617e36dc1e
Fixed #20705 -- Allowed using PasswordResetForm with user models with an email field not named 'email'.
2016-09-27 11:59:00 -04:00
0a6ed6b1d9
Simplified has_perm() example in topics/auth/customizing.txt.
2016-09-23 15:28:32 -04:00
cdde2eac5b
Fixed a typo in docs/topics/auth/default.txt.
2016-09-17 20:09:15 -04:00
4b9330ccc0
Fixed #25187 -- Made request available in authentication backends.
2016-09-12 20:11:53 -04:00
1ec1633cb2
Fixed #26401 -- Added BaseAuthConfig to use auth without migrations.
2016-09-10 16:38:05 -07:00
66e1ebbffc
Fixed #26956 -- Added success_url_allowed_hosts to LoginView and LogoutView.
...
Allows specifying additional hosts to redirect after login and log out.
2016-09-07 19:56:25 -07:00
9f27735612
Fixed #27013 -- Clarified commands to install argon2/bcrypt packages.
2016-08-19 19:23:12 -04:00
7549eb0004
Fixed #27009 -- Made update_session_auth_hash() rotate the session key.
2016-08-15 19:29:12 -04:00
4c2a6fe75b
Clarified session verification with respect to the current session.
2016-08-11 12:08:50 -04:00
c412aaca73
Fixed #26957 -- Corrected authenticate() docs regarding User.is_active.
2016-08-10 19:52:01 -04:00
796cc62026
Fixed #27045 -- Documented that AUTH_PASSWORD_VALIDATORS aren't applied at the model level.
2016-08-10 15:52:16 -04:00
0814566bf1
Fixed #26960 -- Added PasswordResetConfirmView option to automatically log in after a reset.
2016-08-10 10:23:16 -04:00
0ba179194b
Fixed #26929 -- Deprecated extra_context parameter of contrib.auth.views.logout_then_login().
2016-07-28 11:57:02 -04:00
412b4126d7
Removed a blank line per isort and a trailing whitespace.
2016-07-28 11:56:25 -04:00
255fb99284
Fixed #17209 -- Added password reset/change class-based views
...
Thanks Tim Graham for the review.
2016-07-16 10:36:12 +02:00
6d61ec0e1a
Fixed a typo in auth docs.
2016-07-04 11:02:11 -04:00
c962b9104a
Added missing trailing '$' to url() patterns in docs.
2016-06-27 09:18:44 -04:00
09119dff14
Fixed #26719 -- Normalized email in AbstractUser.clean().
2016-06-24 10:37:38 -04:00
78963495d0
Refs #17209 -- Added LoginView and LogoutView class-based views
...
Thanks Tim Graham for the review.
2016-06-24 10:45:13 +02:00
39805686b3
Refs #21379 , #26719 -- Moved username normalization to AbstractBaseUser.
...
Thanks Huynh Thanh Tam for the initial patch and Claude Paroz for review.
2016-06-21 16:19:37 -04:00
96f97691ad
Fixed broken links in docs and comments.
2016-06-15 21:20:23 -04:00
4a4d7f980e
Fixed #26021 -- Applied hanging indentation to docs.
2016-06-03 11:44:34 -04:00
9407cc966b
Fixed #26635 -- Clarified Argon2PasswordHasher's memory_cost differs from command line utility.
2016-05-27 18:37:12 -04:00
46a38307c2
Removed versionadded/changed annotations for 1.9.
2016-05-20 11:44:29 -04:00
9baf692a58
Fixed #26601 -- Improved middleware per DEP 0005.
...
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-05-17 07:22:22 -04:00
9935f97cd2
Refs #21379 -- Normalized unicode username inputs
2016-05-16 19:38:02 +02:00
5238af3257
Used 'classmethod' annotation in docs/topics/auth/customizing.txt
2016-05-14 18:58:09 -04:00
2c4c67af94
Fixed #26514 -- Documented that User.refresh_from_db() doesn't clear the permission cache.
2016-04-18 09:02:56 -04:00
c1aec0feda
Fixed #25847 -- Made User.is_(anonymous|authenticated) properties.
