This reverts commit 5ecc0f828e.
This fix is no longer necessary, our pbkdf2 (see next commit) implementation
no longer rehashes the password every iteration.
Our WSGIServer rewrapped the socket errors from server_bind into
WSGIServerExceptions, which is used later on to provide nicer
error messages in runserver and used by the liveserver to see if
the port is already in use. But wrapping server_bind isn't enough since
it only binds to the socket, socket.listen (which is called from
server_activate) could also raise "Address already in use".
Instead of overriding server_activate too I chose to just catch socket
errors, which seems to make more sense anyways and should be more robust
against changes in wsgiref.
Backport of 2ca00faa91 from master.
This is a follow-up to #18777 which improperly converted to strings in
prepare_value and as such caused regressions like #21074.
Refs #18777, #21074
Backport of 56743cf9e3 from master.
Increases the default PBKDF2 iterations, since computers have gotten
faster since 2011. In the future, we plan to increment by 10% per
major version.
Backport of a075e2ad0d from master
tearDownClass is not called if setUpClass throws an exception, in our case
this means that LiveServerTestCase leaks LiveServerThread sockets if the
test happens to be skipped later on, and AdminSeleniumWebDriverTestCase
doesn't close it's already open browser window. To prevent this leakage
we catch errors where needed and manually call _tearDownClassInternal.
_tearDownClassInternal should be written as defensively as possible since
it is not allowed to make any assumptions on how far setUpClass got.
This patch should fix the sporadic "Address already in use"-errors on jenkins
and also the "This code isn't under transaction management"-error for sqlite
(also just on jenkins).
After discussion with koniiiik, jezdez, kmtracey, tos9, lifeless, nedbat and
voidspace it was decided that this is the safest approach (thanks to everyone
for their comments and help). Manually calling tearDownClass was shut down
cause we don't know how our users override our classes.
This is a private and very specialized API on purpose and should not be used
without a strong reason!
This patch partially reverts the earlier attempts to fix those issues,
namely:
2fa0dd73b1 and
3c5775d36f
Final note: If this patch breaks in a later version of Django, please be
very careful on how you fix it, you might not see test failures locally.
That said, this patch hopefully doesn't produce even more failures.
Backport of 73a610d2a8 from master.
* Limit the password length to 4096 bytes
* Password hashers will raise a ValueError
* django.contrib.auth forms will fail validation
* Document in release notes that this is a backwards incompatible change
Thanks to Josh Wright for the report, and Donald Stufft for the patch.
This is a security fix; disclosure to follow shortly.
Backport of aae5a96d57 from master.
Thanks mitsuhiko for the report.
Non-ASCII values are supported. Non-ASCII keys still aren't, because the
current parser mangles them. That's another bug.
Simplified backport of 8aaca651 and f5add47 from master.
It's now forbidden to call queryset.update(field=instance) when instance
hasn't been saved to the database ie. instance.pk is None.
Conflicts:
tests/queries/tests.py
Backport of b4cd8169 from master.
Fixed#16502 -- Fixed a TemplateDoesNotExist error that should be an ImproperlyConfigured.
Assistance on the patch from #jambronrose.
Backport of 9b2dc12b83 from master.
[1.6.x] Fixed#21058 -- Fixed debug view blowing up when no template is provided to the template rendering functions.
Assistance on this commit from @jambonrose.
Backport of 122020fdb9 from master.
Changed th system module values check to return a list.
In Python 3 it returns a dict_view which could occassionally produce
a runtime error of "dictionary changed size during iteration".
Backport of 559cb826b8 from master
The option can be used to force pre 1.6 style SELECT on save behaviour.
This is needed in case the database returns zero updated rows even if
there is a matching row in the DB. One such case is PostgreSQL update
trigger that returns NULL.
Reviewed by Tim Graham.
Refs #16649
Backport of e973ee6a98 from master
Conflicts:
django/db/models/options.py
tests/basic/tests.py
Florian Apolloner
Anssi Kääriäinen
Michał Lech
Paul McMillan
Tim Graham
James Bennett
Russell Keith-Magee
Aymeric Augustin
Садовский Николай
Max Burstein
Eric Boersma
Carl Meyer
Claude Paroz