Alex Gaynor
f04af7080b
Introduce `ContentType.objects.get_for_models(*models)` and use it in the the auth permissions code. This is a solid performance gain on the test suite. Thanks to ptone for the profiling to find this hotspot, and carl for the review.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16963 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-12 20:51:59 +00:00
Ramiro Morales
4c457bca85
Fixed #16789 -- Added names to URLs in convenience contrib.auth urls.py.
...
Thanks wim AT go2people DOT nl for the report, cmheisel for the patch and
fcurella for reviewing it.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16901 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-24 19:48:27 +00:00
Ramiro Morales
26b8122087
Fixed #14675 -- Completed removal of `from django.conf.urls.default import *` usage.
...
This applies to both our own [test] code and documentation examples. Also:
* Moved the functions and handlers from `django.conf.urls.defaults` up to
`django.conf.urls` deprecating the former module.
* Added documentation for `handler403`.
* Tweaked the URLs topic document a bit.
Thanks to pupeno and cdestigter for their great work contributing patches.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16818 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-11 22:36:16 +00:00
Alex Gaynor
e130dc3275
Removed the deprecated-since-1.2 "supports_object_permissions" and "supports_anonymous_user" flags on authentication backends. If you have an authenication backend it now *must* suport these.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16789 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-10 21:00:32 +00:00
Alex Gaynor
7deb25b8dd
Fixed #7596 . Added Model.objects.bulk_create, and make use of it in several places. This provides a performance benefit when inserting multiple objects. THanks to Russ for the review, and Simon Meers for the MySQl implementation.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16739 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-09 19:22:28 +00:00
Julien Phalip
09fc775f42
Fixed #16412 -- Prevented a `contrib.auth` test from failing in the potential case where `contrib.sites` was not installed. Thanks to haras for the report and to Aymeric Augustin for the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16717 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-03 12:53:08 +00:00
Chris Beaven
0e3d8bcb26
Removing the old url resolution method in contrib.auth.admin.UserAdmin which was deprecated in Django 1.1
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16621 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-08-17 04:06:42 +00:00
Jannis Leidel
283526a5a6
Fixed #15206 -- Added select_related call to the permissions field of the GroupAdmin to lower the number of queries. Thanks, Chris Adams.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16620 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-08-15 09:01:12 +00:00
Jannis Leidel
351d5da69b
Fixed #4617 -- Added `raise_exception` option to `permission_required` decorator to be able to raise a PermissionDenied exception instead of redirecting to the login page.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16607 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-08-12 14:15:41 +00:00
Jannis Leidel
56775c23ee
Added yet another import from the future.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16577 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-07-31 17:01:57 +00:00
Ramiro Morales
ff9a666753
Removed deprecated admin contrib app AdminSite root_path attribute. Refs #15294 , r11250, r16136.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16575 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-07-30 19:09:23 +00:00
Jannis Leidel
6b80640fd7
Fixed #16413 -- Stopped an auth test from failing if LOGIN_URL is set to a non-default value. Thanks, Aymeric Augustin.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16552 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-07-26 08:27:23 +00:00
Jannis Leidel
24f4764a48
Fixed #16225 -- Removed unused imports. Many thanks to Aymeric Augustin for the work on the patch and Alex for reviewing.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16539 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-07-13 09:35:51 +00:00
Jannis Leidel
230dab85c5
Removed stale import from auth tests. Thanks, Ramiro.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16483 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-28 14:04:36 +00:00
Jannis Leidel
f4aa39837a
Reverted parts of r14891 and r16400 due to inherent brokenness of tests.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16482 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-28 13:42:46 +00:00
Jannis Leidel
0278947128
Fixed #16363 -- Fixed tests introduced in r16472. Thanks, EnTeQuAk.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16478 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-28 10:17:36 +00:00
Chris Beaven
f54135fa4d
Make the email parameter of User.objects.create_user optional.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16472 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-28 04:29:48 +00:00
Jannis Leidel
4a10338986
Fixed #14390 and #16262 -- Moved password related functions from auth models to utils module and stopped check_password from throwing an exception. Thanks, subsume and lrekucki.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16456 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-26 16:51:46 +00:00
Jannis Leidel
2619dc8285
Fixed #14674 -- Prevent user accounts with an unusable password from resetting passwords. Thanks, summerisgone, thejaswi_puthraya and lrekucki.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16455 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-26 16:51:34 +00:00
Jannis Leidel
821d8aaaaa
Fixed #15266 -- Applied login_required decorator to password_change_done view. Thanks, lasko.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16454 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-26 16:51:25 +00:00
Jannis Leidel
650739ef17
Fixed #13969 -- Extended length of salt used when setting the password. Thanks to cyounkins for the initial patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16453 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-26 16:51:12 +00:00
Jannis Leidel
656360c240
Fixed #12202 -- Removed hardcoded password reset subject and added a subject_template_name parameter to the password_reset view. Thanks, Ramiro Morales, Claude Paroz and agabel.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16438 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-19 11:24:39 +00:00
Jannis Leidel
3f37d1673b
Fixed #16183 -- Fixed an ignored auth test. Thanks, desh.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16400 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-14 10:45:49 +00:00
Luke Plant
45e55b9143
Fixed #14614 - filtering of sensitive information in 500 error reports.
