Tim Graham
df8d8d4292
Fixed E128 flake8 warnings in django/.
2016-04-08 09:51:06 -04:00
Berker Peksag
efa9539787
Fixed #26381 -- Made UserCreationForm reusable with custom user models that define USERNAME_FIELD.
2016-03-21 12:32:42 -04:00
Vincenzo Pandolfo
d0fe6c9156
Fixed #26334 -- Removed whitespace stripping from contrib.auth password fields.
2016-03-14 20:20:24 -04:00
Thomas Grainger
d638cdc42a
Fixed #25165 -- Removed inline JavaScript from the admin.
...
This allows setting a Content-Security-Policy HTTP header
(refs #15727 ).
Special thanks to blighj, the original author of this patch.
2015-12-05 15:51:57 -05:00
sujayskumar
d8d853378b
Fixed #24944 -- Added extra_email_context parameter to password_reset() view.
2015-09-18 18:56:04 -04:00
Maxime Lorant
5153a3bfdc
Fixed #25331 -- Removed trailing blank lines in docstrings.
2015-08-31 17:37:21 -04:00
Wim Feijen
c082363527
Reworded contrib.auth forms' password confirmation help_text.
...
"As above" refers to a spatial orientation, which might
not be present, for example when the two password fields
are shown next to each other.
2015-07-20 15:51:50 -04:00
Tim Graham
774c16d16e
Fixed #25052 ; refs #16860 -- Added password validation to UserCreationForm.
2015-07-20 13:44:34 -04:00
Tim Graham
f5e9d67907
Refs #16860 -- Moved password_changed() logic to AbstractBaseUser.
...
Thanks Carl Meyer for review.
2015-07-20 13:44:26 -04:00
Erik Romijn
1daae25bdc
Fixed #16860 -- Added password validation to django.contrib.auth.
2015-06-07 19:31:20 +02:00
Piotr Jakimiak
4157c502a5
Removed unnecessary arguments in .get method calls
2015-05-13 20:51:18 +02:00
Claude Paroz
c2bfd76ec3
Refs #15779 -- Fixed UserChangeForm regression introduced by 1791a7e75
...
Thanks Tim Graham for reporting the regression.
2015-03-28 09:24:01 +01:00
Thomas Tanner
28986da4ca
Fixed #5986 -- Added ability to customize order of Form fields
2015-03-16 09:12:57 -04:00
Tim Graham
0ed7d15563
Sorted imports with isort; refs #23860 .
2015-02-06 08:16:28 -05:00
Tim Graham
a53541852d
Removed contrib.auth.forms.mask_password()
...
This function is unused since dce820ff70
after being introduced in 718a5ba1a1
2015-02-02 11:13:14 -05:00
Tim Graham
271d4f8f85
Fixed #23948 -- Moved password help text from the template to the form.
...
Thanks Mithos for the report and patch.
2014-12-26 08:09:12 -05:00
Berker Peksag
560b4207b1
Removed redundant numbered parameters from str.format().
...
Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}".
2014-12-03 14:27:38 -05:00
Carl Meyer
89559bcfb0
Fixed #23409 -- Extract PasswordResetForm.get_users method.
...
Allows easier customization of policies regarding which users are allowed to
reset their password.
Thanks Aymeric for review.
2014-09-03 12:25:11 -06:00
Gabriel Muñumel
deed00c0d8
Fixed #23162 -- Renamed forms.Field._has_changed() to has_changed().
2014-08-15 08:14:45 -04:00
Iain Dawson
8fbf13a6c8
Replaced instances of 'his/her' with 'their'.
2014-07-21 19:49:12 +00:00
Yin Jifeng
849538d03d
Fixed #13147 -- Moved User validation logic from form to model.
2014-07-10 09:36:43 -04:00
Jorge C. Leitão
a00b78b1e2
Fixed #17431 -- Added send_mail() method to PasswordResetForm.
...
Credits for the initial patch go to ejucovy;
big thanks to Tim Graham for the review.
2014-06-10 14:00:52 -04:00
Tim Graham
ed4c2e1c0d
Fixed #22329 -- Used label_tag() in some admin auth templates.
...
refs #17922 .
2014-03-29 08:54:56 -04:00
Aymeric Augustin
9ffab9cee1
Moved RequestSite and get_current_site.
...
Following the app-loading refactor, these objects must live outside of
django.contrib.sites.models because they must be available without
importing the django.contrib.sites.models module when
django.contrib.sites isn't installed.
Refs #21680 . Thanks Carl and Loic for reporting this issue.
2014-01-26 08:50:47 +01:00
Aymeric Augustin
8f04f53dd8
Removed a few gratuitous lambdas.
2013-12-26 14:03:50 +01:00
Loic Bistuer
6685713869
Fixed E127 pep8 warnings.
2013-12-14 11:59:15 -05:00
Claude Paroz
5f52590368
Fixed #21291 -- Ensured inactive users cannot reset their passwords
...
Thanks kz26 for the report and the suggested fix. Refs #19758 .
2013-10-19 10:43:06 +02:00
Florian Apolloner
5d74853e15
Revert "Ensure that passwords are never long enough for a DoS."
...
