Commit Graph

136 Commits

Author SHA1 Message Date
Adrian Holovaty be2697209b Improved the auth admin site to raise Http404 with a helpful error message if DEBUG is True, explaining why permission isn't denied. Refs #9866, and see also [9682]
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9683 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-12-25 06:17:42 +00:00
Adrian Holovaty 62362c6175 Added comment to UserAdmin.add_view() explaining why we disallow users without change permissions from adding other users. Refs #9866
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9682 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-12-25 06:04:11 +00:00
Karen Tracey bcd63cbfb0 Fixed #6160, #9111 -- Consistently apply conditional_escape to form errors and labels when outputing them as HTML.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9365 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-06 19:49:24 +00:00
Malcolm Tredinnick fb62bcc69e Fixed #8321 -- Change django.contrib.auth.models to use django.utils.hashcompat
for consistency with other code. Thanks, magneto.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@9160 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-10-06 05:14:17 +00:00
Malcolm Tredinnick c58c1f43cf Fixed #5753 -- Allow createsuperuser to work in situations where there
might be a valid password database entry for the current user id.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@9158 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-10-06 04:54:14 +00:00
Malcolm Tredinnick 2f0be0faae Fixed #8660 -- Small database query optimisation in User.get_profile.
When calling User.get_profile(), we now tell the profile object about the
related User object right away. This can save a database lookup later if
something in the user profile object wants to refer to the user object.

Patch from Mike Malone.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@9152 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-10-05 12:07:10 +00:00
Brian Rosner ab13303ea4 Fixed #8433 -- Deal with the add user popup on models that foreign key to User correctly. Thanks sorl for the report and fix.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8776 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-31 21:24:33 +00:00
Gary Wilson Jr c2ba59fc1d Removed oldforms, validators, and related code:
* Removed `Manipulator`, `AutomaticManipulator`, and related classes.
 * Removed oldforms specific bits from model fields:
   * Removed `validator_list` and `core` arguments from constructors.
   * Removed the methods:
     * `get_manipulator_field_names`
     * `get_manipulator_field_objs`
     * `get_manipulator_fields`
     * `get_manipulator_new_data`
     * `prepare_field_objs_and_params`
     * `get_follow`
   * Renamed `flatten_data` method to `value_to_string` for better alignment with its use by the serialization framework, which was the only remaining code using `flatten_data`.
 * Removed oldforms methods from `django.db.models.Options` class: `get_followed_related_objects`, `get_data_holders`, `get_follow`, and `has_field_type`.
 * Removed oldforms-admin specific options from `django.db.models.fields.related` classes: `num_in_admin`, `min_num_in_admin`, `max_num_in_admin`, `num_extra_on_change`, and `edit_inline`.
 * Serialization framework
   * `Serializer.get_string_value` now calls the model fields' renamed `value_to_string` methods.
   * Removed a special-casing of `models.DateTimeField` in `core.serializers.base.Serializer.get_string_value` that's handled by `django.db.models.fields.DateTimeField.value_to_string`.
 * Removed `django.core.validators`:
   * Moved `ValidationError` exception to `django.core.exceptions`.
   * For the couple places that were using validators, brought over the necessary code to maintain the same functionality.
 * Introduced a SlugField form field for validation and to compliment the SlugField model field (refs #8040).
 * Removed an oldforms-style model creation hack (refs #2160).

