Jon Dufresne
488b3d2b38
Fixed typo in auth management test.
2016-08-28 19:20:35 -07:00
Berker Peksag
3c18f8a3d2
Fixed #27111 -- Fixed KeyError if USERNAME_FIELD isn't in UserCreationForm.fields.
2016-08-24 13:20:12 -04:00
Przemysław Suliga
549b90fab3
Refs #26902 -- Protected against insecure redirects in Login/LogoutView.
2016-08-19 19:01:01 -04:00
Tim Graham
13857b45ca
Removed unused 'password' parameter in auth_tests.
2016-08-18 19:01:28 -04:00
Tim Graham
7549eb0004
Fixed #27009 -- Made update_session_auth_hash() rotate the session key.
2016-08-15 19:29:12 -04:00
Andrew Nester
4591cf3fd8
Fixed #26909 -- Allowed UserAttributeSimilarityValidator to validate against model properties.
2016-08-10 15:08:06 -04:00
jordij
0814566bf1
Fixed #26960 -- Added PasswordResetConfirmView option to automatically log in after a reset.
2016-08-10 10:23:16 -04:00
Olexander Yermakov
975a76a964
Fixed #26951 -- Allowed AuthenticationForm to work with a username of 0.
2016-08-10 09:44:48 -04:00
Sergey Yurchenko
4e64e3bb6e
Fixed #26997 -- Fixed checks crash with empty Meta.default_permissions.
2016-08-03 09:14:01 -04:00
Andrew Nester
0ba179194b
Fixed #26929 -- Deprecated extra_context parameter of contrib.auth.views.logout_then_login().
2016-07-28 11:57:02 -04:00
Tim Graham
412b4126d7
Removed a blank line per isort and a trailing whitespace.
2016-07-28 11:56:25 -04:00
Andrew Nester
dde6288fbe
Fixed #26882 -- Added tests for auth.views.logout_then_login().
2016-07-22 15:04:13 -04:00
Claude Paroz
255fb99284
Fixed #17209 -- Added password reset/change class-based views
...
Thanks Tim Graham for the review.
2016-07-16 10:36:12 +02:00
Bang Dao + Tam Huynh
09119dff14
Fixed #26719 -- Normalized email in AbstractUser.clean().
2016-06-24 10:37:38 -04:00
Claude Paroz
78963495d0
Refs #17209 -- Added LoginView and LogoutView class-based views
...
Thanks Tim Graham for the review.
2016-06-24 10:45:13 +02:00
Tim Graham
39805686b3
Refs #21379 , #26719 -- Moved username normalization to AbstractBaseUser.
...
Thanks Huynh Thanh Tam for the initial patch and Claude Paroz for review.
2016-06-21 16:19:37 -04:00
Jon Dufresne
4f336f6652
Fixed #26747 -- Used more specific assertions in the Django test suite.
2016-06-16 14:19:18 -04:00
Tim Graham
1915a7e5c5
Increased the default PBKDF2 iterations.
2016-05-20 09:19:19 -04:00
Simon Charette
7694e196ce
Moved the AUTH_USER_MODEL setting changed receiver.
...
Test suites besides Django's may need the same behavior.
2016-05-18 09:56:29 -04:00
Loïc Bistuer
4ff1e6ef58
Fixed running auth_tests in isolation after 3a47d42fa3
.
2016-05-18 06:38:42 -04:00
Tim Graham
ece4d24f8e
Refs #26601 -- Deprecated old-style middleware.
2016-05-17 07:22:26 -04:00
Florian Apolloner
9baf692a58
Fixed #26601 -- Improved middleware per DEP 0005.
...
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-05-17 07:22:22 -04:00
Loïc Bistuer
3a47d42fa3
Fixed #20932 , #25897 -- Streamlined manager inheritance.
2016-05-17 02:29:22 +07:00
Claude Paroz
9935f97cd2
Refs #21379 -- Normalized unicode username inputs
2016-05-16 19:38:02 +02:00
Claude Paroz
526575c641
Fixed #21379 -- Created auth-specific username validators
...
Thanks Tim Graham for the review.
2016-05-16 19:37:57 +02:00
Simon Charette
61a16e0270
Fixed #24075 -- Used post-migration models in contrib apps receivers.
...
Thanks Markus and Tim for the review.
2016-05-15 19:51:16 -04:00
Claude Paroz
b26fedacef
Fixed #26544 -- Delayed translations of SetPasswordForm help_texts
...
Thanks Michael Bitzi for the reporti and Tim Graham for the review.
