Tim Graham
20f455b3d6
flake8 fixes (unused imports and variables).
2014-02-18 11:33:30 -05:00
Baptiste Mispelon
6b310bafc5
Fixed broken tests when running with a non-TTY stdin.
2014-02-18 11:36:07 +01:00
Baptiste Mispelon
2a9ee49f3c
Removed BaseCommand.stdin introduced in 116d39842d
.
...
This option is not actually very useful in the general case
because it doesn't override sys.stdin.
It's still marginally useful for testing some features of
the createsuperuser command so it was moved there.
This commit also makes the detection of a TTY in createsuperuser
a bit more robust, after a suggestion of appolo13.
2014-02-18 11:36:06 +01:00
Baptiste Mispelon
b78f9a12c8
Consolidated all tests for createsuperuser in the same TestCase.
2014-02-18 11:36:06 +01:00
Baptiste Mispelon
a7639722f5
Fixed #7423 -- Skip superuser creation when not running in a TTY.
...
Thanks to trac user galaxy4sale for the original report
and to AeroNotix for the patch.
2014-02-17 04:58:31 +01:00
Berker Peksag
5d263dee30
Fixed #21674 -- Deprecated the import_by_path() function in favor of import_string().
...
Thanks Aymeric Augustin for the suggestion and review.
2014-02-08 11:12:19 -05:00
Aymeric Augustin
f9698c4391
Suppressed the `if Site._meta.installed` pattern.
...
The purpose of this construct is to test if the django.contrib.sites
application is installed. But in Django 1.9 it will be forbidden to
import the Site model when the django.contrib.sites application isn't
installed.
No model besides Site used this pattern.
Refs #21719 , #21923 .
2014-02-01 20:38:15 +01:00
Aymeric Augustin
f901b4d6c8
Took advantage of the new get_model API. Refs #21702 .
2014-01-26 13:08:05 +01:00
Aymeric Augustin
9ffab9cee1
Moved RequestSite and get_current_site.
...
Following the app-loading refactor, these objects must live outside of
django.contrib.sites.models because they must be available without
importing the django.contrib.sites.models module when
django.contrib.sites isn't installed.
Refs #21680 . Thanks Carl and Loic for reporting this issue.
2014-01-26 08:50:47 +01:00
Aymeric Augustin
2ff93e027c
Fixed #21829 -- Added default AppConfigs.
...
Thanks Russell for the report, Marc for the initial patch, Carl for the
final review, and everyone who contributed to the design discussion.
2014-01-25 10:41:56 +01:00
Russell Keith-Magee
d818e0c9b2
Fixed #16905 -- Added extensible checks (nee validation) framework
...
This is the result of Christopher Medrela's 2013 Summer of Code project.
Thanks also to Preston Holmes, Tim Graham, Anssi Kääriäinen, Florian
Apolloner, and Alex Gaynor for review notes along the way.
Also: Fixes #8579 , fixes #3055 , fixes #19844 .
2014-01-20 10:45:21 +08:00
Marc Tamlyn
2607fa9016
Fixed #21774 -- Isolate all test urls from eachother.
...
This (nearly) completes the work to isolate all the test modules from
each other. This is now more important as importing models from another
module will case PendingDeprecationWarnings if those modules are not in
INSTALLED_APPS. The only remaining obvious dependencies are:
- d.c.auth depends on d.c.admin (because of the is_admin flag to some
views), but this is not so important and d.c.admin is in
always_installed_apps
- test_client_regress depends on test_client. Eventually these should
become a single module, as the split serves no useful purpose.
2014-01-14 15:43:27 +00:00
Aymeric Augustin
d562527a16
Fixed #21477 -- Renamed db to using in pre/post_migrate signals.
2014-01-12 22:24:33 +01:00
Andrew Godwin
f343f5e538
Fix wording of auth superuser post-migrate handler
2014-01-08 13:06:53 +00:00
Aymeric Augustin
27afd302c6
Fixed #21675 -- Added app configs for contrib apps.
2014-01-05 21:18:33 +01:00
Aymeric Augustin
e5bcd1d455
Changed get_validation_errors to use an app config.
2013-12-29 21:48:58 +01:00
Aymeric Augustin
21f22f9544
Added Apps.clear_cache().
...
This avoid leaking implementation details to tests that swap models.
2013-12-29 20:43:10 +01:00
Aymeric Augustin
82aadbb5d5
Fixed a typo.
...
Thanks Simon.
2013-12-29 20:35:58 +01:00
Aymeric Augustin
7b88a96553
Added AppConfig.get_models().
2013-12-29 20:31:59 +01:00
Aymeric Augustin
308960b92a
Cleared get_models cache when swapping User model.
...
