innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
31,080 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

1135 Commits

Author SHA1 Message Date
Sergey Yurchenko 4e64e3bb6e Fixed #26997 -- Fixed checks crash with empty Meta.default_permissions. 2016-08-03 09:14:01 -04:00
Claude Paroz 374b6091ac Pulled contrib translations from Transifex 
Forward port f19cadd391 from stable/1.10.x
 2016-08-01 19:47:19 +02:00
Andrew Nester 0ba179194b Fixed #26929 -- Deprecated extra_context parameter of contrib.auth.views.logout_then_login(). 2016-07-28 11:57:02 -04:00
Andrew Nester dde6288fbe Fixed #26882 -- Added tests for auth.views.logout_then_login(). 2016-07-22 15:04:13 -04:00
Claude Paroz 255fb99284 Fixed #17209 -- Added password reset/change class-based views 
Thanks Tim Graham for the review.
 2016-07-16 10:36:12 +02:00
Claude Paroz 490107f14d Added Upper/Lower Sorbian translations 2016-06-29 21:11:30 +02:00
Bang Dao + Tam Huynh 09119dff14 Fixed #26719 -- Normalized email in AbstractUser.clean(). 2016-06-24 10:37:38 -04:00
Claude Paroz 78963495d0 Refs #17209 -- Added LoginView and LogoutView class-based views 
Thanks Tim Graham for the review.
 2016-06-24 10:45:13 +02:00
Tim Graham 39805686b3 Refs #21379, #26719 -- Moved username normalization to AbstractBaseUser. 
Thanks Huynh Thanh Tam for the initial patch and Claude Paroz for review.
 2016-06-21 16:19:37 -04:00
Tim Graham 1915a7e5c5 Increased the default PBKDF2 iterations. 2016-05-20 09:19:19 -04:00
Claude Paroz 5ccee815ff Updated translation catalogs 2016-05-17 23:21:35 +02:00
Florian Apolloner 9baf692a58 Fixed #26601 -- Improved middleware per DEP 0005. 
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
 2016-05-17 07:22:22 -04:00
Claude Paroz 9935f97cd2 Refs #21379 -- Normalized unicode username inputs 2016-05-16 19:38:02 +02:00
Claude Paroz 526575c641 Fixed #21379 -- Created auth-specific username validators 
Thanks Tim Graham for the review.
 2016-05-16 19:37:57 +02:00
Simon Charette 61a16e0270 Fixed #24075 -- Used post-migration models in contrib apps receivers. 
Thanks Markus and Tim for the review.
 2016-05-15 19:51:16 -04:00
Tim Graham 094ea69e07 Fixed #26614 -- Used constant_time_compare() in checking session auth hash in login(). 2016-05-13 18:26:10 -04:00
Claude Paroz b26fedacef Fixed #26544 -- Delayed translations of SetPasswordForm help_texts 
Thanks Michael Bitzi for the reporti and Tim Graham for the review.
 2016-05-07 10:17:49 +02:00
Tim Graham 03efa304bc Refs #25847 -- Added system check for UserModel.is_anonymous/is_authenticated methods. 2016-05-06 08:56:06 -04:00
Claude Paroz 8dcf352c03 Pulled translations from Transifex 2016-04-30 14:27:07 +02:00
Claude Paroz d9a00ad16b Removed deprecated Chinese language codes for contrib apps 
Refs #18149.
 2016-04-30 14:26:47 +02:00
Bas Westerbaan a5033dbc58 Refs #26033 -- Added password hasher support for Argon2 v1.3. 
The previous version of Argon2 uses encoded hashes of the form:
   $argon2d$m=8,t=1,p=1$<salt>$<data>

The new version of Argon2 adds its version into the hash:
   $argon2d$v=19$m=8,t=1,p=1$<salt>$<data>

This lets Django handle both version properly.
 2016-04-25 21:17:53 -04:00
Jeremy Lainé c1aec0feda Fixed #25847 -- Made User.is_(anonymous|authenticated) properties. 2016-04-09 14:54:18 -04:00
Tim Graham df8d8d4292 Fixed E128 flake8 warnings in django/. 2016-04-08 09:51:06 -04:00
Simon Charette a872194802 Fixed #26470 -- Converted auth permission validation to system checks. 
Thanks Tim for the review.
 2016-04-06 22:40:43 -04:00
Alexander Gaevsky e0a3d93730 Fixed #25232 -- Made ModelBackend/RemoteUserBackend reject inactive users. 2016-03-23 09:01:48 -04:00
Tim Graham 1243fdf5cb Fixed #26395 -- Skipped the CryptPasswordHasher tests on platforms with a dummy crypt module. 2016-03-22 11:22:21 -04:00
Berker Peksag efa9539787 Fixed #26381 -- Made UserCreationForm reusable with custom user models that define USERNAME_FIELD. 2016-03-21 12:32:42 -04:00
Vincenzo Pandolfo d0fe6c9156 Fixed #26334 -- Removed whitespace stripping from contrib.auth password fields. 2016-03-14 20:20:24 -04:00
ieatkittens ab8af342b1 Fixed #26343 -- Sent user_login_failed signal if an auth backend raises PermissionDenied. 2016-03-12 16:44:39 -05:00
Bas Westerbaan b4250ea04a Fixed #26033 -- Added Argon2 password hasher. 2016-03-08 11:22:18 -05:00
Jon Dufresne 1845bc1d10 Refs #26315 -- Cleaned up argparse options in commands. 
* Removed type coercion. Options created by argparse are already coerced
  to the correct type.
* Removed fallback default values. Options created by argparse already
  have a default value.
* Used direct indexing. Options created by argparse are always set. This
  eliminates the need to use dict.get().
 2016-03-05 13:19:29 -05:00
Florian Apolloner 67b46ba701 Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login. 
This is a security fix.
 2016-03-01 11:25:28 -05:00
Olivier Le Thanh Duong 10781b4c6f Fixed #12233 -- Allowed redirecting authenticated users away from the login view. 
contrib.auth.views.login() has a new parameter `redirect_authenticated_user`
to automatically redirect authenticated users visiting the login page.

Thanks to dmathieu and Alex Buchanan for the original code and to Carl Meyer
for the help and review.
 2016-02-25 07:18:33 -05:00
Mounir Messelmeni 50931dfa53 Fixed #25304 -- Allowed management commands to check if migrations are applied. 2016-02-12 13:34:56 -05:00
Tim Graham 004ba0f99e Removed unneeded hint=None/obj=None in system check messages. 2016-02-12 13:01:25 -05:00
Tim Graham 926d41f0e7 Updated some comments for BCryptSHA256PasswordHasher. 2016-02-11 11:57:12 -05:00
Charlie Denton 46c13fef46 Fix typo in comment 2016-02-11 11:14:06 +00:00
Simon Charette 6eb3ce11e4 Fixed #26089 -- Removed custom user test models from public API. 
Thanks to Tim Graham for the review.
 2016-02-04 12:30:34 -05:00
Hugo Osvaldo Barrera dcee1dfc79 Fixed #12405 -- Added LOGOUT_REDIRECT_URL setting. 
After a user logs out via auth.views.logout(), they're redirected
to LOGOUT_REDIRECT_URL if no `next_page` argument is provided.
 2016-02-04 10:35:37 -05:00
Matt Robenolt 8048411c97 Fixed a typo in BCryptPasswordHasher docstring 
There is no BCryptSHA512PasswordHasher.
 2016-01-09 12:14:51 -05:00
Collin Anderson 780bddf75b Fixed #20846 -- Decreased User.username max_length to 150 characters. 2016-01-08 18:06:44 -05:00
Paulo Poiati b643386668 Fixed #24855 -- Allowed using contrib.auth.login() without credentials. 
Added an optional `backend` argument to login().
 2016-01-07 08:56:07 -05:00
Simon Charette a08fda2111 Fixed #25746 -- Isolated inlined test models registration. 
Thanks to Tim for the review.
 2016-01-06 20:00:07 -05:00
Tim Graham f0ad641628 Fixed #26016 -- Restored contrib.auth hashers compatibility with py-bcrypt. 
Reverted "Explicitly passed rounds as rounds to bcrypt.gensalt()"

This reverts commit 23529fb195.
 2016-01-02 06:54:13 -05:00
Marten Kenbeek 16411b8400 Fixed #26013 -- Moved django.core.urlresolvers to django.urls. 
Thanks to Tim Graham for the review.
 2015-12-31 14:21:29 -05:00
Claude Paroz f14ab700c3 Updated translations from Transifex 
Forward port of 59f3590ca7 from stable/1.9.x.
 2015-12-31 15:53:02 +01:00
Thomas Grainger d638cdc42a Fixed #25165 -- Removed inline JavaScript from the admin. 
This allows setting a Content-Security-Policy HTTP header
(refs #15727).

