innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
30,548 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

1114 Commits

Author SHA1 Message Date
Hannes Ljungberg f7963615eb Fixed #32121 -- Fixed detecting uniqueness of USERNAME_FIELD when using Meta.constraints. 
Co-authored-by: Simon Charette <charettes@users.noreply.github.com>
 2020-10-20 07:23:51 +02:00
Claude Paroz 5fcfe5361e Updated translations from Transifex. 
Forwardport of f7397bb7c8 from stable/3.1.x.
 2020-09-30 10:25:48 +02:00
Mariusz Felisiak e39e727ded
Fixed #31912 -- Removed strict=True in Path.resolve() in project template and CommonPasswordValidator. 
This caused permission errors when user didn't have permissions to
all intermediate directories in a Django installation path.

Thanks tytusd and leonyxz for reports.

Regression in edeec1247e and
26554cf5d1.
 2020-08-28 05:57:36 +02:00
Phil Gyford e02738bf55 Refs #31913 -- Corrected comment in PasswordResetTokenGenerator. 
Follow up to da4923ea87.
 2020-08-27 12:57:16 +02:00
Yan Mitrofanov b88f98738f Fixed #31878 -- Made createsuperuser respect --database option in default usernames. 2020-08-14 11:08:20 +02:00
Mariusz Felisiak d907371ef9 Fixed #31842 -- Added DEFAULT_HASHING_ALGORITHM transitional setting. 
It's a transitional setting helpful in migrating multiple instance of
the same project to Django 3.1+.

Thanks Markus Holtermann for the report and review, Florian
Apolloner for the implementation idea and review, and Carlton Gibson
for the review.
 2020-08-04 09:35:24 +02:00
Claude Paroz 1a60838fa6 Updated translations from Transifex 2020-08-01 20:41:11 +02:00
Florian Apolloner 948a874425
Fixed #29324 -- Made SECRET_KEY validation lazy (on first access). 2020-07-29 09:06:54 +02:00
Aymeric Augustin 3f2821af6b
Fixed #31180 -- Configured applications automatically. 2020-07-21 10:35:12 +02:00
Hasan Ramezani 7af8f41273 Refs #26445 -- Allowed using UserManager.create_user()/create_superuser() in migrations. 
Used app config to lookup user model in _create_user().

Thanks Markus Holtermann for the review and initial patch.
Thanks Simon Charette for the implementation idea.
 2020-07-06 11:47:22 +02:00
Frantisek Holop cc7c16af98 Fixed #31443 -- Fixed login redirection in auth mixins when LOGIN_URL is off-site URL. 2020-06-23 10:38:35 +02:00
Jon Moroney 136ec9b62b Refs #31358 -- Added decode() to password hashers. 
By convention a hasher which does not use a salt should populate the
decode dict with `None` rather than omit the dict key.

Co-Authored-By: Florian Apolloner <apollo13@users.noreply.github.com>
 2020-06-23 08:36:59 +02:00
Florian Apolloner 1621f06051 Fixed #30472 -- Made Argon2PasswordHasher use Argon2id. 2020-06-17 08:10:41 +02:00
Florian Apolloner faad809e09 Refs #30472 -- Simplified Argon2PasswordHasher with argon2-cffi 19.1+ API. 2020-06-17 08:10:41 +02:00
Tom Carrick 69a78a4a63
Fixed comment in django/contrib/auth/urls.py. 2020-06-10 08:39:09 +02:00
René Fleschenberg 578b3046e3 Reverted "Refs #23919 -- Removed obsolete __init__.py files in management command directories." 
This reverts commit ccc25bfe4f.

