581a0f4545
Refs #30226 -- Added User.get_user_permissions() method.
...
Added to mirror the existing User.get_group_permissions().
2019-06-05 13:56:37 +02:00
75337a6050
Fixed #30226 -- Added BaseBackend for authentication.
2019-06-05 13:39:46 +02:00
aff61790a3
Refs #24944 -- Added test for overriding domain in email context in PasswordResetView.
2019-05-27 11:50:30 +02:00
58df8aa40f
Fixed #28780 -- Allowed specyfing a token parameter displayed in password reset URLs.
...
Co-authored-by: Tim Givois <tim.givois.mendez@gmail.com>
2019-05-24 08:40:25 +02:00
bd228cb599
Fixed mis-capitalisation in comment.
2019-05-15 12:14:59 +02:00
98296f86b3
Fixed #30351 -- Handled pre-existing permissions in proxy model permissions data migration.
...
Regression in 181fb60159
2019-04-27 20:18:22 +02:00
8d76443aba
Fixed #30399 -- Changed django.utils.html.escape()/urlize() to use html.escape()/unescape().
2019-04-25 15:09:07 +02:00
da0b2554ec
Renamed camelCaseTestMethods to snake_case_test_methods
2019-04-14 16:14:14 +02:00
9410db9683
Fixed #30236 -- Made UsernameField render with autocapitalize="none" HTML attribute.
...
This prevents automatic capitalization, which is the default behavior in
some browsers.
2019-03-29 15:24:44 +01:00
cbf7e71558
Fixed #30257 -- Made UsernameValidators prohibit trailing newlines.
2019-03-22 13:16:25 -04:00
95b7699ffc
Cleaned up exception message checking in some tests.
2019-03-15 19:27:57 -04:00
a8e2a9bac6
Refs #15902 -- Deprecated storing user's language in the session.
2019-02-14 10:23:02 -05:00
06670015f7
Increased the default PBKDF2 iterations for Django 3.0.
2019-01-17 11:15:27 -05:00
181fb60159
Fixed #11154 , #22270 -- Made proxy model permissions use correct content type.
...
Co-Authored-By: Simon Charette <charette.s@gmail.com>
Co-Authored-By: Antoine Catton <acatton@fusionbox.com>
2019-01-16 10:07:28 -05:00
8c775391b7
Refs #28478 -- Deprecated TestCase's allow_database_queries and multi_db in favor of databases.
2019-01-10 19:11:21 -05:00
db1b10ef0d
Fixed #30037 -- Added request arg to RemoteUserBackend.configure_user().
2019-01-09 20:01:04 -05:00
043bd70942
Updated test URL patterns to use path() and re_path().
2018-12-31 10:47:32 -05:00
194a4b526c
Added tests for ContentType/Group/Permission.__str__().
2018-12-21 12:45:02 -05:00
0f212db29d
Made reused RequestFactory instances class attributes.
2018-11-27 09:49:02 -05:00
84e7a9f4a7
Switched setUp() to setUpTestData() where possible in Django's tests.
2018-11-27 09:35:17 -05:00
193c109327
Switched TestCase to SimpleTestCase where possible in Django's tests.
2018-11-27 08:58:44 -05:00
26bb2611a5
Fixed #29952 -- Lowercased all passwords in contrib.auth's auth/common-passwords.txt.gz.
2018-11-15 14:11:03 -05:00
c82893cb8c
Refs #27795 -- Removed force_bytes() usage from django/utils/http.py.
...
django.utils.http.urlsafe_base64_encode() now returns a string, not a
bytestring. Since URLs are represented as strings,
urlsafe_base64_encode() should return a string. All uses immediately
decoded the bytestring to a string anyway.
As the inverse operation, urlsafe_base64_decode() accepts a string.
2018-10-10 14:38:22 -04:00
a7284cc0c3
Fixed #29809 -- Fixed a crash when a "view only" user POSTs to the admin user change form.
2018-10-01 10:09:50 +02:00
bf39978a53
Fixed CVE-2018-16984 -- Fixed password hash disclosure to admin "view only" users.
...
Thanks Claude Paroz & Tim Graham for collaborating on the patch.
