Alexander Gaevsky
536db42cf0
Fixed #26097 -- Added password_validators_help_text_html to UserCreationForm.
2016-09-10 18:23:18 -04:00
Jon Dufresne
66e1ebbffc
Fixed #26956 -- Added success_url_allowed_hosts to LoginView and LogoutView.
...
Allows specifying additional hosts to redirect after login and log out.
2016-09-07 19:56:25 -07:00
Jon Dufresne
f227b8d15d
Refs #26956 -- Allowed is_safe_url() to validate against multiple hosts
2016-09-07 19:56:25 -07:00
Curtis Maloney
4c94336510
Removed transitive import of types.MethodType from six.
2016-09-06 07:19:27 -04:00
Jon Dufresne
ae98d40c35
Fixed #27136 -- Changed auth forms' autofocus attribute to HTML5 boolean syntax.
2016-08-28 17:19:50 -07:00
Berker Peksag
a02b5848ae
Replaced property() usage with decorator in several places.
2016-08-25 20:06:22 -04:00
Berker Peksag
3c18f8a3d2
Fixed #27111 -- Fixed KeyError if USERNAME_FIELD isn't in UserCreationForm.fields.
2016-08-24 13:20:12 -04:00
Przemysław Suliga
549b90fab3
Refs #26902 -- Protected against insecure redirects in Login/LogoutView.
2016-08-19 19:01:01 -04:00
Tim Graham
7549eb0004
Fixed #27009 -- Made update_session_auth_hash() rotate the session key.
2016-08-15 19:29:12 -04:00
Curtis Maloney
d7e0cf04b7
Used all() and a generator for PermissionsMixin.has_perms().
2016-08-13 08:46:51 -04:00
Andrew Nester
4591cf3fd8
Fixed #26909 -- Allowed UserAttributeSimilarityValidator to validate against model properties.
2016-08-10 15:08:06 -04:00
jordij
0814566bf1
Fixed #26960 -- Added PasswordResetConfirmView option to automatically log in after a reset.
2016-08-10 10:23:16 -04:00
Olexander Yermakov
975a76a964
Fixed #26951 -- Allowed AuthenticationForm to work with a username of 0.
2016-08-10 09:44:48 -04:00
Ville Skyttä
a2fb2b3a1f
Fixed #27020 -- Used a context manager to close files.
2016-08-04 19:45:14 -04:00
Tim Graham
967aa7f6cc
Fixed #27010 -- Made Argon2PasswordHasher decode with ASCII.
...
The underlying hasher only generates strings containing ASCII
characters so this is merely a cosmetic change.
2016-08-04 10:57:37 -04:00
Sergey Yurchenko
4e64e3bb6e
Fixed #26997 -- Fixed checks crash with empty Meta.default_permissions.
2016-08-03 09:14:01 -04:00
Claude Paroz
374b6091ac
Pulled contrib translations from Transifex
...
Forward port f19cadd391
from stable/1.10.x
2016-08-01 19:47:19 +02:00
Andrew Nester
0ba179194b
Fixed #26929 -- Deprecated extra_context parameter of contrib.auth.views.logout_then_login().
2016-07-28 11:57:02 -04:00
Andrew Nester
dde6288fbe
Fixed #26882 -- Added tests for auth.views.logout_then_login().
2016-07-22 15:04:13 -04:00
Claude Paroz
255fb99284
Fixed #17209 -- Added password reset/change class-based views
...
Thanks Tim Graham for the review.
2016-07-16 10:36:12 +02:00
Claude Paroz
490107f14d
Added Upper/Lower Sorbian translations
2016-06-29 21:11:30 +02:00
Bang Dao + Tam Huynh
09119dff14
Fixed #26719 -- Normalized email in AbstractUser.clean().
2016-06-24 10:37:38 -04:00
Claude Paroz
78963495d0
Refs #17209 -- Added LoginView and LogoutView class-based views
...
Thanks Tim Graham for the review.
2016-06-24 10:45:13 +02:00
Tim Graham
39805686b3
Refs #21379 , #26719 -- Moved username normalization to AbstractBaseUser.
...
Thanks Huynh Thanh Tam for the initial patch and Claude Paroz for review.
2016-06-21 16:19:37 -04:00
Tim Graham
1915a7e5c5
Increased the default PBKDF2 iterations.
2016-05-20 09:19:19 -04:00
Claude Paroz
5ccee815ff
Updated translation catalogs
2016-05-17 23:21:35 +02:00
Florian Apolloner
9baf692a58
Fixed #26601 -- Improved middleware per DEP 0005.
...