This reverts commit aae5a96d57
.
This fix is no longer necessary, our pbkdf2 (see next commit) implementation
no longer rehashes the password every iteration.
2013-09-24 21:01:21 +02:00
Tim Graham
18ffdb1772
Fixed #17627 -- Renamed util.py files to utils.py
...
Thanks PaulM for the suggestion and Luke Granger-Brown and
Wiktor Kołodziej for the initial patch.
2013-09-16 12:52:05 -04:00
Russell Keith-Magee
aae5a96d57
Ensure that passwords are never long enough for a DoS.
...
* Limit the password length to 4096 bytes
* Password hashers will raise a ValueError
* django.contrib.auth forms will fail validation
* Document in release notes that this is a backwards incompatible change
Thanks to Josh Wright for the report, and Donald Stufft for the patch.
This is a security fix; disclosure to follow shortly.
2013-09-15 13:42:23 +08:00
Simon Charette
11cd7388f7
Fixed #20989 -- Removed useless explicit list comprehensions.
2013-08-30 10:57:51 -04:00
Justin Michalicek
6d88d47be6
Fixed #20832 -- Enabled HTML password reset email
...
Added optional html_email_template_name parameter to password_reset view
and PasswordResetForm.
2013-08-05 09:47:28 -04:00
Curtis Maloney
07876cf02b
Deprecated SortedDict (replaced with collections.OrderedDict)
...
Thanks Loic Bistuer for the review.
2013-08-04 07:09:39 -04:00
Tim Graham
a1889397a9
Fixed #12103 -- Added AuthenticationForm.confirm_login_allowed to allow customizing the logic policy.
...
Thanks ejucovy and lasko for work on the patch.
2013-07-31 13:54:05 -04:00
Kirill Fomichev
33242fe015
Fixed #19019 -- Fixed UserAdmin to log password change.
...
Thanks Tuttle for the report.
2013-07-23 08:33:07 -04:00
Claude Paroz
6118d6d1c9
More import removals
...
Following the series of commits removing deprecated features in
Django 1.7, here are some more unneeded imports removed and other
minor cleanups.
2013-06-29 11:58:36 +02:00
Ramiro Morales
f02a703ca6
Removed AuthenticationForm.check_for_test_cookie() as per deprecation TL.
2013-06-28 21:48:15 -03:00
Tim Graham
1184d07789
Fixed #14881 -- Modified password reset to work with a non-integer UserModel.pk.
...
uid is now base64 encoded in password reset URLs/views. A backwards compatible
password_reset_confirm view/URL will allow password reset links generated before
this change to continue to work. This view will be removed in Django 1.7.
Thanks jonash for the initial patch and claudep for the review.
2013-06-26 13:11:47 -04:00
Erik Romijn
aeb1389442
Fixed #20079 -- Improve security of password reset tokens
2013-06-18 20:02:00 +02:00
Loic Bistuer
ee77d4b253
Fixed #20199 -- Allow ModelForm fields to override error_messages from model fields
2013-06-18 08:01:17 -04:00
Ramiro Morales
0fa8d43e74
Replaced `and...or...` constructs with PEP 308 conditional expressions.
2013-05-26 23:47:50 -03:00
Mark Huang
0732c8e8c6
Fixed #20357 -- Allow empty username field label in `AuthentificationForm`.
2013-05-16 11:41:52 -04:00
Luke Plant
f026a519ae
Fixed #19733 - deprecated ModelForms without 'fields' or 'exclude', and added '__all__' shortcut
...
This also updates all dependent functionality, including modelform_factory
and modelformset_factory, and the generic views `ModelFormMixin`,
`CreateView` and `UpdateView` which gain a new `fields` attribute.
2013-05-09 16:44:36 +01:00
Preston Holmes
22d82a7742
Fixed #15198 -- pass request to AuthenticationForm
...
Thanks to Ciantic for the report, claudep and slurms for initial work
2013-02-23 15:28:49 -08:00
Preston Holmes
9d2c0a0ae6
Removed superfluous cookie check from auth login.
...
This is ensured through the CSRF protection of the view
2013-02-23 15:28:49 -08:00
Horst Gutmann
2f4a4703e1
Fixed #19758 -- Avoided leaking email existence through the password reset form.
2013-02-23 14:31:21 +01:00
Claude Paroz
1686e0d184
Fixed #18460 -- Fixed change detection of ReadOnlyPasswordHashField
...
Thanks jose.sanchez et ezeep.com for the report and Vladimir Ulupov
for the initial patch.
2013-01-25 21:27:49 +01:00
Florian Apolloner
cc4de61a2b
Fixed #19596 -- Use `_default_manager` instead of `objects` in the auth app.
...
This is needed to support custom user models which don't define a manager
named `objects`.
2013-01-22 12:47:34 +01:00
Nick Sandford
cdad0b28d4
Fixed #19573 -- Allow override of username field label in AuthenticationForm
2013-01-10 09:06:04 +01:00
Russell Keith-Magee
27f8129d64
Fixed #19368 -- Ensured that login error messages adapt to changes in the User model.
...
Thanks to un33k for the report.
2012-12-15 22:44:47 +08:00