...
This adds a flexible mechanism for filtering what request/traceback
information is shown in 500 error emails and logs. It also applies
screening to some views known to be sensitive e.g. views that handle
passwords.
Thanks to oaylanc for the report and many thanks to Julien Phalip for the
patch and the rest of the work on this.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16339 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-08 22:18:46 +00:00
Luke Plant
d14eb13992
Removed an unnecessary import
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16332 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-06 12:11:48 +00:00
Alex Gaynor
1cfb00dc41
Cleaned up how ``request.user`` is set, this is a follow up to [16297]. Thanks for the review Luke.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16305 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-31 15:43:19 +00:00
Luke Plant
4531767700
Fixed auth context processor tests, which were not running at all previously.
...
It seems they were accidentally disabled following being moved from
regressiontests in [15990]
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16304 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-31 15:19:19 +00:00
Luke Plant
dc4c2f3add
Fixed #15929 - test.client.RequestFactory keeps state/AuthMiddleware does monkey patching
...
Thanks to m.vantellingen for the report and tests, and to aaugustin for
work on the tests.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16297 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-30 16:33:23 +00:00
Chris Beaven
161b94ef7b
Fixes #15778 -- createsuperuser fails on international characters in system user names. Thanks for the patch, Hynek Cernoch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16182 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 01:10:40 +00:00
Chris Beaven
367e51e6a1
Tiny grammar fix in createsuperuser command.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16154 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-04 22:56:20 +00:00
Jannis Leidel
c8092b840b
Fixed #15008 -- Replaced all calls in the admin to render_to_response with TemplateResponses for easier customization. Thanks to Chris Adams for the initial patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16087 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-22 18:17:16 +00:00
Luke Plant
8d4b414760
Fixed #15757 - removed remaining instances of get_and_delete_messages
...
Thanks to void for the report, and julien for the bulk of the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16022 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-07 22:01:23 +00:00
Russell Keith-Magee
4c468800ee
Updates to the test suite to allow for newly deprecated and removed features
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15990 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-02 08:44:47 +00:00
Russell Keith-Magee
d60ae0b721
Removed deprecated 'no' translation
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15988 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-02 08:43:43 +00:00
Russell Keith-Magee
5d5149cd18
Advanced deprecation of user-based messages and the LegacyFallbackStorage in contrib.messages.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15975 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-02 08:36:04 +00:00
Russell Keith-Magee
48edaf17a3
Advanced deprecations in contrib.auth.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15970 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-02 08:33:01 +00:00
Adrian Holovaty
94af19c43f
Changed e-mail to email throughout documentation and codebase. The one exception is translation strings, which I didn't want to disrupt
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15967 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-01 16:10:22 +00:00
Luke Plant
25aaa359a2
Removed Django 1.2 compatibility fallback for password reset hash
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15950 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-30 17:34:38 +00:00
Adrian Holovaty
a87be3554f
Removed a bunch of Python 2.4 workarounds now that we don't support it. Refs #15702 -- thanks to jonash for the patch. Splitting this over muliple commits to make it more manageable.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15926 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-28 01:40:43 +00:00
Jannis Leidel
ada8e2a6fa
Pulled translation updates from Transifex again.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15886 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-20 22:16:14 +00:00
Ramiro Morales
5347bbd514
Fixed plural forms formula for the Croatian (hr) localization by manually overriding the header of affected .po files and re-generating .mo files, this seems to be a quirck in Transifex export to PO functionality. Thanks bmihelac fot the report. Refs #15634 .