Thanks Florian for isolating the shortest way to reproduce this issue:
./runtests.py \
django.contrib.auth.tests.test_context_processors.AuthContextProcessorTests.test_perms_attrs \
django.contrib.auth.tests.test_auth_backends.ChangedBackendSettingsTest.test_changed_backend_settings \
django.contrib.auth.tests.test_auth_backends.CustomUserModelBackendAuthenticateTest.test_authenticate \
django.contrib.auth.tests.test_basic.BasicTestCase.test_createsuperuser_management_command
2013-12-29 18:25:22 +01:00
Aymeric Augustin
00110904ac
Refactored the migration signals to use app configs.
...
De-aliased pre/post_syncdb to pre/post_migrate to increase
backwards-compatibility.
2013-12-29 17:53:42 +01:00
Aymeric Augustin
ba7206cd81
Changed get_model to raise an exception on errors.
...
Returning None on errors required unpythonic error checking and was
inconsistent with get_app_config.
get_model was a private API until the previous commit, but given that it
was certainly used in third party software, the change is explained in
the release notes.
Applied the same change to get_registered_model, which is a new private
API introduced during the recent refactoring.
2013-12-28 20:53:00 +01:00
Aymeric Augustin
8f04f53dd8
Removed a few gratuitous lambdas.
2013-12-26 14:03:50 +01:00
Tim Graham
4e7aa573ec
Added missing newline in previous commit.
2013-12-26 07:52:31 -05:00
Jon Lønne
398642fd9b
Fixed #21627 -- Added unicode_literals to changepassword command.
...
Fixed a crash when executing changepassword command when the user object
representation contained non-ASCII characters.
2013-12-26 07:35:50 -05:00
Aymeric Augustin
1716b7ce5a
Renamed AppCache to Apps.
...
Also renamed app_cache to apps and "app cache" to "app registry".
Deprecated AppCache.app_cache_ready() in favor of Apps.ready().
2013-12-24 12:25:17 +01:00
Aymeric Augustin
e32095616c
Imported override_settings from its new location.
2013-12-23 21:37:56 +01:00
Aymeric Augustin
5891990b6e
Refactored INSTALLED_APPS overrides.
...
* Introduced [un]set_installed_apps to handle changes to the
INSTALLED_APPS setting.
* Refactored [un]set_available_apps to share its implementation
with [un]set_installed_apps.
* Implemented a receiver to clear some app-related caches.
* Removed test_missing_app as it is basically impossible to reproduce
this situation with public methods of the new app cache.
2013-12-23 20:15:08 +01:00
Aymeric Augustin
2fef9e5375
Moved apps back in the toplevel django namespace.
...
Reverted 4a56a93cc4
.
2013-12-22 11:39:55 +01:00
Aymeric Augustin
4a56a93cc4
Moved the new app cache inside core.
2013-12-17 10:17:46 +01:00
Aymeric Augustin
69039becde
Deprecated get_app().
2013-12-17 10:17:45 +01:00
Aymeric Augustin
8662654d6d
Removed module-level functions for the app cache.
...
Since the original ones in django.db.models.loading were kept only for
backwards compatibility, there's no need to recreate them. However, many
internals of Django still relied on them.
They were also imported in django.db.models. They never appear in the
documentation, except a quick mention of get_models and get_app in the
1.2 release notes to document an edge case in GIS. I don't think that
makes them a public API.
This commit doesn't change the overall amount of global state but
clarifies that it's tied to the app_cache object instead of hiding it
behind half a dozen functions.
2013-12-17 10:17:44 +01:00
Aymeric Augustin
860c2c8bc5
Moved django.db.models.loading to django.apps.cache.
...
This commit doesn't contain any code changes; it's purely a refactoring.
2013-12-17 10:17:43 +01:00
Bartolomé Sánchez
8f994f1bcc
Fixed #21250 -- Made HTTP auth user header configurable in tests
...
Currently, if the authentication mechanism uses a custom HTTP header
and not REMOTE_USER, it is not easy to test. This commit modifies
remote user tests in order to make them more generic.
2013-12-14 13:02:56 -05:00
Loic Bistuer
6685713869
Fixed E127 pep8 warnings.
2013-12-14 11:59:15 -05:00
Ludwik Trammer
9922ed46e2
Fixed #21473 -- Limited language preservation to logout
...
Current language is no longer saved to session by LocaleMiddleware
on every response (the behavior introduced in #14825 ).
Instead language stored in session is reintroduced into new session
after logout.
Forward port of c558a43fd6
to master.
2013-12-12 10:24:43 +01:00
Loic Bistuer
a2814846ca
Fixed E124 pep8 warnings.
2013-12-10 15:12:48 -05:00
Tim Graham
fddb0131d3
Fixed #21535 -- Fixed password hash iteration upgrade.
...
Thanks jared_mess for the report.
2013-11-30 14:18:37 -05:00
Tim Graham
f3e7ab366c
Removed gender-based pronouns per [ c0a2daad78
].
