : PermissionsMixin now defines a related_query_name for M2Ms
2013-06-27 15:44:22 +01:00
Anton Baklanov
cab333cb16
Fixed #20541 -- don't raise db signals twice when creating superuser
2013-06-27 05:58:01 -04:00
Tim Graham
1184d07789
Fixed #14881 -- Modified password reset to work with a non-integer UserModel.pk.
...
uid is now base64 encoded in password reset URLs/views. A backwards compatible
password_reset_confirm view/URL will allow password reset links generated before
this change to continue to work. This view will be removed in Django 1.7.
Thanks jonash for the initial patch and claudep for the review.
2013-06-26 13:11:47 -04:00
Simon Charette
b91787910c
Fixed #20642 -- Deprecated `Option.get_(add|change|delete)_permission`.
...
Those methods were only used by `contrib.admin` internally and exclusively
related to `contrib.auth`. Since they were undocumented but used
in the wild the raised deprecation warning point to an also undocumented
alternative that lives in `contrib.auth`.
Also did some PEP8 and other cleanups in the affected modules.
2013-06-25 12:22:37 -04:00
Loic Bistuer
7462a78c1b
Fixed #20288 -- Fixed inconsistency in the naming of the popup GET parameter.
...
Thanks to Keryn Knight for the initial report and reviews,
and to tomask for the original patch.
2013-06-19 22:16:16 +02:00
Aymeric Augustin
ffcf24c9ce
Removed several unused imports.
2013-06-19 17:18:40 +02:00
Erik Romijn
aeb1389442
Fixed #20079 -- Improve security of password reset tokens
2013-06-18 20:02:00 +02:00
Erik Romijn
2c4fe761a0
Fixed #20593 -- Allow blank passwords in check_password() and set_password()
2013-06-18 13:32:54 -04:00
Loic Bistuer
ee77d4b253
Fixed #20199 -- Allow ModelForm fields to override error_messages from model fields
2013-06-18 08:01:17 -04:00
Claude Paroz
beb652e069
Worked around Python 3.3 modified exception repr
...
Refs #20599 .
2013-06-15 11:14:59 +02:00
Jaap Roes
990f8d92dc
Fixed #20599 -- Changed wording of ValueError raised by _load_library
...
The _load_library method on BasePasswordHasher turns ImportErrors
into ValueErrors, this masks ImportErrors in the algorithm library.
Changed it to a clearer worded error message that includes
the ImportError string.
2013-06-15 10:50:55 +02:00
Aymeric Augustin
c6e6d4eeb7
Defined available_apps in relevant tests.
...
Fixed #20483 .
2013-06-10 11:30:01 +02:00
Aymeric Augustin
4daf570b98
Added TransactionTestCase.available_apps.
...
This can be used to make Django's test suite significantly faster by
reducing the number of models for which content types and permissions
must be created and tables must be flushed in each non-transactional
test.
It's documented for Django contributors and committers but it's branded
as a private API to preserve our freedom to change it in the future.
Most of the credit goes to Anssi. He got the idea and did the research.
Fixed #20483 .
2013-06-10 11:24:10 +02:00
Chris Streeter
69373f3420
Fixed #19925 - Added validation for REQUIRED_FIELDS being a list
...
Thanks Roman Alexander for the suggestion.
2013-06-07 19:58:41 -04:00
Gavin Wahl
4f4e9243e4
Fixed #20532 -- Reverse auth views by name, not by path.
...
Auth views should be reversed by name, not their locations in
`django.contrib.auth.views`. This allows substituting your own
implementations of the auth views.
2013-06-03 13:30:40 -04:00
Gavin Wahl
01ae881bb4
Don't hard-code class names when calling static methods
...
normalize_email should be called on the instance, not the class. This
has the same effect normally but is more helpful to subclassers. When
methods are called directly on the class, subclasses can't override
them.
2013-05-29 16:11:26 -06:00
Ramiro Morales
0fa8d43e74
Replaced `and...or...` constructs with PEP 308 conditional expressions.
2013-05-26 23:47:50 -03:00
Preston Holmes
d228c1192e
Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.
...
