7785e03ba8
Fixed #30137 -- Replaced OSError aliases with the canonical OSError.
...
Used more specific errors (e.g. FileExistsError) as appropriate.
2019-01-28 11:15:06 -05:00
06670015f7
Increased the default PBKDF2 iterations for Django 3.0.
2019-01-17 11:15:27 -05:00
181fb60159
Fixed #11154 , #22270 -- Made proxy model permissions use correct content type.
...
Co-Authored-By: Simon Charette <charette.s@gmail.com>
Co-Authored-By: Antoine Catton <acatton@fusionbox.com>
2019-01-16 10:07:28 -05:00
217f4456d8
Fetched Armenian translations from Transifex
2019-01-10 10:50:42 +01:00
db1b10ef0d
Fixed #30037 -- Added request arg to RemoteUserBackend.configure_user().
2019-01-09 20:01:04 -05:00
0004daa536
Used 4 space hanging indent for dictionaries.
...
Thanks Mariusz Felisiak for auditing.
2019-01-02 18:18:19 -05:00
e817ae74da
Followed style guide for model attribute ordering.
2018-12-27 19:34:14 -05:00
26bb2611a5
Fixed #29952 -- Lowercased all passwords in contrib.auth's auth/common-passwords.txt.gz.
2018-11-15 14:11:03 -05:00
e819554018
Fixed #29939 -- Increased Group.name max_length to 150 characters.
2018-11-14 15:13:34 -05:00
c82893cb8c
Refs #27795 -- Removed force_bytes() usage from django/utils/http.py.
...
django.utils.http.urlsafe_base64_encode() now returns a string, not a
bytestring. Since URLs are represented as strings,
urlsafe_base64_encode() should return a string. All uses immediately
decoded the bytestring to a string anyway.
As the inverse operation, urlsafe_base64_decode() accepts a string.
2018-10-10 14:38:22 -04:00
a7284cc0c3
Fixed #29809 -- Fixed a crash when a "view only" user POSTs to the admin user change form.
2018-10-01 10:09:50 +02:00
bf39978a53
Fixed CVE-2018-16984 -- Fixed password hash disclosure to admin "view only" users.
...
Thanks Claude Paroz & Tim Graham for collaborating on the patch.
2018-10-01 10:05:01 +02:00
033d842e84
Updated translations from Transifex
...
Forward port of d5ed08263b
2018-09-29 17:11:49 +02:00
8ef8bc0f64
Refs #28909 -- Simplifed code using unpacking generalizations.
2018-09-28 09:57:12 -04:00
2349cbd909
Fixed #29782 -- Added better error message when filtering queryset with AnonymousUser.
2018-09-26 15:36:19 -04:00
e40e7026ca
Fixed #29683 -- Added view permission to docs.
2018-09-26 15:06:43 -04:00
8d87350356
Refs #27795 -- Removed force_bytes() usage in contrib/auth/handlers/modwsgi.py.
2018-09-26 11:16:59 -04:00
c52ecbda61
Removed shadowing of built-in hash() function.
2018-09-13 10:04:36 -04:00
53ebd4cb13
Fixed #29686 -- Made UserAdmin.user_change_password() pass user to has_change_permission().
2018-08-17 17:43:00 -04:00
8b43e9b1af
Fixed #29616 -- Fixed createsuperuser for user models that don't have a password field.
2018-08-05 14:26:03 -04:00
ec9d0123e0
Made createsuperuser code more DRY.
2018-08-04 09:38:01 -04:00
793e9bb35a
Fixed #29628 -- Made createsuperuser validate password against username and required fields.
2018-08-04 08:44:25 -04:00
97e637a87f
Fixed typos in comments and docs.
2018-08-01 16:09:22 -04:00
287fef8693
Updated contrib translations from Transifex
...
Forwardport of cbf7e7dc52
2018-08-01 09:24:06 -04:00
f3fa86a89b
Fixed #29449 -- Reverted "Fixed #28757 -- Allowed using contrib.auth forms without installing contrib.auth."
...
This reverts commit 3333d935d2
2018-07-02 18:39:26 -04:00
eac9ab7ebb
Removed parser.add_arguments() arguments that match the defaults.
2018-07-02 17:54:57 -04:00
bec651a427
Fixed #10827 -- Ensured ContentTypes are created before permission creation.
2018-06-03 22:19:04 -04:00
f1f4aeb22e
Fixed #28044 -- Unified the logic for createsuperuser's interactive and --noinput modes.