2013-11-30 08:37:15 -05:00
Alex Gaynor
9af7e18f35
Fixed an unescisarily gendered pronoun in a docstring
2013-11-29 16:57:36 -06:00
Christopher Medrela
7477a4ffde
Fixed E125 pep8 warnings
2013-11-28 08:50:11 -05:00
Matt Robenolt
3560ef043e
Propagate get_user_model exception from get_user
...
Fixes #21439
2013-11-14 12:02:26 -08:00
Bouke Haarsma
4142d15102
Fixed #21388 -- Corrected language code for Frisian
2013-11-11 13:34:01 +01:00
Tim Graham
d15985d81f
Fixed #21398 -- Fixed BCryptSHA256PasswordHasher with py-bcrypt and Python 3.
...
Thanks arjan at anymore.nl for the report.
2013-11-09 10:11:50 -05:00
Ramiro Morales
a9093dd376
Fixed #21387 -- Merge two very similar help texts.
2013-11-06 00:35:20 -03:00
Tim Graham
36ded01527
Fixed #21302 -- Fixed unused imports and import *.
2013-11-02 15:24:56 -04:00
Alex Gaynor
726ded5708
Started attackign the next flake8 violation
2013-10-31 08:42:28 -07:00
Alex Gaynor
9bf5610890
Start attacking E231 violations
2013-10-24 10:30:03 -07:00
Alasdair Nicol
c3aa2948c6
Fixed #21298 -- Fixed E301 pep8 warnings
2013-10-23 13:45:03 +01:00
Tim Graham
1597503a01
Fixed E221 pep8 warnings.
2013-10-22 09:51:39 -04:00
Loic Bistuer
e565e1332d
Fixed #21275 -- Fixed a serializer error when generating migrations for contrib.auth.
...
The migration serializer now looks for a deconstruct method on any object.
2013-10-21 14:54:52 -04:00
Florian Apolloner
7d0d0dbf26
Force update of the password on iteration count changes.
2013-10-21 20:31:28 +02:00
Alasdair Nicol
b289fcf1bf
Fixed #21288 -- Fixed E126 pep8 warnings
2013-10-21 08:31:30 -04:00
Claude Paroz
5f52590368
Fixed #21291 -- Ensured inactive users cannot reset their passwords
...
Thanks kz26 for the report and the suggested fix. Refs #19758 .
2013-10-19 10:43:06 +02:00
Claude Paroz
59a8808632
Cleaned formatting/comments in PasswordResetFormTest
2013-10-19 10:43:06 +02:00
Tim Graham
ac4fec5ca2
Fixed bug causing CSRF token not to rotate on login.
...
Thanks Gavin McQuillan for the report.
2013-10-18 08:31:19 -04:00
Alasdair Nicol
a800036981
Fixed #21287 -- Fixed E123 pep8 warnings
2013-10-18 10:07:39 +01:00
Alasdair Nicol
bab9123daa
Fixed #21268 -- Fixed E303 pep8 warnings
2013-10-18 01:46:24 +01:00
Alasdair Nicol
dfb4cb9970
Fixed #21285 -- Fixed E121,E122 pep8 warnings
2013-10-17 20:20:11 -04:00
Bouke Haarsma
2fb5a51fa3
Fixed #18659 -- Deprecated request.REQUEST and MergeDict
...
Thanks Aymeric Augustin for the suggestion.
2013-10-17 09:42:28 -04:00
Tim Graham
91c77eeab8
Avoided hardcoding Permission.name max_length
...
refs #18866 .
2013-10-16 11:31:07 -04:00
joaoxsouls
1ab27e9a65
Fixed #18866 -- added validation error for verbose_name longer than 39 characters
...
Added a validation error check when creating the permissions for model, to avoid
cryptic database error when the verbose_name is longer than 39 characters
thanks elena for reporting it
2013-10-14 14:19:35 +01:00
Claude Paroz
ef22d512b5
Imported custom user classes in tests depending on it
...
Without those imports, affected test files cannot be run
independently. Refs #21164 .
2013-10-14 10:14:24 +02:00
Tim Graham
1dae4ac177
Whitespace cleanup.
...
* Removed trailing whitespace.
* Added newline to EOF if missing.
* Removed blank lines at EOF.
* Removed some stray tabs.
2013-10-10 16:49:20 -04:00
Tim Graham
adedc31072
Fixed "redefinition of unused 'foo' from line X" pyflakes warnings.
2013-10-10 11:09:42 -04:00
Russell Keith-Magee
ddb53856b6
Fixed #21164 -- Added documentation for issue with test users.
...
The package renaming restores the older package names (which were also the
documented package names). This doesn't affect test discovery because the
module in question doesn't contain any tests.
Thanks to Carl for the design discussion.
2013-10-08 10:32:56 +08:00
Tim Graham
1285ca67eb
Fixed #16919 -- Passed user to set_password_form in GET requests.
...
Thanks Jaime Irurzun for the report and initial patch and
ejucovy for the test.
2013-10-02 13:28:15 -04:00
Florian Apolloner
5d74853e15
Revert "Ensure that passwords are never long enough for a DoS."