2018-10-01 10:05:01 +02:00
2349cbd909
Fixed #29782 -- Added better error message when filtering queryset with AnonymousUser.
2018-09-26 15:36:19 -04:00
82f286cf6f
Refs #29784 -- Switched to https:// links where available.
2018-09-26 08:48:47 +02:00
8624459586
Added a test for password_changed() with a custom validator.
2018-09-25 11:58:05 -04:00
3daac76cfb
Simplified how createsuperuser tests generate passwords.
2018-08-18 16:26:13 -04:00
53ebd4cb13
Fixed #29686 -- Made UserAdmin.user_change_password() pass user to has_change_permission().
2018-08-17 17:43:00 -04:00
8b43e9b1af
Fixed #29616 -- Fixed createsuperuser for user models that don't have a password field.
2018-08-05 14:26:03 -04:00
793e9bb35a
Fixed #29628 -- Made createsuperuser validate password against username and required fields.
2018-08-04 08:44:25 -04:00
f3fa86a89b
Fixed #29449 -- Reverted "Fixed #28757 -- Allowed using contrib.auth forms without installing contrib.auth."
...
This reverts commit 3333d935d2
2018-07-02 18:39:26 -04:00
5d98d53fab
Refs #27398 -- Simplified some tests with assertRedirects().
2018-06-20 14:08:56 -04:00
24959e48d9
Fixed #27398 -- Added an assertion to compare URLs, ignoring the order of their query strings.
2018-06-20 13:26:12 -04:00
6df3d36801
Added a missing test for createsuperuser management command.
2018-06-07 19:49:25 -04:00
bec651a427
Fixed #10827 -- Ensured ContentTypes are created before permission creation.
2018-06-03 22:19:04 -04:00
f1f4aeb22e
Fixed #28044 -- Unified the logic for createsuperuser's interactive and --noinput modes.
2018-05-29 08:41:32 -04:00
e0ff88be4f
Added test for createsuperuser's handling of KeyboardInterrupt.
2018-05-27 19:24:07 -04:00
9792af3648
Increased the default PBKDF2 iterations for Django 2.2.
2018-05-17 11:05:45 -04:00
825f0beda8
Fixed #8936 -- Added a view permission and a read-only admin.
...
Co-authored-by: Petr Dlouhy <petr.dlouhy@email.cz>
Co-authored-by: Olivier Dalang <olivier.dalang@gmail.com>
2018-05-16 06:44:55 -04:00
cae0107287
Increased the default PBKDF2 iterations for Django 2.1.
2018-05-13 20:06:20 -04:00
607970f31c
Replaced django.test.utils.patch_logger() with assertLogs().
...
Thanks Tim Graham for the review.
2018-05-07 09:34:00 -04:00
df90e462d9
Fixed #29212 -- Doc'd redirect loop if @permission_required used with redirect_authenticated_user.
2018-04-19 10:21:24 -04:00
9c651641f1
Added additional AdminPasswordChangeForm tests.
2018-04-04 11:25:28 -04:00
874977d388
Fixed #29270 -- Fixed UserChangeForm crash if password field is excluded.
2018-03-29 15:25:54 -04:00
1bf4646f91
Fixed #29258 -- Added type checking for login()'s backend argument.
2018-03-28 10:10:18 -04:00
a4f0e9aec7
Fixed #28718 -- Allowed user to request a password reset if their password doesn't use an enabled hasher.
...
Regression in aeb1389442703c26668292f48680db
2018-03-22 10:03:43 -04:00
362813d628
Fixed hanging indentation in various code.
2018-03-16 10:54:34 +01:00
aeb8c38178
Fixed #29206 -- Fixed PasswordResetConfirmView crash when the URL contains a non-UUID where one is expected.
2018-03-15 21:33:15 -04:00
40bac28faa
Fixed #29176 -- Fixed AbstractBaseUser.normalize_username() crash if username isn't a string.
2018-03-02 11:32:53 -05:00
5b589a47b9
Fixed #29161 -- Removed BCryptPasswordHasher from PASSWORD_HASHERS.
2018-02-26 09:05:18 -05:00
14e34dcf8c
Fixed #29132 -- Avoided connecting update_last_login() handler if User.last_login isn't a field.