git-svn-id: http://code.djangoproject.com/svn/django/trunk@8616 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-27 07:19:44 +00:00
Malcolm Tredinnick 157dbe2fff Fixed #8552 -- Use the LOGIN_REDIRECT_URL setting in the auth tests, rather than hard-coding the value.
This enables things to work properly when installed in other configurations.
Patch from aeby.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8613 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-27 06:02:13 +00:00
Jacob Kaplan-Moss 78d13fb1c2 Fixed #8379: the admin user change form now properly validates the username. Thanks, kratorius.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8544 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-25 17:10:20 +00:00
Jacob Kaplan-Moss 9a1e4cedde Fixed #8344: make User.get_profile() work when settings.AUTH_PROFILE_MODULE is unset.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8543 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-25 16:56:59 +00:00
Jacob Kaplan-Moss 15ed0d65b0 Fixed #7833: the user creation form now works when password1 isn't set.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8542 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-25 16:55:57 +00:00
Russell Keith-Magee 96d12748a9 Added app_label to the context for the add user admin view.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8510 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-24 06:46:53 +00:00
Malcolm Tredinnick aa78a05e69 Fixed #8359 -- Add an admin log entry when creating a new user.
Patch from evan_schulz.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8503 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-23 21:45:36 +00:00
Malcolm Tredinnick abb1c508cc Tests for password change process. Thanks, Mike Richardson. Fixed #8402.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8497 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-23 18:20:49 +00:00
Brian Rosner ab26efc952 Fixed #8493 -- Fixed a NoReverseMatch when redirecting to password_change/done/ in the admin. Added the ability to override redirects to other password change views for consistency. Thanks for the report mtrichardson.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8473 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-23 03:26:01 +00:00
Malcolm Tredinnick c8c159cbba When logging in, change the session key whilst preserving any existing
sesssion. This means the user will see their session preserved across a login
boundary, but somebody snooping the anonymous session key won't be able to view
the authenticated session data.

This is the final piece of the session key handling changes.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8459 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-21 13:54:53 +00:00
Gary Wilson Jr 3bb50169d9 Removed unused and redefined imports.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8386 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-15 17:42:13 +00:00
Gary Wilson Jr 415bf3efb3 Fixed #7364 -- Never cache the contrib.auth login view.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8383 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-15 17:10:14 +00:00
Malcolm Tredinnick 97a7dab2b1 Fixed #6941 -- When logging a user out, or when logging in with an existing
session and a different user id to the current session owner, flush the session
data to avoid leakage. Logging in and moving from an anonymous user to a
validated user still keeps existing session data.

Backwards incompatible if you were assuming sessions persisted past logout.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8343 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-14 03:58:00 +00:00
Jacob Kaplan-Moss bb30805452 Fixed #8131: use reverse() in auth views. Patch from davenaff.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8334 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-12 23:31:31 +00:00
Gary Wilson Jr f09f14d0ae Fixed #8226 -- Fixed a Python 2.3 incompatibility in a unicode string substitution, thanks nfg.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8302 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-11 15:13:00 +00:00
Gary Wilson Jr 0b01d50076 Refs #7742 -- Removed unused `validator_list` argument (this is already being checked by the `UserCreationForm`).
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8293 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-11 04:30:30 +00:00
Brian Rosner a7d3c92767 Fixed #8202 -- Moved user_change_password to UserAdmin. This enables seamless integration of a custom UserAdmin. Thanks ElliottM for catching this.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8283 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-10 09:43:48 +00:00
Brian Rosner baac791c4b Fixed #7932 -- Made it easier to use a custom User model with the admin. Added add_form attribute to UserAdmin and removed hard-coded dependancies to User. Thanks ElliottM for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8280 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-10 04:22:21 +00:00
Jacob Kaplan-Moss 19bbc74e46 Fixed #7115: tweaked ordering on Permission to more closely match the pre-QSRF behavior, which was nice. Thanks, Matthew Flanagan.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8246 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-08 21:24:02 +00:00
Jacob Kaplan-Moss 34a3bd5225 Major refactoring of django.dispatch with an eye towards speed. The net result is that signals are up to 90% faster.
Though some attempts and backwards-compatibility were made, speed trumped compatibility. Thus, as usual, check BackwardsIncompatibleChanges for the complete list of backwards-incompatible changes.

Thanks to Jeremy Dunck and Keith Busell for the bulk of the work; some ideas from Brian Herring's previous work (refs #4561) were incorporated.

Documentation is, sigh, still forthcoming.

Fixes #6814 and #3951 (with the new dispatch_uid argument to connect).