...
This reverts commit aae5a96d57
.
This fix is no longer necessary, our pbkdf2 (see next commit) implementation
no longer rehashes the password every iteration.
2013-09-24 21:01:21 +02:00
Michał Lech
53c7d66869
Marked PermissionsMixin.user_permissions help_text for translation
2013-09-24 07:36:24 -04:00
Aymeric Augustin
a5b062576b
Removed a few trailing backslashes.
...
We have always been at war with trailing backslashes.
2013-09-22 14:04:10 +02:00
Paul McMillan
a075e2ad0d
Increase default PBKDF2 iterations
...
Increases the default PBKDF2 iterations, since computers have gotten
faster since 2011. In the future, we plan to increment by 10% per
major version.
2013-09-19 18:02:25 +01:00
Tim Graham
18ffdb1772
Fixed #17627 -- Renamed util.py files to utils.py
...
Thanks PaulM for the suggestion and Luke Granger-Brown and
Wiktor Kołodziej for the initial patch.
2013-09-16 12:52:05 -04:00
Russell Keith-Magee
aae5a96d57
Ensure that passwords are never long enough for a DoS.
...
* Limit the password length to 4096 bytes
* Password hashers will raise a ValueError
* django.contrib.auth forms will fail validation
* Document in release notes that this is a backwards incompatible change
Thanks to Josh Wright for the report, and Donald Stufft for the patch.
This is a security fix; disclosure to follow shortly.
2013-09-15 13:42:23 +08:00
Gregor MacGregor
b2b763448f
Fixed #20841 -- Added messages to NotImplementedErrors
...
Thanks joseph at vertstudios.com for the suggestion.
2013-09-10 11:09:59 -04:00
Alex Gaynor
96fd5557f9
Removed a ton of unused local vars
2013-09-08 08:05:16 -07:00
Alex Gaynor
2530735d2d
Fixed a number of flake8 errors -- particularly around unused imports and local variables
2013-09-06 21:56:40 -07:00
Aymeric Augustin
6a6428a36f
Took advantage of django.utils.six.moves.urllib.*.
2013-09-05 14:39:23 -05:00
Aymeric Augustin
365c3e8b73
Replaced "not PY3" by "PY2", new in six 1.4.0.
2013-09-02 12:11:02 +02:00
Simon Charette
11cd7388f7
Fixed #20989 -- Removed useless explicit list comprehensions.
2013-08-30 10:57:51 -04:00
Tim Graham
c7d0ff0cad
Fixed #20989 -- Removed explicit list comprehension inside dict() and tuple()
...
Thanks jeroen.pulles at redslider.net for the suggestion and
helper script.
2013-08-29 12:11:03 -04:00
Tim Graham
cf8d6e9108
Fixed #20881 -- Removed contrib.auth.models.AbstractUser.get_absolute_url()
...
The definition is arbitrary and creates a broken "view on site"
link in the admin if a project doesn't define such a URL.
2013-08-29 06:36:35 -04:00
Michał Górny
b89c2a5d9e
Fixed #18171 -- Checked signature of authenticate() to avoid supressing TypeErrors.
...
The current auth backend code catches TypeError to detect backends that
do not support specified argumetnts. As a result, any TypeErrors raised
within the actual backend code are silenced.
In Python 2.7+ and 3.2+ this can be avoided by using inspect.getcallargs().
With this method, we can test whether arguments match the signature without
actually calling the function.
Thanks David Eyk for the report.
2013-08-28 07:51:45 -04:00
Andrew Godwin
b6a957f0ba
Merge remote-tracking branch 'core/master' into schema-alteration
...
Conflicts:
docs/ref/django-admin.txt
2013-08-19 18:30:48 +01:00
Claude Paroz
165f44aaaa
Combine consecutive with statements
...
Python 2.7 allows to combine several 'with' instructions.
2013-08-16 20:12:10 +02:00
SusanTan
71c491972e
Fixed #11400 -- Passed kwargs from AbstractUser.email_user() to send_mail()
...
Thanks Jug_ for suggestion, john_scott for the initial patch,
and Tim Graham for code review.
2013-08-14 07:46:11 -04:00
Jacob Kaplan-Moss
ae3535169a
Fixed is_safe_url() to reject URLs that use a scheme other than HTTP/S.
...
This is a security fix; disclosure to follow shortly.
2013-08-13 11:06:22 -05:00
ersran9
00d23a13eb
Fixed #20828 -- Allowed @permission_required to take a list of permissions
...
Thanks Giggaflop for the suggestion.
2013-08-10 10:10:18 -04:00
Tim Graham
453915bb12
SQLite test fix -- refs #9057
2013-08-09 10:57:25 -04:00
Andrew Godwin
588b523233
Merge remote-tracking branch 'core/master' into schema-alteration
...
Conflicts:
django/db/models/options.py
2013-08-09 14:37:37 +01:00
Tim Graham
ddae74b64c
Fixed #9057 -- Added default_permissions model meta option.