2018-02-21 10:36:31 -05:00
9b1125bfc7
Fixed #28379 -- Made AccessMixin raise Permissiondenied for authenticated users.
2018-02-16 13:58:55 -05:00
fa75b2cb51
Refs #27795 -- Removed force_bytes/text() usage in tests.
2018-02-07 14:20:04 -05:00
af33fb250e
Fixed CVE-2018-6188 -- Fixed information leakage in AuthenticationForm.
...
Reverted 359370a8b8#28645 ).
This is a security fix.
2018-02-01 09:05:14 -05:00
3333d935d2
Fixed #28757 -- Allowed using contrib.auth forms without installing contrib.auth.
...
Also fixed #28608 -- Allowed UserCreationForm and UserChangeForm to
work with custom user models.
Thanks Sagar Chalise and Rômulo Collopy for reports, and Tim Graham
and Tim Martin for reviews.
2018-01-05 14:47:37 -05:00
d7b2aa24f7
Fixed #28982 -- Simplified code with and/or.
2018-01-03 20:12:23 -05:00
acc8dd4142
Fixed #28984 -- Made assorted code simplifications.
2018-01-03 13:24:02 -05:00
2cb6b7732d
Fixed #28902 -- Fixed password_validators_help_text_html() double escaping.
2018-01-02 19:51:06 -05:00
359370a8b8
Fixed #28645 -- Reallowed AuthenticationForm to raise the inactive user error when using ModelBackend.
...
Regression in e0a3d93730
2017-11-08 09:39:12 -05:00
6c0042430e
Fixed #28776 -- Fixed a/an/and typos in docs and comments.
2017-11-06 22:41:03 -05:00
b81905bfd4
Fixed #28571 -- Added a prompt to bypass password validation in createsuperuser.
2017-11-03 20:00:08 -04:00
872be5976d
Improved technique for matching input prompts in contrib.auth management tests.
2017-11-03 20:00:08 -04:00
6ed347d851
Fixed #28706 -- Moved AuthenticationFormn invalid login ValidationError to a method for reuse.
2017-10-23 09:10:45 -04:00
5ceaf14686
Fixed #27515 -- Made AuthenticationForm's username field use the max_length from the model field.
...
Thanks Ramin Farajpour Cami for the report.
2017-10-20 11:13:26 -04:00
d233391208
Refs #19130 -- Added a test for AuthenticationForm.username max_length.
...
This will be a more useful regression test after refs #27515 .
2017-10-20 11:10:32 -04:00
d98210c255
Fixed #28713 -- Prevented ModelBackend.get_all_permissions() from mutating get_user_permissions().
2017-10-14 20:47:49 -04:00
6aec130a4c
Fixed #28591 -- Added an error message for createsuperuser --username= (blank).
2017-10-09 21:49:35 -04:00
3e72f4b7b6
Completed test coverage for BasePasswordHasher.
2017-09-29 09:28:25 -04:00
776f6902d9
Moved BasePasswordHasher tests to its own test case.
2017-09-29 09:28:24 -04:00
d917c17a3b
Completed test coverage for AnonymousUser.
2017-09-28 13:11:23 -04:00
7fce4dc5ff
Moved AnonymousUser tests to its own test case.
2017-09-28 13:11:07 -04:00
4803834aaa
Added a test for PermWrapper.__iter__().
2017-09-26 19:42:50 -04:00
67a6ba391b
Reverted "Fixed #28248 -- Fixed password reset tokens being valid for 1 day longer than PASSWORD_RESET_TIMEOUT_DAYS."
...
This reverts commit 95993a89ce
2017-09-25 09:05:00 -04:00
5e31be1b96
Refs #25187 -- Required the authenticate() method of authentication backends to have request as the first positional argument.
...
Per deprecation timeline.
2017-09-22 12:51:18 -04:00
6e40b70bf4
Refs #26929 -- Removed extra_context parameter of contrib.auth.views.logout_then_login().
...
Per deprecation timeline.
2017-09-22 12:51:17 -04:00
4f313e284e
Refs #17209 -- Removed login/logout and password reset/change function-based views.