Special thanks to blighj, the original author of this patch.
 2015-12-05 15:51:57 -05:00
Josh Soref 93452a70e8 Fixed many spelling mistakes in code, comments, and docs. 2015-12-03 12:48:24 -05:00
Claude Paroz 273ce8aa6a Pulled contrib translations from Transifex 
Forward port of 6a4649c27e from stable/1.9.x
 2015-12-01 20:37:57 +01:00
Tim Graham 15ef1dd478 Fixed #20846 -- Increased User.username max_length to 254 characters. 
Thanks Collin Anderson and Nick Sandford for work on the patch.
 2015-10-29 08:58:49 -04:00
Tim Graham 5acf203db2 Fixed #25596 -- Fixed regression in password change view with custom user model. 
The reverse() added in 50aa1a790c
crashed on a custom user model.
 2015-10-27 08:18:22 -04:00
Claude Paroz 5171f56fae Pluralized translatable strings in password_validation.py 
Forward port of 86dc4889f from master.
 2015-10-10 15:17:21 +02:00
Claude Paroz f233aa3ff9 Updated translation catalogs 
Forward port of f717cb2ab4 from stable/1.9.x.
 2015-10-09 18:02:47 +02:00
Kaleb Elwert adcf823359 Fixed #25490 -- Made the logout() view send "no-cache" headers. 2015-10-02 12:29:54 -04:00
Antoine Catton 53ccffdb8c Refs #16860 -- Fixed password help text when there aren't any validators. 
This avoids creating an empty list which is invalid HTML 4.
 2015-09-28 15:30:16 -04:00
Tzu-ping Chung 7372cdebed Fixed #25457 -- Improved formatting of password validation errors in management command output. 2015-09-24 19:45:19 -04:00
Tim Graham 593c9eb660 Increased the default PBKDF2 iterations for the 1.10 release cycle. 2015-09-23 19:31:11 -04:00
Tim Graham 849037af36 Refs #23957 -- Required session verification per deprecation timeline. 2015-09-23 19:31:10 -04:00
Tim Graham f1761e3fef Refs #21648 -- Removed is_admin_site option from password_reset() view. 
Per deprecation timeline.
 2015-09-23 19:31:10 -04:00
sujayskumar d8d853378b Fixed #24944 -- Added extra_email_context parameter to password_reset() view. 2015-09-18 18:56:04 -04:00
Dražen Odobašić b1e33ceced Fixed #23395 -- Limited line lengths to 119 characters. 2015-09-12 11:40:50 -04:00
Raphael Michel 1bbca7961c Fixed #25350 -- Added alias --no-input for --noinput to management commands. 2015-09-08 08:41:03 -04:00
Maxime Lorant 5153a3bfdc Fixed #25331 -- Removed trailing blank lines in docstrings. 2015-08-31 17:37:21 -04:00
Y3K 235caabacc Fixed #25324 -- Registered ModelAdmin instances with @admin.register decorator 2015-08-31 15:41:09 +10:00
Alex Becker 53d28f8339 Fixed #25089 -- Added password validation to createsuperuser/changepassword. 2015-08-01 20:18:26 -04:00
Tim Graham 264eeaf14a Removed unnecessary if statement in createsuperuser command. 2015-08-01 20:00:05 -04:00
Flavio Curella c2e70f0265 Fixed #21127 -- Started deprecation toward requiring on_delete for ForeignKey/OneToOneField 2015-07-27 18:28:13 -04:00
Akis Kesoglou 29465d438e Fixed #25142 -- Added PermissionRequiredMixin.has_permission() to allow customization. 2015-07-27 10:23:56 -04:00
lukasz.wojcik 927b30a6ab Fixed #24126 -- Deprecated current_app parameter to auth views. 2015-07-21 08:26:41 -04:00
Wim Feijen c082363527 Reworded contrib.auth forms' password confirmation help_text. 
"As above" refers to a spatial orientation, which might
not be present, for example when the two password fields
are shown next to each other.
 2015-07-20 15:51:50 -04:00
Tim Graham 774c16d16e Fixed #25052; refs #16860 -- Added password validation to UserCreationForm. 2015-07-20 13:44:34 -04:00
Tim Graham f5e9d67907 Refs #16860 -- Moved password_changed() logic to AbstractBaseUser. 
Thanks Carl Meyer for review.
 2015-07-20 13:44:26 -04:00
Tim Graham e25ba6e8bb Refs #25073 -- Copied recently added verbose_names to migrations. 2015-07-17 14:07:18 -04:00
Curtis Maloney 23529fb195 Explicitly passed rounds as rounds to bcrypt.gensalt() 2015-07-13 12:35:24 -04:00
Szilveszter Farkas f576b23a65 Fixed #25073 -- Added verbose_name to contrib's model fields that were missing it. 2015-07-12 13:44:16 -04:00
Jan Pazdziora a570701e02 Fixed #25029 -- Added PersistentRemoteUserMiddleware for login-page-only external authentication. 2015-07-02 17:38:10 -04:00
Tim Graham 7da3923ba0 Sorted imports in __init__.py files. 2015-06-27 11:53:33 -04:00
Tim Graham aaacaeb096 Renamed RemovedInDjangoXYWarnings for new roadmap. 
Forwardport of ae1d663b79
from stable/1.8.x plus more.
 2015-06-24 16:08:20 -04:00
Francisco Albarran e75b614640 Fixed #25009 -- Allowed User.objects.create_user(...,is_staff=True) to work. 2015-06-22 11:34:26 -04:00
Markus Holtermann e5cb4e1411 Fixed #24914 -- Added authentication mixins for CBVs 
Added the mixins LoginRequiredMixin, PermissionRequiredMixin and
UserPassesTestMixin to contrib.auth as counterparts to the respective
view decorators.

The authentication mixins UserPassesTestMixin, LoginRequiredMixin and
PermissionRequiredMixin have been inspired by django-braces
<https://github.com/brack3t/django-braces/>

Thanks Raphael Michel for the initial patch, tests and docs on the PR
and Ana Balica, Kenneth Love, Marc Tamlyn, and Tim Graham for the
review.
 2015-06-17 23:19:10 +02:00
Tim Graham 09f2cdbe1a Refs #16860 -- Fixed a resource and deprecation warning in password validation. 2015-06-16 11:02:27 -04:00
elena 841a87785a Corrected to not erroneously mention email as being required. 
Email field isn't required.
 2015-06-15 14:58:48 +02:00
Tim Graham 55b3bd8468 Refs #16860 -- Minor edits and fixes to password validation. 2015-06-10 07:41:01 -04:00
Raphael Michel 39937de7e6 Fixed #24929 -- Allowed permission_required decorator to take any iterable 2015-06-08 13:44:39 -04:00
Erik Romijn 1daae25bdc Fixed #16860 -- Added password validation to django.contrib.auth. 2015-06-07 19:31:20 +02:00
Alasdair Nicol 1ea87c8c79 Fixed #24910 -- Added createsuperuser support for non-unique USERNAME_FIELDs 
Clarified docs to say that a non-unique USERNAME_FIELD is permissable
as long as the custom auth backend can support it.
 2015-06-06 09:33:02 -04:00
Tim Graham 8047e3666b Added contrib.auth migration for refs #13147. 2015-05-28 15:22:22 -04:00
Piotr Jakimiak 4157c502a5 Removed unnecessary arguments in .get method calls 2015-05-13 20:51:18 +02:00
Edvinas Jurevicius 72f6513eba Improved formatting of auth model fields. 2015-05-05 12:59:19 -04:00
Dan Watson fe914341c8 Fixed #24564 -- Moved AbstractBaseUser and BaseUserManager so they can be used without auth in INSTALLED_APPS 2015-05-05 12:03:48 -04:00
Luis Del Giudice db0a0c4b8a Fixed #24737 -- Removed unnecesary kwargs in UserManager._create_user() 2015-05-02 21:07:58 -04:00
Claude Paroz 6aed5cfc6f Updated translations from Transifex 
Updates for languages: Indonesian, Belarusian, Persian, and Dutch.
Forward port of cb370f8510 from stable/1.8.x
 2015-04-30 14:29:08 +02:00
Matt Robenolt 6387d9d41f Refactored PasswordResetTokenGenerator to be a bit more extensible. 2015-04-20 14:27:12 -04:00
Christopher Luc e37d52bd5e Fixed #22993 -- Deprecated skipIfCustomUser decorator 2015-04-07 09:45:32 -04:00
Claude Paroz 88dfe544f6 Fetched updated contrib translations from Transifex 
Forward port of 5483c66f85 from stable/1.8.x
 2015-04-01 19:51:50 +02:00
Tim Graham b86abbceb9 Fixed #24115 -- Allowed bcrypt hashers to upgrade passwords on rounds change. 
Thanks Florian Apolloner for the review.
 2015-03-30 18:52:59 -04:00
Claude Paroz c2bfd76ec3 Refs #15779 -- Fixed UserChangeForm regression introduced by 1791a7e75 
Thanks Tim Graham for reporting the regression.
 2015-03-28 09:24:01 +01:00
Anssi Kääriäinen 8f30556329 Renamed Field.rel attribute to remote_field 
Field.rel is now deprecated. Rel objects have now also remote_field
attribute. This means that self == self.remote_field.remote_field.

