innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
22,371 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

811 Commits

Author SHA1 Message Date
Alexander Gaevsky e0a3d93730 Fixed #25232 -- Made ModelBackend/RemoteUserBackend reject inactive users. 2016-03-23 09:01:48 -04:00
Tim Graham 1243fdf5cb Fixed #26395 -- Skipped the CryptPasswordHasher tests on platforms with a dummy crypt module. 2016-03-22 11:22:21 -04:00
Berker Peksag efa9539787 Fixed #26381 -- Made UserCreationForm reusable with custom user models that define USERNAME_FIELD. 2016-03-21 12:32:42 -04:00
Vincenzo Pandolfo d0fe6c9156 Fixed #26334 -- Removed whitespace stripping from contrib.auth password fields. 2016-03-14 20:20:24 -04:00
ieatkittens ab8af342b1 Fixed #26343 -- Sent user_login_failed signal if an auth backend raises PermissionDenied. 2016-03-12 16:44:39 -05:00
Bas Westerbaan b4250ea04a Fixed #26033 -- Added Argon2 password hasher. 2016-03-08 11:22:18 -05:00
Jon Dufresne 1845bc1d10 Refs #26315 -- Cleaned up argparse options in commands. 
* Removed type coercion. Options created by argparse are already coerced
  to the correct type.
* Removed fallback default values. Options created by argparse already
  have a default value.
* Used direct indexing. Options created by argparse are always set. This
  eliminates the need to use dict.get().
 2016-03-05 13:19:29 -05:00
Florian Apolloner 67b46ba701 Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login. 
This is a security fix.
 2016-03-01 11:25:28 -05:00
Olivier Le Thanh Duong 10781b4c6f Fixed #12233 -- Allowed redirecting authenticated users away from the login view. 
contrib.auth.views.login() has a new parameter `redirect_authenticated_user`
to automatically redirect authenticated users visiting the login page.

Thanks to dmathieu and Alex Buchanan for the original code and to Carl Meyer
for the help and review.
 2016-02-25 07:18:33 -05:00
Mounir Messelmeni 50931dfa53 Fixed #25304 -- Allowed management commands to check if migrations are applied. 2016-02-12 13:34:56 -05:00
Tim Graham 004ba0f99e Removed unneeded hint=None/obj=None in system check messages. 2016-02-12 13:01:25 -05:00
Tim Graham 926d41f0e7 Updated some comments for BCryptSHA256PasswordHasher. 2016-02-11 11:57:12 -05:00
Charlie Denton 46c13fef46 Fix typo in comment 2016-02-11 11:14:06 +00:00
Simon Charette 6eb3ce11e4 Fixed #26089 -- Removed custom user test models from public API. 
Thanks to Tim Graham for the review.
 2016-02-04 12:30:34 -05:00
Hugo Osvaldo Barrera dcee1dfc79 Fixed #12405 -- Added LOGOUT_REDIRECT_URL setting. 
After a user logs out via auth.views.logout(), they're redirected
to LOGOUT_REDIRECT_URL if no `next_page` argument is provided.
 2016-02-04 10:35:37 -05:00
Matt Robenolt 8048411c97 Fixed a typo in BCryptPasswordHasher docstring 
There is no BCryptSHA512PasswordHasher.
 2016-01-09 12:14:51 -05:00
Collin Anderson 780bddf75b Fixed #20846 -- Decreased User.username max_length to 150 characters. 2016-01-08 18:06:44 -05:00
Paulo Poiati b643386668 Fixed #24855 -- Allowed using contrib.auth.login() without credentials. 
Added an optional `backend` argument to login().
 2016-01-07 08:56:07 -05:00
Simon Charette a08fda2111 Fixed #25746 -- Isolated inlined test models registration. 
Thanks to Tim for the review.
 2016-01-06 20:00:07 -05:00
Tim Graham f0ad641628 Fixed #26016 -- Restored contrib.auth hashers compatibility with py-bcrypt. 
Reverted "Explicitly passed rounds as rounds to bcrypt.gensalt()"

This reverts commit 23529fb195.
 2016-01-02 06:54:13 -05:00
Marten Kenbeek 16411b8400 Fixed #26013 -- Moved django.core.urlresolvers to django.urls. 
Thanks to Tim Graham for the review.
 2015-12-31 14:21:29 -05:00
Claude Paroz f14ab700c3 Updated translations from Transifex 
Forward port of 59f3590ca7 from stable/1.9.x.
 2015-12-31 15:53:02 +01:00
Thomas Grainger d638cdc42a Fixed #25165 -- Removed inline JavaScript from the admin. 
This allows setting a Content-Security-Policy HTTP header
(refs #15727).