https://groups.google.com/d/topic/django-developers/GVHMH2ciAnk/discussion
 2020-06-01 10:55:41 +02:00
Hasan Ramezani c60524c658 Fixed #31546 -- Allowed specifying list of tags in Command.requires_system_checks. 2020-05-21 12:34:54 +02:00
Mariusz Felisiak f2187a227f Increased the default PBKDF2 iterations for Django 3.2. 2020-05-13 09:07:51 +02:00
Mariusz Felisiak 54646a423b
Refs #27468 -- Made user sessions use SHA-256 algorithm. 2020-04-29 16:45:00 +02:00
François Freitag 9ef4a18dbe Changed django.forms.ValidationError imports to django.core.exceptions.ValidationError. 
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2020-04-28 10:49:00 +02:00
François Freitag 71d9876e39 Refs #18325 -- Removed unnecessary line endings in management commands. 
The OutputWrapper automatically adds \n when it’s not present.
 2020-04-27 10:10:36 +02:00
Hasan Ramezani 8aa71f4e87 Fixed #31375 -- Made contrib.auth.hashers.make_password() accept only bytes or strings. 2020-03-31 10:52:56 +02:00
Ryan Petrello 5f8495a40a Fixed #31371 -- Increased User.first_name max_length to 150 characters. 2020-03-18 08:22:49 +01:00
Claude Paroz e663f695fb Fixed #31359 -- Deprecated get_random_string() calls without an explicit length. 2020-03-11 13:16:44 +01:00
Jon Dufresne 769cee5252 Fixed #31327 -- Deprecated providing_args argument for Signal. 2020-03-05 09:38:52 +01:00
aryan fba5d3b6e6 Fixed #31289 -- Added hint for USERNAME_FIELD/REQUIRED_FIELDS system check. 2020-02-26 08:40:36 +01:00
Claude Paroz da4923ea87 Refs #27468 -- Made PasswordResetTokenGenerator use SHA-256 algorithm. 2020-02-12 21:46:56 +01:00
Nick Pope 335c9c94ac Simplified imports from django.db and django.contrib.gis.db. 2020-02-04 13:20:06 +01:00
Claude Paroz 5dabb6002e Updated translations from Transifex. 
Forwardport of ca4f87027e from stable/3.0.x
 2020-01-31 20:59:10 +01:00
Mariusz Felisiak b7a3a6c9ef
Used model's Options.label/label_lower where applicable. 2020-01-29 12:09:20 +01:00
Michael Mulholland 5a68a223c7 Fixed #31200 -- Added system checks for permissions codenames max length. 2020-01-23 12:22:59 +01:00
Mike Hansen 35d36d9462 Refs #30585 -- Updated project templates and tests to use (block)translate tags. 2019-12-18 13:15:38 +01:00
Simon Charette 5b1fbcef7a Fixed CVE-2019-19844 -- Used verified user email for password reset requests. 
Co-Authored-By: Florian Apolloner <florian@apolloner.eu>
 2019-12-18 09:11:39 +01:00
Baptiste Mispelon 3df3c5e670 Fixed #26480 -- Fixed crash of contrib.auth.authenticate() on decorated authenticate() methods of authentication backends. 
The Signature API (PEP 362) has better support for decorated functions
(by default, it follows the __wrapped__ attribute set by
functools.wraps for example).
 2019-12-10 09:36:30 +01:00
Carlton Gibson 6376278a90 Updated contrib translations from Transifex. 
Forward port of 4afa0e5d2a from stable/3.0.x
 2019-12-02 11:25:23 +01:00
Mariusz Felisiak e8fcdaad5c Fixed #31021 -- Fixed proxy model permissions data migration crash with a multiple databases setup. 
Regression in 98296f86b3.
 2019-11-29 08:23:01 +01:00
Jon Dufresne aa12cf07c9 Removed unnecessary numeric indexes in format strings. 2019-11-19 08:29:47 +01:00
Mariusz Felisiak 6e99585c19 Fixed #30941 -- Reverted "Simplified AuthenticationMiddleware a bit." 
This reverts commit 2f010795e6.
 2019-11-13 16:33:25 +01:00
Hasan Ramezani 4cec3cc82a Fixed #30977 -- Optimized PasswordResetForm.save() a bit. 
Moved site variables assignment outside of the loop.
 2019-11-11 10:40:04 +01:00
Jon Dufresne edeec1247e Passed strict=True to Path.resolve() to enforce that the path must exist. 2019-11-05 14:22:20 +01:00
Jon Dufresne b9fe7f9294 Fixed #30947 -- Changed tuples to lists in model Meta options in django.contrib modules. 
The Django "Model Meta options" docs provide examples and generally
point the reader to use lists for the unique_together and ordering
options. Follow our own advice for contrib models.