In addition, made the Rel objects a bit more like Field objects. Still,
marked ManyToManyFields as null=True.
 2015-03-25 08:16:12 -04:00
Claude Paroz 465edf2bb2 Updated translation catalogs 
Strings are frozen in anticipation of the Django 1.8 release.
Forward port of 1cd2584c98 from stable/1.8.x
 2015-03-18 09:31:00 +01:00
Joeri Bekker 0ed20d5cc4 Fixed #23926 -- Improved validation error for custom permissions that are too long. 2015-03-16 12:13:49 -04:00
Thomas Tanner 28986da4ca Fixed #5986 -- Added ability to customize order of Form fields 2015-03-16 09:12:57 -04:00
Simon Charette 19f7278c86 Removed reference to iteration count in the PBKDF2 hasher docstring. 2015-02-20 16:37:29 -05:00
Frank Wiles e43f99d1a9 Fixed PBKDF2PasswordHasher comments to reflect reality. 2015-02-20 16:00:51 -05:00
Loic Bistuer bed504d70b Fixed #24351, #24346 -- Changed the signature of allow_migrate(). 
The new signature enables better support for routing RunPython and
RunSQL operations, especially w.r.t. reusable and third-party apps.

This commit also takes advantage of the deprecation cycle for the old
signature to remove the backward incompatibility introduced in #22583;
RunPython and RunSQL won't call allow_migrate() when when the router
has the old signature.

Thanks Aymeric Augustin and Tim Graham for helping shape up the patch.

Refs 22583.
 2015-02-20 21:34:09 +07:00
Tim Graham 4538cbf17d Fixed #24299 -- Added an auth migration to ensure contenttypes is migrated. 
Without this migration, the auth signal handlers will fail if migrating
only auth.
 2015-02-16 14:52:30 -05:00
Tim Graham 002425fe39 Fixed #24315 -- Fixed auth.views.password_reset_confirm() with a UUID user. 2015-02-13 09:56:31 -05:00
Tim Graham fdf20093e0 Fixed #24334 -- Allowed admin password reset to work with non-digit custom user model primary key. 
Thanks Loic for help and Simon for review.
 2015-02-13 09:42:49 -05:00
Tim Graham 0f7f5bc9e7 Fixed #24161 -- Stored the user primary key as a serialized value in the session. 
This allows using a UUIDField primary key along with the JSON session
serializer.

Thanks to Trac alias jamesbeith for the report and Simon Charette
for the initial patch.
 2015-02-12 07:38:16 -05:00
Tim Graham 5ab327a389 Moved non-documented auth test models to the new test location. 2015-02-11 10:29:48 -05:00
Tim Graham 2d7aca3da0 Moved contrib.auth tests out of contrib. 2015-02-11 10:19:22 -05:00
Tim Graham 197dd4b8f1 Prevented some test commands from needlessly running system checks. 
This is a performance optimization and also fixes test errors with the
upcoming merge of contrib tests into tests/. The tests failed on MySQL
because the models with GeometryField were being checked but the
non-GIS MySQL backend didn't know how to handle them.
 2015-02-11 10:14:38 -05:00
Claude Paroz 50aa1a790c Replaced some more hardcoded admin URLs 2015-02-09 17:29:53 +01:00
Tim Graham 1256274750 Removed stray comment in auth.views. 2015-02-09 07:50:47 -05:00
Claude Paroz 32e6a7d3a5 Replaced hardcoded URLs in admin_* tests 
Refs #15779. This will allow easier admin URL changes, when needed.
Thanks Simon Charette for the review.
 2015-02-08 20:55:09 +01:00
Markus Holtermann 2832a9b028 Revert "Fixed #24075 -- Prevented running post_migrate signals when unapplying initial migrations of contenttypes and auth" 
This reverts commit 737d24923a.
 2015-02-07 20:14:49 +01:00
Markus Holtermann bd3d796ecd Revert "Refs #24075 -- Silenced needless call_command output while running tests" 
This reverts commit 51dc617b21.
 2015-02-07 19:22:31 +01:00
Tim Graham 0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00
Tim Graham 4444ff39a4 Removed direct manipulation of settings in auth tests; refs #21230. 2015-02-04 09:56:55 -05:00
darkryder 9ec8aa5e5d Fixed #24149 -- Normalized tuple settings to lists. 2015-02-03 14:59:45 -05:00
Tim Graham a53541852d Removed contrib.auth.forms.mask_password() 
This function is unused since dce820ff70
after being introduced in 718a5ba1a1
 2015-02-02 11:13:14 -05:00
Adam Taylor 039465a6a7 Fixed typos in code comments. 2015-01-20 12:18:03 -05:00
Claude Paroz 53e1423eda Updated en translation catalogs 
Forward port of 666c12e52 from stable/1.8.x
 2015-01-17 11:19:37 +01:00
Tim Graham c51258882b Increased the default PBKDF2 iterations. 2015-01-16 19:27:10 -05:00
Claude Paroz b4ac232907 Fixed #24099 -- Removed contenttype.name deprecated field 
This finsishes the work started on #16803.
Thanks Simon Charette, Tim Graham and Collin Anderson for the
reviews.
 2015-01-16 20:21:34 +01:00
Markus Holtermann 51dc617b21 Refs #24075 -- Silenced needless call_command output while running tests 
Thanks Tim Graham for the report
 2015-01-15 21:07:39 +01:00
Markus Holtermann 737d24923a Fixed #24075 -- Prevented running post_migrate signals when unapplying initial migrations of contenttypes and auth 
Thanks Florian Apolloner for the report and Claude Paroz and Tim Graham for the review and help on the patch.
 2015-01-14 19:59:39 +01:00
Aymeric Augustin 5f7230e12f Fixed #24124 (again) -- Updated tests with new default context_processors. 
Thanks Collin for the review.
 2015-01-12 22:31:44 +01:00
Claude Paroz d7bc37d611 Fixed #24097 -- Prevented AttributeError in redirect_to_login 
Thanks Peter Schmidt for the report and the initial patch.
Thanks to ​Oktay Sancak for writing the original failing test and
Alvin Savoy for supporting contributing back to the community.
 2015-01-10 10:05:02 +01:00
Tim Graham 4986653d9d Fixed a typo in contrib/auth/tests/custom_user.py docstring. 2015-01-09 14:33:04 -05:00
Tim Graham 40a8504357 Fixed #23891 -- Moved deprecation of IPAddressField to system check framework. 
Thanks Markus Holtermann for review.
 2015-01-01 13:30:52 -05:00
Thomas Tanner 46068d850d Fixed #22295 -- Replaced permission check for displaying admin user-tools 2014-12-31 16:31:59 -05:00
Claude Paroz 51890ce889 Applied ignore_warnings to Django tests 2014-12-30 18:16:25 +01:00
Aymeric Augustin cf0fd65ed4 Deprecated TEMPLATE_LOADERS. 2014-12-28 17:02:30 +01:00
Aymeric Augustin cf1f36bb6e Deprecated current_app in TemplateResponse and render(_to_response). 2014-12-28 17:02:29 +01:00
Aymeric Augustin fdbfc98003 Deprecated some arguments of django.shortcuts.render(_to_response). 
dictionary and context_instance and superseded by context.