...
Thanks hvendelbo for the suggestion and koenb for the draft patch.
2013-08-09 09:19:52 -04:00
Andrew Godwin
de64c4d6e9
Merge remote-tracking branch 'core/master' into schema-alteration
...
Conflicts:
django/core/management/commands/flush.py
django/core/management/commands/syncdb.py
django/db/models/loading.py
docs/internals/deprecation.txt
docs/ref/django-admin.txt
docs/releases/1.7.txt
2013-08-09 14:17:30 +01:00
Justin Michalicek
6d88d47be6
Fixed #20832 -- Enabled HTML password reset email
...
Added optional html_email_template_name parameter to password_reset view
and PasswordResetForm.
2013-08-05 09:47:28 -04:00
Alex Gaynor
3e0eb2d788
Fixed a number of lint warnings, particularly around unused variables.
2013-08-04 09:17:10 -07:00
Curtis Maloney
07876cf02b
Deprecated SortedDict (replaced with collections.OrderedDict)
...
Thanks Loic Bistuer for the review.
2013-08-04 07:09:39 -04:00
Tim Graham
425d076d0c
Fixed #18923 -- Corrected usage of sensitive_post_parameters in contrib.auth
...
Thanks Collin Anderson for the report.
2013-08-02 14:46:17 -04:00
Tim Graham
a1889397a9
Fixed #12103 -- Added AuthenticationForm.confirm_login_allowed to allow customizing the logic policy.
...
Thanks ejucovy and lasko for work on the patch.
2013-07-31 13:54:05 -04:00
Aymeric Augustin
5b47a9c5a0
Fixed a test that could fail depending on PASSWORD_HASHERS.
...
Thanks Claude. Refs #20760 .
2013-07-30 16:14:53 +02:00
Andrew Godwin
12e9804d16
Rename allow_syncdb to allow_migrate
2013-07-30 12:08:59 +01:00
Andrew Godwin
68e0a169c4
Rename pre_ and post_syncdb to *_migrate, with aliases from old names
2013-07-30 11:52:52 +01:00
Claude Paroz
fdd7a355bf
Deprecated django.utils.importlib
...
This was a shim for pre-Python 2.7 support.
2013-07-29 17:10:22 +02:00
Serge G. Spaolonzi
e07e4030b9
Fixed #18511 -- Cleaned up admin password reset template titles.
2013-07-27 14:23:04 -04:00
Aymeric Augustin
5dbca13f3b
Fixed #20760 -- Reduced timing variation in ModelBackend.
...
Thanks jpaglier and erikr.
2013-07-23 15:43:12 +02:00
Kirill Fomichev
33242fe015
Fixed #19019 -- Fixed UserAdmin to log password change.
...
Thanks Tuttle for the report.
2013-07-23 08:33:07 -04:00
Loic Bistuer
3a00229189
Cleaned up UserAdmin.get_form() that worked around a bug fixed in 23e1b59
.
...
Refs #18681 .
2013-07-18 23:59:45 +07:00
Tim Graham
f407f75aae
Fixed #20673 -- Clarified that HttpRequest.user uses AUTH_USER_MODEL.
...
Thanks littlepig for the report.
2013-07-04 09:32:32 -04:00
Simon Charette
8759778185
Fixed #20675 -- `check_password` should work when no password is specified.
...
The regression was introduced by 2c4fe761a
. refs #20593 .
2013-07-03 14:09:58 -04:00
Aymeric Augustin
cfcf4b3605
Stopped using django.utils.unittest in the test suite.
...
Refs #20680 .
2013-07-01 14:29:33 +02:00
Ramiro Morales
d51b7794bf
Removed django.contrib.auth.views.password_reset_confirm_uidb36() view to finish its accelerated deprecation schedule.
2013-06-29 12:22:15 -03:00
Claude Paroz
6118d6d1c9
More import removals
...
Following the series of commits removing deprecated features in
Django 1.7, here are some more unneeded imports removed and other
minor cleanups.
2013-06-29 11:58:36 +02:00
Aymeric Augustin
c8756e17fb
Removed obsolete comment. Refs #20079 .
...
Thanks Gavin Wahl.
2013-06-29 11:42:34 +02:00
Ramiro Morales
c196564132
Removed custom profile model functionality as per deprecation TL.
2013-06-28 21:48:16 -03:00
Ramiro Morales
f02a703ca6
Removed AuthenticationForm.check_for_test_cookie() as per deprecation TL.
2013-06-28 21:48:15 -03:00
Andrew Godwin
f325f86971
Fixed #20244 : PermissionsMixin now defines a related_query_name for M2Ms
2013-06-27 15:44:22 +01:00
Anton Baklanov
cab333cb16
Fixed #20541 -- don't raise db signals twice when creating superuser
2013-06-27 05:58:01 -04:00
Tim Graham
1184d07789
Fixed #14881 -- Modified password reset to work with a non-integer UserModel.pk.