...
Per deprecation timeline.
2017-09-22 12:51:17 -04:00
ffbee67f8e
Fixed some comments referring to a nonexistent TestClient class.
2017-09-09 11:21:15 -04:00
2dacc2ccd9
Fixed #28550 -- Restored contrib.auth's login() and logout() views' respect of positional arguments.
...
Regression in 78963495d0f8e0557b01
2017-09-03 12:06:44 -04:00
18dd9ba481
Fixed test in auth_tests modifying data from setUpTestData().
2017-09-01 21:43:41 -04:00
c0f4c60edd
Fixed #28513 -- Added POST request support to LogoutView.
2017-08-24 09:11:16 -04:00
a51c4de194
Used assertRaisesMessage() to test Django's error messages.
2017-07-29 19:07:23 -04:00
a96b981d84
Fixed #28127 -- Allowed UserCreationForm's password validation to check all user fields.
2017-06-21 09:22:15 -04:00
2b09e4c88e
Fixed #27787 -- Made call_command() validate the options it receives.
2017-06-16 21:28:38 -04:00
e7dc39fb65
Fixed #28229 -- Fixed the value of LoginView's "next" template variable.
2017-06-13 09:13:22 -04:00
2c69824e5a
Refs #23968 -- Removed unnecessary lists, generators, and tuple calls.
2017-06-01 19:08:59 -04:00
eedc88bd4a
Fixed #26823 -- Prevented update_last_login signal receiver from crashing if User model doesn't have last_login field.
2017-05-29 17:31:18 -04:00
95993a89ce
Fixed #28248 -- Fixed password reset tokens being valid for 1 day longer than PASSWORD_RESET_TIMEOUT_DAYS.
2017-05-29 09:22:22 -04:00
c930c241f8
Fixed #28017 -- Allowed customizing PasswordResetTokenGenerator's secret.
2017-05-26 07:37:36 -04:00
6092ea8fa6
Refs #27804 -- Used subTest() in several tests.
2017-05-24 08:36:34 -04:00
a3ba2662cd
Refs #28207 -- Fixed contrib.auth.authenticate() if 'backend' is in the credentials.
...
Regression in 3008f30f19
2017-05-22 12:24:38 -04:00
3008f30f19
Fixed #28207 -- Fixed contrib.auth.authenticate() if multiple auth backends don't accept a request.
2017-05-15 07:48:15 -04:00
faaf62f616
Improved test coverage for createsuperuser command.
2017-05-12 10:29:56 -04:00
5df0ff4155
Fixed #28089 -- Removed requirement to implement get_short_name() and get_full_name() in AbstractBaseUser subclasses.
2017-05-06 17:05:42 -04:00
dff559ff83
Fixed #28097 -- Fixed layout of ReadOnlyPasswordHashWidget.
2017-04-19 12:59:30 -04:00
d4d79d0f20
Refs #27025 -- Fixed "invalid escape sequence" warning in auth_tests on Python 3.6.
2017-04-02 20:02:55 -04:00
5db465d5a6
Fixed #27891 -- Added PasswordResetConfirmView.post_reset_login_backend.
2017-03-07 19:52:26 -05:00
72ff9d53e6
Factored out uid/user tokens in auth_tests urlpatterns.
2017-03-07 18:56:10 -05:00
7588d7e439
Improved test coverage for django.contrib.auth.
2017-03-01 17:29:50 -05:00
c31e7ab5a4
Refs #25187 -- Fixed AuthBackend.authenticate() compatibility for signatures that accept a request kwarg.
2017-02-24 10:15:41 -05:00
b9b35f9efa
Fixed #27840 -- Fixed KeyError in PasswordResetConfirmView.form_valid().
...
When a user is already logged in when submitting the password and
password confirmation to reset a password, a KeyError occurred while
removing the reset session token from the session.
Refs #17209
Thanks Quentin Marlats for the report and Florian Apolloner and Tim
Graham for the review.
2017-02-15 00:35:04 +01:00
41ba27fefd
Fixed #27815 -- Made LoginView pass the request kwarg to AuthenticationForm.
2017-02-07 08:54:21 -05:00
c651331b34
Converted usage of ugettext* functions to their gettext* aliases
...