Refactored tests that relied context_instance with more modern idioms.
 2014-12-28 17:02:29 +01:00
Tim Graham 271d4f8f85 Fixed #23948 -- Moved password help text from the template to the form. 
Thanks Mithos for the report and patch.
 2014-12-26 08:09:12 -05:00
Collin Anderson 5dddd79433 Fixed #20349 -- Moved setting_changed signal to django.core.signals. 
This removes the need to load django.test when not testing.
 2014-12-24 07:18:43 -05:00
Tim Graham 0d5ca7b560 Moved an import in an auth test; refs #23925. 
This keeps tests/__init__.py from importing other modules and may fix a problem
with test discovery revealed in formtools tests on Travis CI.
 2014-12-15 10:09:18 -05:00
Markus Holtermann aa5ef0d4fc Fixed #23822 -- Added support for serializing model managers in migration 
Thanks to Shai Berger, Loïc Bistuer, Simon Charette, Andrew Godwin,
Tim Graham, Carl Meyer, and others for their review and input.
 2014-12-15 08:34:15 -05:00
Berker Peksag 560b4207b1 Removed redundant numbered parameters from str.format(). 
Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}".
 2014-12-03 14:27:38 -05:00
Tim Graham b06dfad88f Fixed #23939 -- Moved session verification out of SessionAuthenticationMiddleware. 
Thanks andrewbadr for the report and Carl Meyer for the review.
 2014-12-03 13:11:47 -05:00
sdeprez 9e80c5f457 Fixed #23925 -- Allowed settings.AUTHENTICATION_BACKENDS to reference import aliases 2014-11-28 10:47:33 -05:00
Diego Guimarães f39b0421b4 Fixed #23338 -- Added warning when unique=True on ForeigKey 
Thanks Jonathan Lindén for the initial patch, and Tim Graham
and Gabe Jackson for the suggestions.
 2014-11-27 19:42:30 -05:00
wrwrwr dd35cc232a Fixed #23641 -- Moved post_migrate signals for contrib apps to AppConfig.ready(). 2014-11-27 13:06:35 -05:00
Aymeric Augustin 7331788300 Avoided rewrapping Contexts in render_to_response. 
This change preserves backwards-compatibility for a very common misuse
of render_to_response which even occurred in the official documentation.

It fixes that misuse wherever it happened in the code base and docs.

Context.__init__ is documented as accepting a dict and nothing else.
Since Context is dict-like, Context(Context({})) could work to some
extent. However, things get complicated with RequestContext and that
gets in the way of refactoring the template engine. This is the real
rationale for this change.
 2014-11-22 17:58:38 +01:00
Aymeric Augustin dca33ac15d Simplified caching of password hashers. 
load_hashers cached its result regardless of its password_hashers
argument which required fragile cache invalidation. Remove that
argument in favor of @override_settings and triggering cache
invalidation with a signal.
 2014-11-19 21:35:39 +01:00
Erik Romijn c1584e1df4 Refs #23793 -- Fixed test failure after password reset messages clarification 2014-11-15 17:05:24 +01:00
Yigit Guler 9dde0a211e Fixed #23793 -- Clarified password reset messages. 2014-11-15 16:29:13 +01:00
averybigant b7a5b6ab86 Fixed #23750 -- Allowed core.checks.register to be used as a function 2014-11-11 16:29:32 +01:00
Veres Lajos a71a2ea756 Fixed typos using https://github.com/vlajos/misspell_fixer 2014-11-03 20:59:30 -05:00
Berker Peksag f7969b0920 Fixed #23620 -- Used more specific assertions in the Django test suite. 2014-11-03 11:56:37 -05:00
Claude Paroz b8f2c972d0 Removed redundant skip_checks option for call_command 2014-10-20 17:26:00 +02:00
Claude Paroz d6a15026c4 Updated translations from Transifex 
Forward port of e9c8aefbce from stable/1.7.x
 2014-09-30 20:55:50 +02:00
Thomas Chaumeny b2aad7b836 Replaced set([foo, ...]) by {foo, ...} literals. Refs PR 3282. 
Thanks Collin Anderson for the review.
 2014-09-29 00:01:38 +07:00
Damien Baty ad491ecc6e Fixed #23488 -- Added AnonymousUser.get_username(). 2014-09-18 10:48:28 -04:00
Aymeric Augustin aa399f6b8b Use "catch" instead of "trap" for exceptions. 
This is the idiomatic word in the Python world.
 2014-09-08 22:23:44 +02:00
Tim Graham 1101467ce0 Limited lines to 119 characters in django/ 
refs #23395.
 2014-09-05 09:22:16 -04:00
Carl Meyer 89559bcfb0 Fixed #23409 -- Extract PasswordResetForm.get_users method. 
Allows easier customization of policies regarding which users are allowed to
reset their password.

Thanks Aymeric for review.
 2014-09-03 12:25:11 -06:00
Tim Graham e39af5ea59 Fixed #21648 -- Deprecated is_admin_site option to auth.views.password_reset(). 2014-08-23 19:32:58 -04:00
Preston Holmes 5307ce565f Fixed #23066 -- Modified RemoteUserMiddleware to logout on REMOTE_USER change. 
This is a security fix. Disclosure following shortly.
 2014-08-20 14:39:40 -04:00
Claude Paroz efa67b897b Fetched translations from Transifex 
Forward port of 49280a73ea from stable/1.7.x
 2014-08-20 10:22:41 +02:00
Collin Anderson 1d79d08d9a Fixed #23294 -- Add related_name to existing migrations. 
Thanks to Florian Apolloner for the review; refs #23288.
 2014-08-15 12:39:06 -04:00
Gabriel Muñumel deed00c0d8 Fixed #23162 -- Renamed forms.Field._has_changed() to has_changed(). 2014-08-15 08:14:45 -04:00
Trey Hunner 6868643063 Added newlines to the ends of CSS, HTML, and JavaScript files missing them. 2014-08-12 19:22:09 -04:00
Tim Graham a9fd740d22 Fixed #23276 -- Deprecated passing views as strings to url(). 2014-08-12 13:15:40 -04:00
Andrew Godwin 059f5d17c5 Fixed #23163: Align user help text with migrations 2014-08-04 13:57:02 +10:00
Tim Graham a2479f46f3 Fixed #7220 -- Allowed AbstractBaseUser.last_login to be null. 
Thanks veena for the suggestion and Simon Charette and Kévin Etienne for reviews.
 2014-08-01 17:51:49 -04:00
Jürno Ader 76f2f58a18 Fixed #22956 -- Made PermissionManager.get_by_natural_key() use the correct database for content type lookup. 2014-07-31 13:35:27 -04:00
Iain Dawson b4cf7e3d1d Fixed typo in PermissionsMixin.groups.help_text. 2014-07-21 20:03:45 +00:00
Iain Dawson 8fbf13a6c8 Replaced instances of 'his/her' with 'their'. 2014-07-21 19:49:12 +00:00
Alex Gaynor 6732566967 Bump the default iterations for PBKDF2. 
The rate at which we've increased this has not been keeping up with hardware (and software) improvements, and we're now considerably behind where we should be. The delta between our performance and an optimized implementation's performance prevents us from improving that further, but hopefully once Python 2.7.8 and 3.4+ get into more hands we can more aggressively increase this number.
 2014-07-11 22:43:26 -07:00
Tim Graham d5e1a2d5eb Added contrib.auth migration for refs #13147. 2014-07-10 13:06:42 -04:00
Yin Jifeng 849538d03d Fixed #13147 -- Moved User validation logic from form to model. 2014-07-10 09:36:43 -04:00
Anubhav Joshi 75ff7b8fb8 Fixed #21832 -- Updated prompt, tests, and docs to show that USERNAME_FIELD supports FK after 9bc2d76. 
Also added get_input_data() hook in createsuperuser.

Thanks Chris Jerdonek and Tim Graham for review.
 2014-07-08 08:21:41 -04:00
Tim Graham 7fd55c3481 Fixed #20631 -- Increased the default EmailField max_length to 254. 
Thanks pmartin for the report.
 2014-07-04 14:15:00 -04:00
Anubhav Joshi 9bc2d766a0 Fixed #21755 -- Added ForeignKey support to REQUIRED_FIELDS. 
This allows specifying ForeignKeys in REQUIRED_FIELDS when using a
custom User model.

Thanks cjerdonek and bmispelon for suggestion and timgraham for review.
 2014-07-03 07:42:52 -04:00
Tim Graham c26579eaa7 Removed django/contrib/auth/create_superuser.py 
It's a shim that calls the actual createsuperuser management command and
it's been marked as deprecated since Django 1.0.
 2014-07-01 08:51:06 -04:00
Tim Graham cf252dbea6 Fixed #8162 -- Increased Permission.name max_length to 255 characters. 2014-06-30 14:20:51 -04:00
Tim Graham 150d88cc2c Restored is_anonymous() check in ModelBackend permission checking removed in refs #17903. 
Thanks Florian Apolloner for raising the issue.
 2014-06-24 07:09:38 -04:00
Jorge C. Leitão c33447a50c Fixed #17903 -- Modified ModelBackend to eliminate permissions on inactive users. 
Thanks to @SmileyChris for the report and @timgraham for review.
 2014-06-23 19:57:20 -04:00
Jorge C. Leitão 0a8c0eda2a Simplified test of contrib.auth.tests. 2014-06-23 19:30:06 -04:00
Tim Graham b341f33697 Added database migration for contrib.auth. 
refs #22170.
 2014-06-16 16:21:37 -04:00
Claude Paroz f17b24e407 Converted remaining management commands to argparse 2014-06-14 13:43:44 +02:00
mlavin 4696cd9671 Fixed #22477 -- Removed contrib middleware from the global settings defaults. 
Also added a compatibility check for changed middleware defaults.