2016-04-09 14:54:18 -04:00
e0a3d93730
Fixed #25232 -- Made ModelBackend/RemoteUserBackend reject inactive users.
2016-03-23 09:01:48 -04:00
c41737dc00
Fixed #26392 -- Corrected login_required/permission_required stacking example.
2016-03-21 19:56:15 -04:00
b4250ea04a
Fixed #26033 -- Added Argon2 password hasher.
2016-03-08 11:22:18 -05:00
67b46ba701
Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login.
...
This is a security fix.
2016-03-01 11:25:28 -05:00
10781b4c6f
Fixed #12233 -- Allowed redirecting authenticated users away from the login view.
...
contrib.auth.views.login() has a new parameter `redirect_authenticated_user`
to automatically redirect authenticated users visiting the login page.
Thanks to dmathieu and Alex Buchanan for the original code and to Carl Meyer
for the help and review.
2016-02-25 07:18:33 -05:00
441c537b66
Fixed a function signature in docs/topics/auth/default.txt.
2016-02-24 16:24:33 -05:00
47b5a6a43c
Fixed #26187 -- Removed weak password hashers from PASSWORD_HASHERS.
2016-02-22 18:59:23 -05:00
b14470c7b7
Fixed spelling error
2016-02-23 10:24:38 +11:00
5a541e2e6c
Fixed #26188 -- Documented how to wrap password hashers.
2016-02-22 17:21:45 -05:00
de7edc005f
Fixed import location of check_password() in docs.
2016-02-22 12:42:47 -05:00
f0425c7260
Refs #19353 -- Added tests for using custom user models with built-in auth forms.
...
Also updated topics/auth/customizing.txt to reflect that subclasses of
UserCreationForm and UserChangeForm can be used with custom user models.
Thanks Baptiste Mispelon for the initial documentation.
2016-02-17 10:26:07 -05:00
dcee1dfc79
Fixed #12405 -- Added LOGOUT_REDIRECT_URL setting.
...
After a user logs out via auth.views.logout(), they're redirected
to LOGOUT_REDIRECT_URL if no `next_page` argument is provided.
2016-02-04 10:35:37 -05:00
1e9150443e
Refs #26089 -- Removed obsolete docs about custom user model testing.
2016-02-02 08:12:08 -05:00
8ce8beb3f2
Unified some doc links to OneToOneField and ManyToManyField.
2016-02-01 11:02:26 -05:00
a6ef025dfb
Fixed #26124 -- Added missing code formatting to docs headers.
2016-02-01 10:42:05 -05:00
e519aab43a
Fixed #23868 -- Added support for non-unique django-admin-options in docs.
...
Also documented missing short command line options to fix #24134 . This bumps
the minimum sphinx version required to build the docs to 1.3.4.
Thanks Simon Charette for review.
2016-01-14 18:21:33 -05:00
b643386668
Fixed #24855 -- Allowed using contrib.auth.login() without credentials.
...
Added an optional `backend` argument to login().
2016-01-07 08:56:07 -05:00
ec708803f7
Fixed user_passes_test() signature in docs.
2015-12-08 15:56:10 -05:00
166e0490d3
Fixed #25895 -- Used a consistent style for UserAdmin overrides.
...
Thanks Justin Abrahms for the report.
2015-12-08 14:40:55 -05:00
105028eec6
Removed deprecated usage of url tag from auth docs.
2015-12-05 19:21:30 +01:00
93452a70e8
Fixed many spelling mistakes in code, comments, and docs.
2015-12-03 12:48:24 -05:00
d3b488f5bd
Updated link to 1000 common passwords.
...
xato.net is dead; replaced with link to archive.org.
2015-12-02 12:57:02 -05:00
1f8dad6915
Fixed #25755 -- Unified spelling of "website".
2015-11-16 06:44:14 -05:00
ce4914eab4
Fixed #25744 -- Corrected reference to User object in auth docs.
2015-11-12 19:22:30 -05:00
9788625277
Fixed #25169 -- Documented stacking of permission_required and login_required.
2015-11-12 14:23:59 -05:00
a10cbbbc17
Fixed typo in docs/topics/auth/default.txt.
