Commit Graph

1004 Commits

Author SHA1 Message Date
Rob 58df8aa40f Fixed #28780 -- Allowed specyfing a token parameter displayed in password reset URLs.
Co-authored-by: Tim Givois <tim.givois.mendez@gmail.com>
2019-05-24 08:40:25 +02:00
Mariusz Felisiak 2007e11d70
Forced utf-8 encoding when loading common passwords in CommonPasswordValidator.
Previously we used `decode()` which defaults to utf-8. This change
restores previous behavior.

Follow up to 28eac41510.
2019-05-23 08:39:16 +02:00
Jon Dufresne b711eafd2a Refs #30116 -- Removed unnecessary str() calls in CommonPasswordValidator.
open() and gzip.open() supports path-like objects since Python 3.6.
2019-05-22 19:47:28 +02:00
Brad Solomon 28eac41510 Improved performance of loading common passwords in CommonPasswordValidator.
CommonPasswordValidator.__init__ previously called either splitlines or
readlines, creating an unneeded intermediate list in memory. For large
custom password files, this could be burdensome.
2019-05-22 06:55:21 +02:00
Carlton Gibson 98296f86b3
Fixed #30351 -- Handled pre-existing permissions in proxy model permissions data migration.
Regression in 181fb60159.
2019-04-27 20:18:22 +02:00
Claude Paroz 3e01aab533 Updated contrib translations from Transifex.
Forwardport of 7090cbf542 from 2.2.x.
2019-04-01 12:22:15 +02:00
pmisteli 9410db9683 Fixed #30236 -- Made UsernameField render with autocapitalize="none" HTML attribute.
This prevents automatic capitalization, which is the default behavior in
some browsers.
2019-03-29 15:24:44 +01:00
Ryan J Schave cbf7e71558 Fixed #30257 -- Made UsernameValidators prohibit trailing newlines. 2019-03-22 13:16:25 -04:00
Claude Paroz a8e2a9bac6 Refs #15902 -- Deprecated storing user's language in the session. 2019-02-14 10:23:02 -05:00
Gregory N. Schmit 48c17807a9 Fixed #16027 -- Added app_label to ContentType.__str__(). 2019-02-07 19:56:47 -05:00
Nick Pope 24b82cd201 Fixed #30159 -- Removed unneeded use of OrderedDict.
Dicts preserve order since Python 3.6.
2019-02-06 13:48:39 -05:00
Jon Dufresne 7785e03ba8 Fixed #30137 -- Replaced OSError aliases with the canonical OSError.
Used more specific errors (e.g. FileExistsError) as appropriate.
2019-01-28 11:15:06 -05:00
Tim Graham 06670015f7 Increased the default PBKDF2 iterations for Django 3.0. 2019-01-17 11:15:27 -05:00
Arthur Rio 181fb60159 Fixed #11154, #22270 -- Made proxy model permissions use correct content type.
Co-Authored-By: Simon Charette <charette.s@gmail.com>
Co-Authored-By: Antoine Catton <acatton@fusionbox.com>
2019-01-16 10:07:28 -05:00
Claude Paroz 217f4456d8 Fetched Armenian translations from Transifex 2019-01-10 10:50:42 +01:00
Joshua Cannon db1b10ef0d Fixed #30037 -- Added request arg to RemoteUserBackend.configure_user(). 2019-01-09 20:01:04 -05:00
Tim Graham 0004daa536
Used 4 space hanging indent for dictionaries.
Thanks Mariusz Felisiak for auditing.
2019-01-02 18:18:19 -05:00
Matt Wiens e817ae74da Followed style guide for model attribute ordering. 2018-12-27 19:34:14 -05:00
Mathew Payne 26bb2611a5 Fixed #29952 -- Lowercased all passwords in contrib.auth's auth/common-passwords.txt.gz. 2018-11-15 14:11:03 -05:00
Timothy Allen e819554018 Fixed #29939 -- Increased Group.name max_length to 150 characters. 2018-11-14 15:13:34 -05:00
Jon Dufresne c82893cb8c Refs #27795 -- Removed force_bytes() usage from django/utils/http.py.
django.utils.http.urlsafe_base64_encode() now returns a string, not a
bytestring. Since URLs are represented as strings,
urlsafe_base64_encode() should return a string. All uses immediately
decoded the bytestring to a string anyway.