Forwardport of d94de802d3 from stable/1.7.x
 2014-06-13 12:45:56 -04:00
Jorge C. Leitão cc35bd461d Fixed #7599 -- Added get_user_permissions to ModelBackend. 
Thanks to @gdub for the report and intial patch and
@charettes and @timgraham for the review.
 2014-06-13 09:34:04 -04:00
Tim Graham 93d05536fd Fixed #22770 -- Removed create_superuser from post_migrate signals. 
Moved logic to syncdb command for backwards compatibility.
 2014-06-10 14:37:37 -04:00
Jorge C. Leitão a00b78b1e2 Fixed #17431 -- Added send_mail() method to PasswordResetForm. 
Credits for the initial patch go to ejucovy;
big thanks to Tim Graham for the review.
 2014-06-10 14:00:52 -04:00
Alex Gaynor 1dcc603eff Fixed several typos in Django 2014-05-28 17:39:14 -07:00
Claude Paroz b8c480a12b Removed unused translations in auth tests 2014-05-20 12:21:05 +02:00
Claude Paroz 1a69d276bd Updated translation catalogs 2014-05-19 15:17:35 +02:00
Tim Graham b68fac7e88 Fixed #22652 -- Replaced UserModel.objects with UserModel._default_manager. 
Thanks alexdlaird for the report.
 2014-05-19 08:35:44 -04:00
Jorge C. Leitão 2e364a0aac Fixed #15716 - Authentication backends can short-circuit authorization. 
Authorization backends can now raise PermissionDenied in "has_perm"
and "has_module_perms" to short-circuit authorization process.
 2014-05-16 12:57:38 -04:00
Erik Romijn 255449c1ee Added additional checks in is_safe_url to account for flexible parsing. 
This is a security fix. Disclosure following shortly.
 2014-05-14 10:19:48 +02:00
Alex Gaynor 2bcb8bfc8d Fix many many typos in comments throughout the codebase 2014-04-26 10:18:45 -07:00
Tim Graham 9e7f86b890 Fixed #22515 -- Fixed the object_id of the LogEntry that's created after a user password change in the admin. 
Thanks ross at servercode.co.uk for the report.
 2014-04-25 08:20:25 -04:00
Aymeric Augustin 428c0bbe1b Appeased flake8 2.1.0. 2014-04-21 12:27:34 +02:00
Tim Graham 11e30b684d Fixed a KeyError on login with legacy sessions; refs #21649. 
Thanks Loic for the report.
 2014-04-17 19:57:20 -04:00
John Paulett b5a9166f7e Fixed #22364 -- Sanitized getpass input in changepassword. 
Python 2 getpass on Windows does not accept unicode, even
when containing on ASCII characters. Related #190807.
 2014-04-10 13:15:37 -04:00
Tim Graham b513fa5fc6 Fixed #22195 -- Used constants to define built-in tags for check framework. 
Thanks Elvard for the patch.
 2014-04-10 08:45:48 -04:00
Aymeric Augustin 2791fbf59d Used more specific test assertions. 2014-04-09 22:20:22 +02:00
Anubhav Joshi cd914e31c9 Fixed #21977 -- Deprecated SimpleTestCase.urls 2014-04-06 17:33:43 -04:00
Tim Graham fd23c06023 Fixed #21649 -- Added optional invalidation of sessions when user password changes. 
Thanks Paul McMillan, Aymeric Augustin, and Erik Romijn for reviews.
 2014-04-05 12:50:51 -04:00
Tim Graham d73d0e071c Fixed #22218 -- Deprecated django.conf.urls.patterns. 
Thanks Carl Meyer for the suggestion and Alex Gaynor and Carl for reviews.
 2014-04-03 07:28:10 -04:00
Tim Graham 246face209 Fixed #22362 -- Improved AuthenticationMiddleware assertion message. 
Thanks Keryn Knight.
 2014-03-31 08:10:59 -04:00
Tim Graham ed4c2e1c0d Fixed #22329 -- Used label_tag() in some admin auth templates. 
refs #17922.
 2014-03-29 08:54:56 -04:00
Tim Graham 6d1ae5e27c Removed reading of old 'django_language' session variable per deprecation timeline. 
refs #5789.
 2014-03-21 09:53:16 -04:00
Ramiro Morales 1d42a86ec7 Tweak password admin change form view context. Refs #21293. 2014-03-11 09:52:43 -03:00
James Jenkins ec675ed6cc Fixed #22070 -- Changed verbose_name for apps in django.contrib to use title case 
Thanks bendavis78 for the report.
 2014-03-06 18:43:04 -05:00
Rodolfo Carvalho 0d91225892 Fixed many typos in comments and docstrings. 
Thanks Piotr Kasprzyk for help with the patch.
 2014-03-03 07:38:09 -05:00
Russell Keith-Magee 84207b6134 Edited contrib.auth check messages for grammar and consistency. 2014-03-03 13:39:58 +08:00
Claude Paroz 27e9069710 Allowed some auth tests to be run independently 2014-02-23 20:05:45 +01:00
Erik Romijn 8cd32f0965 Fixed #22120 -- Documented persistent activation of languages and cleaned up language session key use 2014-02-22 18:29:06 +01:00
Tim Graham e1c8bc8fea Fixed #21790 -- Removed reliance on an assert in auth.get_user(). 
Thanks matklad for the report.
 2014-02-18 14:23:38 -05:00
Tim Graham 20f455b3d6 flake8 fixes (unused imports and variables). 2014-02-18 11:33:30 -05:00
Baptiste Mispelon 6b310bafc5 Fixed broken tests when running with a non-TTY stdin. 2014-02-18 11:36:07 +01:00
Baptiste Mispelon 2a9ee49f3c Removed BaseCommand.stdin introduced in 116d39842d. 
This option is not actually very useful in the general case
because it doesn't override sys.stdin.

It's still marginally useful for testing some features of
the createsuperuser command so it was moved there.
This commit also makes the detection of a TTY in createsuperuser
a bit more robust, after a suggestion of appolo13.
 2014-02-18 11:36:06 +01:00
Baptiste Mispelon b78f9a12c8 Consolidated all tests for createsuperuser in the same TestCase. 2014-02-18 11:36:06 +01:00
Baptiste Mispelon a7639722f5 Fixed #7423 -- Skip superuser creation when not running in a TTY. 
Thanks to trac user galaxy4sale for the original report
and to AeroNotix for the patch.
 2014-02-17 04:58:31 +01:00
Berker Peksag 5d263dee30 Fixed #21674 -- Deprecated the import_by_path() function in favor of import_string(). 
Thanks Aymeric Augustin for the suggestion and review.
 2014-02-08 11:12:19 -05:00
Aymeric Augustin f9698c4391 Suppressed the `if Site._meta.installed` pattern. 
The purpose of this construct is to test if the django.contrib.sites
application is installed. But in Django 1.9 it will be forbidden to
import the Site model when the django.contrib.sites application isn't
installed.

No model besides Site used this pattern.

Refs #21719, #21923.
 2014-02-01 20:38:15 +01:00
Aymeric Augustin f901b4d6c8 Took advantage of the new get_model API. Refs #21702. 2014-01-26 13:08:05 +01:00
Aymeric Augustin 9ffab9cee1 Moved RequestSite and get_current_site. 
Following the app-loading refactor, these objects must live outside of
django.contrib.sites.models because they must be available without
importing the django.contrib.sites.models module when
django.contrib.sites isn't installed.

Refs #21680. Thanks Carl and Loic for reporting this issue.
 2014-01-26 08:50:47 +01:00
Aymeric Augustin 2ff93e027c Fixed #21829 -- Added default AppConfigs. 
Thanks Russell for the report, Marc for the initial patch, Carl for the
final review, and everyone who contributed to the design discussion.
 2014-01-25 10:41:56 +01:00
Russell Keith-Magee d818e0c9b2 Fixed #16905 -- Added extensible checks (nee validation) framework 
This is the result of Christopher Medrela's 2013 Summer of Code project.

Thanks also to Preston Holmes, Tim Graham, Anssi Kääriäinen, Florian
Apolloner, and Alex Gaynor for review notes along the way.