SuspiciousOperations have been differentiated into subclasses, and
are now logged to a 'django.security.*' logger. SuspiciousOperations
that reach django.core.handlers.base.BaseHandler will now return a 400
instead of a 500.
Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft
for review.
2013-05-25 16:27:34 -07:00
Andrew Godwin
1514f17aa6
Rotate CSRF token on login
2013-05-24 22:15:08 +01:00
Baptiste Mispelon
3cb1e9b93c
Fix test failure introduced by 980ae2ab29
.
2013-05-19 16:51:36 +02:00
Baptiste Mispelon
980ae2ab29
Fix #20447 : URL names given to contrib.auth.views are now resolved.
...
This commit also adds tests for the redirect feature of most auth views.
It also cleans up the tests, most notably using @override_settings instead
of ad-hoc setUp/tearDown methods.
Thanks to caumons for the report.
Conflicts:
docs/releases/1.6.txt
2013-05-19 14:36:38 +02:00
Peter Inglesby
cafcc22b01
Typo in comment
2013-05-19 09:28:36 +02:00
Claude Paroz
710c59bf9b
Slightly reworked imports in contrib.auth.__init__
2013-05-18 16:01:47 +02:00
Jorge Bastida
dc43fbc2f2
Fixed #18998 - Prevented session crash when auth backend removed
...
Removing a backend configured in AUTHENTICATION_BACKENDS should not
raise an exception for existing sessions, but should make already
logged-in users disconnect.
Thanks Bradley Ayers for the report.
2013-05-18 15:58:29 +02:00
Jacob Burch
340115200f
Fixed #20432 -- Test failure in admin_views.
...
The failure was triggered by a cache leak.
2013-05-18 13:13:33 +02:00
Mark Huang
0732c8e8c6
Fixed #20357 -- Allow empty username field label in `AuthentificationForm`.
2013-05-16 11:41:52 -04:00
Donald Stufft
8f0a4665d6
Recommend using the bcrypt library instead of py-bcrypt
...
* py-bcrypt has not been updated in some time
* py-bcrypt does not support Python3
* py3k-bcrypt, a port of py-bcrypt to python3 is not compatible
with Django
* bcrypt is supported on all versions of Python that Django
supports
2013-05-13 23:49:00 -04:00
Donald Stufft
3070e8f711
Properly force bytes or str for bcrypt on Python3
2013-05-11 11:16:06 -04:00
Carl Meyer
9012833af8
Fixed #17365 , #17366 , #18727 -- Switched to discovery test runner.
...
Thanks to Preston Timmons for the bulk of the work on the patch, especially
updating Django's own test suite to comply with the requirements of the new
runner. Thanks also to Jannis Leidel and Mahdi Yusuf for earlier work on the
patch and the discovery runner.
Refs #11077 , #17032 , and #18670 .
2013-05-10 23:08:45 -04:00
Luke Plant
f026a519ae
Fixed #19733 - deprecated ModelForms without 'fields' or 'exclude', and added '__all__' shortcut
...
This also updates all dependent functionality, including modelform_factory
and modelformset_factory, and the generic views `ModelFormMixin`,
`CreateView` and `UpdateView` which gain a new `fields` attribute.
2013-05-09 16:44:36 +01:00
Claude Paroz
9f7a01ef2b
Updated translation templates and removed en translations
...
"en" translations have been mistakenly committed in 87cc3da81
.
2013-05-02 16:25:23 +02:00
Preston Holmes
a49e7dd2a3
Fixed #20114 -- support custom project login_url in tests
...
Thanks to Matias Bordese for the patch
2013-04-05 09:03:28 -07:00
Preston Timmons
fde2e4fd6e
Modified auth to work with unittest2 discovery.
2013-04-02 21:59:45 -06:00
Alisson
80b658f5aa
Remove unnecessary if conditions
...
if obj it None, it's None, there's no need to check it
2013-03-30 12:22:28 +01:00
Claude Paroz
244e765a94
Updated translation templates
2013-03-28 10:06:11 +01:00
Claude Paroz
0a22f7aad2
Added Burmese language
...
Thanks to Yhal Htet Aung for the translation work.
2013-03-28 10:01:30 +01:00
Claude Paroz
ab76467d54
Added Ossetic language
...
