Mathew Payne
26bb2611a5
Fixed #29952 -- Lowercased all passwords in contrib.auth's auth/common-passwords.txt.gz.
2018-11-15 14:11:03 -05:00
Timothy Allen
e819554018
Fixed #29939 -- Increased Group.name max_length to 150 characters.
2018-11-14 15:13:34 -05:00
Jon Dufresne
c82893cb8c
Refs #27795 -- Removed force_bytes() usage from django/utils/http.py.
...
django.utils.http.urlsafe_base64_encode() now returns a string, not a
bytestring. Since URLs are represented as strings,
urlsafe_base64_encode() should return a string. All uses immediately
decoded the bytestring to a string anyway.
As the inverse operation, urlsafe_base64_decode() accepts a string.
2018-10-10 14:38:22 -04:00
Tim Graham
a7284cc0c3
Fixed #29809 -- Fixed a crash when a "view only" user POSTs to the admin user change form.
2018-10-01 10:09:50 +02:00
Carlton Gibson
bf39978a53
Fixed CVE-2018-16984 -- Fixed password hash disclosure to admin "view only" users.
...
Thanks Claude Paroz & Tim Graham for collaborating on the patch.
2018-10-01 10:05:01 +02:00
Claude Paroz
033d842e84
Updated translations from Transifex
...
Forward port of d5ed08263b
from master.
2018-09-29 17:11:49 +02:00
Sergey Fedoseev
8ef8bc0f64
Refs #28909 -- Simplifed code using unpacking generalizations.
2018-09-28 09:57:12 -04:00
Ramon Saraiva
2349cbd909
Fixed #29782 -- Added better error message when filtering queryset with AnonymousUser.
2018-09-26 15:36:19 -04:00
Stephen James
e40e7026ca
Fixed #29683 -- Added view permission to docs.
2018-09-26 15:06:43 -04:00
Jon Dufresne
8d87350356
Refs #27795 -- Removed force_bytes() usage in contrib/auth/handlers/modwsgi.py.
2018-09-26 11:16:59 -04:00
Andrey Kostakov
c52ecbda61
Removed shadowing of built-in hash() function.
2018-09-13 10:04:36 -04:00
Alexander Todorov
53ebd4cb13
Fixed #29686 -- Made UserAdmin.user_change_password() pass user to has_change_permission().
2018-08-17 17:43:00 -04:00
Josh Schneier
8b43e9b1af
Fixed #29616 -- Fixed createsuperuser for user models that don't have a password field.
2018-08-05 14:26:03 -04:00
Josh Schneier
ec9d0123e0
Made createsuperuser code more DRY.
2018-08-04 09:38:01 -04:00
Josh Schneier
793e9bb35a
Fixed #29628 -- Made createsuperuser validate password against username and required fields.
2018-08-04 08:44:25 -04:00
luz.paz
97e637a87f
Fixed typos in comments and docs.
2018-08-01 16:09:22 -04:00
Claude Paroz
287fef8693
Updated contrib translations from Transifex
...
Forwardport of cbf7e7dc52
from stable/2.1.x.
2018-08-01 09:24:06 -04:00
Tim Graham
f3fa86a89b
Fixed #29449 -- Reverted "Fixed #28757 -- Allowed using contrib.auth forms without installing contrib.auth."
...
This reverts commit 3333d935d2
due to
a crash if USERNAME_FIELD isn't a CharField.
2018-07-02 18:39:26 -04:00
Claude Paroz
eac9ab7ebb
Removed parser.add_arguments() arguments that match the defaults.
2018-07-02 17:54:57 -04:00
Claude Paroz
bec651a427
Fixed #10827 -- Ensured ContentTypes are created before permission creation.
2018-06-03 22:19:04 -04:00
Dohyeon Kim
f1f4aeb22e
Fixed #28044 -- Unified the logic for createsuperuser's interactive and --noinput modes.
2018-05-29 08:41:32 -04:00
Tim Graham
9792af3648
Increased the default PBKDF2 iterations for Django 2.2.
2018-05-17 11:05:45 -04:00
olivierdalang
825f0beda8
Fixed #8936 -- Added a view permission and a read-only admin.
...
Co-authored-by: Petr Dlouhy <petr.dlouhy@email.cz>
Co-authored-by: Olivier Dalang <olivier.dalang@gmail.com>
2018-05-16 06:44:55 -04:00
Tim Graham
cae0107287
Increased the default PBKDF2 iterations for Django 2.1.
2018-05-13 20:06:20 -04:00
Tom
11b8c30b9e
Ref #23919 -- Replaced some os.path usage with pathlib.Path.