Also: Fixes #8579, fixes #3055, fixes #19844.
 2014-01-20 10:45:21 +08:00
Marc Tamlyn 2607fa9016 Fixed #21774 -- Isolate all test urls from eachother. 
This (nearly) completes the work to isolate all the test modules from
each other. This is now more important as importing models from another
module will case PendingDeprecationWarnings if those modules are not in
INSTALLED_APPS. The only remaining obvious dependencies are:

- d.c.auth depends on d.c.admin (because of the is_admin flag to some
  views), but this is not so important and d.c.admin is in
  always_installed_apps
- test_client_regress depends on test_client. Eventually these should
  become a single module, as the split serves no useful purpose.
 2014-01-14 15:43:27 +00:00
Aymeric Augustin d562527a16 Fixed #21477 -- Renamed db to using in pre/post_migrate signals. 2014-01-12 22:24:33 +01:00
Andrew Godwin f343f5e538 Fix wording of auth superuser post-migrate handler 2014-01-08 13:06:53 +00:00
Aymeric Augustin 27afd302c6 Fixed #21675 -- Added app configs for contrib apps. 2014-01-05 21:18:33 +01:00
Aymeric Augustin e5bcd1d455 Changed get_validation_errors to use an app config. 2013-12-29 21:48:58 +01:00
Aymeric Augustin 21f22f9544 Added Apps.clear_cache(). 
This avoid leaking implementation details to tests that swap models.
 2013-12-29 20:43:10 +01:00
Aymeric Augustin 82aadbb5d5 Fixed a typo. 
Thanks Simon.
 2013-12-29 20:35:58 +01:00
Aymeric Augustin 7b88a96553 Added AppConfig.get_models(). 2013-12-29 20:31:59 +01:00
Aymeric Augustin 308960b92a Cleared get_models cache when swapping User model. 
Thanks Florian for isolating the shortest way to reproduce this issue:

./runtests.py \
    django.contrib.auth.tests.test_context_processors.AuthContextProcessorTests.test_perms_attrs \
    django.contrib.auth.tests.test_auth_backends.ChangedBackendSettingsTest.test_changed_backend_settings \
    django.contrib.auth.tests.test_auth_backends.CustomUserModelBackendAuthenticateTest.test_authenticate \
    django.contrib.auth.tests.test_basic.BasicTestCase.test_createsuperuser_management_command
 2013-12-29 18:25:22 +01:00
Aymeric Augustin 00110904ac Refactored the migration signals to use app configs. 
De-aliased pre/post_syncdb to pre/post_migrate to increase
backwards-compatibility.
 2013-12-29 17:53:42 +01:00
Aymeric Augustin ba7206cd81 Changed get_model to raise an exception on errors. 
Returning None on errors required unpythonic error checking and was
inconsistent with get_app_config.

get_model was a private API until the previous commit, but given that it
was certainly used in third party software, the change is explained in
the release notes.

Applied the same change to get_registered_model, which is a new private
API introduced during the recent refactoring.
 2013-12-28 20:53:00 +01:00
Aymeric Augustin 8f04f53dd8 Removed a few gratuitous lambdas. 2013-12-26 14:03:50 +01:00
Tim Graham 4e7aa573ec Added missing newline in previous commit. 2013-12-26 07:52:31 -05:00
Jon Lønne 398642fd9b Fixed #21627 -- Added unicode_literals to changepassword command. 
Fixed a crash when executing changepassword command when the user object
representation contained non-ASCII characters.
 2013-12-26 07:35:50 -05:00
Aymeric Augustin 1716b7ce5a Renamed AppCache to Apps. 
Also renamed app_cache to apps and "app cache" to "app registry".

Deprecated AppCache.app_cache_ready() in favor of Apps.ready().
 2013-12-24 12:25:17 +01:00
Aymeric Augustin e32095616c Imported override_settings from its new location. 2013-12-23 21:37:56 +01:00
Aymeric Augustin 5891990b6e Refactored INSTALLED_APPS overrides. 
* Introduced [un]set_installed_apps to handle changes to the
  INSTALLED_APPS setting.
* Refactored [un]set_available_apps to share its implementation
  with [un]set_installed_apps.
* Implemented a receiver to clear some app-related caches.
* Removed test_missing_app as it is basically impossible to reproduce
  this situation with public methods of the new app cache.
 2013-12-23 20:15:08 +01:00
Aymeric Augustin 2fef9e5375 Moved apps back in the toplevel django namespace. 
Reverted 4a56a93cc4.
 2013-12-22 11:39:55 +01:00
Aymeric Augustin 4a56a93cc4 Moved the new app cache inside core. 2013-12-17 10:17:46 +01:00
Aymeric Augustin 69039becde Deprecated get_app(). 2013-12-17 10:17:45 +01:00
Aymeric Augustin 8662654d6d Removed module-level functions for the app cache. 
Since the original ones in django.db.models.loading were kept only for
backwards compatibility, there's no need to recreate them. However, many
internals of Django still relied on them.

They were also imported in django.db.models. They never appear in the
documentation, except a quick mention of get_models and get_app in the
1.2 release notes to document an edge case in GIS. I don't think that
makes them a public API.

This commit doesn't change the overall amount of global state but
clarifies that it's tied to the app_cache object instead of hiding it
behind half a dozen functions.
 2013-12-17 10:17:44 +01:00
Aymeric Augustin 860c2c8bc5 Moved django.db.models.loading to django.apps.cache. 
This commit doesn't contain any code changes; it's purely a refactoring.
 2013-12-17 10:17:43 +01:00
Bartolomé Sánchez 8f994f1bcc Fixed #21250 -- Made HTTP auth user header configurable in tests 
Currently, if the authentication mechanism uses a custom HTTP header
and not REMOTE_USER, it is not easy to test. This commit modifies
remote user tests in order to make them more generic.
 2013-12-14 13:02:56 -05:00
Loic Bistuer 6685713869 Fixed E127 pep8 warnings. 2013-12-14 11:59:15 -05:00
Ludwik Trammer 9922ed46e2 Fixed #21473 -- Limited language preservation to logout 
Current language is no longer saved to session by LocaleMiddleware
on  every response (the behavior introduced in #14825).
Instead language stored in session is reintroduced into new session
after logout.

Forward port of c558a43fd6 to master.
 2013-12-12 10:24:43 +01:00
Loic Bistuer a2814846ca Fixed E124 pep8 warnings. 2013-12-10 15:12:48 -05:00
Tim Graham fddb0131d3 Fixed #21535 -- Fixed password hash iteration upgrade. 
Thanks jared_mess for the report.
 2013-11-30 14:18:37 -05:00
Tim Graham f3e7ab366c Removed gender-based pronouns per [c0a2daad78]. 2013-11-30 08:37:15 -05:00
Alex Gaynor 9af7e18f35 Fixed an unescisarily gendered pronoun in a docstring 2013-11-29 16:57:36 -06:00
Christopher Medrela 7477a4ffde Fixed E125 pep8 warnings 2013-11-28 08:50:11 -05:00
Matt Robenolt 3560ef043e Propagate get_user_model exception from get_user 
Fixes #21439
 2013-11-14 12:02:26 -08:00
Bouke Haarsma 4142d15102 Fixed #21388 -- Corrected language code for Frisian 2013-11-11 13:34:01 +01:00
Tim Graham d15985d81f Fixed #21398 -- Fixed BCryptSHA256PasswordHasher with py-bcrypt and Python 3. 
Thanks arjan at anymore.nl for the report.
 2013-11-09 10:11:50 -05:00
Ramiro Morales a9093dd376 Fixed #21387 -- Merge two very similar help texts. 2013-11-06 00:35:20 -03:00
Tim Graham 36ded01527 Fixed #21302 -- Fixed unused imports and import *. 2013-11-02 15:24:56 -04:00
Alex Gaynor 726ded5708 Started attackign the next flake8 violation 2013-10-31 08:42:28 -07:00
Alex Gaynor 9bf5610890 Start attacking E231 violations 2013-10-24 10:30:03 -07:00
Alasdair Nicol c3aa2948c6 Fixed #21298 -- Fixed E301 pep8 warnings 2013-10-23 13:45:03 +01:00
Tim Graham 1597503a01 Fixed E221 pep8 warnings. 2013-10-22 09:51:39 -04:00
Loic Bistuer e565e1332d Fixed #21275 -- Fixed a serializer error when generating migrations for contrib.auth. 
The migration serializer now looks for a deconstruct method on any object.
 2013-10-21 14:54:52 -04:00
Florian Apolloner 7d0d0dbf26 Force update of the password on iteration count changes. 2013-10-21 20:31:28 +02:00
Alasdair Nicol b289fcf1bf Fixed #21288 -- Fixed E126 pep8 warnings 2013-10-21 08:31:30 -04:00
Claude Paroz 5f52590368 Fixed #21291 -- Ensured inactive users cannot reset their passwords 
Thanks kz26 for the report and the suggested fix. Refs #19758.
 2013-10-19 10:43:06 +02:00
Claude Paroz 59a8808632 Cleaned formatting/comments in PasswordResetFormTest 2013-10-19 10:43:06 +02:00
Tim Graham ac4fec5ca2 Fixed bug causing CSRF token not to rotate on login. 
Thanks Gavin McQuillan for the report.
 2013-10-18 08:31:19 -04:00
Alasdair Nicol a800036981 Fixed #21287 -- Fixed E123 pep8 warnings 2013-10-18 10:07:39 +01:00
Alasdair Nicol bab9123daa Fixed #21268 -- Fixed E303 pep8 warnings 2013-10-18 01:46:24 +01:00
Alasdair Nicol dfb4cb9970 Fixed #21285 -- Fixed E121,E122 pep8 warnings 2013-10-17 20:20:11 -04:00
Bouke Haarsma 2fb5a51fa3 Fixed #18659 -- Deprecated request.REQUEST and MergeDict 
Thanks Aymeric Augustin for the suggestion.
 2013-10-17 09:42:28 -04:00
Tim Graham 91c77eeab8 Avoided hardcoding Permission.name max_length 
refs #18866.
 2013-10-16 11:31:07 -04:00
joaoxsouls 1ab27e9a65 Fixed #18866 -- added validation error for verbose_name longer than 39 characters 
Added a validation error check when creating the permissions for model, to avoid
cryptic database error when the verbose_name is longer than 39 characters
thanks elena for reporting it
 2013-10-14 14:19:35 +01:00
Claude Paroz ef22d512b5 Imported custom user classes in tests depending on it 
Without those imports, affected test files cannot be run
independently. Refs #21164.
 2013-10-14 10:14:24 +02:00
Tim Graham 1dae4ac177 Whitespace cleanup. 
* Removed trailing whitespace.
* Added newline to EOF if missing.
* Removed blank lines at EOF.
* Removed some stray tabs.
 2013-10-10 16:49:20 -04:00
Tim Graham adedc31072 Fixed "redefinition of unused 'foo' from line X" pyflakes warnings. 2013-10-10 11:09:42 -04:00
Russell Keith-Magee ddb53856b6 Fixed #21164 -- Added documentation for issue with test users. 
The package renaming restores the older package names (which were also the
documented package names). This doesn't affect test discovery because the
module in question doesn't contain any tests.