2016-05-07 10:17:49 +02:00
Tim Graham
03efa304bc
Refs #25847 -- Added system check for UserModel.is_anonymous/is_authenticated methods.
2016-05-06 08:56:06 -04:00
Tim Graham
f945fb24a3
Fixed #26554 -- Updated docs URLs to readthedocs.io
2016-04-28 10:09:57 -04:00
Bas Westerbaan
a5033dbc58
Refs #26033 -- Added password hasher support for Argon2 v1.3.
...
The previous version of Argon2 uses encoded hashes of the form:
$argon2d$m=8,t=1,p=1$<salt>$<data>
The new version of Argon2 adds its version into the hash:
$argon2d$v=19$m=8,t=1,p=1$<salt>$<data>
This lets Django handle both version properly.
2016-04-25 21:17:53 -04:00
Jeremy Lainé
c1aec0feda
Fixed #25847 -- Made User.is_(anonymous|authenticated) properties.
2016-04-09 14:54:18 -04:00
Tim Graham
92053acbb9
Fixed E128 flake8 warnings in tests/.
2016-04-08 10:12:33 -04:00
Simon Charette
a872194802
Fixed #26470 -- Converted auth permission validation to system checks.
...
Thanks Tim for the review.
2016-04-06 22:40:43 -04:00
Simon Charette
fc34be896d
Extracted auth checks tests into their own module.
2016-04-06 22:40:43 -04:00
Alexander Gaevsky
e0a3d93730
Fixed #25232 -- Made ModelBackend/RemoteUserBackend reject inactive users.
2016-03-23 09:01:48 -04:00
Tim Graham
1243fdf5cb
Fixed #26395 -- Skipped the CryptPasswordHasher tests on platforms with a dummy crypt module.
2016-03-22 11:22:21 -04:00
Berker Peksag
efa9539787
Fixed #26381 -- Made UserCreationForm reusable with custom user models that define USERNAME_FIELD.
2016-03-21 12:32:42 -04:00
Vincenzo Pandolfo
d0fe6c9156
Fixed #26334 -- Removed whitespace stripping from contrib.auth password fields.
2016-03-14 20:20:24 -04:00
ieatkittens
ab8af342b1
Fixed #26343 -- Sent user_login_failed signal if an auth backend raises PermissionDenied.
2016-03-12 16:44:39 -05:00
Tim Graham
5ca045cd25
Moved createsuperuser test app into auth_tests.
2016-03-08 13:06:58 -05:00
Bas Westerbaan
b4250ea04a
Fixed #26033 -- Added Argon2 password hasher.
2016-03-08 11:22:18 -05:00
Jon Dufresne
4115288b4f
Fixed #26315 -- Allowed call_command() to accept a Command object as the first argument.
2016-03-05 13:05:10 -05:00
Jon Dufresne
8d3fcfa39e
Cleaned up tests to use call_command() instead of Command.execute().
2016-03-05 12:59:30 -05:00
Alasdair Nicol
8c42cf0cbd
Fixed #26303 -- Updated links to mod_wsgi docs.
2016-03-01 19:22:32 -05:00
Florian Apolloner
67b46ba701
Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login.
...
This is a security fix.
2016-03-01 11:25:28 -05:00
Jon Dufresne
eac1423f9e
Removed obsolete test CreatesuperuserManagementCommandTestCase.test_nolocale.
...
Test was added in 4c934f3921
to verify that
the commend works when locale.getdefaultlocale() doesn't return a locale.
getdefaultlocale() no longer runs at runtime, so the test isn't needed.
2016-02-29 08:46:37 -05:00
Olivier Le Thanh Duong
10781b4c6f
Fixed #12233 -- Allowed redirecting authenticated users away from the login view.
...
contrib.auth.views.login() has a new parameter `redirect_authenticated_user`
to automatically redirect authenticated users visiting the login page.
Thanks to dmathieu and Alex Buchanan for the original code and to Carl Meyer
for the help and review.
2016-02-25 07:18:33 -05:00
Tim Graham
c62807968d
Fixed a stray __unicode__() method in auth_tests.
2016-02-23 13:20:50 -05:00
Tim Graham
47b5a6a43c
Fixed #26187 -- Removed weak password hashers from PASSWORD_HASHERS.
2016-02-22 18:59:23 -05:00
Berker Peksag
f0425c7260
Refs #19353 -- Added tests for using custom user models with built-in auth forms.
...
Also updated topics/auth/customizing.txt to reflect that subclasses of
UserCreationForm and UserChangeForm can be used with custom user models.
Thanks Baptiste Mispelon for the initial documentation.
2016-02-17 10:26:07 -05:00