2018-05-29 08:41:32 -04:00
9792af3648
Increased the default PBKDF2 iterations for Django 2.2.
2018-05-17 11:05:45 -04:00
825f0beda8
Fixed #8936 -- Added a view permission and a read-only admin.
...
Co-authored-by: Petr Dlouhy <petr.dlouhy@email.cz>
Co-authored-by: Olivier Dalang <olivier.dalang@gmail.com>
2018-05-16 06:44:55 -04:00
cae0107287
Increased the default PBKDF2 iterations for Django 2.1.
2018-05-13 20:06:20 -04:00
11b8c30b9e
Ref #23919 -- Replaced some os.path usage with pathlib.Path.
2018-04-19 21:30:00 -04:00
93331877c8
Fixed #29274 -- Increased the number of common passwords from 1k to 20k.
2018-04-16 11:01:47 -04:00
85d853b2d3
Fixed #29289 -- Clarified PasswordResetTokenGenerator comment regarding the data hashed to generate tokens.
...
Thanks Luke Plant for the draft text.
2018-04-06 11:05:51 -04:00
874977d388
Fixed #29270 -- Fixed UserChangeForm crash if password field is excluded.
2018-03-29 15:25:54 -04:00
1bf4646f91
Fixed #29258 -- Added type checking for login()'s backend argument.
2018-03-28 10:10:18 -04:00
a4f0e9aec7
Fixed #28718 -- Allowed user to request a password reset if their password doesn't use an enabled hasher.
...
Regression in aeb1389442703c26668292f48680db
2018-03-22 10:03:43 -04:00
aeb8c38178
Fixed #29206 -- Fixed PasswordResetConfirmView crash when the URL contains a non-UUID where one is expected.
2018-03-15 21:33:15 -04:00
821e304cc4
Corrected User model docstring about required fields.
...
Follow up to 841a87785a
2018-03-04 15:24:36 -05:00
40bac28faa
Fixed #29176 -- Fixed AbstractBaseUser.normalize_username() crash if username isn't a string.
2018-03-02 11:32:53 -05:00
75527c0f83
Updated translations from Transifex
...
Forward port of 2126e9317e
2018-02-28 20:06:52 +01:00
56a302f338
Fixed #29141 -- Corrected BCryptPasswordHasher's docstring about truncation.
2018-02-26 14:07:38 -05:00
14e34dcf8c
Fixed #29132 -- Avoided connecting update_last_login() handler if User.last_login isn't a field.
2018-02-21 10:36:31 -05:00
9b1125bfc7
Fixed #28379 -- Made AccessMixin raise Permissiondenied for authenticated users.
2018-02-16 13:58:55 -05:00
fe99fb860f
Removed AuthenticationForm.get_user_id().
...
Unused since aab3a418ac
2018-02-14 19:09:06 -05:00
16c5a334ff
Refs #27795 -- Replaced force_text/bytes() with decode()/encode() in password hashers.
2018-02-01 12:36:21 -05:00
af33fb250e
Fixed CVE-2018-6188 -- Fixed information leakage in AuthenticationForm.
...
Reverted 359370a8b8#28645 ).
This is a security fix.
2018-02-01 09:05:14 -05:00
92f48680db
Expanded docs for AbstractBaseUser.has_usable_password().
2018-01-27 11:03:41 -05:00
3333d935d2
Fixed #28757 -- Allowed using contrib.auth forms without installing contrib.auth.
...
Also fixed #28608 -- Allowed UserCreationForm and UserChangeForm to
work with custom user models.
Thanks Sagar Chalise and Rômulo Collopy for reports, and Tim Graham
and Tim Martin for reviews.
2018-01-05 14:47:37 -05:00
d7b2aa24f7
Fixed #28982 -- Simplified code with and/or.
2018-01-03 20:12:23 -05:00
d79cf1e9e2
Fixed #28985 -- Removed unneeded None checks before hasattr().
2018-01-03 11:37:06 -05:00
ccc25bfe4f
Refs #23919 -- Removed obsolete __init__.py files in management command directories.
2018-01-03 11:02:26 -05:00
2cb6b7732d
Fixed #28902 -- Fixed password_validators_help_text_html() double escaping.
2018-01-02 19:51:06 -05:00
83a36ac49a
Removed unnecessary trailing commas and spaces in various code.
2017-12-28 21:07:29 +01:00
4c599ece57
Fixed #28930 -- Simplified code with any() and all().