...
uid is now base64 encoded in password reset URLs/views. A backwards compatible
password_reset_confirm view/URL will allow password reset links generated before
this change to continue to work. This view will be removed in Django 1.7.
Thanks jonash for the initial patch and claudep for the review.
2013-06-26 13:11:47 -04:00
Simon Charette
b91787910c
Fixed #20642 -- Deprecated `Option.get_(add|change|delete)_permission`.
...
Those methods were only used by `contrib.admin` internally and exclusively
related to `contrib.auth`. Since they were undocumented but used
in the wild the raised deprecation warning point to an also undocumented
alternative that lives in `contrib.auth`.
Also did some PEP8 and other cleanups in the affected modules.
2013-06-25 12:22:37 -04:00
Loic Bistuer
7462a78c1b
Fixed #20288 -- Fixed inconsistency in the naming of the popup GET parameter.
...
Thanks to Keryn Knight for the initial report and reviews,
and to tomask for the original patch.
2013-06-19 22:16:16 +02:00
Aymeric Augustin
ffcf24c9ce
Removed several unused imports.
2013-06-19 17:18:40 +02:00
Erik Romijn
aeb1389442
Fixed #20079 -- Improve security of password reset tokens
2013-06-18 20:02:00 +02:00
Erik Romijn
2c4fe761a0
Fixed #20593 -- Allow blank passwords in check_password() and set_password()
2013-06-18 13:32:54 -04:00
Loic Bistuer
ee77d4b253
Fixed #20199 -- Allow ModelForm fields to override error_messages from model fields
2013-06-18 08:01:17 -04:00
Claude Paroz
beb652e069
Worked around Python 3.3 modified exception repr
...
Refs #20599 .
2013-06-15 11:14:59 +02:00
Jaap Roes
990f8d92dc
Fixed #20599 -- Changed wording of ValueError raised by _load_library
...
The _load_library method on BasePasswordHasher turns ImportErrors
into ValueErrors, this masks ImportErrors in the algorithm library.
Changed it to a clearer worded error message that includes
the ImportError string.
2013-06-15 10:50:55 +02:00
Aymeric Augustin
c6e6d4eeb7
Defined available_apps in relevant tests.
...
Fixed #20483 .
2013-06-10 11:30:01 +02:00
Aymeric Augustin
4daf570b98
Added TransactionTestCase.available_apps.
...
This can be used to make Django's test suite significantly faster by
reducing the number of models for which content types and permissions
must be created and tables must be flushed in each non-transactional
test.
It's documented for Django contributors and committers but it's branded
as a private API to preserve our freedom to change it in the future.
Most of the credit goes to Anssi. He got the idea and did the research.
Fixed #20483 .
2013-06-10 11:24:10 +02:00
Chris Streeter
69373f3420
Fixed #19925 - Added validation for REQUIRED_FIELDS being a list
...
Thanks Roman Alexander for the suggestion.
2013-06-07 19:58:41 -04:00
Gavin Wahl
4f4e9243e4
Fixed #20532 -- Reverse auth views by name, not by path.
...
Auth views should be reversed by name, not their locations in
`django.contrib.auth.views`. This allows substituting your own
implementations of the auth views.
2013-06-03 13:30:40 -04:00
Gavin Wahl
01ae881bb4
Don't hard-code class names when calling static methods
...
normalize_email should be called on the instance, not the class. This
has the same effect normally but is more helpful to subclassers. When
methods are called directly on the class, subclasses can't override
them.
2013-05-29 16:11:26 -06:00
Ramiro Morales
0fa8d43e74
Replaced `and...or...` constructs with PEP 308 conditional expressions.
2013-05-26 23:47:50 -03:00
Preston Holmes
d228c1192e
Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.
...
SuspiciousOperations have been differentiated into subclasses, and
are now logged to a 'django.security.*' logger. SuspiciousOperations
that reach django.core.handlers.base.BaseHandler will now return a 400
instead of a 500.
Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft
for review.
2013-05-25 16:27:34 -07:00
Andrew Godwin
1514f17aa6
Rotate CSRF token on login
2013-05-24 22:15:08 +01:00
Baptiste Mispelon
3cb1e9b93c
Fix test failure introduced by 980ae2ab29
.
2013-05-19 16:51:36 +02:00
Baptiste Mispelon
980ae2ab29
Fix #20447 : URL names given to contrib.auth.views are now resolved.
...
This commit also adds tests for the redirect feature of most auth views.
It also cleans up the tests, most notably using @override_settings instead
of ad-hoc setUp/tearDown methods.
Thanks to caumons for the report.
Conflicts:
docs/releases/1.6.txt
2013-05-19 14:36:38 +02:00
Peter Inglesby
cafcc22b01
Typo in comment
2013-05-19 09:28:36 +02:00
Claude Paroz
710c59bf9b
Slightly reworked imports in contrib.auth.__init__
2013-05-18 16:01:47 +02:00
Jorge Bastida
dc43fbc2f2
Fixed #18998 - Prevented session crash when auth backend removed
...
