Commit Graph

136 Commits

Author SHA1 Message Date
Andrew Pinkham a96b981d84 Fixed #28127 -- Allowed UserCreationForm's password validation to check all user fields. 2017-06-21 09:22:15 -04:00
Jon Dufresne 21046e7773 Fixed #28249 -- Removed unnecessary dict.keys() calls.
iter(dict) is equivalent to iter(dict.keys()).
2017-05-27 19:08:46 -04:00
Claude Paroz c52ae33a0c Fixed #28100 -- Removed link in UserChangeForm.password's translatable help_text 2017-04-22 15:39:15 +02:00
Claude Paroz 3a148f958d Refs #27795 -- Removed force_text from the template layer
Thanks Tim Graham for the review.
2017-02-07 17:14:02 +01:00
Claude Paroz c651331b34 Converted usage of ugettext* functions to their gettext* aliases
Thanks Tim Graham for the review.
2017-02-07 09:04:04 +01:00
Anton Samarchyan 5411821e3b Refs #27656 -- Updated django.contrib docstring verb style according to PEP 257. 2017-02-04 16:39:28 -05:00
chillaranand d6eaf7c018 Refs #23919 -- Replaced super(ClassName, self) with super(). 2017-01-25 12:23:46 -05:00
Claude Paroz d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
Preston Timmons b52c73008a Fixed #15667 -- Added template-based widget rendering.
Thanks Carl Meyer and Tim Graham for contributing to the patch.
2016-12-27 17:50:10 -05:00
Aymeric Augustin cb7bbf97a7
Fixed #25966 -- Made get_user_model() work at import time.
This makes it equivalent to: `from django.contrib.auth.models import User`.

Thanks Aymeric Augustin for the initial patch and Tim Graham for the
review.
2016-11-25 14:15:49 +01:00
levental 617e36dc1e Fixed #20705 -- Allowed using PasswordResetForm with user models with an email field not named 'email'. 2016-09-27 11:59:00 -04:00
Aleksej Manaev 4b9330ccc0 Fixed #25187 -- Made request available in authentication backends. 2016-09-12 20:11:53 -04:00
Alexander Gaevsky 536db42cf0 Fixed #26097 -- Added password_validators_help_text_html to UserCreationForm. 2016-09-10 18:23:18 -04:00
Jon Dufresne ae98d40c35 Fixed #27136 -- Changed auth forms' autofocus attribute to HTML5 boolean syntax. 2016-08-28 17:19:50 -07:00
Berker Peksag a02b5848ae Replaced property() usage with decorator in several places. 2016-08-25 20:06:22 -04:00
Berker Peksag 3c18f8a3d2 Fixed #27111 -- Fixed KeyError if USERNAME_FIELD isn't in UserCreationForm.fields. 2016-08-24 13:20:12 -04:00
Olexander Yermakov 975a76a964 Fixed #26951 -- Allowed AuthenticationForm to work with a username of 0. 2016-08-10 09:44:48 -04:00
Claude Paroz 9935f97cd2 Refs #21379 -- Normalized unicode username inputs 2016-05-16 19:38:02 +02:00
Tim Graham df8d8d4292 Fixed E128 flake8 warnings in django/. 2016-04-08 09:51:06 -04:00
Berker Peksag efa9539787 Fixed #26381 -- Made UserCreationForm reusable with custom user models that define USERNAME_FIELD. 2016-03-21 12:32:42 -04:00
Vincenzo Pandolfo d0fe6c9156 Fixed #26334 -- Removed whitespace stripping from contrib.auth password fields. 2016-03-14 20:20:24 -04:00
Thomas Grainger d638cdc42a Fixed #25165 -- Removed inline JavaScript from the admin.
This allows setting a Content-Security-Policy HTTP header
(refs #15727).