2017-12-26 17:11:15 -05:00
d13a9e44de
Fixed #28909 -- Simplified code using tuple/list/set/dict unpacking.
2017-12-11 07:08:45 -05:00
d0932ce8fc
Updated contrib translations from Transifex
...
Forward port of 765e6de924
2017-12-01 21:51:30 +01:00
359370a8b8
Fixed #28645 -- Reallowed AuthenticationForm to raise the inactive user error when using ModelBackend.
...
Regression in e0a3d93730
2017-11-08 09:39:12 -05:00
b81905bfd4
Fixed #28571 -- Added a prompt to bypass password validation in createsuperuser.
2017-11-03 20:00:08 -04:00
6ed347d851
Fixed #28706 -- Moved AuthenticationFormn invalid login ValidationError to a method for reuse.
2017-10-23 09:10:45 -04:00
5ceaf14686
Fixed #27515 -- Made AuthenticationForm's username field use the max_length from the model field.
...
Thanks Ramin Farajpour Cami for the report.
2017-10-20 11:13:26 -04:00
d98210c255
Fixed #28713 -- Prevented ModelBackend.get_all_permissions() from mutating get_user_permissions().
2017-10-14 20:47:49 -04:00
0edff2107f
Refs #28248 -- Clarified the precision of PASSWORD_RESET_TIMEOUT_DAYS.
2017-10-12 14:58:18 -04:00
6aec130a4c
Fixed #28591 -- Added an error message for createsuperuser --username= (blank).
2017-10-09 21:49:35 -04:00
67a6ba391b
Reverted "Fixed #28248 -- Fixed password reset tokens being valid for 1 day longer than PASSWORD_RESET_TIMEOUT_DAYS."
...
This reverts commit 95993a89ce
2017-09-25 09:05:00 -04:00
1f3dfd783d
Updated translation catalogs
...
Forward port of 600104172a
2017-09-24 13:54:54 +02:00
5e31be1b96
Refs #25187 -- Required the authenticate() method of authentication backends to have request as the first positional argument.
...
Per deprecation timeline.
2017-09-22 12:51:18 -04:00
6e40b70bf4
Refs #26929 -- Removed extra_context parameter of contrib.auth.views.logout_then_login().
...
Per deprecation timeline.
2017-09-22 12:51:17 -04:00
4f313e284e
Refs #17209 -- Removed login/logout and password reset/change function-based views.
...
Per deprecation timeline.
2017-09-22 12:51:17 -04:00
df41b5a05d
Fixed #28593 -- Added a simplified URL routing syntax per DEP 0201.
...
Thanks Aymeric Augustin for shepherding the DEP and patch review.
Thanks Marten Kenbeek and Tim Graham for contributing to the code.
Thanks Tom Christie, Shai Berger, and Tim Graham for the docs.
2017-09-20 18:04:42 -04:00
6e4c6281db
Reverted "Fixed #27818 -- Replaced try/except/pass with contextlib.suppress()."
...
This reverts commit 550cb3a365
2017-09-07 08:16:21 -04:00
8b2515a450
Removed unneeded __init__() methods.
2017-09-07 08:10:49 -04:00
2dacc2ccd9
Fixed #28550 -- Restored contrib.auth's login() and logout() views' respect of positional arguments.
...
Regression in 78963495d0f8e0557b01
2017-09-03 12:06:44 -04:00
c0f4c60edd
Fixed #28513 -- Added POST request support to LogoutView.
2017-08-24 09:11:16 -04:00
550cb3a365
Fixed #27818 -- Replaced try/except/pass with contextlib.suppress().
2017-06-28 14:07:55 -04:00
a96b981d84
Fixed #28127 -- Allowed UserCreationForm's password validation to check all user fields.
2017-06-21 09:22:15 -04:00
2b09e4c88e
Fixed #27787 -- Made call_command() validate the options it receives.
2017-06-16 21:28:38 -04:00
e7dc39fb65
Fixed #28229 -- Fixed the value of LoginView's "next" template variable.
2017-06-13 09:13:22 -04:00
2c69824e5a
Refs #23968 -- Removed unnecessary lists, generators, and tuple calls.
2017-06-01 19:08:59 -04:00
ae2ac4c400
Updated translations from Transifex
...
Forward port of 02158a785e
2017-05-31 21:43:40 +02:00
eedc88bd4a
Fixed #26823 -- Prevented update_last_login signal receiver from crashing if User model doesn't have last_login field.