Removing a backend configured in AUTHENTICATION_BACKENDS should not
raise an exception for existing sessions, but should make already
logged-in users disconnect.
Thanks Bradley Ayers for the report.
2013-05-18 15:58:29 +02:00
Jacob Burch
340115200f
Fixed #20432 -- Test failure in admin_views.
...
The failure was triggered by a cache leak.
2013-05-18 13:13:33 +02:00
Mark Huang
0732c8e8c6
Fixed #20357 -- Allow empty username field label in `AuthentificationForm`.
2013-05-16 11:41:52 -04:00
Donald Stufft
8f0a4665d6
Recommend using the bcrypt library instead of py-bcrypt
...
* py-bcrypt has not been updated in some time
* py-bcrypt does not support Python3
* py3k-bcrypt, a port of py-bcrypt to python3 is not compatible
with Django
* bcrypt is supported on all versions of Python that Django
supports
2013-05-13 23:49:00 -04:00
Donald Stufft
3070e8f711
Properly force bytes or str for bcrypt on Python3
2013-05-11 11:16:06 -04:00
Carl Meyer
9012833af8
Fixed #17365 , #17366 , #18727 -- Switched to discovery test runner.
...
Thanks to Preston Timmons for the bulk of the work on the patch, especially
updating Django's own test suite to comply with the requirements of the new
runner. Thanks also to Jannis Leidel and Mahdi Yusuf for earlier work on the
patch and the discovery runner.
Refs #11077 , #17032 , and #18670 .
2013-05-10 23:08:45 -04:00
Luke Plant
f026a519ae
Fixed #19733 - deprecated ModelForms without 'fields' or 'exclude', and added '__all__' shortcut
...
This also updates all dependent functionality, including modelform_factory
and modelformset_factory, and the generic views `ModelFormMixin`,
`CreateView` and `UpdateView` which gain a new `fields` attribute.
2013-05-09 16:44:36 +01:00
Claude Paroz
9f7a01ef2b
Updated translation templates and removed en translations
...
"en" translations have been mistakenly committed in 87cc3da81
.
2013-05-02 16:25:23 +02:00
Preston Holmes
a49e7dd2a3
Fixed #20114 -- support custom project login_url in tests
...
Thanks to Matias Bordese for the patch
2013-04-05 09:03:28 -07:00
Preston Timmons
fde2e4fd6e
Modified auth to work with unittest2 discovery.
2013-04-02 21:59:45 -06:00
Alisson
80b658f5aa
Remove unnecessary if conditions
...
if obj it None, it's None, there's no need to check it
2013-03-30 12:22:28 +01:00
Claude Paroz
244e765a94
Updated translation templates
2013-03-28 10:06:11 +01:00
Claude Paroz
0a22f7aad2
Added Burmese language
...
Thanks to Yhal Htet Aung for the translation work.
2013-03-28 10:01:30 +01:00
Claude Paroz
ab76467d54
Added Ossetic language
...
Thanks to Xwybylty Soslan for the translation work.
2013-03-28 09:54:16 +01:00
Claude Paroz
c5084e7557
Updated translations from Transifex
...
Polish, Telugu, Georgian, Azerbaijani, Norwegian Bokmål, Basque,
Dutch, Thai, Spanish (Argentina), Afrikaans.
2013-03-28 09:24:07 +01:00
Jacob Kaplan-Moss
9e462f8101
Fixed #20078 : don't allow filtering on password in the user admin.
2013-03-27 11:24:36 -05:00
Donald Stufft
25f2acfed0
Fixed #20138 -- Added BCryptSHA256PasswordHasher
...
BCryptSHA256PasswordHasher pre-hashes the users password using
SHA256 to prevent the 72 byte truncation inherient in the BCrypt
algorithm.
2013-03-26 13:26:57 -04:00
Claude Paroz
2f121dfe63
Fixed #17051 -- Removed some 'invalid' field error messages
...
When the 'invalid' error message is set at field level, it masks
the error message raised by the validator, if any.
2013-03-14 17:03:43 +01:00
Aymeric Augustin
3710a918b2
Switched the admin to use @transaction.atomic.
2013-03-11 19:58:08 +01:00
Loic Bistuer
6983a1a540
Fixed #15363 -- Renamed and normalized to `get_queryset` the methods that return a QuerySet.
2013-03-08 10:11:45 -05:00
Ramiro Morales
03e40140ff
Merge pull request #871 from matiasb/ticket_19945
...
Fixed #19945 -- Fixed default User model Meta inheritance.
2013-03-03 14:30:36 -08:00
Claude Paroz
8e8c9b908a
Fixed getting default encoding in get_system_username
...
Refs #19933 .
2013-03-02 22:41:08 +01:00
matiasb
f39fead1c3
Fixed #19945 -- Fixed default User model Meta inheritance.