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15875 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-17 22:56:10 +00:00
Russell Keith-Magee
a0878b5f95
Fixed #15627 -- Use constant time comparison for password checks. Thanks to hvdklauw for the report and patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15870 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-17 11:51:07 +00:00
Russell Keith-Magee
b49ee91eb3
Fixed #15142 -- Force test views to be non-cached so that projects with caching middleware enabled don't cause test failures. Thanks to jsdalton for the report and patch
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15865 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-17 08:07:40 +00:00
Jannis Leidel
ffe88a7a6c
Pulled auth translation updates from Transifex.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15826 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-15 20:06:58 +00:00
Carl Meyer
7d71a9e45f
Fixed #9213 - Added check to prevent inactive users from resetting their password. Thanks to John Scott for report and draft patch, and Evgeny Fadeev for final patch with test.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15805 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-14 21:14:10 +00:00
Jannis Leidel
90564a156c
Fixed Hungarian, Russian, Serbian and Ukranian plural forms introduced in r15680.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15752 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-04 01:07:11 +00:00
Jannis Leidel
c11140d04b
Fixed plural forms of Irish translation introduced in r15680.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15751 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-04 01:05:10 +00:00
Jannis Leidel
53b2a25396
Fixed plural forms of Welsh translation introduced in r15680.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15750 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-04 01:04:31 +00:00
Jannis Leidel
bef353873e
Fixed plural forms of Bosnian translation introduced in r15680.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15749 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-04 01:03:14 +00:00
Russell Keith-Magee
afd040d4d3
Updated test assertions that have been deprecated by the move to unittest2. In summary, this means:
...
assert_ -> assertTrue
assertEquals -> assertEqual
failUnless -> assertTrue
For full details, see http://www.voidspace.org.uk/python/articles/unittest2.shtml#deprecations
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15728 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-03 15:04:39 +00:00
Russell Keith-Magee
22347c89d8
Fixed #15532 -- Clarified the error message for unknown auth backends. Thanks to kmike for the report.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15713 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-03 00:25:02 +00:00
Jannis Leidel
751888ece3
Fixed #11223 -- Fixed logout view to use the 'next' GET parameter correctly as described in the docs, while only allowing redirection to the same host.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15706 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-02 12:47:44 +00:00
Jannis Leidel
ec193224d3
Fixed #12534 -- Loosened the the security check for "next" redirects after logins slightly to allow paths that contain spaces. Thanks for the patch, jnns and aaugustin.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15702 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-01 22:49:18 +00:00
Jannis Leidel
f3ed462822
Updated auth translations from transifex.net. Refs #15300 .
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15684 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-01 08:56:02 +00:00
Ramiro Morales
4b13e76deb
Fixed #14012 (again) -- Admin app: Don't show the full user edition view after adding a user in a FK popup. Thanks dburke for reporting this regression introduced in r14628.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15637 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-24 01:00:57 +00:00
Russell Keith-Magee
7aa84917a4
Fixed #15299 -- Started the process of migrating the auth context processor support classes into the auth context processor module. Thanks to shailesh for the report, and v1v3kn for the draft patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15635 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-23 13:36:58 +00:00
Russell Keith-Magee
b9a20d1e3b
Fixed #15371 -- Ensure that a superuser created with the createsuperuser management command with --noinput has an invalid password, not a blank password. Thanks to yishaibeeri for the report and patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15631 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-22 11:33:04 +00:00
Russell Keith-Magee
7536f63b32
Fixed #14768 -- Added an es_MX locale and initial translation. Thanks to Alonso Bautista Villalobos and the rest of the Mexican translation team.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15433 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-06 06:06:29 +00:00
Russell Keith-Magee
7a60b41130
Fixed #15111 -- Ensured that the auth, contenttypes and sitemaps tests will run when the sites app isn't installed. Thanks to Waldemar Kornewald for the report and draft patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15418 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-05 03:49:03 +00:00
Russell Keith-Magee
d053624aa8
Fixed #15067 -- Modified the range checks on base36_to_int so you are guaranteed to always get an int, avoiding possible OverflowErrors. Thanks to Garthex for the report, jboutros for the patch, and kfrazier for the feedback.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15288 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-24 08:02:40 +00:00
Jannis Leidel
b3ab63d66b
Added new translation files to auth contrib app.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15261 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-21 17:59:27 +00:00
Chris Beaven
faa4a98f27
Change the lack of supports_inactive_user on an auth backend to a
...
