innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
17,714 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

642 Commits

Author SHA1 Message Date
Aymeric Augustin 69039becde Deprecated get_app(). 2013-12-17 10:17:45 +01:00
Aymeric Augustin 8662654d6d Removed module-level functions for the app cache. 
Since the original ones in django.db.models.loading were kept only for
backwards compatibility, there's no need to recreate them. However, many
internals of Django still relied on them.

They were also imported in django.db.models. They never appear in the
documentation, except a quick mention of get_models and get_app in the
1.2 release notes to document an edge case in GIS. I don't think that
makes them a public API.

This commit doesn't change the overall amount of global state but
clarifies that it's tied to the app_cache object instead of hiding it
behind half a dozen functions.
 2013-12-17 10:17:44 +01:00
Aymeric Augustin 860c2c8bc5 Moved django.db.models.loading to django.apps.cache. 
This commit doesn't contain any code changes; it's purely a refactoring.
 2013-12-17 10:17:43 +01:00
Bartolomé Sánchez 8f994f1bcc Fixed #21250 -- Made HTTP auth user header configurable in tests 
Currently, if the authentication mechanism uses a custom HTTP header
and not REMOTE_USER, it is not easy to test. This commit modifies
remote user tests in order to make them more generic.
 2013-12-14 13:02:56 -05:00
Loic Bistuer 6685713869 Fixed E127 pep8 warnings. 2013-12-14 11:59:15 -05:00
Ludwik Trammer 9922ed46e2 Fixed #21473 -- Limited language preservation to logout 
Current language is no longer saved to session by LocaleMiddleware
on  every response (the behavior introduced in #14825).
Instead language stored in session is reintroduced into new session
after logout.