Thanks Tim Graham for the review.
2017-02-07 09:04:04 +01:00
29f607927f
Fixed spelling of "nonexistent".
2017-02-03 08:01:45 -05:00
fee42fd99e
Refs #23919 -- Replaced usage of django.utils.http utilities with Python equivalents
...
Thanks Tim Graham for the review.
2017-01-26 19:49:03 +01:00
1c466994d9
Refs #23919 -- Removed misc Python 2/3 references.
2017-01-25 13:59:25 -05:00
d6eaf7c018
Refs #23919 -- Replaced super(ClassName, self) with super().
2017-01-25 12:23:46 -05:00
2366100872
Removed unneeded force_text calls in the test suite
2017-01-24 18:45:54 +01:00
d170c63351
Refs #23919 -- Removed misc references to Python 2.
2017-01-21 20:02:00 -05:00
7aba69145d
Refs #23919 -- Removed django.test.mock Python 2 compatibility shim.
2017-01-20 08:17:20 -05:00
042b7350a0
Refs #23919 -- Removed unneeded str() calls
2017-01-20 14:13:55 +01:00
4e729feaa6
Refs #23919 -- Removed django.utils._os.upath()/npath()/abspathu() usage.
...
These functions do nothing on Python 3.
2017-01-20 08:01:02 -05:00
109b33f64c
Refs #23919 -- Simplified assertRaisesRegex()'s that accounted for Python 2.
2017-01-20 08:49:47 +01:00
dc8834cad4
Refs #23919 -- Removed unneeded force_str calls
2017-01-20 08:44:31 +01:00
9695b14982
Refs #23919 -- Removed str() conversion of type and method __name__.
2017-01-19 11:31:07 -05:00
cecc079168
Refs #23919 -- Stopped inheriting from object to define new style classes.
2017-01-19 08:39:46 +01:00
2b281cc35e
Refs #23919 -- Removed most of remaining six usage
...
Thanks Tim Graham for the review.
2017-01-18 21:33:28 +01:00
7b2f2e74ad
Refs #23919 -- Removed six.<various>_types usage
...
Thanks Tim Graham and Simon Charette for the reviews.
2017-01-18 20:18:46 +01:00
c716fe8782
Refs #23919 -- Removed six.PY2/PY3 usage
...
Thanks Tim Graham for the review.
2017-01-18 16:21:28 +01:00
f3c43ad1fd
Refs #23919 -- Removed python_2_unicode_compatible decorator usage
2017-01-18 13:44:34 +01:00
d7b9aaa366
Refs #23919 -- Removed encoding preambles and future imports
2017-01-18 09:55:19 +01:00
0bf3228eec
Increased the default PBKDF2 iterations for the 1.11 release cycle.
2017-01-17 20:52:05 -05:00
d334f46b7a
Refs #26601 -- Removed support for old-style middleware using settings.MIDDLEWARE_CLASSES.
2017-01-17 20:52:04 -05:00
eba093e8b0
Refs #25847 -- Removed support for User.is_(anonymous|authenticated) as methods.
...
Per deprecation timeline.
2017-01-17 20:52:03 -05:00
ede59ef6f3
Fixed #27518 -- Prevented possibie password reset token leak via HTTP Referer header.
...
Thanks Florian Apolloner for contributing to this patch and
Collin Anderson, Markus Holtermann, and Tim Graham for review.
2017-01-13 09:17:54 -05:00
3226536127
Split AuthTemplateTests into test methods.
2017-01-12 13:18:49 -05:00
b5f0b3478d
Fixed #27579 -- Added aliases for Python 3's assertion names in SimpleTestCase.
2016-12-07 17:42:31 -05:00
93a081946d
Normalized casing of "custom user model".
2016-11-23 15:14:28 -05:00
51eaff6d35
Refs #17209 -- Fixed token verification for PasswordResetConfirmView POST requests.
2016-11-21 13:42:25 -05:00
0d9ff873d9
Fixed #27467 -- Made UserAttributeSimilarityValidator max_similarity=0/1 work as documented.
...
Thanks goblinJoel for the report and feedback.