2015-11-03 08:56:23 +00:00
9c5e272860
Fixed #25550 -- Deprecated direct assignment to the reverse side of a related set.
2015-10-27 07:57:15 -04:00
c14b6b52ff
Documented auth's login/logout function parameters.
2015-09-28 14:11:54 -04:00
54848a96dd
Removed versionadded/changed annotations for 1.8.
2015-09-23 19:31:11 -04:00
849037af36
Refs #23957 -- Required session verification per deprecation timeline.
2015-09-23 19:31:10 -04:00
f1761e3fef
Refs #21648 -- Removed is_admin_site option from password_reset() view.
...
Per deprecation timeline.
2015-09-23 19:31:10 -04:00
cb1e779ceb
Refs #24115 -- Added docs for password updates on bcrypt rounds change.
2015-09-22 19:30:31 -04:00
d8d853378b
Fixed #24944 -- Added extra_email_context parameter to password_reset() view.
2015-09-18 18:56:04 -04:00
6c6eb8a691
Refs #24914 -- Added docs for more auth mixin methods.
2015-08-20 17:57:47 -04:00
64982cc2fb
Updated Wikipedia links to use https
2015-08-08 12:02:32 +02:00
16a8d01308
Fixed #25229 -- Clarified how an iterable works with @permission_required
2015-08-05 17:13:45 -04:00
6d7a9d96fe
Fixed password_reset signature in docs
2015-08-04 13:54:32 -04:00
5d0961fdfc
Fixed #25202 -- Fixed typo in docs/topics/auth/customizing.txt
2015-07-31 07:33:38 -04:00
c2e70f0265
Fixed #21127 -- Started deprecation toward requiring on_delete for ForeignKey/OneToOneField
2015-07-27 18:28:13 -04:00
87d55081ea
Fixed #25159 -- Removed brackets from class/function/method signatures in docs.
...
Thanks hellbeast for the initial patch.
2015-07-27 10:32:47 -04:00
29465d438e
Fixed #25142 -- Added PermissionRequiredMixin.has_permission() to allow customization.
2015-07-27 10:23:56 -04:00
217f173be0
Fixed #25166 -- Clarified how auth permissions are created.
...
Thanks Baptiste Mispelon for report and review.
2015-07-25 09:30:54 -04:00
e3d1f2422c
Fixed malformed Sphinx directives.
2015-07-25 06:37:51 -04:00
03aec35a12
Converted tabs to spaces in topics/auth/default.txt
2015-07-24 11:48:57 -04:00
927b30a6ab
Fixed #24126 -- Deprecated current_app parameter to auth views.
2015-07-21 08:26:41 -04:00
5fd83db255
Normalized indentation and line lengths in docs/topics/auth/default.txt.
2015-07-21 08:11:28 -04:00
f5e9d67907
Refs #16860 -- Moved password_changed() logic to AbstractBaseUser.
...
Thanks Carl Meyer for review.
2015-07-20 13:44:26 -04:00
f0857c09fb
Fixed #25083 -- Added SessionAuthenticationMiddleware to auth installation docs
2015-07-10 08:40:57 -04:00
aaacaeb096
Renamed RemovedInDjangoXYWarnings for new roadmap.
...
Forwardport of ae1d663b79
2015-06-24 16:08:20 -04:00
e5cb4e1411
Fixed #24914 -- Added authentication mixins for CBVs
...
Added the mixins LoginRequiredMixin, PermissionRequiredMixin and
UserPassesTestMixin to contrib.auth as counterparts to the respective
view decorators.
The authentication mixins UserPassesTestMixin, LoginRequiredMixin and
PermissionRequiredMixin have been inspired by django-braces
<https://github.com/brack3t/django-braces/ >
Thanks Raphael Michel for the initial patch, tests and docs on the PR
and Ana Balica, Kenneth Love, Marc Tamlyn, and Tim Graham for the
review.
2015-06-17 23:19:10 +02:00
58665dded0
Removed usage of string-based url() in auth docs.
2015-06-17 09:45:03 -04:00
55b3bd8468
Refs #16860 -- Minor edits and fixes to password validation.