Forward port of c558a43fd6 to master.
 2013-12-12 10:24:43 +01:00
Loic Bistuer a2814846ca Fixed E124 pep8 warnings. 2013-12-10 15:12:48 -05:00
Tim Graham fddb0131d3 Fixed #21535 -- Fixed password hash iteration upgrade. 
Thanks jared_mess for the report.
 2013-11-30 14:18:37 -05:00
Tim Graham f3e7ab366c Removed gender-based pronouns per [c0a2daad78]. 2013-11-30 08:37:15 -05:00
Alex Gaynor 9af7e18f35 Fixed an unescisarily gendered pronoun in a docstring 2013-11-29 16:57:36 -06:00
Christopher Medrela 7477a4ffde Fixed E125 pep8 warnings 2013-11-28 08:50:11 -05:00
Matt Robenolt 3560ef043e Propagate get_user_model exception from get_user 
Fixes #21439
 2013-11-14 12:02:26 -08:00
Bouke Haarsma 4142d15102 Fixed #21388 -- Corrected language code for Frisian 2013-11-11 13:34:01 +01:00
Tim Graham d15985d81f Fixed #21398 -- Fixed BCryptSHA256PasswordHasher with py-bcrypt and Python 3. 
Thanks arjan at anymore.nl for the report.
 2013-11-09 10:11:50 -05:00
Ramiro Morales a9093dd376 Fixed #21387 -- Merge two very similar help texts. 2013-11-06 00:35:20 -03:00
Tim Graham 36ded01527 Fixed #21302 -- Fixed unused imports and import *. 2013-11-02 15:24:56 -04:00
Alex Gaynor 726ded5708 Started attackign the next flake8 violation 2013-10-31 08:42:28 -07:00
Alex Gaynor 9bf5610890 Start attacking E231 violations 2013-10-24 10:30:03 -07:00
Alasdair Nicol c3aa2948c6 Fixed #21298 -- Fixed E301 pep8 warnings 2013-10-23 13:45:03 +01:00
Tim Graham 1597503a01 Fixed E221 pep8 warnings. 2013-10-22 09:51:39 -04:00
Loic Bistuer e565e1332d Fixed #21275 -- Fixed a serializer error when generating migrations for contrib.auth. 
The migration serializer now looks for a deconstruct method on any object.
 2013-10-21 14:54:52 -04:00
Florian Apolloner 7d0d0dbf26 Force update of the password on iteration count changes. 2013-10-21 20:31:28 +02:00
Alasdair Nicol b289fcf1bf Fixed #21288 -- Fixed E126 pep8 warnings 2013-10-21 08:31:30 -04:00
Claude Paroz 5f52590368 Fixed #21291 -- Ensured inactive users cannot reset their passwords 
Thanks kz26 for the report and the suggested fix. Refs #19758.
 2013-10-19 10:43:06 +02:00
Claude Paroz 59a8808632 Cleaned formatting/comments in PasswordResetFormTest 2013-10-19 10:43:06 +02:00
Tim Graham ac4fec5ca2 Fixed bug causing CSRF token not to rotate on login. 
Thanks Gavin McQuillan for the report.
 2013-10-18 08:31:19 -04:00
Alasdair Nicol a800036981 Fixed #21287 -- Fixed E123 pep8 warnings 2013-10-18 10:07:39 +01:00
Alasdair Nicol bab9123daa Fixed #21268 -- Fixed E303 pep8 warnings 2013-10-18 01:46:24 +01:00
Alasdair Nicol dfb4cb9970 Fixed #21285 -- Fixed E121,E122 pep8 warnings 2013-10-17 20:20:11 -04:00
Bouke Haarsma 2fb5a51fa3 Fixed #18659 -- Deprecated request.REQUEST and MergeDict 
Thanks Aymeric Augustin for the suggestion.
 2013-10-17 09:42:28 -04:00
Tim Graham 91c77eeab8 Avoided hardcoding Permission.name max_length 
refs #18866.
 2013-10-16 11:31:07 -04:00
joaoxsouls 1ab27e9a65 Fixed #18866 -- added validation error for verbose_name longer than 39 characters 
Added a validation error check when creating the permissions for model, to avoid
cryptic database error when the verbose_name is longer than 39 characters
thanks elena for reporting it
 2013-10-14 14:19:35 +01:00
Claude Paroz ef22d512b5 Imported custom user classes in tests depending on it 
Without those imports, affected test files cannot be run
independently. Refs #21164.
 2013-10-14 10:14:24 +02:00
Tim Graham 1dae4ac177 Whitespace cleanup. 
* Removed trailing whitespace.
* Added newline to EOF if missing.
* Removed blank lines at EOF.
* Removed some stray tabs.
 2013-10-10 16:49:20 -04:00
Tim Graham adedc31072 Fixed "redefinition of unused 'foo' from line X" pyflakes warnings. 2013-10-10 11:09:42 -04:00
Russell Keith-Magee ddb53856b6 Fixed #21164 -- Added documentation for issue with test users. 
The package renaming restores the older package names (which were also the
documented package names). This doesn't affect test discovery because the
module in question doesn't contain any tests.

Thanks to Carl for the design discussion.
 2013-10-08 10:32:56 +08:00
Tim Graham 1285ca67eb Fixed #16919 -- Passed user to set_password_form in GET requests. 
Thanks Jaime Irurzun for the report and initial patch and
ejucovy for the test.
 2013-10-02 13:28:15 -04:00
Florian Apolloner 5d74853e15 Revert "Ensure that passwords are never long enough for a DoS." 
This reverts commit aae5a96d57.

This fix is no longer necessary, our pbkdf2 (see next commit) implementation
no longer rehashes the password every iteration.
 2013-09-24 21:01:21 +02:00
Michał Lech 53c7d66869 Marked PermissionsMixin.user_permissions help_text for translation 2013-09-24 07:36:24 -04:00
Aymeric Augustin a5b062576b Removed a few trailing backslashes. 
We have always been at war with trailing backslashes.
 2013-09-22 14:04:10 +02:00
Paul McMillan a075e2ad0d Increase default PBKDF2 iterations 
Increases the default PBKDF2 iterations, since computers have gotten
faster since 2011. In the future, we plan to increment by 10% per
major version.
 2013-09-19 18:02:25 +01:00
Tim Graham 18ffdb1772 Fixed #17627 -- Renamed util.py files to utils.py 
Thanks PaulM for the suggestion and Luke Granger-Brown and
Wiktor Kołodziej for the initial patch.
 2013-09-16 12:52:05 -04:00
Russell Keith-Magee aae5a96d57 Ensure that passwords are never long enough for a DoS. 
* Limit the password length to 4096 bytes
  * Password hashers will raise a ValueError
  * django.contrib.auth forms will fail validation
* Document in release notes that this is a backwards incompatible change

Thanks to Josh Wright for the report, and Donald Stufft for the patch.

