Commit Graph

130 Commits

Author SHA1 Message Date
chillaranand d6eaf7c018 Refs #23919 -- Replaced super(ClassName, self) with super(). 2017-01-25 12:23:46 -05:00
Claude Paroz d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
Preston Timmons b52c73008a Fixed #15667 -- Added template-based widget rendering.
Thanks Carl Meyer and Tim Graham for contributing to the patch.
2016-12-27 17:50:10 -05:00
Aymeric Augustin cb7bbf97a7
Fixed #25966 -- Made get_user_model() work at import time.
This makes it equivalent to: `from django.contrib.auth.models import User`.

Thanks Aymeric Augustin for the initial patch and Tim Graham for the
review.
2016-11-25 14:15:49 +01:00
levental 617e36dc1e Fixed #20705 -- Allowed using PasswordResetForm with user models with an email field not named 'email'. 2016-09-27 11:59:00 -04:00
Aleksej Manaev 4b9330ccc0 Fixed #25187 -- Made request available in authentication backends. 2016-09-12 20:11:53 -04:00
Alexander Gaevsky 536db42cf0 Fixed #26097 -- Added password_validators_help_text_html to UserCreationForm. 2016-09-10 18:23:18 -04:00
Jon Dufresne ae98d40c35 Fixed #27136 -- Changed auth forms' autofocus attribute to HTML5 boolean syntax. 2016-08-28 17:19:50 -07:00
Berker Peksag a02b5848ae Replaced property() usage with decorator in several places. 2016-08-25 20:06:22 -04:00
Berker Peksag 3c18f8a3d2 Fixed #27111 -- Fixed KeyError if USERNAME_FIELD isn't in UserCreationForm.fields. 2016-08-24 13:20:12 -04:00
Olexander Yermakov 975a76a964 Fixed #26951 -- Allowed AuthenticationForm to work with a username of 0. 2016-08-10 09:44:48 -04:00
Claude Paroz 9935f97cd2 Refs #21379 -- Normalized unicode username inputs 2016-05-16 19:38:02 +02:00
Tim Graham df8d8d4292 Fixed E128 flake8 warnings in django/. 2016-04-08 09:51:06 -04:00
Berker Peksag efa9539787 Fixed #26381 -- Made UserCreationForm reusable with custom user models that define USERNAME_FIELD. 2016-03-21 12:32:42 -04:00
Vincenzo Pandolfo d0fe6c9156 Fixed #26334 -- Removed whitespace stripping from contrib.auth password fields. 2016-03-14 20:20:24 -04:00
Thomas Grainger d638cdc42a Fixed #25165 -- Removed inline JavaScript from the admin.
This allows setting a Content-Security-Policy HTTP header
(refs #15727).

Special thanks to blighj, the original author of this patch.
2015-12-05 15:51:57 -05:00
sujayskumar d8d853378b Fixed #24944 -- Added extra_email_context parameter to password_reset() view. 2015-09-18 18:56:04 -04:00
Maxime Lorant 5153a3bfdc Fixed #25331 -- Removed trailing blank lines in docstrings. 2015-08-31 17:37:21 -04:00
Wim Feijen c082363527 Reworded contrib.auth forms' password confirmation help_text.
"As above" refers to a spatial orientation, which might
not be present, for example when the two password fields
are shown next to each other.
2015-07-20 15:51:50 -04:00
Tim Graham 774c16d16e Fixed #25052; refs #16860 -- Added password validation to UserCreationForm. 2015-07-20 13:44:34 -04:00
Tim Graham f5e9d67907 Refs #16860 -- Moved password_changed() logic to AbstractBaseUser.
Thanks Carl Meyer for review.
2015-07-20 13:44:26 -04:00
Erik Romijn 1daae25bdc Fixed #16860 -- Added password validation to django.contrib.auth. 2015-06-07 19:31:20 +02:00
Piotr Jakimiak 4157c502a5 Removed unnecessary arguments in .get method calls 2015-05-13 20:51:18 +02:00
Claude Paroz c2bfd76ec3 Refs #15779 -- Fixed UserChangeForm regression introduced by 1791a7e75
Thanks Tim Graham for reporting the regression.
2015-03-28 09:24:01 +01:00
Thomas Tanner 28986da4ca Fixed #5986 -- Added ability to customize order of Form fields 2015-03-16 09:12:57 -04:00
Tim Graham 0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00
Tim Graham a53541852d Removed contrib.auth.forms.mask_password()
This function is unused since dce820ff70
after being introduced in 718a5ba1a1
2015-02-02 11:13:14 -05:00
Tim Graham 271d4f8f85 Fixed #23948 -- Moved password help text from the template to the form.
Thanks Mithos for the report and patch.
2014-12-26 08:09:12 -05:00
Berker Peksag 560b4207b1 Removed redundant numbered parameters from str.format().
Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}".
2014-12-03 14:27:38 -05:00
Carl Meyer 89559bcfb0 Fixed #23409 -- Extract PasswordResetForm.get_users method.
Allows easier customization of policies regarding which users are allowed to
reset their password.