2017-05-29 17:31:18 -04:00
95993a89ce
Fixed #28248 -- Fixed password reset tokens being valid for 1 day longer than PASSWORD_RESET_TIMEOUT_DAYS.
2017-05-29 09:22:22 -04:00
21046e7773
Fixed #28249 -- Removed unnecessary dict.keys() calls.
...
iter(dict) is equivalent to iter(dict.keys()).
2017-05-27 19:08:46 -04:00
7afb476469
Fixed #28226 -- Replaced use of str.join() with concatenation.
2017-05-27 13:59:05 -04:00
c930c241f8
Fixed #28017 -- Allowed customizing PasswordResetTokenGenerator's secret.
2017-05-26 07:37:36 -04:00
a3ba2662cd
Refs #28207 -- Fixed contrib.auth.authenticate() if 'backend' is in the credentials.
...
Regression in 3008f30f19
2017-05-22 12:24:38 -04:00
f599747fc8
Fixed #28152 -- Made migrations serialize sets as set literals rather than set().
2017-05-18 09:33:40 -04:00
3008f30f19
Fixed #28207 -- Fixed contrib.auth.authenticate() if multiple auth backends don't accept a request.
2017-05-15 07:48:15 -04:00
5df0ff4155
Fixed #28089 -- Removed requirement to implement get_short_name() and get_full_name() in AbstractBaseUser subclasses.
2017-05-06 17:05:42 -04:00
e7f75b0b14
Fixed #28085 -- Added missing plural forms in en translation catalogs
2017-05-05 21:25:37 +02:00
301de774c2
Refs #27795 -- Replaced many force_text() with str()
...
Thanks Tim Graham for the review.
2017-04-27 09:10:02 +02:00
c52ae33a0c
Fixed #28100 -- Removed link in UserChangeForm.password's translatable help_text
2017-04-22 15:39:15 +02:00
dff559ff83
Fixed #28097 -- Fixed layout of ReadOnlyPasswordHashWidget.
2017-04-19 12:59:30 -04:00
2dba812d86
Updated contrib translations from Transifex
...
Forward port of 290b2849f7
2017-04-04 12:39:02 +02:00
7bbb5161ea
Removed implicit default store_true/false argparse args.
...
argparse automatically sets the default value for store_true/false
arguments to its opposite.
2017-04-01 20:03:56 -04:00
5db465d5a6
Fixed #27891 -- Added PasswordResetConfirmView.post_reset_login_backend.
2017-03-07 19:52:26 -05:00
8346680e1c
Refs #27795 -- Removed unneeded force_text calls
...
Thanks Tim Graham for the review.
2017-03-04 18:18:21 +01:00
c31e7ab5a4
Refs #25187 -- Fixed AuthBackend.authenticate() compatibility for signatures that accept a request kwarg.
2017-02-24 10:15:41 -05:00
b9b35f9efa
Fixed #27840 -- Fixed KeyError in PasswordResetConfirmView.form_valid().
...
When a user is already logged in when submitting the password and
password confirmation to reset a password, a KeyError occurred while
removing the reset session token from the session.
Refs #17209
Thanks Quentin Marlats for the report and Florian Apolloner and Tim
Graham for the review.
2017-02-15 00:35:04 +01:00
500532c95d
Refs #23919 -- Removed default 'utf-8' argument for str.encode()/decode().
2017-02-09 09:03:47 -05:00
Jon Dufresne
Tim Graham
Arthur Rio
Claude Paroz
Joshua Cannon
Matt Wiens
Mathew Payne
Timothy Allen
Carlton Gibson
Sergey Fedoseev
Ramon Saraiva
Stephen James
Andrey Kostakov
Alexander Todorov
Josh Schneier
luz.paz
Dohyeon Kim
olivierdalang
Tom
GS-14
Malte Gerth
Abeer Upadhyay
Mattia Procopio
ovalseven8
Christophe Mehay
Mikhail Porokhovnichenko
Dylan Verheul
shanghui
Дилян Палаузов
я котик пур-пур
Alvin Lindstam
Mariusz Felisiak
Nick Pope
Lucas Connors
Yuri Kaszubowski Lopes
Hasan Ramezani
Sjoerd Job Postmus
ZachLiuGIS
Mads Jensen
Andrew Pinkham
Chandrakant Kumar
Mikhail Golubev
Linus Lewandowski
Nick Zaccardi
jannh
Daniel Hahler
Tamas Szabo
Camilo Nova
Markus Holtermann