Thanks to Xwybylty Soslan for the translation work.
2013-03-28 09:54:16 +01:00
Claude Paroz
c5084e7557
Updated translations from Transifex
...
Polish, Telugu, Georgian, Azerbaijani, Norwegian Bokmål, Basque,
Dutch, Thai, Spanish (Argentina), Afrikaans.
2013-03-28 09:24:07 +01:00
Jacob Kaplan-Moss
9e462f8101
Fixed #20078 : don't allow filtering on password in the user admin.
2013-03-27 11:24:36 -05:00
Donald Stufft
25f2acfed0
Fixed #20138 -- Added BCryptSHA256PasswordHasher
...
BCryptSHA256PasswordHasher pre-hashes the users password using
SHA256 to prevent the 72 byte truncation inherient in the BCrypt
algorithm.
2013-03-26 13:26:57 -04:00
Claude Paroz
2f121dfe63
Fixed #17051 -- Removed some 'invalid' field error messages
...
When the 'invalid' error message is set at field level, it masks
the error message raised by the validator, if any.
2013-03-14 17:03:43 +01:00
Aymeric Augustin
3710a918b2
Switched the admin to use @transaction.atomic.
2013-03-11 19:58:08 +01:00
Loic Bistuer
6983a1a540
Fixed #15363 -- Renamed and normalized to `get_queryset` the methods that return a QuerySet.
2013-03-08 10:11:45 -05:00
Ramiro Morales
03e40140ff
Merge pull request #871 from matiasb/ticket_19945
...
Fixed #19945 -- Fixed default User model Meta inheritance.
2013-03-03 14:30:36 -08:00
Claude Paroz
8e8c9b908a
Fixed getting default encoding in get_system_username
...
Refs #19933 .
2013-03-02 22:41:08 +01:00
matiasb
f39fead1c3
Fixed #19945 -- Fixed default User model Meta inheritance.
...
Updated default User model Meta class to extend AbstractUser Meta
where translated verbose_name and verbose_name_plural are
defined.
2013-03-01 19:32:20 -03:00
Aymeric Augustin
2ee21d9f0d
Implemented persistent database connections.
...
Thanks Anssi Kääriäinen and Karen Tracey for their inputs.
2013-02-28 15:28:13 +01:00
Claude Paroz
87cc3da814
Merged contrib translations from 1.5 branch
2013-02-26 21:51:06 +01:00
Aymeric Augustin
f1255a3c09
Fixed #18144 -- Restored compatibility with SHA1 hashes with empty salt.
...
Thanks dahool for the report and initial version of the patch.
2013-02-25 20:21:58 +01:00
Florian Apolloner
f56ca3f0e6
Fixed the usage of the deprecated assertEquals.
2013-02-24 11:15:17 +01:00
Preston Holmes
22d82a7742
Fixed #15198 -- pass request to AuthenticationForm
...
Thanks to Ciantic for the report, claudep and slurms for initial work
2013-02-23 15:28:49 -08:00
Preston Holmes
9d2c0a0ae6
Removed superfluous cookie check from auth login.
...
This is ensured through the CSRF protection of the view
2013-02-23 15:28:49 -08:00
Horst Gutmann
2f4a4703e1
Fixed #19758 -- Avoided leaking email existence through the password reset form.
2013-02-23 14:31:21 +01:00
Carl Meyer
d51fb74360
Added a new required ALLOWED_HOSTS setting for HTTP host header validation.
...
This is a security fix; disclosure and advisory coming shortly.
2013-02-19 11:23:29 -07:00
Claude Paroz
5ec0405a09
Fixed #19839 -- Isolated auth tests from customized TEMPLATE_LOADERS
...
Thanks limscoder for the report.
2013-02-18 09:22:25 +01:00
Claude Paroz
a8d1421dd9
Avoided unneeded assertion on Python 3
...
Fixes failure introduced in 02e5909f7a
.
2013-02-15 16:09:31 +01:00
Claude Paroz
02e5909f7a
Fixed #19807 -- Sanitized getpass input in createsuperuser
...
Python 2 getpass on Windows doesn't accept unicode, even when
containing only ascii chars.