2015-06-10 07:41:01 -04:00
39937de7e6
Fixed #24929 -- Allowed permission_required decorator to take any iterable
2015-06-08 13:44:39 -04:00
1daae25bdc
Fixed #16860 -- Added password validation to django.contrib.auth.
2015-06-07 19:31:20 +02:00
1ea87c8c79
Fixed #24910 -- Added createsuperuser support for non-unique USERNAME_FIELDs
...
Clarified docs to say that a non-unique USERNAME_FIELD is permissable
as long as the custom auth backend can support it.
2015-06-06 09:33:02 -04:00
10945ebeb8
Removed unused import in example code in docs/topics/auth/default.txt
2015-05-27 13:26:20 +01:00
00d763a4fb
Fixed typo in docs/topics/auth/default.txt
2015-05-22 06:48:59 -04:00
21efb5eb74
Enhanced registration/login.html example template.
2015-05-21 20:45:51 -04:00
4f3c444241
Fixed #24789 -- Fixed wrong positional args order in doc example
...
Arguments shown in example code (signal, sender, instance) appeared to
be the incorrect positional arguments for a post_save signal (which
might start as: sender, instance, created), as documented:
https://docs.djangoproject.com/en/1.8/ref/signals/#post-save
2015-05-13 10:14:33 +02:00
8e86d9d3df
Fixed #24780 -- Removed outdated discussion of signals and custom users.
2015-05-11 09:10:30 -04:00
fe914341c8
Fixed #24564 -- Moved AbstractBaseUser and BaseUserManager so they can be used without auth in INSTALLED_APPS
2015-05-05 12:03:48 -04:00
981e3b9394
Fixed #24429 -- Doc'ed that Django 1.8 doesn't require an integer PK for custom user models.
2015-04-07 10:45:31 -04:00
e37d52bd5e
Fixed #22993 -- Deprecated skipIfCustomUser decorator
2015-04-07 09:45:32 -04:00
566c936236
Added admonition about reusable apps and AUTH_USER_PROFILE.
2015-04-06 19:49:46 -04:00
1119063c69
Fixed #24556 -- Added reminder about HTTPS to passwords docs.
2015-04-03 10:55:11 -04:00
3e132406e3
Fixed syntax highlighting in docs/topics/auth/default.txt
2015-03-28 07:49:03 -04:00
fca14cd3f2
Fixed #24501 -- Improved auth.decorators.user_passes_test() example.
2015-03-24 10:30:00 -04:00
e8a758e941
Fixed #24253 -- Documented staff_member_required decorator.
2015-03-13 14:46:13 -04:00
f6b09a7f85
Refs #23559 -- warned about consequences of letting users edit User model in admin.
2015-03-13 08:50:48 -04:00
eb9b7abb83
Fixed #21661 -- Expanded authentication views documentation
2015-03-08 20:36:27 +01:00
8e744fa150
Stressed authentication should be successful before logging in a user.
2015-03-05 12:17:56 -05:00
levental
Berker Peksag
aruseni
Aleksej Manaev
Jon Dufresne
Tim Graham
an0o0nym
jordij
Andrew Nester
Claude Paroz
Jiang Haiyun
Ramiro Morales
Bang Dao + Tam Huynh
Ville Skyttä
Ed Henderson
Bas Westerbaan
Florian Apolloner
Jeremy Lainé
Alexander Gaevsky
Olivier Le Thanh Duong
Markus Holtermann
Daniel Quinn
Hugo Osvaldo Barrera
rowanv
Paulo Poiati
Gavin Wahl
Florian Apolloner
Josh Soref
Eliezer Kanal
Agnieszka Lasyk
Anderson Resende
Bryan Marty
japrogramer
sujayskumar
Alasdair Nicol
Flavio Curella
Akis Kesoglou
lukasz.wojcik
Nick Sweeting
Raphael Michel
Erik Romijn
Kevin Marsh
Laurent Peuch
Charles Dee Rice
Dan Watson
Christopher Luc
Thomas Güttler
Sam Thursfield
Matt Seymour
Andrei Kulakov
Remco Kranenburg
Rik
Marten Kenbeek