innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
14,857 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

496 Commits

Author SHA1 Message Date
Gavin Wahl 4f4e9243e4 Fixed #20532 -- Reverse auth views by name, not by path. 
Auth views should be reversed by name, not their locations in
`django.contrib.auth.views`. This allows substituting your own
implementations of the auth views.
 2013-06-03 13:30:40 -04:00
Gavin Wahl 01ae881bb4 Don't hard-code class names when calling static methods 
normalize_email should be called on the instance, not the class. This
has the same effect normally but is more helpful to subclassers. When
methods are called directly on the class, subclasses can't override
them.
 2013-05-29 16:11:26 -06:00
Ramiro Morales 0fa8d43e74 Replaced `and...or...` constructs with PEP 308 conditional expressions. 2013-05-26 23:47:50 -03:00
Preston Holmes d228c1192e Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation. 
SuspiciousOperations have been differentiated into subclasses, and
are now logged to a 'django.security.*' logger. SuspiciousOperations
that reach django.core.handlers.base.BaseHandler will now return a 400
instead of a 500.

Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft
for review.
 2013-05-25 16:27:34 -07:00
Andrew Godwin 1514f17aa6 Rotate CSRF token on login 2013-05-24 22:15:08 +01:00
Baptiste Mispelon 3cb1e9b93c Fix test failure introduced by 980ae2ab29. 2013-05-19 16:51:36 +02:00
Baptiste Mispelon 980ae2ab29 Fix #20447: URL names given to contrib.auth.views are now resolved. 
This commit also adds tests for the redirect feature of most auth views.
It also cleans up the tests, most notably using @override_settings instead
of ad-hoc setUp/tearDown methods.

Thanks to caumons for the report.

Conflicts:
	docs/releases/1.6.txt
 2013-05-19 14:36:38 +02:00
Peter Inglesby cafcc22b01 Typo in comment 2013-05-19 09:28:36 +02:00
Claude Paroz 710c59bf9b Slightly reworked imports in contrib.auth.__init__ 2013-05-18 16:01:47 +02:00
Jorge Bastida dc43fbc2f2 Fixed #18998 - Prevented session crash when auth backend removed 
Removing a backend configured in AUTHENTICATION_BACKENDS should not
raise an exception for existing sessions, but should make already
logged-in users disconnect.
Thanks Bradley Ayers for the report.
 2013-05-18 15:58:29 +02:00
Jacob Burch 340115200f Fixed #20432 -- Test failure in admin_views. 
The failure was triggered by a cache leak.
 2013-05-18 13:13:33 +02:00
Mark Huang 0732c8e8c6 Fixed #20357 -- Allow empty username field label in `AuthentificationForm`. 2013-05-16 11:41:52 -04:00
Donald Stufft 8f0a4665d6 Recommend using the bcrypt library instead of py-bcrypt 
* py-bcrypt has not been updated in some time
* py-bcrypt does not support Python3
* py3k-bcrypt, a port of py-bcrypt to python3 is not compatible
  with Django
* bcrypt is supported on all versions of Python that Django
  supports
 2013-05-13 23:49:00 -04:00
Donald Stufft 3070e8f711 Properly force bytes or str for bcrypt on Python3 2013-05-11 11:16:06 -04:00
Carl Meyer 9012833af8 Fixed #17365, #17366, #18727 -- Switched to discovery test runner. 
Thanks to Preston Timmons for the bulk of the work on the patch, especially
updating Django's own test suite to comply with the requirements of the new
runner. Thanks also to Jannis Leidel and Mahdi Yusuf for earlier work on the
patch and the discovery runner.