!PendingDeprecationWarning (refs #14249 ), fixing some bad links in the
1.3 release docs and a typo.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15204 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-14 08:31:14 +00:00
Russell Keith-Magee
8781ea6cd7
Fixed #14975 , #14925 -- Added some cache flushing to avoid some cross-test effects. Thanks to jsdalton and rpbarlow for the reports.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15192 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-13 16:22:03 +00:00
Jannis Leidel
937548bba4
Fixed #15043 -- Updated the login function to send the user_logged_in signal after the user's session got recycled instead of before. Thanks, Rob Hudson.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15168 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-10 08:15:52 +00:00
Alex Gaynor
6819be1ea1
Fix a security issue in the auth system. Disclosure and new release forthcoming.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15032 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-23 03:45:08 +00:00
Jannis Leidel
745c255a19
Fixed #14249 -- Added support for inactive users to the auth backend system. Thanks, Harro van der Klauw.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15010 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-21 19:18:12 +00:00
Russell Keith-Magee
059d9205d4
Fixed #14920 -- Fixed some test failures caused by caching contenttypes that were loaded during a contenttype fixture test. Thanks to Karen for the report.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14985 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-19 13:01:51 +00:00
Jannis Leidel
674c671cae
Fixed #14731 -- Respect ordering when creating the default permissions. Thanks, chipx86.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14891 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-12 22:59:28 +00:00
Jannis Leidel
867e935c51
Fixed #14446 -- Prevented the password reset confirmation view to be cached. Thanks, Paul and Gabriel.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14890 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-12 22:59:03 +00:00
Russell Keith-Magee
5b8ef18dcc
Fixed #14795 -- Ensure that get_all_permissions() returns the right result (i.e., all permissions) for superusers. Thanks to jay.halleaux@gmail.com for the report, and Brett Haydon for the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14797 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-04 05:59:56 +00:00
Russell Keith-Magee
34a386378f
Fixed #13190 -- Improved error handling for the case where no authentication backends are defined. Thanks to Joel3000 for the report, and Łukasz Rekucki for the final patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14793 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-04 04:47:59 +00:00
Jannis Leidel
cc64fb5c4b
Fixed #8342 -- Removed code from the admin that assumed that you can't login with an email address (nixed by r12634). Also refactored login code slightly to be DRY by using more of auth app's forms and views.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14769 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-02 00:44:35 +00:00
Jannis Leidel
07705ca129
Fixed #5298 -- Added extra_context to contrib auth views.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14768 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-02 00:43:52 +00:00
Chris Beaven
dceaa82dec
Fixed #14809 -- broken login related tests after r14733.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14764 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-01 22:25:17 +00:00
Chris Beaven
e74edb4d53
Fixes #11025 -- ability to specify LOGIN_URL as full qualified absolute URL.
...
auth.views.login now allows for login redirections for different schemes
with the same host (or no host even, e.g. 'https:///login/ ')
auth.decorators.login_required can now use lazy urls (refs #5925 )
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14733 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-27 22:43:33 +00:00
Jannis Leidel
132afbf8ee
Fixed #5612 -- Added login and logout signals to contrib auth app. Thanks SmileyChris and pterk.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14710 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-26 13:33:27 +00:00
Ramiro Morales
0e26f58dae
Corrected change in behavior regarding the page shown after the 'Save' button is pressed when adding a user through the admin.
...
It had been introduced in trunk (r13503) and between 1.2.1 and 1.2.2 (r13504). The original fix intended to correct a similar problem introduced between 1.1 and 1.2 (r12218) this time in the 'Save and add another' button.
We have now tests for the three buttons present in the Add User admin form to avoid future regressions.
Thanks to Juan Pedro Fisanotti and Cesar H. Roldan for their work.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14628 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-19 22:45:51 +00:00
Jannis Leidel
9b6535b894
Fixed #7077 and #7431 -- Use getpass.getuser instead of pwd.getpwuid to determine the current system user's username in the createsuperuser management command to enable the feature on Windows. getpass.getuser automatically falls back to the previous method.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14607 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-17 20:28:33 +00:00
Luke Plant
02fc6276d7
Fixed #14508 - test suite silences warnings.
...
Utility functions get_warnings_state and save_warnings_state have been added
to django.test.utils, and methods to django.test.TestCase for convenience.
The implementation is based on the catch_warnings context manager from
Python 2.6.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14526 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-11 15:06:20 +00:00
Luke Plant
6feef0c13e
Fixed #14612 - Password reset page leaks valid user ids publicly.
...