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-05-17 07:22:22 -04:00
Claude Paroz
9935f97cd2
Refs #21379 -- Normalized unicode username inputs
2016-05-16 19:38:02 +02:00
Claude Paroz
526575c641
Fixed #21379 -- Created auth-specific username validators
...
Thanks Tim Graham for the review.
2016-05-16 19:37:57 +02:00
Simon Charette
61a16e0270
Fixed #24075 -- Used post-migration models in contrib apps receivers.
...
Thanks Markus and Tim for the review.
2016-05-15 19:51:16 -04:00
Tim Graham
094ea69e07
Fixed #26614 -- Used constant_time_compare() in checking session auth hash in login().
2016-05-13 18:26:10 -04:00
Claude Paroz
b26fedacef
Fixed #26544 -- Delayed translations of SetPasswordForm help_texts
...
Thanks Michael Bitzi for the reporti and Tim Graham for the review.
2016-05-07 10:17:49 +02:00
Tim Graham
03efa304bc
Refs #25847 -- Added system check for UserModel.is_anonymous/is_authenticated methods.
2016-05-06 08:56:06 -04:00
Claude Paroz
8dcf352c03
Pulled translations from Transifex
2016-04-30 14:27:07 +02:00
Claude Paroz
d9a00ad16b
Removed deprecated Chinese language codes for contrib apps
...
Refs #18149 .
2016-04-30 14:26:47 +02:00
Bas Westerbaan
a5033dbc58
Refs #26033 -- Added password hasher support for Argon2 v1.3.
...
The previous version of Argon2 uses encoded hashes of the form:
$argon2d$m=8,t=1,p=1$<salt>$<data>
The new version of Argon2 adds its version into the hash:
$argon2d$v=19$m=8,t=1,p=1$<salt>$<data>
This lets Django handle both version properly.
2016-04-25 21:17:53 -04:00
Jeremy Lainé
c1aec0feda
Fixed #25847 -- Made User.is_(anonymous|authenticated) properties.
2016-04-09 14:54:18 -04:00
Tim Graham
df8d8d4292
Fixed E128 flake8 warnings in django/.
2016-04-08 09:51:06 -04:00
Simon Charette
a872194802
Fixed #26470 -- Converted auth permission validation to system checks.
...
Thanks Tim for the review.
2016-04-06 22:40:43 -04:00
Alexander Gaevsky
e0a3d93730
Fixed #25232 -- Made ModelBackend/RemoteUserBackend reject inactive users.
2016-03-23 09:01:48 -04:00
Tim Graham
1243fdf5cb
Fixed #26395 -- Skipped the CryptPasswordHasher tests on platforms with a dummy crypt module.
2016-03-22 11:22:21 -04:00
Berker Peksag
efa9539787
Fixed #26381 -- Made UserCreationForm reusable with custom user models that define USERNAME_FIELD.
2016-03-21 12:32:42 -04:00
Vincenzo Pandolfo
d0fe6c9156
Fixed #26334 -- Removed whitespace stripping from contrib.auth password fields.
2016-03-14 20:20:24 -04:00
ieatkittens
ab8af342b1
Fixed #26343 -- Sent user_login_failed signal if an auth backend raises PermissionDenied.
2016-03-12 16:44:39 -05:00
Bas Westerbaan
b4250ea04a
Fixed #26033 -- Added Argon2 password hasher.
2016-03-08 11:22:18 -05:00
Jon Dufresne
1845bc1d10
Refs #26315 -- Cleaned up argparse options in commands.
...
* Removed type coercion. Options created by argparse are already coerced
to the correct type.
* Removed fallback default values. Options created by argparse already
have a default value.
* Used direct indexing. Options created by argparse are always set. This
eliminates the need to use dict.get().
2016-03-05 13:19:29 -05:00
Florian Apolloner
67b46ba701
Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login.
...
This is a security fix.
2016-03-01 11:25:28 -05:00
Olivier Le Thanh Duong
10781b4c6f
Fixed #12233 -- Allowed redirecting authenticated users away from the login view.
...
contrib.auth.views.login() has a new parameter `redirect_authenticated_user`
to automatically redirect authenticated users visiting the login page.
Thanks to dmathieu and Alex Buchanan for the original code and to Carl Meyer
for the help and review.
2016-02-25 07:18:33 -05:00
Mounir Messelmeni
50931dfa53
Fixed #25304 -- Allowed management commands to check if migrations are applied.
2016-02-12 13:34:56 -05:00
Tim Graham
004ba0f99e
Removed unneeded hint=None/obj=None in system check messages.
2016-02-12 13:01:25 -05:00
Tim Graham
926d41f0e7
Updated some comments for BCryptSHA256PasswordHasher.