Thanks Aymeric for review.
2014-09-03 12:25:11 -06:00
Gabriel Muñumel deed00c0d8 Fixed #23162 -- Renamed forms.Field._has_changed() to has_changed(). 2014-08-15 08:14:45 -04:00
Iain Dawson 8fbf13a6c8 Replaced instances of 'his/her' with 'their'. 2014-07-21 19:49:12 +00:00
Yin Jifeng 849538d03d Fixed #13147 -- Moved User validation logic from form to model. 2014-07-10 09:36:43 -04:00
Jorge C. Leitão a00b78b1e2 Fixed #17431 -- Added send_mail() method to PasswordResetForm.
Credits for the initial patch go to ejucovy;
big thanks to Tim Graham for the review.
2014-06-10 14:00:52 -04:00
Tim Graham ed4c2e1c0d Fixed #22329 -- Used label_tag() in some admin auth templates.
refs #17922.
2014-03-29 08:54:56 -04:00
Aymeric Augustin 9ffab9cee1 Moved RequestSite and get_current_site.
Following the app-loading refactor, these objects must live outside of
django.contrib.sites.models because they must be available without
importing the django.contrib.sites.models module when
django.contrib.sites isn't installed.

Refs #21680. Thanks Carl and Loic for reporting this issue.
2014-01-26 08:50:47 +01:00
Aymeric Augustin 8f04f53dd8 Removed a few gratuitous lambdas. 2013-12-26 14:03:50 +01:00
Loic Bistuer 6685713869 Fixed E127 pep8 warnings. 2013-12-14 11:59:15 -05:00
Claude Paroz 5f52590368 Fixed #21291 -- Ensured inactive users cannot reset their passwords
Thanks kz26 for the report and the suggested fix. Refs #19758.
2013-10-19 10:43:06 +02:00
Florian Apolloner 5d74853e15 Revert "Ensure that passwords are never long enough for a DoS."
This reverts commit aae5a96d57.

This fix is no longer necessary, our pbkdf2 (see next commit) implementation
no longer rehashes the password every iteration.
2013-09-24 21:01:21 +02:00
Tim Graham 18ffdb1772 Fixed #17627 -- Renamed util.py files to utils.py
Thanks PaulM for the suggestion and Luke Granger-Brown and
Wiktor Kołodziej for the initial patch.
2013-09-16 12:52:05 -04:00
Russell Keith-Magee aae5a96d57 Ensure that passwords are never long enough for a DoS.
* Limit the password length to 4096 bytes
  * Password hashers will raise a ValueError
  * django.contrib.auth forms will fail validation
* Document in release notes that this is a backwards incompatible change

Thanks to Josh Wright for the report, and Donald Stufft for the patch.

This is a security fix; disclosure to follow shortly.
2013-09-15 13:42:23 +08:00
Simon Charette 11cd7388f7 Fixed #20989 -- Removed useless explicit list comprehensions. 2013-08-30 10:57:51 -04:00
Justin Michalicek 6d88d47be6 Fixed #20832 -- Enabled HTML password reset email
Added optional html_email_template_name parameter to password_reset view
and PasswordResetForm.
2013-08-05 09:47:28 -04:00
Curtis Maloney 07876cf02b Deprecated SortedDict (replaced with collections.OrderedDict)
Thanks Loic Bistuer for the review.
2013-08-04 07:09:39 -04:00
Tim Graham a1889397a9 Fixed #12103 -- Added AuthenticationForm.confirm_login_allowed to allow customizing the logic policy.
Thanks ejucovy and lasko for work on the patch.
2013-07-31 13:54:05 -04:00
Kirill Fomichev 33242fe015 Fixed #19019 -- Fixed UserAdmin to log password change.
Thanks Tuttle for the report.
2013-07-23 08:33:07 -04:00
Claude Paroz 6118d6d1c9 More import removals
Following the series of commits removing deprecated features in
Django 1.7, here are some more unneeded imports removed and other
minor cleanups.
2013-06-29 11:58:36 +02:00
Ramiro Morales f02a703ca6 Removed AuthenticationForm.check_for_test_cookie() as per deprecation TL. 2013-06-28 21:48:15 -03:00
Tim Graham 1184d07789 Fixed #14881 -- Modified password reset to work with a non-integer UserModel.pk.
uid is now base64 encoded in password reset URLs/views. A backwards compatible
password_reset_confirm view/URL will allow password reset links generated before
this change to continue to work. This view will be removed in Django 1.7.

Thanks jonash for the initial patch and claudep for the review.
2013-06-26 13:11:47 -04:00