More generally, lists should be used for homogeneous sequences of
arbitrary lengths of which both unique_together and ordering are.
 2019-11-05 08:16:31 +01:00
Sergey Fedoseev 2f010795e6 Simplified AuthenticationMiddleware a bit. 
SimpleLazyObject already caches value in _wrapped.
 2019-10-29 13:20:13 +01:00
Sergey Fedoseev 0315c18fe1 Refs #26601 -- Removed obsolete workarounds for MIDDLEWARE_CLASSES setting. 2019-10-23 08:18:48 +02:00
Hasan Ramezani 226ebb1729 Fixed #28622 -- Allowed specifying password reset link expiration in seconds and deprecated PASSWORD_RESET_TIMEOUT_DAYS. 2019-09-20 13:52:04 +02:00
Sam Reynolds 6c9778a58e Fixed #30776 -- Restored max length validation on AuthenticationForm.UsernameField. 
Regression in 5ceaf14686.

Thanks gopackgo90 for the report and Mariusz Felisiak for tests.
 2019-09-18 11:37:38 +02:00
Carlton Gibson b5db65c4fb Increased the default PBKDF2 iterations for Django 3.1. 2019-09-12 17:24:01 +02:00
Mariusz Felisiak d17be88afd Refs #30037 -- Required the RemoteUserBackend.configure_user() to have request as the first positional argument. 
Per deprecation timeline.
 2019-09-10 12:01:00 +02:00
Claude Paroz 5495ea3ae0 Updated translation catalogs 2019-09-08 17:35:32 +02:00
Carlton Gibson 4f61810751 Fixed #30747 -- Renamed is_safe_url() to url_has_allowed_host_and_scheme(). 2019-09-02 15:32:23 +02:00
Nick Pope 999891bd80 Refs #29379 -- Moved autocomplete attribute to UsernameField. 
Moving the autocomplete attribute into UsernameField allows this to work
for custom forms making use of UsernameField, removes some duplication
in the code, and keeps consistency with the autocapitalize attribute
that is already defined on UsernameField.
 2019-09-02 10:50:56 +02:00
Berker Peksag 400ec5125e Fixed #18763 -- Added ModelBackend/UserManager.with_perm() methods. 
Co-authored-by: Nick Pope <nick.pope@flightdataservices.com>
 2019-08-29 19:32:12 +02:00
daniel a rios b5a5c92c72 Fixed #30066 -- Enabled super user creation without email and password 2019-08-29 12:49:16 +02:00
Hasan Ramezani 03dbdfd9bb Fixed #29019 -- Added ManyToManyField support to REQUIRED_FIELDS. 2019-08-26 14:48:40 +02:00
Hasan Ramezani a5308514fb Fixed #27801 -- Made createsuperuser fall back to environment variables for password and required fields. 2019-07-02 12:55:09 +02:00
Claude Paroz d54baf6970 Updated translations from Transifex 
Forward port of b3f7262e6e from stable/2.2.x
 2019-06-29 16:17:16 +02:00
Jon Dufresne 42b9a23267 Fixed #30400 -- Improved typography of user facing strings. 
Thanks Claude Paroz for assistance with translations.
 2019-06-28 16:46:18 +02:00
Aymeric Augustin 3ee0834a46 Fixed #30556 -- Avoided useless query and hasher call in ModelBackend.authenticate() when credentials aren't provided. 
There's no need to fetch a user instance from the database unless
a username and a password are provided as credentials.
 2019-06-10 11:12:31 +02:00
Hasan Ramezani dcb8f00d06 Fixed #29379 -- Added autocomplete attribute to contrib.auth.forms fields. 
Thank you to Nick Pope for review.

