uid is now base64 encoded in password reset URLs/views. A backwards compatible
password_reset_confirm view/URL will allow password reset links generated before
this change to continue to work. This view will be removed in Django 1.7.
Thanks jonash for the initial patch and claudep for the review.
Auth views should be reversed by name, not their locations in
`django.contrib.auth.views`. This allows substituting your own
implementations of the auth views.
SuspiciousOperations have been differentiated into subclasses, and
are now logged to a 'django.security.*' logger. SuspiciousOperations
that reach django.core.handlers.base.BaseHandler will now return a 400
instead of a 500.
Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft
for review.
This commit also adds tests for the redirect feature of most auth views.
It also cleans up the tests, most notably using @override_settings instead
of ad-hoc setUp/tearDown methods.
Thanks to caumons for the report.
Conflicts:
docs/releases/1.6.txt
Tim Graham
Alex Gaynor
Alasdair Nicol
Alasdair Nicol
Bouke Haarsma
Claude Paroz
Aymeric Augustin
Jacob Kaplan-Moss
Justin Michalicek
Kirill Fomichev
Ramiro Morales
Gavin Wahl
Preston Holmes
Andrew Godwin
Baptiste Mispelon
Preston Timmons