Special thanks to blighj, the original author of this patch.
 2015-12-05 15:51:57 -05:00
Josh Soref 93452a70e8 Fixed many spelling mistakes in code, comments, and docs. 2015-12-03 12:48:24 -05:00
Claude Paroz 273ce8aa6a Pulled contrib translations from Transifex 
Forward port of 6a4649c27e from stable/1.9.x
 2015-12-01 20:37:57 +01:00
Tim Graham 15ef1dd478 Fixed #20846 -- Increased User.username max_length to 254 characters. 
Thanks Collin Anderson and Nick Sandford for work on the patch.
 2015-10-29 08:58:49 -04:00
Tim Graham 5acf203db2 Fixed #25596 -- Fixed regression in password change view with custom user model. 
The reverse() added in 50aa1a790c
crashed on a custom user model.
 2015-10-27 08:18:22 -04:00
Claude Paroz 5171f56fae Pluralized translatable strings in password_validation.py 
Forward port of 86dc4889f from master.
 2015-10-10 15:17:21 +02:00
Claude Paroz f233aa3ff9 Updated translation catalogs 
Forward port of f717cb2ab4 from stable/1.9.x.
 2015-10-09 18:02:47 +02:00
Kaleb Elwert adcf823359 Fixed #25490 -- Made the logout() view send "no-cache" headers. 2015-10-02 12:29:54 -04:00
Antoine Catton 53ccffdb8c Refs #16860 -- Fixed password help text when there aren't any validators. 
This avoids creating an empty list which is invalid HTML 4.
 2015-09-28 15:30:16 -04:00
Tzu-ping Chung 7372cdebed Fixed #25457 -- Improved formatting of password validation errors in management command output. 2015-09-24 19:45:19 -04:00
Tim Graham 593c9eb660 Increased the default PBKDF2 iterations for the 1.10 release cycle. 2015-09-23 19:31:11 -04:00
Tim Graham 849037af36 Refs #23957 -- Required session verification per deprecation timeline. 2015-09-23 19:31:10 -04:00
Tim Graham f1761e3fef Refs #21648 -- Removed is_admin_site option from password_reset() view. 
Per deprecation timeline.
 2015-09-23 19:31:10 -04:00
sujayskumar d8d853378b Fixed #24944 -- Added extra_email_context parameter to password_reset() view. 2015-09-18 18:56:04 -04:00
Dražen Odobašić b1e33ceced Fixed #23395 -- Limited line lengths to 119 characters. 2015-09-12 11:40:50 -04:00
Raphael Michel 1bbca7961c Fixed #25350 -- Added alias --no-input for --noinput to management commands. 2015-09-08 08:41:03 -04:00
Maxime Lorant 5153a3bfdc Fixed #25331 -- Removed trailing blank lines in docstrings. 2015-08-31 17:37:21 -04:00
Y3K 235caabacc Fixed #25324 -- Registered ModelAdmin instances with @admin.register decorator 2015-08-31 15:41:09 +10:00
Alex Becker 53d28f8339 Fixed #25089 -- Added password validation to createsuperuser/changepassword. 2015-08-01 20:18:26 -04:00
Tim Graham 264eeaf14a Removed unnecessary if statement in createsuperuser command. 2015-08-01 20:00:05 -04:00
Flavio Curella c2e70f0265 Fixed #21127 -- Started deprecation toward requiring on_delete for ForeignKey/OneToOneField 2015-07-27 18:28:13 -04:00
Akis Kesoglou 29465d438e Fixed #25142 -- Added PermissionRequiredMixin.has_permission() to allow customization. 2015-07-27 10:23:56 -04:00
lukasz.wojcik 927b30a6ab Fixed #24126 -- Deprecated current_app parameter to auth views. 2015-07-21 08:26:41 -04:00
Wim Feijen c082363527 Reworded contrib.auth forms' password confirmation help_text. 
"As above" refers to a spatial orientation, which might
not be present, for example when the two password fields
are shown next to each other.
 2015-07-20 15:51:50 -04:00
Tim Graham 774c16d16e Fixed #25052; refs #16860 -- Added password validation to UserCreationForm. 2015-07-20 13:44:34 -04:00
Tim Graham f5e9d67907 Refs #16860 -- Moved password_changed() logic to AbstractBaseUser. 
Thanks Carl Meyer for review.
 2015-07-20 13:44:26 -04:00
Tim Graham e25ba6e8bb Refs #25073 -- Copied recently added verbose_names to migrations. 2015-07-17 14:07:18 -04:00
Curtis Maloney 23529fb195 Explicitly passed rounds as rounds to bcrypt.gensalt() 2015-07-13 12:35:24 -04:00