e74ca0226a
[3.0.x] Fixed #30776 -- Restored max length validation on AuthenticationForm.UsernameField.
...
Regression in 5ceaf146866c9778a58e
2019-09-18 12:04:47 +02:00
5495ea3ae0
Updated translation catalogs
2019-09-08 17:35:32 +02:00
4f61810751
Fixed #30747 -- Renamed is_safe_url() to url_has_allowed_host_and_scheme().
2019-09-02 15:32:23 +02:00
999891bd80
Refs #29379 -- Moved autocomplete attribute to UsernameField.
...
Moving the autocomplete attribute into UsernameField allows this to work
for custom forms making use of UsernameField, removes some duplication
in the code, and keeps consistency with the autocapitalize attribute
that is already defined on UsernameField.
2019-09-02 10:50:56 +02:00
400ec5125e
Fixed #18763 -- Added ModelBackend/UserManager.with_perm() methods.
...
Co-authored-by: Nick Pope <nick.pope@flightdataservices.com>
2019-08-29 19:32:12 +02:00
b5a5c92c72
Fixed #30066 -- Enabled super user creation without email and password
2019-08-29 12:49:16 +02:00
03dbdfd9bb
Fixed #29019 -- Added ManyToManyField support to REQUIRED_FIELDS.
2019-08-26 14:48:40 +02:00
a5308514fb
Fixed #27801 -- Made createsuperuser fall back to environment variables for password and required fields.
2019-07-02 12:55:09 +02:00
d54baf6970
Updated translations from Transifex
...
Forward port of b3f7262e6e
2019-06-29 16:17:16 +02:00
42b9a23267
Fixed #30400 -- Improved typography of user facing strings.
...
Thanks Claude Paroz for assistance with translations.
2019-06-28 16:46:18 +02:00
3ee0834a46
Fixed #30556 -- Avoided useless query and hasher call in ModelBackend.authenticate() when credentials aren't provided.
...
There's no need to fetch a user instance from the database unless
a username and a password are provided as credentials.
2019-06-10 11:12:31 +02:00
dcb8f00d06
Fixed #29379 -- Added autocomplete attribute to contrib.auth.forms fields.
...
Thank you to Nick Pope for review.
Co-authored-by: CHI Cheng <cloudream@gmail.com>
2019-06-07 12:44:39 +02:00
581a0f4545
Refs #30226 -- Added User.get_user_permissions() method.
...
Added to mirror the existing User.get_group_permissions().
2019-06-05 13:56:37 +02:00
75337a6050
Fixed #30226 -- Added BaseBackend for authentication.
2019-06-05 13:39:46 +02:00
58df8aa40f
Fixed #28780 -- Allowed specyfing a token parameter displayed in password reset URLs.
...
Co-authored-by: Tim Givois <tim.givois.mendez@gmail.com>
2019-05-24 08:40:25 +02:00
2007e11d70
Forced utf-8 encoding when loading common passwords in CommonPasswordValidator.
...
Previously we used `decode()` which defaults to utf-8. This change
restores previous behavior.
Follow up to 28eac41510
2019-05-23 08:39:16 +02:00
b711eafd2a
Refs #30116 -- Removed unnecessary str() calls in CommonPasswordValidator.
...
open() and gzip.open() supports path-like objects since Python 3.6.
2019-05-22 19:47:28 +02:00
28eac41510
Improved performance of loading common passwords in CommonPasswordValidator.
...
CommonPasswordValidator.__init__ previously called either splitlines or
readlines, creating an unneeded intermediate list in memory. For large
custom password files, this could be burdensome.
2019-05-22 06:55:21 +02:00
98296f86b3
Fixed #30351 -- Handled pre-existing permissions in proxy model permissions data migration.
...
Regression in 181fb60159
2019-04-27 20:18:22 +02:00
3e01aab533
Updated contrib translations from Transifex.
...
Forwardport of 7090cbf542
2019-04-01 12:22:15 +02:00
9410db9683
Fixed #30236 -- Made UsernameField render with autocapitalize="none" HTML attribute.
...
This prevents automatic capitalization, which is the default behavior in
some browsers.
2019-03-29 15:24:44 +01:00
cbf7e71558
Fixed #30257 -- Made UsernameValidators prohibit trailing newlines.
2019-03-22 13:16:25 -04:00
a8e2a9bac6
Refs #15902 -- Deprecated storing user's language in the session.
2019-02-14 10:23:02 -05:00
48c17807a9
Fixed #16027 -- Added app_label to ContentType.__str__().
2019-02-07 19:56:47 -05:00
24b82cd201
Fixed #30159 -- Removed unneeded use of OrderedDict.
...
Dicts preserve order since Python 3.6.