Thanks to PaulM for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14456 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-04 12:36:55 +00:00
Luke Plant
7d4a3991f3
Fixed a test setup and isolation bug that was causing PasswordResetTest to fail when run individually
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14455 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-04 12:31:57 +00:00
Alex Gaynor
877033b479
Sped up the create_permissions signal handler (and thus the test suite) by restructuring its queries.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14446 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-04 00:01:54 +00:00
Alex Gaynor
34e545a938
Restructure the create_permission signal handler to perform fewer SQL queries, this speeds up the test suite dramatically.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14413 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-01 20:54:39 +00:00
Alex Gaynor
282e53b499
Reflow django/contrib/auth/management/__init__.py for readability.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14408 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-31 16:49:36 +00:00
Alex Gaynor
15b3350d30
Fixed the auth tests so they work when the AUTHENTICATION_BACKENDS setting is a list. Thanks to Patrick Altman for the report.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14406 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-31 16:25:29 +00:00
Luke Plant
45c7f427ce
Fixed #14445 - Use HMAC and constant-time comparison functions where needed.
...
All adhoc MAC applications have been updated to use HMAC, using SHA1 to
generate unique keys for each application based on the SECRET_KEY, which is
common practice for this situation. In all cases, backwards compatibility
with existing hashes has been maintained, aiming to phase this out as per
the normal deprecation process. In this way, under most normal
circumstances the old hashes will have expired (e.g. by session expiration
etc.) before they become invalid.
In the case of the messages framework and the cookie backend, which was
already using HMAC, there is the possibility of a backwards incompatibility
if the SECRET_KEY is shorter than the default 50 bytes, but the low
likelihood and low impact meant compatibility code was not worth it.
All known instances where tokens/hashes were compared using simple string
equality, which could potentially open timing based attacks, have also been
fixed using a constant-time comparison function.
There are no known practical attacks against the existing implementations,
so these security improvements will not be backported.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14218 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-14 20:54:30 +00:00
Russell Keith-Magee
03f00bcd42
Fixed #14447 -- Modified the auth and sitemaps tests to remove some assumptions about the environment in which the tests are run. Thanks to Gabriel Hurley for the report and patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14184 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-12 07:15:47 +00:00
Russell Keith-Magee
1070c57b83
Fixed #14436 -- Escalated 1.2 PendingDeprecationWarnings to DeprecationWarnings, and removed 1.1 deprecated code.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14138 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-11 12:20:07 +00:00
Luke Plant
f3429da6a0
Converted contrib/auth/tokens doctests to unittests. We've always said "no more" to doctests.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14100 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-10 01:06:42 +00:00
Russell Keith-Magee
a904e55859
Fixed #11509 -- Modified usage of "Web" to match our style guide in various documentation, comments and code. Thanks to timo and Simon Meers for the work on the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14069 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-09 08:12:50 +00:00
Russell Keith-Magee
8755fb1549
Fixed #14354 -- Normalized the handling of empty/null passwords in contrib.auth. This also updates the createsuperuser command to be more testable, and migrates some auth doctests. Thanks to berryp for the report, and Laurent Luce for the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14053 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-09 03:34:08 +00:00
Russell Keith-Magee
f53491db6e
#14374 -- Added some missing template files to ensure that contrib.auth tests will pass when admin isn't installed. Thanks to henriquebastos for the report and patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14003 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-08 13:50:54 +00:00
Luke Plant
667d832e90
Fixed #14386 , #8960 , #10235 , #10909 , #10608 , #13845 , #14377 - standardize Site/RequestSite usage in various places.
...
Many thanks to gabrielhurley for putting most of this together. Also to
bmihelac, arthurk, qingfeng, hvendelbo, petr.pulc@s-cape.cz , Hraban for
reports and some initial patches.
The patch also contains some whitespace/PEP8 fixes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13980 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-04 14:20:47 +00:00
Jannis Leidel
1df1378f9e
Fixed #13827 -- Cleaned up a few unnecessary function calls.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13876 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-26 21:36:22 +00:00
Malcolm Tredinnick
4084bc7354
Permit custom from-email address in auth forms email.
...
Patch from cassidy and Rob Hudson. Fixed #11300 .
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13817 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-12 22:38:01 +00:00
Jannis Leidel
bb00b28399
Added login_url argument to login_required decorator. Thanks mhlakhani and ericflo for the report and patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13723 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-10 19:38:57 +00:00
Luke Plant
303bdc85a7
Fixed #14242 - UserChangeForm subclasses without 'user_permissions' field causes KeyError
...
This was a regression introduced by [13683]
Thanks to adammckerlie@gmail.com for report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13702 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-09 23:31:54 +00:00
Luke Plant
801bb146e8
Converted tests for contrib.auth.forms to unit tests.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13701 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-09 23:21:16 +00:00
Luke Plant
bdd13a4daa
Fixed #14090 - Many sql queries needed to display change user form
...