2016-02-11 11:57:12 -05:00
Charlie Denton
46c13fef46
Fix typo in comment
2016-02-11 11:14:06 +00:00
Simon Charette
6eb3ce11e4
Fixed #26089 -- Removed custom user test models from public API.
...
Thanks to Tim Graham for the review.
2016-02-04 12:30:34 -05:00
Hugo Osvaldo Barrera
dcee1dfc79
Fixed #12405 -- Added LOGOUT_REDIRECT_URL setting.
...
After a user logs out via auth.views.logout(), they're redirected
to LOGOUT_REDIRECT_URL if no `next_page` argument is provided.
2016-02-04 10:35:37 -05:00
Matt Robenolt
8048411c97
Fixed a typo in BCryptPasswordHasher docstring
...
There is no BCryptSHA512PasswordHasher.
2016-01-09 12:14:51 -05:00
Collin Anderson
780bddf75b
Fixed #20846 -- Decreased User.username max_length to 150 characters.
2016-01-08 18:06:44 -05:00
Paulo Poiati
b643386668
Fixed #24855 -- Allowed using contrib.auth.login() without credentials.
...
Added an optional `backend` argument to login().
2016-01-07 08:56:07 -05:00
Simon Charette
a08fda2111
Fixed #25746 -- Isolated inlined test models registration.
...
Thanks to Tim for the review.
2016-01-06 20:00:07 -05:00
Tim Graham
f0ad641628
Fixed #26016 -- Restored contrib.auth hashers compatibility with py-bcrypt.
...
Reverted "Explicitly passed rounds as rounds to bcrypt.gensalt()"
This reverts commit 23529fb195
.
2016-01-02 06:54:13 -05:00
Marten Kenbeek
16411b8400
Fixed #26013 -- Moved django.core.urlresolvers to django.urls.
...
Thanks to Tim Graham for the review.
2015-12-31 14:21:29 -05:00
Claude Paroz
f14ab700c3
Updated translations from Transifex
...
Forward port of 59f3590ca7
from stable/1.9.x.
2015-12-31 15:53:02 +01:00
Thomas Grainger
d638cdc42a
Fixed #25165 -- Removed inline JavaScript from the admin.
...
This allows setting a Content-Security-Policy HTTP header
(refs #15727 ).
Special thanks to blighj, the original author of this patch.
2015-12-05 15:51:57 -05:00
Josh Soref
93452a70e8
Fixed many spelling mistakes in code, comments, and docs.
2015-12-03 12:48:24 -05:00
Claude Paroz
273ce8aa6a
Pulled contrib translations from Transifex
...
Forward port of 6a4649c27e
from stable/1.9.x
2015-12-01 20:37:57 +01:00
Tim Graham
15ef1dd478
Fixed #20846 -- Increased User.username max_length to 254 characters.
...
Thanks Collin Anderson and Nick Sandford for work on the patch.
2015-10-29 08:58:49 -04:00
Tim Graham
5acf203db2
Fixed #25596 -- Fixed regression in password change view with custom user model.
...
The reverse() added in 50aa1a790c
crashed on a custom user model.
2015-10-27 08:18:22 -04:00
Claude Paroz
5171f56fae
Pluralized translatable strings in password_validation.py
...
Forward port of 86dc4889f
from master.
2015-10-10 15:17:21 +02:00
Claude Paroz
f233aa3ff9
Updated translation catalogs
...
Forward port of f717cb2ab4
from stable/1.9.x.
2015-10-09 18:02:47 +02:00
Kaleb Elwert
adcf823359
Fixed #25490 -- Made the logout() view send "no-cache" headers.
2015-10-02 12:29:54 -04:00
Antoine Catton
53ccffdb8c
Refs #16860 -- Fixed password help text when there aren't any validators.
...
This avoids creating an empty list which is invalid HTML 4.
2015-09-28 15:30:16 -04:00
Tzu-ping Chung
7372cdebed
Fixed #25457 -- Improved formatting of password validation errors in management command output.
2015-09-24 19:45:19 -04:00
Tim Graham
593c9eb660
Increased the default PBKDF2 iterations for the 1.10 release cycle.
2015-09-23 19:31:11 -04:00
Tim Graham
849037af36
Refs #23957 -- Required session verification per deprecation timeline.
2015-09-23 19:31:10 -04:00
Tim Graham
f1761e3fef
Refs #21648 -- Removed is_admin_site option from password_reset() view.
...
Per deprecation timeline.
2015-09-23 19:31:10 -04:00
sujayskumar
d8d853378b
Fixed #24944 -- Added extra_email_context parameter to password_reset() view.