2019-02-06 13:48:39 -05:00
7785e03ba8
Fixed #30137 -- Replaced OSError aliases with the canonical OSError.
...
Used more specific errors (e.g. FileExistsError) as appropriate.
2019-01-28 11:15:06 -05:00
06670015f7
Increased the default PBKDF2 iterations for Django 3.0.
2019-01-17 11:15:27 -05:00
181fb60159
Fixed #11154 , #22270 -- Made proxy model permissions use correct content type.
...
Co-Authored-By: Simon Charette <charette.s@gmail.com>
Co-Authored-By: Antoine Catton <acatton@fusionbox.com>
2019-01-16 10:07:28 -05:00
217f4456d8
Fetched Armenian translations from Transifex
2019-01-10 10:50:42 +01:00
db1b10ef0d
Fixed #30037 -- Added request arg to RemoteUserBackend.configure_user().
2019-01-09 20:01:04 -05:00
0004daa536
Used 4 space hanging indent for dictionaries.
...
Thanks Mariusz Felisiak for auditing.
2019-01-02 18:18:19 -05:00
e817ae74da
Followed style guide for model attribute ordering.
2018-12-27 19:34:14 -05:00
26bb2611a5
Fixed #29952 -- Lowercased all passwords in contrib.auth's auth/common-passwords.txt.gz.
2018-11-15 14:11:03 -05:00
e819554018
Fixed #29939 -- Increased Group.name max_length to 150 characters.
2018-11-14 15:13:34 -05:00
c82893cb8c
Refs #27795 -- Removed force_bytes() usage from django/utils/http.py.
...
django.utils.http.urlsafe_base64_encode() now returns a string, not a
bytestring. Since URLs are represented as strings,
urlsafe_base64_encode() should return a string. All uses immediately
decoded the bytestring to a string anyway.
As the inverse operation, urlsafe_base64_decode() accepts a string.
2018-10-10 14:38:22 -04:00
a7284cc0c3
Fixed #29809 -- Fixed a crash when a "view only" user POSTs to the admin user change form.
2018-10-01 10:09:50 +02:00
bf39978a53
Fixed CVE-2018-16984 -- Fixed password hash disclosure to admin "view only" users.
...
Thanks Claude Paroz & Tim Graham for collaborating on the patch.
2018-10-01 10:05:01 +02:00
033d842e84
Updated translations from Transifex
...
Forward port of d5ed08263b
2018-09-29 17:11:49 +02:00
8ef8bc0f64
Refs #28909 -- Simplifed code using unpacking generalizations.
2018-09-28 09:57:12 -04:00
2349cbd909
Fixed #29782 -- Added better error message when filtering queryset with AnonymousUser.
2018-09-26 15:36:19 -04:00
e40e7026ca
Fixed #29683 -- Added view permission to docs.
2018-09-26 15:06:43 -04:00
8d87350356
Refs #27795 -- Removed force_bytes() usage in contrib/auth/handlers/modwsgi.py.
2018-09-26 11:16:59 -04:00
c52ecbda61
Removed shadowing of built-in hash() function.
2018-09-13 10:04:36 -04:00
53ebd4cb13
Fixed #29686 -- Made UserAdmin.user_change_password() pass user to has_change_permission().
2018-08-17 17:43:00 -04:00
8b43e9b1af
Fixed #29616 -- Fixed createsuperuser for user models that don't have a password field.
2018-08-05 14:26:03 -04:00
ec9d0123e0
Made createsuperuser code more DRY.
2018-08-04 09:38:01 -04:00
793e9bb35a
Fixed #29628 -- Made createsuperuser validate password against username and required fields.
2018-08-04 08:44:25 -04:00
97e637a87f
Fixed typos in comments and docs.
2018-08-01 16:09:22 -04:00
287fef8693
Updated contrib translations from Transifex
...
Forwardport of cbf7e7dc52
2018-08-01 09:24:06 -04:00
f3fa86a89b
Fixed #29449 -- Reverted "Fixed #28757 -- Allowed using contrib.auth forms without installing contrib.auth."
...
This reverts commit 3333d935d2
2018-07-02 18:39:26 -04:00
Sam Reynolds
Claude Paroz
Carlton Gibson
Nick Pope
Berker Peksag
daniel a rios
Hasan Ramezani
Jon Dufresne
Aymeric Augustin
Tobias Bengfort
Rob
Mariusz Felisiak
Brad Solomon
pmisteli
Ryan J Schave
Gregory N. Schmit
Tim Graham
Arthur Rio
Joshua Cannon
Matt Wiens
Mathew Payne
Timothy Allen
Sergey Fedoseev
Ramon Saraiva
Stephen James
Andrey Kostakov
Alexander Todorov
Josh Schneier
luz.paz