Thanks to Carl for the design discussion.
 2013-10-08 10:32:56 +08:00
Tim Graham 1285ca67eb Fixed #16919 -- Passed user to set_password_form in GET requests. 
Thanks Jaime Irurzun for the report and initial patch and
ejucovy for the test.
 2013-10-02 13:28:15 -04:00
Florian Apolloner 5d74853e15 Revert "Ensure that passwords are never long enough for a DoS." 
This reverts commit aae5a96d57.

This fix is no longer necessary, our pbkdf2 (see next commit) implementation
no longer rehashes the password every iteration.
 2013-09-24 21:01:21 +02:00
Michał Lech 53c7d66869 Marked PermissionsMixin.user_permissions help_text for translation 2013-09-24 07:36:24 -04:00
Aymeric Augustin a5b062576b Removed a few trailing backslashes. 
We have always been at war with trailing backslashes.
 2013-09-22 14:04:10 +02:00
Paul McMillan a075e2ad0d Increase default PBKDF2 iterations 
Increases the default PBKDF2 iterations, since computers have gotten
faster since 2011. In the future, we plan to increment by 10% per
major version.
 2013-09-19 18:02:25 +01:00
Tim Graham 18ffdb1772 Fixed #17627 -- Renamed util.py files to utils.py 
Thanks PaulM for the suggestion and Luke Granger-Brown and
Wiktor Kołodziej for the initial patch.
 2013-09-16 12:52:05 -04:00
Russell Keith-Magee aae5a96d57 Ensure that passwords are never long enough for a DoS. 
* Limit the password length to 4096 bytes
  * Password hashers will raise a ValueError
  * django.contrib.auth forms will fail validation
* Document in release notes that this is a backwards incompatible change

Thanks to Josh Wright for the report, and Donald Stufft for the patch.

This is a security fix; disclosure to follow shortly.
 2013-09-15 13:42:23 +08:00
Gregor MacGregor b2b763448f Fixed #20841 -- Added messages to NotImplementedErrors 
Thanks joseph at vertstudios.com for the suggestion.
 2013-09-10 11:09:59 -04:00
Alex Gaynor 96fd5557f9 Removed a ton of unused local vars 2013-09-08 08:05:16 -07:00
Alex Gaynor 2530735d2d Fixed a number of flake8 errors -- particularly around unused imports and local variables 2013-09-06 21:56:40 -07:00
Aymeric Augustin 6a6428a36f Took advantage of django.utils.six.moves.urllib.*. 2013-09-05 14:39:23 -05:00
Aymeric Augustin 365c3e8b73 Replaced "not PY3" by "PY2", new in six 1.4.0. 2013-09-02 12:11:02 +02:00
Simon Charette 11cd7388f7 Fixed #20989 -- Removed useless explicit list comprehensions. 2013-08-30 10:57:51 -04:00
Tim Graham c7d0ff0cad Fixed #20989 -- Removed explicit list comprehension inside dict() and tuple() 
Thanks jeroen.pulles at redslider.net for the suggestion and
helper script.
 2013-08-29 12:11:03 -04:00
Tim Graham cf8d6e9108 Fixed #20881 -- Removed contrib.auth.models.AbstractUser.get_absolute_url() 
The definition is arbitrary and creates a broken "view on site"
link in the admin if a project doesn't define such a URL.
 2013-08-29 06:36:35 -04:00
Michał Górny b89c2a5d9e Fixed #18171 -- Checked signature of authenticate() to avoid supressing TypeErrors. 
The current auth backend code catches TypeError to detect backends that
do not support specified argumetnts. As a result, any TypeErrors raised
within the actual backend code are silenced.

In Python 2.7+ and 3.2+ this can be avoided by using inspect.getcallargs().
With this method, we can test whether arguments match the signature without
actually calling the function.