Thanks to Suor for report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13683 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-03 18:56:12 +00:00
Jannis Leidel
286ce85e45
Fixed #13569 -- Fixed createsuperuser management command to work with the new relaxed requirements for usernames.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13297 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-05-21 14:08:49 +00:00
Russell Keith-Magee
5211f48ae3
Fixed #12164 -- Removed the Python 2.3 compatibility imports and workarounds. Thanks to timo and claudep for the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13094 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-05-04 14:00:30 +00:00
Russell Keith-Magee
056c940f0d
Fixed #13304 -- Updated auth decorators so they can be used with callable classes. Thanks to Horst Gutmann for the report and patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12938 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-04-09 11:07:17 +00:00
Jannis Leidel
7989a78baf
Fixed #13000 - Use a dictionary for the error messages definition in user creation and change form. Thanks for the patch, lgs.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12785 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-03-15 12:16:01 +00:00
Russell Keith-Magee
4dfe6190fa
Fixed #13108 -- Corrected an ambiguity in test data with the potential to cause test failures out of the box. Thanks to benreynwar for the report.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12778 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-03-15 06:55:56 +00:00
Jacob Kaplan-Moss
973bf6f485
Fixed #5605 : only lowercase the domain portion of an email address in `UserManager.create_user`.
...
Thanks, Leo.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12641 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-03-01 20:30:44 +00:00
Jacob Kaplan-Moss
6e748b5db4
Fixed #11457 : tightened the security check for "next" redirects after logins.
...
The new behavior still disallows redirects to off-site URLs, but now allows
redirects of the form `/some/other/view?foo=http://...`.
Thanks to brutasse.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12635 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-03-01 19:58:53 +00:00
Jacob Kaplan-Moss
c8015052d9
Fixed #5786 : relaxed the validation for usernames to allow more common characters '@', etc.
...
This is really just a stop-gap until we come up with a improved way of handling
disparate auth data, but it should help us stretch a bit more milage out of the
current system.
Thanks to alextreme, lbruno, and clayg.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12634 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-03-01 19:49:05 +00:00
Russell Keith-Magee
6b2f125b80
Fixed #12729 -- Replaced a hard-coded SQL statement with an ORM query so that the contrib.auth ModelBackend will work on a routed multi-db setup. Thanks to dhageman for the report.
...
Historical note: The SQL that was removed predates Django being open sourced.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12509 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-02-23 12:02:41 +00:00
Justin Bronn
1d5165e3be
Fixed #12776 -- `User.get_profile` now raises `SiteProfileNotAvailable` instead of `AttributeError` in certain circumstances. Thanks, Bruno Renié.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12506 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-02-23 05:52:37 +00:00
Russell Keith-Magee
eb67e449dd
Fixed #12864 -- Corrected handling of new user creation when a multi-database router is in place. Thanks to haris@dubizzle.com for the report.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12488 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-02-22 13:09:02 +00:00
Jannis Leidel
67d4289c2e
Fixed #12066 - Moved auth context processor from core to the auth app. Thanks, Rob Hudson.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12466 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-02-21 23:40:47 +00:00
Russell Keith-Magee
b794441951
Fixed #10976 -- Isolated contrib.auth tests so they will always pass, regardless of any local templates. Thanks to aarond10 for the report, and SmileyChris for turning that into a patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12420 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-02-13 12:02:11 +00:00
Luke Plant
4bff194633
Fixed #12804 - regression with decorating admin views.
...
This is a BACKWARDS INCOMPATIBLE change, because it removes the flawed
'auto_adapt_to_methods' decorator, and replaces it with 'method_decorator'
which must be applied manually when necessary, as described in the 1.2
release notes.
For users of 1.1 and 1.0, this affects the decorators:
* login_required
* permission_required
* user_passes_test
For those following trunk, this also affects:
* csrf_protect
* anything created with decorator_from_middleware
If a decorator does not depend on the signature of the function it is
supposed to decorate (for example if it only does post-processing of the
result), it will not be affected.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12399 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-02-09 15:02:39 +00:00
Russell Keith-Magee
47acb1d659
Fixed #6273 -- Added a 'changepassword' management command. Thanks to Ludvig Ericson and Justin Lilly for their work on this patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12351 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-29 08:10:29 +00:00
Luke Plant
8daec78cfd
Fixed #12557 - AnonymousUser should check auth backends for permissions
...