Refs #11077, #17032, and #18670.
 2013-05-10 23:08:45 -04:00
Luke Plant f026a519ae Fixed #19733 - deprecated ModelForms without 'fields' or 'exclude', and added '__all__' shortcut 
This also updates all dependent functionality, including modelform_factory
 and modelformset_factory, and the generic views `ModelFormMixin`,
 `CreateView` and `UpdateView` which gain a new `fields` attribute.
 2013-05-09 16:44:36 +01:00
Claude Paroz 9f7a01ef2b Updated translation templates and removed en translations 
"en" translations have been mistakenly committed in 87cc3da81.
 2013-05-02 16:25:23 +02:00
Preston Holmes a49e7dd2a3 Fixed #20114 -- support custom project login_url in tests 
Thanks to Matias Bordese for the patch
 2013-04-05 09:03:28 -07:00
Preston Timmons fde2e4fd6e Modified auth to work with unittest2 discovery. 2013-04-02 21:59:45 -06:00
Alisson 80b658f5aa Remove unnecessary if conditions 
if obj it None, it's None, there's no need to check it
 2013-03-30 12:22:28 +01:00
Claude Paroz 244e765a94 Updated translation templates 2013-03-28 10:06:11 +01:00
Claude Paroz 0a22f7aad2 Added Burmese language 
Thanks to Yhal Htet Aung for the translation work.
 2013-03-28 10:01:30 +01:00
Claude Paroz ab76467d54 Added Ossetic language 
Thanks to Xwybylty Soslan for the translation work.
 2013-03-28 09:54:16 +01:00
Claude Paroz c5084e7557 Updated translations from Transifex 
Polish, Telugu, Georgian, Azerbaijani, Norwegian Bokmål, Basque,
Dutch, Thai, Spanish (Argentina), Afrikaans.
 2013-03-28 09:24:07 +01:00
Jacob Kaplan-Moss 9e462f8101 Fixed #20078: don't allow filtering on password in the user admin. 2013-03-27 11:24:36 -05:00
Donald Stufft 25f2acfed0 Fixed #20138 -- Added BCryptSHA256PasswordHasher 
BCryptSHA256PasswordHasher pre-hashes the users password using
SHA256 to prevent the 72 byte truncation inherient in the BCrypt
algorithm.
 2013-03-26 13:26:57 -04:00
Claude Paroz 2f121dfe63 Fixed #17051 -- Removed some 'invalid' field error messages 
When the 'invalid' error message is set at field level, it masks
the error message raised by the validator, if any.
 2013-03-14 17:03:43 +01:00
Aymeric Augustin 3710a918b2 Switched the admin to use @transaction.atomic. 2013-03-11 19:58:08 +01:00
Loic Bistuer 6983a1a540 Fixed #15363 -- Renamed and normalized to `get_queryset` the methods that return a QuerySet. 2013-03-08 10:11:45 -05:00
Ramiro Morales 03e40140ff Merge pull request #871 from matiasb/ticket_19945 
Fixed #19945 -- Fixed default User model Meta inheritance.
 2013-03-03 14:30:36 -08:00
Claude Paroz 8e8c9b908a Fixed getting default encoding in get_system_username 
Refs #19933.
 2013-03-02 22:41:08 +01:00
matiasb f39fead1c3 Fixed #19945 -- Fixed default User model Meta inheritance. 
Updated default User model Meta class to extend AbstractUser Meta
where translated verbose_name and verbose_name_plural are
defined.
 2013-03-01 19:32:20 -03:00
Aymeric Augustin 2ee21d9f0d Implemented persistent database connections. 
Thanks Anssi Kääriäinen and Karen Tracey for their inputs.
 2013-02-28 15:28:13 +01:00
Claude Paroz 87cc3da814 Merged contrib translations from 1.5 branch 2013-02-26 21:51:06 +01:00
Aymeric Augustin f1255a3c09 Fixed #18144 -- Restored compatibility with SHA1 hashes with empty salt. 
Thanks dahool for the report and initial version of the patch.
 2013-02-25 20:21:58 +01:00
Florian Apolloner f56ca3f0e6 Fixed the usage of the deprecated assertEquals. 2013-02-24 11:15:17 +01:00
Preston Holmes 22d82a7742 Fixed #15198 -- pass request to AuthenticationForm 
Thanks to Ciantic for the report, claudep and slurms for initial work
 2013-02-23 15:28:49 -08:00
Preston Holmes 9d2c0a0ae6 Removed superfluous cookie check from auth login. 
This is ensured through the CSRF protection of the view
 2013-02-23 15:28:49 -08:00
Horst Gutmann 2f4a4703e1 Fixed #19758 -- Avoided leaking email existence through the password reset form. 2013-02-23 14:31:21 +01:00
Carl Meyer d51fb74360 Added a new required ALLOWED_HOSTS setting for HTTP host header validation. 
This is a security fix; disclosure and advisory coming shortly.
 2013-02-19 11:23:29 -07:00
Claude Paroz 5ec0405a09 Fixed #19839 -- Isolated auth tests from customized TEMPLATE_LOADERS 
Thanks limscoder for the report.
 2013-02-18 09:22:25 +01:00
Claude Paroz a8d1421dd9 Avoided unneeded assertion on Python 3 
Fixes failure introduced in 02e5909f7a.
 2013-02-15 16:09:31 +01:00
Claude Paroz 02e5909f7a Fixed #19807 -- Sanitized getpass input in createsuperuser 
Python 2 getpass on Windows doesn't accept unicode, even when
containing only ascii chars.
Thanks Semmel for the report and tests.
 2013-02-15 15:44:27 +01:00
Russell Keith-Magee f5e4a699ca Fixed #19822 -- Added validation for uniqueness on USERNAME_FIELD on custom User models. 
Thanks to Claude Peroz for the draft patch.
 2013-02-15 09:00:55 +08:00
Claude Paroz f1029b308f Fixed a misnamed variable introduced in commit 142ec8b283 
Refs #8404.
 2013-02-14 08:33:10 +01:00
Claude Paroz 142ec8b283 Fixed #8404 -- Isolated auth password-related tests from custom templates 2013-02-13 23:11:49 +01:00
Hiroki Kiyohara e94f405d94 Fixed #18558 -- Added url property to HttpResponseRedirect* 
Thanks coolRR for the report.
 2013-02-13 10:29:32 +01:00
Preston Holmes 0e18fb04ba Made modwsgi groups_for_user consistent with check_password 
2b5f848207 based its changes on #19061
that made the is_active attribute mandatory for user models.
The try/except was not removed for the groups_for_user function.

refs #19780
 2013-02-09 09:31:04 -08:00
Preston Holmes c44d748272 Fixed #19662 -- alter auth modelbackend to accept custom username fields 
Thanks to Aymeric and Carl for the review.
 2013-02-07 16:07:56 -08:00
Florian Apolloner 2b916895a1 Updated createsuperuser to use unicode_literals. Refs #19757. 2013-02-07 14:33:36 +01:00