2018-04-19 21:30:00 -04:00
GS-14
93331877c8
Fixed #29274 -- Increased the number of common passwords from 1k to 20k.
2018-04-16 11:01:47 -04:00
Tim Graham
85d853b2d3
Fixed #29289 -- Clarified PasswordResetTokenGenerator comment regarding the data hashed to generate tokens.
...
Thanks Luke Plant for the draft text.
2018-04-06 11:05:51 -04:00
Malte Gerth
874977d388
Fixed #29270 -- Fixed UserChangeForm crash if password field is excluded.
2018-03-29 15:25:54 -04:00
Abeer Upadhyay
1bf4646f91
Fixed #29258 -- Added type checking for login()'s backend argument.
2018-03-28 10:10:18 -04:00
Tim Graham
a4f0e9aec7
Fixed #28718 -- Allowed user to request a password reset if their password doesn't use an enabled hasher.
...
Regression in aeb1389442
.
Reverted changes to is_password_usable() from
703c266682
and documentation changes from
92f48680db
.
2018-03-22 10:03:43 -04:00
Mattia Procopio
aeb8c38178
Fixed #29206 -- Fixed PasswordResetConfirmView crash when the URL contains a non-UUID where one is expected.
2018-03-15 21:33:15 -04:00
ovalseven8
821e304cc4
Corrected User model docstring about required fields.
...
Follow up to 841a87785a
.
2018-03-04 15:24:36 -05:00
Christophe Mehay
40bac28faa
Fixed #29176 -- Fixed AbstractBaseUser.normalize_username() crash if username isn't a string.
2018-03-02 11:32:53 -05:00
Claude Paroz
75527c0f83
Updated translations from Transifex
...
Forward port of 2126e9317e
from stable/2.0.x.
2018-02-28 20:06:52 +01:00
Tim Graham
56a302f338
Fixed #29141 -- Corrected BCryptPasswordHasher's docstring about truncation.
2018-02-26 14:07:38 -05:00
Mikhail Porokhovnichenko
14e34dcf8c
Fixed #29132 -- Avoided connecting update_last_login() handler if User.last_login isn't a field.
2018-02-21 10:36:31 -05:00
Dylan Verheul
9b1125bfc7
Fixed #28379 -- Made AccessMixin raise Permissiondenied for authenticated users.
2018-02-16 13:58:55 -05:00
Tim Graham
fe99fb860f
Removed AuthenticationForm.get_user_id().
...
Unused since aab3a418ac
.
2018-02-14 19:09:06 -05:00
Jon Dufresne
16c5a334ff
Refs #27795 -- Replaced force_text/bytes() with decode()/encode() in password hashers.
2018-02-01 12:36:21 -05:00
Tim Graham
af33fb250e
Fixed CVE-2018-6188 -- Fixed information leakage in AuthenticationForm.
...
Reverted 359370a8b8
(refs #28645 ).
This is a security fix.
2018-02-01 09:05:14 -05:00
Tim Graham
92f48680db
Expanded docs for AbstractBaseUser.has_usable_password().
2018-01-27 11:03:41 -05:00
shanghui
3333d935d2
Fixed #28757 -- Allowed using contrib.auth forms without installing contrib.auth.
...
Also fixed #28608 -- Allowed UserCreationForm and UserChangeForm to
work with custom user models.
Thanks Sagar Chalise and Rômulo Collopy for reports, and Tim Graham
and Tim Martin for reviews.
2018-01-05 14:47:37 -05:00
Дилян Палаузов
d7b2aa24f7
Fixed #28982 -- Simplified code with and/or.
2018-01-03 20:12:23 -05:00
Дилян Палаузов
d79cf1e9e2
Fixed #28985 -- Removed unneeded None checks before hasattr().
2018-01-03 11:37:06 -05:00
я котик пур-пур
ccc25bfe4f
Refs #23919 -- Removed obsolete __init__.py files in management command directories.
2018-01-03 11:02:26 -05:00
Alvin Lindstam
2cb6b7732d
Fixed #28902 -- Fixed password_validators_help_text_html() double escaping.
2018-01-02 19:51:06 -05:00
Mariusz Felisiak
83a36ac49a
Removed unnecessary trailing commas and spaces in various code.
2017-12-28 21:07:29 +01:00
Дилян Палаузов
4c599ece57
Fixed #28930 -- Simplified code with any() and all().
2017-12-26 17:11:15 -05:00
Nick Pope
d13a9e44de
Fixed #28909 -- Simplified code using tuple/list/set/dict unpacking.
2017-12-11 07:08:45 -05:00
Claude Paroz
d0932ce8fc
Updated contrib translations from Transifex
...
Forward port of 765e6de924
from stable/2.0.x
2017-12-01 21:51:30 +01:00