Thanks David Eyk for the report.
 2013-08-28 07:51:45 -04:00
Andrew Godwin b6a957f0ba Merge remote-tracking branch 'core/master' into schema-alteration 
Conflicts:
	docs/ref/django-admin.txt
 2013-08-19 18:30:48 +01:00
Claude Paroz 165f44aaaa Combine consecutive with statements 
Python 2.7 allows to combine several 'with' instructions.
 2013-08-16 20:12:10 +02:00
SusanTan 71c491972e Fixed #11400 -- Passed kwargs from AbstractUser.email_user() to send_mail() 
Thanks Jug_ for suggestion, john_scott for the initial patch,
and Tim Graham for code review.
 2013-08-14 07:46:11 -04:00
Jacob Kaplan-Moss ae3535169a Fixed is_safe_url() to reject URLs that use a scheme other than HTTP/S. 
This is a security fix; disclosure to follow shortly.
 2013-08-13 11:06:22 -05:00
ersran9 00d23a13eb Fixed #20828 -- Allowed @permission_required to take a list of permissions 
Thanks Giggaflop for the suggestion.
 2013-08-10 10:10:18 -04:00
Tim Graham 453915bb12 SQLite test fix -- refs #9057 2013-08-09 10:57:25 -04:00
Andrew Godwin 588b523233 Merge remote-tracking branch 'core/master' into schema-alteration 
Conflicts:
	django/db/models/options.py
 2013-08-09 14:37:37 +01:00
Tim Graham ddae74b64c Fixed #9057 -- Added default_permissions model meta option. 
Thanks hvendelbo for the suggestion and koenb for the draft patch.
 2013-08-09 09:19:52 -04:00
Andrew Godwin de64c4d6e9 Merge remote-tracking branch 'core/master' into schema-alteration 
Conflicts:
	django/core/management/commands/flush.py
	django/core/management/commands/syncdb.py
	django/db/models/loading.py
	docs/internals/deprecation.txt
	docs/ref/django-admin.txt
	docs/releases/1.7.txt
 2013-08-09 14:17:30 +01:00
Justin Michalicek 6d88d47be6 Fixed #20832 -- Enabled HTML password reset email 
Added optional html_email_template_name parameter to password_reset view
and PasswordResetForm.
 2013-08-05 09:47:28 -04:00
Alex Gaynor 3e0eb2d788 Fixed a number of lint warnings, particularly around unused variables. 2013-08-04 09:17:10 -07:00
Curtis Maloney 07876cf02b Deprecated SortedDict (replaced with collections.OrderedDict) 
Thanks Loic Bistuer for the review.
 2013-08-04 07:09:39 -04:00
Tim Graham 425d076d0c Fixed #18923 -- Corrected usage of sensitive_post_parameters in contrib.auth 
Thanks Collin Anderson for the report.
 2013-08-02 14:46:17 -04:00
Tim Graham a1889397a9 Fixed #12103 -- Added AuthenticationForm.confirm_login_allowed to allow customizing the logic policy. 
Thanks ejucovy and lasko for work on the patch.
 2013-07-31 13:54:05 -04:00
Aymeric Augustin 5b47a9c5a0 Fixed a test that could fail depending on PASSWORD_HASHERS. 
Thanks Claude. Refs #20760.
 2013-07-30 16:14:53 +02:00
Andrew Godwin 12e9804d16 Rename allow_syncdb to allow_migrate 2013-07-30 12:08:59 +01:00
Andrew Godwin 68e0a169c4 Rename pre_ and post_syncdb to *_migrate, with aliases from old names 2013-07-30 11:52:52 +01:00
Claude Paroz fdd7a355bf Deprecated django.utils.importlib 
This was a shim for pre-Python 2.7 support.
 2013-07-29 17:10:22 +02:00
Serge G. Spaolonzi e07e4030b9 Fixed #18511 -- Cleaned up admin password reset template titles. 2013-07-27 14:23:04 -04:00
Aymeric Augustin 5dbca13f3b Fixed #20760 -- Reduced timing variation in ModelBackend. 
Thanks jpaglier and erikr.
 2013-07-23 15:43:12 +02:00
Kirill Fomichev 33242fe015 Fixed #19019 -- Fixed UserAdmin to log password change. 
Thanks Tuttle for the report.
 2013-07-23 08:33:07 -04:00
Loic Bistuer 3a00229189 Cleaned up UserAdmin.get_form() that worked around a bug fixed in 23e1b59. 
Refs #18681.
 2013-07-18 23:59:45 +07:00
Tim Graham f407f75aae Fixed #20673 -- Clarified that HttpRequest.user uses AUTH_USER_MODEL. 
Thanks littlepig for the report.
 2013-07-04 09:32:32 -04:00
Simon Charette 8759778185 Fixed #20675 -- `check_password` should work when no password is specified. 
The regression was introduced by 2c4fe761a. refs #20593.
 2013-07-03 14:09:58 -04:00
Aymeric Augustin cfcf4b3605 Stopped using django.utils.unittest in the test suite. 
Refs #20680.
 2013-07-01 14:29:33 +02:00
Ramiro Morales d51b7794bf Removed django.contrib.auth.views.password_reset_confirm_uidb36() view to finish its accelerated deprecation schedule. 2013-06-29 12:22:15 -03:00
Claude Paroz 6118d6d1c9 More import removals 
Following the series of commits removing deprecated features in
Django 1.7, here are some more unneeded imports removed and other
minor cleanups.
 2013-06-29 11:58:36 +02:00
Aymeric Augustin c8756e17fb Removed obsolete comment. Refs #20079. 
Thanks Gavin Wahl.
 2013-06-29 11:42:34 +02:00
Ramiro Morales c196564132 Removed custom profile model functionality as per deprecation TL. 2013-06-28 21:48:16 -03:00
Ramiro Morales f02a703ca6 Removed AuthenticationForm.check_for_test_cookie() as per deprecation TL. 2013-06-28 21:48:15 -03:00
Andrew Godwin f325f86971 Fixed #20244: PermissionsMixin now defines a related_query_name for M2Ms 2013-06-27 15:44:22 +01:00
Anton Baklanov cab333cb16 Fixed #20541 -- don't raise db signals twice when creating superuser 2013-06-27 05:58:01 -04:00
Tim Graham 1184d07789 Fixed #14881 -- Modified password reset to work with a non-integer UserModel.pk. 
uid is now base64 encoded in password reset URLs/views. A backwards compatible
password_reset_confirm view/URL will allow password reset links generated before
this change to continue to work. This view will be removed in Django 1.7.

Thanks jonash for the initial patch and claudep for the review.
 2013-06-26 13:11:47 -04:00
Simon Charette b91787910c Fixed #20642 -- Deprecated `Option.get_(add|change|delete)_permission`. 
Those methods were only used by `contrib.admin` internally and exclusively
related to `contrib.auth`. Since they were undocumented but used
in the wild the raised deprecation warning point to an also undocumented
alternative that lives in `contrib.auth`.

Also did some PEP8 and other cleanups in the affected modules.
 2013-06-25 12:22:37 -04:00
Loic Bistuer 7462a78c1b Fixed #20288 -- Fixed inconsistency in the naming of the popup GET parameter. 
Thanks to Keryn Knight for the initial report and reviews,
and to tomask for the original patch.
 2013-06-19 22:16:16 +02:00
Aymeric Augustin ffcf24c9ce Removed several unused imports. 2013-06-19 17:18:40 +02:00
Erik Romijn aeb1389442 Fixed #20079 -- Improve security of password reset tokens 2013-06-18 20:02:00 +02:00
Erik Romijn 2c4fe761a0 Fixed #20593 -- Allow blank passwords in check_password() and set_password() 2013-06-18 13:32:54 -04:00
Loic Bistuer ee77d4b253 Fixed #20199 -- Allow ModelForm fields to override error_messages from model fields 2013-06-18 08:01:17 -04:00
Claude Paroz beb652e069 Worked around Python 3.3 modified exception repr 
Refs #20599.
 2013-06-15 11:14:59 +02:00
Jaap Roes 990f8d92dc Fixed #20599 -- Changed wording of ValueError raised by _load_library 
The _load_library method on BasePasswordHasher turns ImportErrors
into ValueErrors, this masks ImportErrors in the algorithm library.
Changed it to a clearer worded error message that includes
the ImportError string.
 2013-06-15 10:50:55 +02:00
Aymeric Augustin c6e6d4eeb7 Defined available_apps in relevant tests. 
Fixed #20483.
 2013-06-10 11:30:01 +02:00
Aymeric Augustin 4daf570b98 Added TransactionTestCase.available_apps. 
This can be used to make Django's test suite significantly faster by
reducing the number of models for which content types and permissions
must be created and tables must be flushed in each non-transactional
test.

It's documented for Django contributors and committers but it's branded
as a private API to preserve our freedom to change it in the future.

Most of the credit goes to Anssi. He got the idea and did the research.

Fixed #20483.
 2013-06-10 11:24:10 +02:00
Chris Streeter 69373f3420 Fixed #19925 - Added validation for REQUIRED_FIELDS being a list 
Thanks Roman Alexander for the suggestion.
 2013-06-07 19:58:41 -04:00
Gavin Wahl 4f4e9243e4 Fixed #20532 -- Reverse auth views by name, not by path. 
Auth views should be reversed by name, not their locations in
`django.contrib.auth.views`. This allows substituting your own
implementations of the auth views.
 2013-06-03 13:30:40 -04:00
Gavin Wahl 01ae881bb4 Don't hard-code class names when calling static methods 
normalize_email should be called on the instance, not the class. This
has the same effect normally but is more helpful to subclassers. When
methods are called directly on the class, subclasses can't override
them.
 2013-05-29 16:11:26 -06:00
Ramiro Morales 0fa8d43e74 Replaced `and...or...` constructs with PEP 308 conditional expressions. 2013-05-26 23:47:50 -03:00
Preston Holmes d228c1192e Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation. 
SuspiciousOperations have been differentiated into subclasses, and
are now logged to a 'django.security.*' logger. SuspiciousOperations
that reach django.core.handlers.base.BaseHandler will now return a 400
instead of a 500.

Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft
for review.
 2013-05-25 16:27:34 -07:00
Andrew Godwin 1514f17aa6 Rotate CSRF token on login 2013-05-24 22:15:08 +01:00
Baptiste Mispelon 3cb1e9b93c Fix test failure introduced by 980ae2ab29. 2013-05-19 16:51:36 +02:00
Baptiste Mispelon 980ae2ab29 Fix #20447: URL names given to contrib.auth.views are now resolved. 
This commit also adds tests for the redirect feature of most auth views.
It also cleans up the tests, most notably using @override_settings instead
of ad-hoc setUp/tearDown methods.

Thanks to caumons for the report.

Conflicts:
	docs/releases/1.6.txt
 2013-05-19 14:36:38 +02:00
Peter Inglesby cafcc22b01 Typo in comment 2013-05-19 09:28:36 +02:00
Claude Paroz 710c59bf9b Slightly reworked imports in contrib.auth.__init__ 2013-05-18 16:01:47 +02:00
Jorge Bastida dc43fbc2f2 Fixed #18998 - Prevented session crash when auth backend removed 
Removing a backend configured in AUTHENTICATION_BACKENDS should not
raise an exception for existing sessions, but should make already
logged-in users disconnect.
Thanks Bradley Ayers for the report.
 2013-05-18 15:58:29 +02:00
Jacob Burch 340115200f Fixed #20432 -- Test failure in admin_views. 
The failure was triggered by a cache leak.
 2013-05-18 13:13:33 +02:00