Thanks to hvdklauw for the idea and work on the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12316 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-28 01:47:23 +00:00
Russell Keith-Magee
1b3dc8ad9a
Fixed #12540 , #12541 -- Added database routers, allowing for configurable database use behavior in a multi-db setup, and improved error checking for cross-database joins.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12272 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-22 14:30:06 +00:00
Jannis Leidel
5cd4c3e559
Fixed #12644 - Allow overriding the admin user creation form based on r12216. Thanks, minmax.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12265 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-19 22:19:26 +00:00
Jannis Leidel
373076a3cc
Fixed #12606 - Removed stray print statement. Thanks, Sean Brant.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12225 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-14 11:12:24 +00:00
Jannis Leidel
f4998574d3
Fixed #11796 - Tweaked ordering of permissions a little more to be even nicer.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12219 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-12 23:35:54 +00:00
Jannis Leidel
c4470e5ced
Make use of new ability to override admin add form templates and removed a litle bit of redundancy in the templates.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12218 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-12 23:35:29 +00:00
Joseph Kocherhans
2f9853b2dc
Fixed #12512 . Changed ModelForm to stop performing model validation on fields that are not part of the form. Thanks, Honza Kral and Ivan Sagalaev.
...
This reverts some admin and test changes from [12098] and also fixes #12507 , #12520 , #12552 and #12553 .
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12206 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-12 02:29:45 +00:00
Adrian Holovaty
71e8d5dd87
Fixed #11409 -- Reordered the permissions checkboxes in the admin into a more natural progression. Thanks, benspaulding
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12203 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-10 21:58:01 +00:00
Adrian Holovaty
5ceed0a053
Changed a whole bunch of places to raise exception instances instead of old-style raising exception classes plus a comma. Good for the future Python 3 conversion
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12180 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-10 18:36:20 +00:00
Adrian Holovaty
19b72077f7
Fixed #8049 -- Fixed inconsistency in admin site is_active checks. Thanks for patch and tests, isagalaev
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12159 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-10 16:51:13 +00:00
Joseph Kocherhans
471596fc1a
Merged soc2009/model-validation to trunk. Thanks, Honza!
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12098 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-05 03:56:19 +00:00
Jannis Leidel
57d7181caa
Fixed #12462 - Fixed edge case with auth backends that don't support object permissions. Thanks to Florian Apolloner for catching it.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12032 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-12-30 22:12:57 +00:00
Russell Keith-Magee
ff60c5f9de
Fixed #1142 -- Added multiple database support.
...
This monster of a patch is the result of Alex Gaynor's 2009 Google Summer of Code project.
Congratulations to Alex for a job well done.
Big thanks also go to:
* Justin Bronn for keeping GIS in line with the changes,
* Karen Tracey and Jani Tiainen for their help testing Oracle support
* Brett Hoerner, Jon Loyens, and Craig Kimmerer for their feedback.
* Malcolm Treddinick for his guidance during the GSoC submission process.
* Simon Willison for driving the original design process
* Cal Henderson for complaining about ponies he wanted.
... and everyone else too numerous to mention that helped to bring this feature into fruition.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11952 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-12-22 15:18:51 +00:00
Russell Keith-Magee
35cc439228
Fixed #7052 -- Added support for natural keys in serialization.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11863 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-12-14 12:39:20 +00:00
Jannis Leidel
9bf652dfd6
Fixed #11010 - Add a foundation for object permissions to authentication backends. Thanks to Florian Apolloner for writing the initial patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11807 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-12-10 01:05:35 +00:00
Luke Plant
25020ddb05
Fixed #4604 - Configurable message passing system, supporting anonymous users
...
This deprecates User.message_set in favour of a configurable messaging
system, with backends provided for cookie storage, session storage and
backward compatibility.
Many thanks to Tobias McNulty for the bulk of the work here, with
contributions from Chris Beaven (SmileyChris) and lots of code review from
Russell Keith-Magee, and input from many others. Also credit to the authors
of various messaging systems for Django whose ideas may have been pinched
:-)
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11804 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-12-09 16:57:23 +00:00
Luke Plant
7230a995ce
Moved contrib.csrf.* to core code.
...
There is stub code for backwards compatiblity with Django 1.1 imports.
The documentation has been updated, but has been left in
docs/contrib/csrf.txt for now, in order to avoid dead links to
documentation on the website.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11661 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 00:36:34 +00:00
Luke Plant
8e70cef9b6
Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default.
...
This is a large change to CSRF protection for Django. It includes:
* removing the dependency on the session framework.
* deprecating CsrfResponseMiddleware, and replacing with a core template tag.
* turning on CSRF protection by default by adding CsrfViewMiddleware to
the default value of MIDDLEWARE_CLASSES.
* protecting all contrib apps (whatever is in settings.py)
using a decorator.
For existing users of the CSRF functionality, it should be a seamless update,
but please note that it includes DEPRECATION of features in Django 1.1,
and there are upgrade steps which are detailed in the docs.