2016-11-16 17:40:37 -05:00
967be82443
Fixed E305 flake8 warnings.
2016-11-14 12:30:46 -05:00
321e94fa41
Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings.
2016-11-10 21:30:21 -05:00
20be1918e7
Simplified some auth_tests with assertRedirects().
2016-10-28 11:52:52 -04:00
f3ea0c4bbd
Reverted "Fixed #26401 -- Added BaseAuthConfig to use auth without migrations."
...
This reverts commit 1ec1633cb2
2016-10-25 17:32:59 -07:00
617e36dc1e
Fixed #20705 -- Allowed using PasswordResetForm with user models with an email field not named 'email'.
2016-09-27 11:59:00 -04:00
f7e91cac68
Fixed #27053 -- Documented contrib.auth.get_user().
2016-09-27 10:41:14 -04:00
8119b679eb
Refs #27025 -- Fixed "invalid escape sequence" warnings in Python 3.6.
...
http://bugs.python.org/issue27364
2016-09-17 15:44:06 -04:00
9459ec82aa
Fixed #26170 -- Made ModelAdmin views run transactions on the correct database.
...
Thanks juntatalor for the initial patch.
2016-09-14 16:06:39 -04:00
f0f3de3c96
Fixed #23155 -- Added request argument to user_login_failed signal.
2016-09-12 20:30:34 -04:00
4b9330ccc0
Fixed #25187 -- Made request available in authentication backends.
2016-09-12 20:11:53 -04:00
e07b18252b
Added a blank line per isort.
2016-09-12 20:03:31 -04:00
1ec1633cb2
Fixed #26401 -- Added BaseAuthConfig to use auth without migrations.
2016-09-10 16:38:05 -07:00
0368d63a78
Fixed indentation in previous commit.
2016-09-10 18:39:13 -04:00
536db42cf0
Fixed #26097 -- Added password_validators_help_text_html to UserCreationForm.
2016-09-10 18:23:18 -04:00
66e1ebbffc
Fixed #26956 -- Added success_url_allowed_hosts to LoginView and LogoutView.
...
Allows specifying additional hosts to redirect after login and log out.
2016-09-07 19:56:25 -07:00
488b3d2b38
Fixed typo in auth management test.
2016-08-28 19:20:35 -07:00
3c18f8a3d2
Fixed #27111 -- Fixed KeyError if USERNAME_FIELD isn't in UserCreationForm.fields.
2016-08-24 13:20:12 -04:00
549b90fab3
Refs #26902 -- Protected against insecure redirects in Login/LogoutView.
2016-08-19 19:01:01 -04:00
13857b45ca
Removed unused 'password' parameter in auth_tests.
2016-08-18 19:01:28 -04:00
Tobias Bengfort
Mattia Procopio
Rob
Ally Weir
Carlton Gibson
Jon Dufresne
Markus Holtermann
pmisteli
Ryan J Schave
Claude Paroz
Tim Graham
Arthur Rio
Simon Charette
Joshua Cannon
Mathew Payne
Ramon Saraiva
Alexey
Josh Schneier
Alexander Todorov
Jan Pieter Waagmeester
Hasan Ramezani
Dohyeon Kim
olivierdalang
Nick Pope
Mads Jensen
Malte Gerth
Abeer Upadhyay
Mariusz Felisiak
Christophe Mehay
Mikhail Porokhovnichenko
Dylan Verheul
shanghui
Дилян Палаузов
Alvin Lindstam
Дилян Палаузов
Tom
Lucas Connors
Yuri Kaszubowski Lopes
Luoxzhg
ZachLiuGIS
François Freitag
Andrew Pinkham
Chandrakant Kumar
Mikhail Golubev
Linus Lewandowski
Nick Zaccardi
jannh
Bruno Alla
Daniel Hahler
Tamas Szabo
Sławek Ehlert
Camilo Nova
Anton Samarchyan
Zoltan Gyarmati
chillaranand
Simon Charette
Romain Garrigues
Florian Apolloner
Ramin Farajpour Cami
za
levental
Berker Peksag
Jibodeah
Gavin Wahl
Aleksej Manaev
Alexander Gaevsky
Przemysław Suliga