Co-authored-by: CHI Cheng <cloudream@gmail.com>
 2019-06-07 12:44:39 +02:00
Tobias Bengfort 581a0f4545 Refs #30226 -- Added User.get_user_permissions() method. 
Added to mirror the existing User.get_group_permissions().
 2019-06-05 13:56:37 +02:00
Tobias Bengfort 75337a6050 Fixed #30226 -- Added BaseBackend for authentication. 2019-06-05 13:39:46 +02:00
Rob 58df8aa40f Fixed #28780 -- Allowed specyfing a token parameter displayed in password reset URLs. 
Co-authored-by: Tim Givois <tim.givois.mendez@gmail.com>
 2019-05-24 08:40:25 +02:00
Mariusz Felisiak 2007e11d70
Forced utf-8 encoding when loading common passwords in CommonPasswordValidator. 
Previously we used `decode()` which defaults to utf-8. This change
restores previous behavior.

Follow up to 28eac41510.
 2019-05-23 08:39:16 +02:00
Jon Dufresne b711eafd2a Refs #30116 -- Removed unnecessary str() calls in CommonPasswordValidator. 
open() and gzip.open() supports path-like objects since Python 3.6.
 2019-05-22 19:47:28 +02:00
Brad Solomon 28eac41510 Improved performance of loading common passwords in CommonPasswordValidator. 
CommonPasswordValidator.__init__ previously called either splitlines or
readlines, creating an unneeded intermediate list in memory. For large
custom password files, this could be burdensome.
 2019-05-22 06:55:21 +02:00
Carlton Gibson 98296f86b3
Fixed #30351 -- Handled pre-existing permissions in proxy model permissions data migration. 
Regression in 181fb60159.
 2019-04-27 20:18:22 +02:00
Claude Paroz 3e01aab533 Updated contrib translations from Transifex. 
Forwardport of 7090cbf542 from 2.2.x.
 2019-04-01 12:22:15 +02:00
pmisteli 9410db9683 Fixed #30236 -- Made UsernameField render with autocapitalize="none" HTML attribute. 
This prevents automatic capitalization, which is the default behavior in
some browsers.
 2019-03-29 15:24:44 +01:00
Ryan J Schave cbf7e71558 Fixed #30257 -- Made UsernameValidators prohibit trailing newlines. 2019-03-22 13:16:25 -04:00
Claude Paroz a8e2a9bac6 Refs #15902 -- Deprecated storing user's language in the session. 2019-02-14 10:23:02 -05:00
Gregory N. Schmit 48c17807a9 Fixed #16027 -- Added app_label to ContentType.__str__(). 2019-02-07 19:56:47 -05:00
Nick Pope 24b82cd201 Fixed #30159 -- Removed unneeded use of OrderedDict. 
Dicts preserve order since Python 3.6.
 2019-02-06 13:48:39 -05:00
Jon Dufresne 7785e03ba8 Fixed #30137 -- Replaced OSError aliases with the canonical OSError. 
Used more specific errors (e.g. FileExistsError) as appropriate.
 2019-01-28 11:15:06 -05:00
Tim Graham 06670015f7 Increased the default PBKDF2 iterations for Django 3.0. 2019-01-17 11:15:27 -05:00
Arthur Rio 181fb60159 Fixed #11154, #22270 -- Made proxy model permissions use correct content type. 
Co-Authored-By: Simon Charette <charette.s@gmail.com>
Co-Authored-By: Antoine Catton <acatton@fusionbox.com>
 2019-01-16 10:07:28 -05:00
Claude Paroz 217f4456d8 Fetched Armenian translations from Transifex 2019-01-10 10:50:42 +01:00
Joshua Cannon db1b10ef0d Fixed #30037 -- Added request arg to RemoteUserBackend.configure_user(). 2019-01-09 20:01:04 -05:00
Tim Graham 0004daa536
Used 4 space hanging indent for dictionaries. 
Thanks Mariusz Felisiak for auditing.
 2019-01-02 18:18:19 -05:00
Matt Wiens e817ae74da Followed style guide for model attribute ordering. 2018-12-27 19:34:14 -05:00
Mathew Payne 26bb2611a5 Fixed #29952 -- Lowercased all passwords in contrib.auth's auth/common-passwords.txt.gz. 2018-11-15 14:11:03 -05:00
Timothy Allen e819554018 Fixed #29939 -- Increased Group.name max_length to 150 characters. 2018-11-14 15:13:34 -05:00
Jon Dufresne c82893cb8c Refs #27795 -- Removed force_bytes() usage from django/utils/http.py. 
django.utils.http.urlsafe_base64_encode() now returns a string, not a
bytestring. Since URLs are represented as strings,
urlsafe_base64_encode() should return a string. All uses immediately
decoded the bytestring to a string anyway.