2015-09-18 18:56:04 -04:00
Dražen Odobašić
b1e33ceced
Fixed #23395 -- Limited line lengths to 119 characters.
2015-09-12 11:40:50 -04:00
Raphael Michel
1bbca7961c
Fixed #25350 -- Added alias --no-input for --noinput to management commands.
2015-09-08 08:41:03 -04:00
Maxime Lorant
5153a3bfdc
Fixed #25331 -- Removed trailing blank lines in docstrings.
2015-08-31 17:37:21 -04:00
Y3K
235caabacc
Fixed #25324 -- Registered ModelAdmin instances with @admin.register decorator
2015-08-31 15:41:09 +10:00
Alex Becker
53d28f8339
Fixed #25089 -- Added password validation to createsuperuser/changepassword.
2015-08-01 20:18:26 -04:00
Tim Graham
264eeaf14a
Removed unnecessary if statement in createsuperuser command.
2015-08-01 20:00:05 -04:00
Flavio Curella
c2e70f0265
Fixed #21127 -- Started deprecation toward requiring on_delete for ForeignKey/OneToOneField
2015-07-27 18:28:13 -04:00
Akis Kesoglou
29465d438e
Fixed #25142 -- Added PermissionRequiredMixin.has_permission() to allow customization.
2015-07-27 10:23:56 -04:00
lukasz.wojcik
927b30a6ab
Fixed #24126 -- Deprecated current_app parameter to auth views.
2015-07-21 08:26:41 -04:00
Wim Feijen
c082363527
Reworded contrib.auth forms' password confirmation help_text.
...
"As above" refers to a spatial orientation, which might
not be present, for example when the two password fields
are shown next to each other.
2015-07-20 15:51:50 -04:00
Tim Graham
774c16d16e
Fixed #25052 ; refs #16860 -- Added password validation to UserCreationForm.
2015-07-20 13:44:34 -04:00
Tim Graham
f5e9d67907
Refs #16860 -- Moved password_changed() logic to AbstractBaseUser.
...
Thanks Carl Meyer for review.
2015-07-20 13:44:26 -04:00
Tim Graham
e25ba6e8bb
Refs #25073 -- Copied recently added verbose_names to migrations.
2015-07-17 14:07:18 -04:00
Curtis Maloney
23529fb195
Explicitly passed rounds as rounds to bcrypt.gensalt()
2015-07-13 12:35:24 -04:00
Szilveszter Farkas
f576b23a65
Fixed #25073 -- Added verbose_name to contrib's model fields that were missing it.
2015-07-12 13:44:16 -04:00
Jan Pazdziora
a570701e02
Fixed #25029 -- Added PersistentRemoteUserMiddleware for login-page-only external authentication.
2015-07-02 17:38:10 -04:00
Tim Graham
7da3923ba0
Sorted imports in __init__.py files.
2015-06-27 11:53:33 -04:00
Tim Graham
aaacaeb096
Renamed RemovedInDjangoXYWarnings for new roadmap.
...
Forwardport of ae1d663b79
from stable/1.8.x plus more.
2015-06-24 16:08:20 -04:00
Francisco Albarran
e75b614640
Fixed #25009 -- Allowed User.objects.create_user(...,is_staff=True) to work.
2015-06-22 11:34:26 -04:00
Markus Holtermann
e5cb4e1411
Fixed #24914 -- Added authentication mixins for CBVs
...
Added the mixins LoginRequiredMixin, PermissionRequiredMixin and
UserPassesTestMixin to contrib.auth as counterparts to the respective
view decorators.
The authentication mixins UserPassesTestMixin, LoginRequiredMixin and
PermissionRequiredMixin have been inspired by django-braces
<https://github.com/brack3t/django-braces/ >
Thanks Raphael Michel for the initial patch, tests and docs on the PR
and Ana Balica, Kenneth Love, Marc Tamlyn, and Tim Graham for the
review.
2015-06-17 23:19:10 +02:00
Tim Graham
09f2cdbe1a
Refs #16860 -- Fixed a resource and deprecation warning in password validation.
2015-06-16 11:02:27 -04:00
elena
841a87785a
Corrected to not erroneously mention email as being required.
...
Email field isn't required.
2015-06-15 14:58:48 +02:00
Tim Graham
55b3bd8468
Refs #16860 -- Minor edits and fixes to password validation.
2015-06-10 07:41:01 -04:00
Raphael Michel
39937de7e6
Fixed #24929 -- Allowed permission_required decorator to take any iterable
2015-06-08 13:44:39 -04:00
Erik Romijn
1daae25bdc
Fixed #16860 -- Added password validation to django.contrib.auth.
2015-06-07 19:31:20 +02:00