Thanks Semmel for the report and tests.
2013-02-15 15:44:27 +01:00
Russell Keith-Magee
f5e4a699ca
Fixed #19822 -- Added validation for uniqueness on USERNAME_FIELD on custom User models.
...
Thanks to Claude Peroz for the draft patch.
2013-02-15 09:00:55 +08:00
Claude Paroz
f1029b308f
Fixed a misnamed variable introduced in commit 142ec8b283
...
Refs #8404 .
2013-02-14 08:33:10 +01:00
Claude Paroz
142ec8b283
Fixed #8404 -- Isolated auth password-related tests from custom templates
2013-02-13 23:11:49 +01:00
Hiroki Kiyohara
e94f405d94
Fixed #18558 -- Added url property to HttpResponseRedirect*
...
Thanks coolRR for the report.
2013-02-13 10:29:32 +01:00
Preston Holmes
0e18fb04ba
Made modwsgi groups_for_user consistent with check_password
...
2b5f848207
based its changes on #19061
that made the is_active attribute mandatory for user models.
The try/except was not removed for the groups_for_user function.
refs #19780
2013-02-09 09:31:04 -08:00
Preston Holmes
c44d748272
Fixed #19662 -- alter auth modelbackend to accept custom username fields
...
Thanks to Aymeric and Carl for the review.
2013-02-07 16:07:56 -08:00
Florian Apolloner
2b916895a1
Updated createsuperuser to use unicode_literals. Refs #19757 .
2013-02-07 14:33:36 +01:00
Claude Paroz
2390fe3f4f
Fixed #19745 -- Forced resolution of verbose names in createsupersuser
...
Thanks Baptiste Mispelon for the report and Preston Holmes for the review.
2013-02-06 10:06:21 +01:00
Simon Charette
ec469ade2b
Fixed #19689 -- Renamed `Model._meta.module_name` to `model_name`.
2013-02-05 04:16:07 -05:00
Claude Paroz
7c5b244826
Fixed #17061 -- Factored out importing object from a dotted path
...
Thanks Carl Meyer for the report.
2013-02-04 16:38:25 +01:00
Claude Paroz
55c585f1c7
Fixed #19725 -- Made createsuperuser handle non-ascii prompts
...
Thanks Michisu for the report.
2013-02-04 10:09:10 +01:00
Claude Paroz
1f8e7bb075
Added missing parentheses in if clause
2013-02-02 12:13:47 +01:00
Claude Paroz
63d6a50dd8
Fixed #18144 -- Added backwards compatibility with old unsalted MD5 passwords
...
Thanks apreobrazhensky at gmail.com for the report.
2013-02-02 12:02:36 +01:00
Claude Paroz
1686e0d184
Fixed #18460 -- Fixed change detection of ReadOnlyPasswordHashField
...
Thanks jose.sanchez et ezeep.com for the report and Vladimir Ulupov
for the initial patch.
2013-01-25 21:27:49 +01:00
Florian Apolloner
cc4de61a2b
Fixed #19596 -- Use `_default_manager` instead of `objects` in the auth app.
...
This is needed to support custom user models which don't define a manager
named `objects`.
2013-01-22 12:47:34 +01:00
Nick Sandford
cdad0b28d4
Fixed #19573 -- Allow override of username field label in AuthenticationForm
2013-01-10 09:06:04 +01:00
Claude Paroz
34ee7d9875
Updated deprecated test assertions
2013-01-08 19:08:15 +01:00
Anssi Kääriäinen
a2396a4c8f
Fixed #19173 -- Made EmptyQuerySet a marker class only
...
The guarantee that no queries will be made when accessing results is
done by new EmptyWhere class which is used for query.where and having.
Thanks to Simon Charette for reviewing and valuable suggestions.
2013-01-06 19:18:28 +02:00
Aymeric Augustin
4e5369a596
Silenced warnings in the tests of deprecated features.
2012-12-29 22:32:07 +01:00
Aymeric Augustin
ef017a5f00
Advanced pending deprecation warnings.
...
Also added stacklevel argument, fixed #18127 .