As the inverse operation, urlsafe_base64_decode() accepts a string.
 2018-10-10 14:38:22 -04:00
Tim Graham a7284cc0c3 Fixed #29809 -- Fixed a crash when a "view only" user POSTs to the admin user change form. 2018-10-01 10:09:50 +02:00
Carlton Gibson bf39978a53 Fixed CVE-2018-16984 -- Fixed password hash disclosure to admin "view only" users. 
Thanks Claude Paroz & Tim Graham for collaborating on the patch.
 2018-10-01 10:05:01 +02:00
Claude Paroz 033d842e84 Updated translations from Transifex 
Forward port of d5ed08263b from master.
 2018-09-29 17:11:49 +02:00
Sergey Fedoseev 8ef8bc0f64 Refs #28909 -- Simplifed code using unpacking generalizations. 2018-09-28 09:57:12 -04:00
Ramon Saraiva 2349cbd909 Fixed #29782 -- Added better error message when filtering queryset with AnonymousUser. 2018-09-26 15:36:19 -04:00
Stephen James e40e7026ca Fixed #29683 -- Added view permission to docs. 2018-09-26 15:06:43 -04:00
Jon Dufresne 8d87350356 Refs #27795 -- Removed force_bytes() usage in contrib/auth/handlers/modwsgi.py. 2018-09-26 11:16:59 -04:00
Andrey Kostakov c52ecbda61 Removed shadowing of built-in hash() function. 2018-09-13 10:04:36 -04:00
Alexander Todorov 53ebd4cb13 Fixed #29686 -- Made UserAdmin.user_change_password() pass user to has_change_permission(). 2018-08-17 17:43:00 -04:00
Josh Schneier 8b43e9b1af Fixed #29616 -- Fixed createsuperuser for user models that don't have a password field. 2018-08-05 14:26:03 -04:00
Josh Schneier ec9d0123e0 Made createsuperuser code more DRY. 2018-08-04 09:38:01 -04:00
Josh Schneier 793e9bb35a Fixed #29628 -- Made createsuperuser validate password against username and required fields. 2018-08-04 08:44:25 -04:00
luz.paz 97e637a87f Fixed typos in comments and docs. 2018-08-01 16:09:22 -04:00
Claude Paroz 287fef8693 Updated contrib translations from Transifex 
Forwardport of cbf7e7dc52 from stable/2.1.x.
 2018-08-01 09:24:06 -04:00
Tim Graham f3fa86a89b Fixed #29449 -- Reverted "Fixed #28757 -- Allowed using contrib.auth forms without installing contrib.auth." 
This reverts commit 3333d935d2 due to
a crash if USERNAME_FIELD isn't a CharField.
 2018-07-02 18:39:26 -04:00
Claude Paroz eac9ab7ebb Removed parser.add_arguments() arguments that match the defaults. 2018-07-02 17:54:57 -04:00
Claude Paroz bec651a427 Fixed #10827 -- Ensured ContentTypes are created before permission creation. 2018-06-03 22:19:04 -04:00
Dohyeon Kim f1f4aeb22e Fixed #28044 -- Unified the logic for createsuperuser's interactive and --noinput modes. 2018-05-29 08:41:32 -04:00
Tim Graham 9792af3648 Increased the default PBKDF2 iterations for Django 2.2. 2018-05-17 11:05:45 -04:00