Special thanks to blighj, the original author of this patch.
2015-12-05 15:51:57 -05:00
sujayskumar d8d853378b Fixed #24944 -- Added extra_email_context parameter to password_reset() view. 2015-09-18 18:56:04 -04:00
Maxime Lorant 5153a3bfdc Fixed #25331 -- Removed trailing blank lines in docstrings. 2015-08-31 17:37:21 -04:00
Wim Feijen c082363527 Reworded contrib.auth forms' password confirmation help_text.
"As above" refers to a spatial orientation, which might
not be present, for example when the two password fields
are shown next to each other.
2015-07-20 15:51:50 -04:00
Tim Graham 774c16d16e Fixed #25052; refs #16860 -- Added password validation to UserCreationForm. 2015-07-20 13:44:34 -04:00
Tim Graham f5e9d67907 Refs #16860 -- Moved password_changed() logic to AbstractBaseUser.
Thanks Carl Meyer for review.
2015-07-20 13:44:26 -04:00
Erik Romijn 1daae25bdc Fixed #16860 -- Added password validation to django.contrib.auth. 2015-06-07 19:31:20 +02:00
Piotr Jakimiak 4157c502a5 Removed unnecessary arguments in .get method calls 2015-05-13 20:51:18 +02:00
Claude Paroz c2bfd76ec3 Refs #15779 -- Fixed UserChangeForm regression introduced by 1791a7e75
Thanks Tim Graham for reporting the regression.
2015-03-28 09:24:01 +01:00
Thomas Tanner 28986da4ca Fixed #5986 -- Added ability to customize order of Form fields 2015-03-16 09:12:57 -04:00
Tim Graham 0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00
Tim Graham a53541852d Removed contrib.auth.forms.mask_password()
This function is unused since dce820ff70
after being introduced in 718a5ba1a1
2015-02-02 11:13:14 -05:00
Tim Graham 271d4f8f85 Fixed #23948 -- Moved password help text from the template to the form.
Thanks Mithos for the report and patch.
2014-12-26 08:09:12 -05:00
Berker Peksag 560b4207b1 Removed redundant numbered parameters from str.format().
Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}".
2014-12-03 14:27:38 -05:00
Carl Meyer 89559bcfb0 Fixed #23409 -- Extract PasswordResetForm.get_users method.
Allows easier customization of policies regarding which users are allowed to
reset their password.

Thanks Aymeric for review.
2014-09-03 12:25:11 -06:00
Gabriel Muñumel deed00c0d8 Fixed #23162 -- Renamed forms.Field._has_changed() to has_changed(). 2014-08-15 08:14:45 -04:00
Iain Dawson 8fbf13a6c8 Replaced instances of 'his/her' with 'their'. 2014-07-21 19:49:12 +00:00
Yin Jifeng 849538d03d Fixed #13147 -- Moved User validation logic from form to model. 2014-07-10 09:36:43 -04:00
Jorge C. Leitão a00b78b1e2 Fixed #17431 -- Added send_mail() method to PasswordResetForm.
Credits for the initial patch go to ejucovy;
big thanks to Tim Graham for the review.
2014-06-10 14:00:52 -04:00
Tim Graham ed4c2e1c0d Fixed #22329 -- Used label_tag() in some admin auth templates.
refs #17922.
2014-03-29 08:54:56 -04:00
Aymeric Augustin 9ffab9cee1 Moved RequestSite and get_current_site.
Following the app-loading refactor, these objects must live outside of
django.contrib.sites.models because they must be available without
importing the django.contrib.sites.models module when
django.contrib.sites isn't installed.

Refs #21680. Thanks Carl and Loic for reporting this issue.
2014-01-26 08:50:47 +01:00
Aymeric Augustin 8f04f53dd8 Removed a few gratuitous lambdas. 2013-12-26 14:03:50 +01:00
Loic Bistuer 6685713869 Fixed E127 pep8 warnings. 2013-12-14 11:59:15 -05:00
Claude Paroz 5f52590368 Fixed #21291 -- Ensured inactive users cannot reset their passwords
Thanks kz26 for the report and the suggested fix. Refs #19758.
2013-10-19 10:43:06 +02:00
Florian Apolloner 5d74853e15 Revert "Ensure that passwords are never long enough for a DoS."
This reverts commit aae5a96d57.

This fix is no longer necessary, our pbkdf2 (see next commit) implementation
no longer rehashes the password every iteration.
2013-09-24 21:01:21 +02:00
Tim Graham 18ffdb1772 Fixed #17627 -- Renamed util.py files to utils.py
Thanks PaulM for the suggestion and Luke Granger-Brown and
Wiktor Kołodziej for the initial patch.
2013-09-16 12:52:05 -04:00
Russell Keith-Magee aae5a96d57 Ensure that passwords are never long enough for a DoS.
* Limit the password length to 4096 bytes
  * Password hashers will raise a ValueError
  * django.contrib.auth forms will fail validation
* Document in release notes that this is a backwards incompatible change

Thanks to Josh Wright for the report, and Donald Stufft for the patch.

This is a security fix; disclosure to follow shortly.
2013-09-15 13:42:23 +08:00
Simon Charette 11cd7388f7 Fixed #20989 -- Removed useless explicit list comprehensions. 2013-08-30 10:57:51 -04:00
Justin Michalicek 6d88d47be6 Fixed #20832 -- Enabled HTML password reset email
Added optional html_email_template_name parameter to password_reset view
and PasswordResetForm.
2013-08-05 09:47:28 -04:00