2012-12-29 21:59:07 +01:00
Julien Phalip
35d1cd0b28
Fixed #19505 -- A more flexible implementation for customizable admin redirect urls.
...
Work by Julien Phalip.
Refs #8001 , #18310 , #19505 . See also 0b908b92a2
.
2012-12-24 15:44:19 -03:00
Claude Paroz
0dc3fc954f
Fixed #19509 -- Fixed crypt/bcrypt non-ascii password encoding
...
Also systematically added non-ascii passwords in hashers test suite.
Thanks Vaal for the report.
2012-12-22 16:04:10 +01:00
Russell Keith-Magee
9facca28b6
Corrected tests depending on the error message on the AuthenticationForm.
...
Refs #19368 , and the fix introduced in 27f8129d64
.
2012-12-16 07:18:45 +08:00
Russell Keith-Magee
27f8129d64
Fixed #19368 -- Ensured that login error messages adapt to changes in the User model.
...
Thanks to un33k for the report.
2012-12-15 22:44:47 +08:00
Russell Keith-Magee
47e1df896b
Fixed #19412 -- Added PermissionsMixin to the auth.User heirarchy.
...
This makes it easier to make a ModelBackend-compliant (with regards to
permissions) User model.
Thanks to cdestigter for the report about the relationship between
ModelBackend and permissions, and to the many users on django-dev that
contributed to the discussion about mixins.
2012-12-15 22:44:47 +08:00
Florian Apolloner
a2f2a39956
Fixed #18856 -- Ensured that redirects can't be poisoned by malicious users.
2012-12-10 22:11:39 +01:00
Claude Paroz
c91667338a
Fixed #19357 -- Allow non-ASCII chars in filesystem paths
...
Thanks kujiu for the report and Aymeric Augustin for the review.
2012-12-08 11:13:52 +01:00
Ramiro Morales
b64d30405a
Fixed #18697 -- Made values accepted for two customizable admin templates consistent.
...
Thanks and at cloverfastfood dot com for the report.
2012-12-04 01:13:01 -03:00
Claude Paroz
a0cd6dd11e
Fixed #19349 -- Fixed re-rendering of ReadOnlyPasswordHashWidget
...
Thanks tim.bowden at mapforge.com.au for the report, Andreas Hug
for the patch and Anton Baklanov for the review.
2012-12-01 12:22:43 +01:00
Preston Holmes
84a5294788
Added missing custom user skip decorator
...
PermissionDeniedBackendTest references User model.
2012-11-30 22:54:42 -08:00
Claude Paroz
0eeae15056
Fixed #19354 -- Do not assume usermodel.pk == usermodel.id
...
Thanks markteisman at hotmail.com for the report.
2012-11-29 21:45:43 +01:00
Claude Paroz
a962bc7c45
Updated User manager when testing custom AUTH_USER_MODEL
...
This is giving more real test conditions when AUTH_USER_MODEL is
set with override_settings.
2012-11-24 16:00:00 +01:00
Aymeric Augustin
a026e480da
Fixed #16039 -- Made post_syncdb handlers multi-db aware.
...
Also reverted 8fb7a90026
. Refs #17055 .
2012-11-22 20:53:59 +01:00
Aymeric Augustin
9e11253497
Merge pull request #511 from ryankask/username-password-admin
...
Allowed custom User models to use the UserAdmin's change password view.
Fix #19056 (again).
2012-11-22 06:50:37 -08:00
Jannis Leidel
1520748dac
Fixed #2550 -- Allow the auth backends to raise the PermissionDenied exception to completely stop the authentication chain. Many thanks to namn, danielr, Dan Julius, Łukasz Rekucki, Aashu Dwivedi and umbrae for working this over the years.
2012-11-17 20:24:54 +01:00
Ryan Kaskel
bfdedb687a
Allow custom User models to use the UserAdmin's change password view.
2012-11-10 15:48:46 +00:00
Aymeric Augustin
fc10418fba
Fixed #18963 -- Used a subclass-friendly pattern
...
for Python 2 object model compatibility methods.
2012-11-03 22:07:35 +01:00
Preston Holmes
9741912a9a
Fixed #17869 - force logout when REMOTE_USER header disappears
...