This is a security fix; disclosure to follow shortly.
 2013-09-15 13:42:23 +08:00
Gregor MacGregor b2b763448f Fixed #20841 -- Added messages to NotImplementedErrors 
Thanks joseph at vertstudios.com for the suggestion.
 2013-09-10 11:09:59 -04:00
Alex Gaynor 96fd5557f9 Removed a ton of unused local vars 2013-09-08 08:05:16 -07:00
Alex Gaynor 2530735d2d Fixed a number of flake8 errors -- particularly around unused imports and local variables 2013-09-06 21:56:40 -07:00
Aymeric Augustin 6a6428a36f Took advantage of django.utils.six.moves.urllib.*. 2013-09-05 14:39:23 -05:00
Aymeric Augustin 365c3e8b73 Replaced "not PY3" by "PY2", new in six 1.4.0. 2013-09-02 12:11:02 +02:00
Simon Charette 11cd7388f7 Fixed #20989 -- Removed useless explicit list comprehensions. 2013-08-30 10:57:51 -04:00
Tim Graham c7d0ff0cad Fixed #20989 -- Removed explicit list comprehension inside dict() and tuple() 
Thanks jeroen.pulles at redslider.net for the suggestion and
helper script.
 2013-08-29 12:11:03 -04:00
Tim Graham cf8d6e9108 Fixed #20881 -- Removed contrib.auth.models.AbstractUser.get_absolute_url() 
The definition is arbitrary and creates a broken "view on site"
link in the admin if a project doesn't define such a URL.
 2013-08-29 06:36:35 -04:00
Michał Górny b89c2a5d9e Fixed #18171 -- Checked signature of authenticate() to avoid supressing TypeErrors. 
The current auth backend code catches TypeError to detect backends that
do not support specified argumetnts. As a result, any TypeErrors raised
within the actual backend code are silenced.

In Python 2.7+ and 3.2+ this can be avoided by using inspect.getcallargs().
With this method, we can test whether arguments match the signature without
actually calling the function.