As the inverse operation, urlsafe_base64_decode() accepts a string.
2018-10-10 14:38:22 -04:00
Tim Graham a7284cc0c3 Fixed #29809 -- Fixed a crash when a "view only" user POSTs to the admin user change form. 2018-10-01 10:09:50 +02:00
Carlton Gibson bf39978a53 Fixed CVE-2018-16984 -- Fixed password hash disclosure to admin "view only" users.
Thanks Claude Paroz & Tim Graham for collaborating on the patch.
2018-10-01 10:05:01 +02:00
Claude Paroz 033d842e84 Updated translations from Transifex
Forward port of d5ed08263b from master.
2018-09-29 17:11:49 +02:00
Sergey Fedoseev 8ef8bc0f64 Refs #28909 -- Simplifed code using unpacking generalizations. 2018-09-28 09:57:12 -04:00
Ramon Saraiva 2349cbd909 Fixed #29782 -- Added better error message when filtering queryset with AnonymousUser. 2018-09-26 15:36:19 -04:00
Stephen James e40e7026ca Fixed #29683 -- Added view permission to docs. 2018-09-26 15:06:43 -04:00
Jon Dufresne 8d87350356 Refs #27795 -- Removed force_bytes() usage in contrib/auth/handlers/modwsgi.py. 2018-09-26 11:16:59 -04:00
Andrey Kostakov c52ecbda61 Removed shadowing of built-in hash() function. 2018-09-13 10:04:36 -04:00
Alexander Todorov 53ebd4cb13 Fixed #29686 -- Made UserAdmin.user_change_password() pass user to has_change_permission(). 2018-08-17 17:43:00 -04:00
Josh Schneier 8b43e9b1af Fixed #29616 -- Fixed createsuperuser for user models that don't have a password field. 2018-08-05 14:26:03 -04:00
Josh Schneier ec9d0123e0 Made createsuperuser code more DRY. 2018-08-04 09:38:01 -04:00
Josh Schneier 793e9bb35a Fixed #29628 -- Made createsuperuser validate password against username and required fields. 2018-08-04 08:44:25 -04:00
luz.paz 97e637a87f Fixed typos in comments and docs. 2018-08-01 16:09:22 -04:00
Claude Paroz 287fef8693 Updated contrib translations from Transifex
Forwardport of cbf7e7dc52 from stable/2.1.x.
2018-08-01 09:24:06 -04:00
Tim Graham f3fa86a89b Fixed #29449 -- Reverted "Fixed #28757 -- Allowed using contrib.auth forms without installing contrib.auth."
This reverts commit 3333d935d2 due to
a crash if USERNAME_FIELD isn't a CharField.
2018-07-02 18:39:26 -04:00
Claude Paroz eac9ab7ebb Removed parser.add_arguments() arguments that match the defaults. 2018-07-02 17:54:57 -04:00
Claude Paroz bec651a427 Fixed #10827 -- Ensured ContentTypes are created before permission creation. 2018-06-03 22:19:04 -04:00
Dohyeon Kim f1f4aeb22e Fixed #28044 -- Unified the logic for createsuperuser's interactive and --noinput modes. 2018-05-29 08:41:32 -04:00
Tim Graham 9792af3648 Increased the default PBKDF2 iterations for Django 2.2. 2018-05-17 11:05:45 -04:00
olivierdalang 825f0beda8 Fixed #8936 -- Added a view permission and a read-only admin.
Co-authored-by: Petr Dlouhy <petr.dlouhy@email.cz>
Co-authored-by: Olivier Dalang <olivier.dalang@gmail.com>
2018-05-16 06:44:55 -04:00
Tim Graham cae0107287 Increased the default PBKDF2 iterations for Django 2.1. 2018-05-13 20:06:20 -04:00
Tom 11b8c30b9e Ref #23919 -- Replaced some os.path usage with pathlib.Path. 2018-04-19 21:30:00 -04:00
GS-14 93331877c8 Fixed #29274 -- Increased the number of common passwords from 1k to 20k. 2018-04-16 11:01:47 -04:00
Tim Graham 85d853b2d3
Fixed #29289 -- Clarified PasswordResetTokenGenerator comment regarding the data hashed to generate tokens.
Thanks Luke Plant for the draft text.
2018-04-06 11:05:51 -04:00
Malte Gerth 874977d388 Fixed #29270 -- Fixed UserChangeForm crash if password field is excluded. 2018-03-29 15:25:54 -04:00
Abeer Upadhyay 1bf4646f91 Fixed #29258 -- Added type checking for login()'s backend argument. 2018-03-28 10:10:18 -04:00
Tim Graham a4f0e9aec7 Fixed #28718 -- Allowed user to request a password reset if their password doesn't use an enabled hasher.
Regression in aeb1389442.
Reverted changes to is_password_usable() from
703c266682 and documentation changes from
92f48680db.
2018-03-22 10:03:43 -04:00
Mattia Procopio aeb8c38178 Fixed #29206 -- Fixed PasswordResetConfirmView crash when the URL contains a non-UUID where one is expected. 2018-03-15 21:33:15 -04:00
ovalseven8 821e304cc4 Corrected User model docstring about required fields.
Follow up to 841a87785a.
2018-03-04 15:24:36 -05:00