Many thanks to 'Glenn' and 'bthomas', who did a lot of the thinking and work
on the patch, and to lots of other people including Simon Willison and
Russell Keith-Magee who refined the ideas.
Details of the rationale for these changes is found here:
http://code.djangoproject.com/wiki/CsrfProtection
As of this commit, the CSRF code is mainly in 'contrib'. The code will be
moved to core in a separate commit, to make the changeset as readable as
possible.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-26 23:23:07 +00:00
Luke Plant
c161bf21f0
Fixed #6552 , #12031 - Make django.core.context_processors.auth lazy to avoid "Vary: Cookie"
...
Thanks to olau@iola.dk , Suor for the report
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11623 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-14 18:09:13 +00:00
Luke Plant
c46ddbf1fc
Fixed #8274 - allow custom forms for auth 'login' and 'password_change' views
...
Thanks to julien for the suggestion and patch, and SmileyChris for work on the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11618 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-12 15:32:24 +00:00
Luke Plant
af02f38e02
Rewrote user_passes_test to use auto_adapt_to_methods, removing the need for _CheckLogin
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11587 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-21 22:34:45 +00:00
Luke Plant
4a5630fe75
Removed unnecessary keys in django.contrib.auth.test.__test__
...
Only doctest tests, and not TestCases, need to be in __test__ AFAICS.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11481 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-10 09:51:27 +00:00
Russell Keith-Magee
e91deca779
Fixed #10521 -- Modified the Remote User tests so that it isn't dependent on particular deployed URLs. Thanks to Kegan and Ramiro Morales for their contributions.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10674 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-04 07:05:44 +00:00
Malcolm Tredinnick
5a57a7f006
Fixed #8752 -- Fixed django.contrib.auth tests to be locale-independent.
...
Patch from Koen Biermans.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10599 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-19 03:41:33 +00:00
Jacob Kaplan-Moss
ab562bf954
Fixed #10694 : correctly check permissions in the change password admin. Thanks, jturnbull.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10591 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-18 21:04:40 +00:00
Jacob Kaplan-Moss
9faa1cd9b5
Fixed #10747 : fixed the auth tests to ignore broken user-supplied login/logout templates.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10482 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-10 15:50:51 +00:00
Jacob Kaplan-Moss
6d5492630d
Fixed a sloppy test auth test. [10400] revealed that the auth test was relying on the weird difference between calling a management from the shell and from `call_command`. That this worked in the first case was pretty much an accident.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10404 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-05 19:00:27 +00:00
Jacob Kaplan-Moss
2a994716a1
Fixed #10265 : fixed a bug when generating a password reset token for a user created on the same request. Thanks, crucialfelix.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10341 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-01 21:25:24 +00:00
Jacob Kaplan-Moss
3e6f4674e2
Fixed #10460 : the logout view can now redirect like the rest of the auth views. Thanks, chronos and steingrd.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10332 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-01 17:02:32 +00:00
Jacob Kaplan-Moss
35a1f22bc2
Fixed #10106 : added is_active to user admin's list_display.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10331 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-01 16:43:01 +00:00
Jacob Kaplan-Moss
19b9211a3b
Fixed #9881 : Added the to the login view context, not just the site's name. Thanks, nessita.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10330 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-01 16:37:48 +00:00
Jacob Kaplan-Moss
e6ad4fb901
Fixed #9474 : user_passes_test may now be applied multiple times.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10328 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-01 16:17:38 +00:00
Gary Wilson Jr
b4f5655c86
Fixed #10553 -- Corrected several uses of `URLconf` in documentation and comments, according to the Django style guide. Based on patch from rduffield.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10256 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-31 16:07:07 +00:00
Gary Wilson Jr
3989a7ae11
Fixed #8140 -- Made `UserManager.create_superuser` return the new `User` object, based on patch from ericholscher.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10217 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-30 22:00:07 +00:00
Jacob Kaplan-Moss
c485e236bd
Fixed #8193 : all dynamic imports in Django are now done correctly. I know this because Brett Cannon borrowed the time machine and brought Python 2.7's '`importlib` back for inclusion in Django. Thanks for the patch-from-the-future, Brett!
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10088 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-18 16:55:59 +00:00
Gary Wilson Jr
b994387d8d
Fixed #689 -- Added a middleware and authentication backend to contrib.auth for supporting external authentication solutions. Thanks to all who contributed to this patch, including Ian Holsman, garthk, Koen Biermans, Marc Fargas, ekarulf, and Ramiro Morales.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10063 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-15 05:54:28 +00:00