Thanks David Eyk for the report.
 2013-08-28 07:51:45 -04:00
Andrew Godwin b6a957f0ba Merge remote-tracking branch 'core/master' into schema-alteration 
Conflicts:
	docs/ref/django-admin.txt
 2013-08-19 18:30:48 +01:00
Claude Paroz 165f44aaaa Combine consecutive with statements 
Python 2.7 allows to combine several 'with' instructions.
 2013-08-16 20:12:10 +02:00
SusanTan 71c491972e Fixed #11400 -- Passed kwargs from AbstractUser.email_user() to send_mail() 
Thanks Jug_ for suggestion, john_scott for the initial patch,
and Tim Graham for code review.
 2013-08-14 07:46:11 -04:00
Jacob Kaplan-Moss ae3535169a Fixed is_safe_url() to reject URLs that use a scheme other than HTTP/S. 
This is a security fix; disclosure to follow shortly.
 2013-08-13 11:06:22 -05:00
ersran9 00d23a13eb Fixed #20828 -- Allowed @permission_required to take a list of permissions 
Thanks Giggaflop for the suggestion.
 2013-08-10 10:10:18 -04:00
Tim Graham 453915bb12 SQLite test fix -- refs #9057 2013-08-09 10:57:25 -04:00
Andrew Godwin 588b523233 Merge remote-tracking branch 'core/master' into schema-alteration 
Conflicts:
	django/db/models/options.py
 2013-08-09 14:37:37 +01:00
Tim Graham ddae74b64c Fixed #9057 -- Added default_permissions model meta option. 
Thanks hvendelbo for the suggestion and koenb for the draft patch.
 2013-08-09 09:19:52 -04:00
Andrew Godwin de64c4d6e9 Merge remote-tracking branch 'core/master' into schema-alteration 
Conflicts:
	django/core/management/commands/flush.py
	django/core/management/commands/syncdb.py
	django/db/models/loading.py
	docs/internals/deprecation.txt
	docs/ref/django-admin.txt
	docs/releases/1.7.txt
 2013-08-09 14:17:30 +01:00
Justin Michalicek 6d88d47be6 Fixed #20832 -- Enabled HTML password reset email 
Added optional html_email_template_name parameter to password_reset view
and PasswordResetForm.
 2013-08-05 09:47:28 -04:00
Alex Gaynor 3e0eb2d788 Fixed a number of lint warnings, particularly around unused variables. 2013-08-04 09:17:10 -07:00
Curtis Maloney 07876cf02b Deprecated SortedDict (replaced with collections.OrderedDict) 
Thanks Loic Bistuer for the review.
 2013-08-04 07:09:39 -04:00
Tim Graham 425d076d0c Fixed #18923 -- Corrected usage of sensitive_post_parameters in contrib.auth 
Thanks Collin Anderson for the report.
 2013-08-02 14:46:17 -04:00
Tim Graham a1889397a9 Fixed #12103 -- Added AuthenticationForm.confirm_login_allowed to allow customizing the logic policy. 
Thanks ejucovy and lasko for work on the patch.
 2013-07-31 13:54:05 -04:00
Aymeric Augustin 5b47a9c5a0 Fixed a test that could fail depending on PASSWORD_HASHERS. 
Thanks Claude. Refs #20760.
 2013-07-30 16:14:53 +02:00
Andrew Godwin 12e9804d16 Rename allow_syncdb to allow_migrate 2013-07-30 12:08:59 +01:00
Andrew Godwin 68e0a169c4 Rename pre_ and post_syncdb to *_migrate, with aliases from old names 2013-07-30 11:52:52 +01:00
Claude Paroz fdd7a355bf Deprecated django.utils.importlib 
This was a shim for pre-Python 2.7 support.
 2013-07-29 17:10:22 +02:00
Serge G. Spaolonzi e07e4030b9 Fixed #18511 -- Cleaned up admin password reset template titles. 2013-07-27 14:23:04 -04:00
Aymeric Augustin 5dbca13f3b Fixed #20760 -- Reduced timing variation in ModelBackend. 
Thanks jpaglier and erikr.
 2013-07-23 15:43:12 +02:00
Kirill Fomichev 33242fe015 Fixed #19019 -- Fixed UserAdmin to log password change. 
Thanks Tuttle for the report.
 2013-07-23 08:33:07 -04:00
Loic Bistuer 3a00229189 Cleaned up UserAdmin.get_form() that worked around a bug fixed in 23e1b59. 
Refs #18681.
 2013-07-18 23:59:45 +07:00
Tim Graham f407f75aae Fixed #20673 -- Clarified that HttpRequest.user uses AUTH_USER_MODEL. 
Thanks littlepig for the report.
 2013-07-04 09:32:32 -04:00
Simon Charette 8759778185 Fixed #20675 -- `check_password` should work when no password is specified. 
The regression was introduced by 2c4fe761a. refs #20593.
 2013-07-03 14:09:58 -04:00
Aymeric Augustin cfcf4b3605 Stopped using django.utils.unittest in the test suite. 
Refs #20680.
 2013-07-01 14:29:33 +02:00
Ramiro Morales d51b7794bf Removed django.contrib.auth.views.password_reset_confirm_uidb36() view to finish its accelerated deprecation schedule. 2013-06-29 12:22:15 -03:00
Claude Paroz 6118d6d1c9 More import removals 
Following the series of commits removing deprecated features in
Django 1.7, here are some more unneeded imports removed and other
minor cleanups.
 2013-06-29 11:58:36 +02:00
Aymeric Augustin c8756e17fb Removed obsolete comment. Refs #20079. 
Thanks Gavin Wahl.
 2013-06-29 11:42:34 +02:00
Ramiro Morales c196564132 Removed custom profile model functionality as per deprecation TL. 2013-06-28 21:48:16 -03:00
Ramiro Morales f02a703ca6 Removed AuthenticationForm.check_for_test_cookie() as per deprecation TL. 2013-06-28 21:48:15 -03:00
Andrew Godwin f325f86971 Fixed #20244: PermissionsMixin now defines a related_query_name for M2Ms 2013-06-27 15:44:22 +01:00
Anton Baklanov cab333cb16 Fixed #20541 -- don't raise db signals twice when creating superuser 2013-06-27 05:58:01 -04:00
Tim Graham 1184d07789 Fixed #14881 -- Modified password reset to work with a non-integer UserModel.pk. 
uid is now base64 encoded in password reset URLs/views. A backwards compatible
password_reset_confirm view/URL will allow password reset links generated before
this change to continue to work. This view will be removed in Django 1.7.