If the current sessions user was logged in via a remote user backend log out
the user if REMOTE_USER header not available - otherwise leave it to other auth
middleware to install the AnonymousUser.
Thanks to Sylvain Bouchard for the initial patch and ticket maintenance.
2012-10-29 22:58:14 -07:00
Preston Holmes
2b5f848207
Fixed #19057 (again) -- added additional tests
2012-10-29 22:24:42 -07:00
Russell Keith-Magee
81f5d4a1a7
Added some test guards for some recently added auth tests.
...
Refs #19061 , #19057 .
2012-10-30 10:28:35 +08:00
Claude Paroz
b774c5993c
Fixed #19172 -- Isolated poisoned_http_host tests from 500 handlers
...
Thanks bernardofontes for the report.
2012-10-29 17:28:04 +01:00
Preston Holmes
4ea8105120
Fixed #19061 -- added is_active attribute to AbstractBaseUser
2012-10-28 23:04:03 -07:00
Russell Keith-Magee
04b53ebfb7
Fixed #19133 -- Corrected regression in form handling for user passwords.
...
Thanks to pressureman for the report, and to Preston Holmes for the draft patch.
2012-10-20 11:41:54 +08:00
Ramiro Morales
0b908b92a2
Fixed #8001 -- Made redirections after add/edit in admin customizable.
...
Also fixes #18310 .
2012-10-18 20:58:52 -03:00
Preston Holmes
9305c0e12d
Fixed a security issue related to password resets
...
Full disclosure and new release are forthcoming
2012-10-17 14:36:41 -07:00
Russell Keith-Magee
bfcda7781a
Fixed #19130 -- Made some of the auth forms more flexible for user models.
2012-10-16 16:03:29 +08:00
Claude Paroz
58365401c9
Updated base translation files
2012-10-15 11:17:06 +02:00
Daniele Procida
cc83a4af0c
Added 'groups' to UserAdmin.filter_horizontal
...
Is there some reason it's not there already?
Our list of groups is very cumbersome to use with the standard widget.
2012-10-13 14:58:36 +01:00
Russell Keith-Magee
b3b3db3d95
Fixed #19067 -- Clarified handling of username in createsuperuser.
...
Thanks to clelland for the report, and Preston Holmes for the draft patch.
2012-10-13 13:36:07 +08:00
Russell Keith-Magee
c433fcb3fb
Fixed #19077 , #19079 -- Made USERNAME_FIELD a required field, and modified UserAdmin to match.
2012-10-13 11:44:50 +08:00
Anssi Kääriäinen
b5f224e8e2
Fixed tests introduced for #15915
...
The tests didn't clean up properly. The commit that introduced the
errors was 8c427448d5
.
Thanks to Trac alias rizumu for spotting this.
2012-10-12 00:10:49 +03:00
Russell Keith-Magee
b9039268a1
Fixed #19060 -- Corrected assumptions about the name of the User model in the ModelBackend.
...
Thanks to Ivan Virabyan for the report and initial patch.
2012-10-06 12:43:29 +08:00
Mateusz Haligowski
8c427448d5
Fixed #15915 -- Cleaned handling of duplicate permission codenames
...
Previously, a duplicate model, codename for permission would lead to
database integrity error. Cleaned the implementation so that this case
now raises an CommandError instead.
2012-10-03 23:10:32 +03:00
Russell Keith-Magee
934f35f1f9
Corrected test docstring.
2012-10-03 09:16:33 +08:00
Preston Holmes
5f8b97f9fb
Fixed #19057 -- support custom user models in mod_wsgi auth handler
...
thanks @freakboy3742 for the catch and review
2012-10-02 06:42:05 -07:00
Michael Farrell
7cc4068c44
Fixed #18616 -- added user_login_fail signal to contrib.auth
...
Thanks to Brad Pitcher for documentation
2012-09-30 22:34:50 -07:00
Anssi Kääriäinen
d5a4f209c3
Fixed #18991 -- Allowed permission lookup by "if in"
...
When looking permissions from PermWrapper it is now possible to use
{% if "someapp.someperm" in perms %} instead of
{% if perms.someapp.someperm %}.
2012-09-30 19:38:16 +03:00