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8223 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-06 15:32:46 +00:00
Luke Plant 8e24b37610 Cleaned up whitespace
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8214 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-05 16:36:20 +00:00
Russell Keith-Magee bf65fd0a80 Fixed #8901 -- Corrected typo in docstring. Thanks to Hayley Bonham <djangocode@vortex.cx> for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8207 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-04 12:11:04 +00:00
Gary Wilson Jr c85c8f8891 Fixed #7919 -- md5 and sha modules are deprecated since Python 2.5, use hashlib module when available. Patch from Karen Tracey.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8193 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-02 05:56:57 +00:00
Luke Plant 8dff194e9b Fixed #3062 - removed arbitrary and unneeded max_length on password fields in auth forms.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8180 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-01 21:18:17 +00:00
Luke Plant 64f5ab67a5 Changed some URL conf regexes to rawstrings for consistency
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8172 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-01 16:18:24 +00:00
Luke Plant 079e5bf1ec Added a login link to the password reset completion screen.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8171 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-01 16:13:12 +00:00
Luke Plant fcd837cd0f Fixed #7723 - implemented a secure password reset form that uses a token and prompts user for new password.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8162 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-31 20:47:53 +00:00
Russell Keith-Magee 99e34c1846 Fixed #8042 -- Modified the password reset form so that the email field length matches the User model. Thanks to Bob Thomas <bthomas@ncircle.com> for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8159 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-31 09:08:55 +00:00
Adrian Holovaty 29f0e8182f Fixed #7847 -- Removed a whole bunch of unused imports from throughout the codebase. Thanks, julien
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8046 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-22 03:24:09 +00:00
Adrian Holovaty 8bc442e771 Fixed #7304 -- Gave AnonymousUser a has_perms() method, which it was lacking
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8044 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-22 03:05:40 +00:00
Jacob Kaplan-Moss 46786b4193 Fixed #7741: django.newforms is now django.forms. This is obviously a backwards-incompatible change. There's a warning upon import of django.newforms itself, but deeper imports will raise errors.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7971 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-19 01:22:26 +00:00
Brian Rosner a19ed8aea3 Merged the newforms-admin branch into trunk.
This is a backward incompatible change. The admin contrib app has been
refactored. The newforms module has several improvements including FormSets
and Media definitions.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@7967 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-18 23:54:34 +00:00
Gary Wilson Jr 56e1cdc8bc Fixed a long and complex line by breaking into a for loop, with the added benefit that the method will now exit as soon as a matching
permission is found instead of checking all of the user's permissions and putting them into a temporary list.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@7823 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-02 05:05:50 +00:00
Gary Wilson Jr 73dfef8771 Added docstring and other minor style fixes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7822 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-02 05:00:09 +00:00
Russell Keith-Magee 8cb128e57c Refs #7521 -- Re-reverted [7716] (originally reverted in [7726]), now modified to use the new TestCase urlpattern framework.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7808 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-06-30 13:11:12 +00:00
Malcolm Tredinnick 339df5ce44 Fixed #6089 -- Removed default ordering on the User class.
Admin users are still ordered, since we add it in specially for Admin. Slightly
backwards incompatible.

Patch from Erik Karulf.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@7806 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-06-30 12:52:46 +00:00
Adrian Holovaty fbef599f60 Fixed #6306 -- redirect_to_login() helper function now quotes the URL arguments correctly. Thanks, SmileyChris
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7749 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-06-26 04:11:53 +00:00
Adrian Holovaty 54f7da3a27 Fixed #7274 -- Improved the django.contrib.auth password_reset() view not to require the Sites framework. Thanks, joshrl
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7748 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-06-26 04:09:29 +00:00
Russell Keith-Magee c8d39f15cb Fixed #7521 -- Reverted [7716]. Fixed URLs in test case broke any application that deployed contrib.auth.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7726 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-06-23 12:17:57 +00:00
Luke Plant fad8e8f7c2 Added basic tests for auth.views.password_reset
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7716 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-06-20 17:43:12 +00:00
Jacob Kaplan-Moss 2b62e945b0 Fixed #3393: login view no longer assumes that set_test_cookie has been called. This is mildly backwards-incompatible, but in the "now it works the way it should have all along" sense. Thanks to James and lcordier for the patches.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7692 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-06-18 16:13:14 +00:00
Jacob Kaplan-Moss b0ebcfe15a Fixed #7394: fixed bug with syncdb and createsuperuser introduced in [7590]. Thanks, av0000@mail.ru
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7598 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-06-08 18:18:01 +00:00
Russell Keith-Magee 8398ea6603 Fixed #7392 -- Corrected a typo in the backwards-compatibility layer to the new createsuperuser command.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7596 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-06-08 08:45:14 +00:00