Thanks jonash for the initial patch and claudep for the review.
 2013-06-26 13:11:47 -04:00
Simon Charette b91787910c Fixed #20642 -- Deprecated `Option.get_(add|change|delete)_permission`. 
Those methods were only used by `contrib.admin` internally and exclusively
related to `contrib.auth`. Since they were undocumented but used
in the wild the raised deprecation warning point to an also undocumented
alternative that lives in `contrib.auth`.

Also did some PEP8 and other cleanups in the affected modules.
 2013-06-25 12:22:37 -04:00
Loic Bistuer 7462a78c1b Fixed #20288 -- Fixed inconsistency in the naming of the popup GET parameter. 
Thanks to Keryn Knight for the initial report and reviews,
and to tomask for the original patch.
 2013-06-19 22:16:16 +02:00
Aymeric Augustin ffcf24c9ce Removed several unused imports. 2013-06-19 17:18:40 +02:00
Erik Romijn aeb1389442 Fixed #20079 -- Improve security of password reset tokens 2013-06-18 20:02:00 +02:00
Erik Romijn 2c4fe761a0 Fixed #20593 -- Allow blank passwords in check_password() and set_password() 2013-06-18 13:32:54 -04:00
Loic Bistuer ee77d4b253 Fixed #20199 -- Allow ModelForm fields to override error_messages from model fields 2013-06-18 08:01:17 -04:00
Claude Paroz beb652e069 Worked around Python 3.3 modified exception repr 
Refs #20599.
 2013-06-15 11:14:59 +02:00
Jaap Roes 990f8d92dc Fixed #20599 -- Changed wording of ValueError raised by _load_library 
The _load_library method on BasePasswordHasher turns ImportErrors
into ValueErrors, this masks ImportErrors in the algorithm library.
Changed it to a clearer worded error message that includes
the ImportError string.
 2013-06-15 10:50:55 +02:00
Aymeric Augustin c6e6d4eeb7 Defined available_apps in relevant tests. 
Fixed #20483.
 2013-06-10 11:30:01 +02:00
Aymeric Augustin 4daf570b98 Added TransactionTestCase.available_apps. 
This can be used to make Django's test suite significantly faster by
reducing the number of models for which content types and permissions
must be created and tables must be flushed in each non-transactional
test.

It's documented for Django contributors and committers but it's branded
as a private API to preserve our freedom to change it in the future.

Most of the credit goes to Anssi. He got the idea and did the research.

Fixed #20483.
 2013-06-10 11:24:10 +02:00
Chris Streeter 69373f3420 Fixed #19925 - Added validation for REQUIRED_FIELDS being a list 
Thanks Roman Alexander for the suggestion.
 2013-06-07 19:58:41 -04:00
Gavin Wahl 4f4e9243e4 Fixed #20532 -- Reverse auth views by name, not by path. 
Auth views should be reversed by name, not their locations in
`django.contrib.auth.views`. This allows substituting your own
implementations of the auth views.
 2013-06-03 13:30:40 -04:00
Gavin Wahl 01ae881bb4 Don't hard-code class names when calling static methods 
normalize_email should be called on the instance, not the class. This
has the same effect normally but is more helpful to subclassers. When
methods are called directly on the class, subclasses can't override
them.
 2013-05-29 16:11:26 -06:00
Ramiro Morales 0fa8d43e74 Replaced `and...or...` constructs with PEP 308 conditional expressions. 2013-05-26 23:47:50 -03:00
Preston Holmes d228c1192e Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation. 
SuspiciousOperations have been differentiated into subclasses, and
are now logged to a 'django.security.*' logger. SuspiciousOperations
that reach django.core.handlers.base.BaseHandler will now return a 400
instead of a 500.

Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft
for review.
 2013-05-25 16:27:34 -07:00