...
Updated default User model Meta class to extend AbstractUser Meta
where translated verbose_name and verbose_name_plural are
defined.
2013-03-01 19:32:20 -03:00
Aymeric Augustin
2ee21d9f0d
Implemented persistent database connections.
...
Thanks Anssi Kääriäinen and Karen Tracey for their inputs.
2013-02-28 15:28:13 +01:00
Claude Paroz
87cc3da814
Merged contrib translations from 1.5 branch
2013-02-26 21:51:06 +01:00
Aymeric Augustin
f1255a3c09
Fixed #18144 -- Restored compatibility with SHA1 hashes with empty salt.
...
Thanks dahool for the report and initial version of the patch.
2013-02-25 20:21:58 +01:00
Florian Apolloner
f56ca3f0e6
Fixed the usage of the deprecated assertEquals.
2013-02-24 11:15:17 +01:00
Preston Holmes
22d82a7742
Fixed #15198 -- pass request to AuthenticationForm
...
Thanks to Ciantic for the report, claudep and slurms for initial work
2013-02-23 15:28:49 -08:00
Preston Holmes
9d2c0a0ae6
Removed superfluous cookie check from auth login.
...
This is ensured through the CSRF protection of the view
2013-02-23 15:28:49 -08:00
Horst Gutmann
2f4a4703e1
Fixed #19758 -- Avoided leaking email existence through the password reset form.
2013-02-23 14:31:21 +01:00
Carl Meyer
d51fb74360
Added a new required ALLOWED_HOSTS setting for HTTP host header validation.
...
This is a security fix; disclosure and advisory coming shortly.
2013-02-19 11:23:29 -07:00
Claude Paroz
5ec0405a09
Fixed #19839 -- Isolated auth tests from customized TEMPLATE_LOADERS
...
Thanks limscoder for the report.
2013-02-18 09:22:25 +01:00
Claude Paroz
a8d1421dd9
Avoided unneeded assertion on Python 3
...
Fixes failure introduced in 02e5909f7a
.
2013-02-15 16:09:31 +01:00
Claude Paroz
02e5909f7a
Fixed #19807 -- Sanitized getpass input in createsuperuser
...
Python 2 getpass on Windows doesn't accept unicode, even when
containing only ascii chars.
Thanks Semmel for the report and tests.
2013-02-15 15:44:27 +01:00
Russell Keith-Magee
f5e4a699ca
Fixed #19822 -- Added validation for uniqueness on USERNAME_FIELD on custom User models.
...
Thanks to Claude Peroz for the draft patch.
2013-02-15 09:00:55 +08:00
Claude Paroz
f1029b308f
Fixed a misnamed variable introduced in commit 142ec8b283
...
Refs #8404 .
2013-02-14 08:33:10 +01:00
Claude Paroz
142ec8b283
Fixed #8404 -- Isolated auth password-related tests from custom templates
2013-02-13 23:11:49 +01:00
Hiroki Kiyohara
e94f405d94
Fixed #18558 -- Added url property to HttpResponseRedirect*
...
Thanks coolRR for the report.
2013-02-13 10:29:32 +01:00
Preston Holmes
0e18fb04ba
Made modwsgi groups_for_user consistent with check_password
...
2b5f848207
based its changes on #19061
that made the is_active attribute mandatory for user models.
The try/except was not removed for the groups_for_user function.
refs #19780
2013-02-09 09:31:04 -08:00
Preston Holmes
c44d748272
Fixed #19662 -- alter auth modelbackend to accept custom username fields
...
Thanks to Aymeric and Carl for the review.
2013-02-07 16:07:56 -08:00
Florian Apolloner
2b916895a1
Updated createsuperuser to use unicode_literals. Refs #19757 .
2013-02-07 14:33:36 +01:00
Claude Paroz
2390fe3f4f
Fixed #19745 -- Forced resolution of verbose names in createsupersuser
...
Thanks Baptiste Mispelon for the report and Preston Holmes for the review.
2013-02-06 10:06:21 +01:00
Simon Charette
ec469ade2b
Fixed #19689 -- Renamed `Model._meta.module_name` to `model_name`.
2013-02-05 04:16:07 -05:00
Claude Paroz
7c5b244826
Fixed #17061 -- Factored out importing object from a dotted path
...
Thanks Carl Meyer for the report.
2013-02-04 16:38:25 +01:00
Claude Paroz
55c585f1c7
Fixed #19725 -- Made createsuperuser handle non-ascii prompts
...
Thanks Michisu for the report.
2013-02-04 10:09:10 +01:00
Claude Paroz
1f8e7bb075
Added missing parentheses in if clause
2013-02-02 12:13:47 +01:00
Claude Paroz
63d6a50dd8
Fixed #18144 -- Added backwards compatibility with old unsalted MD5 passwords
...
Thanks apreobrazhensky at gmail.com for the report.
2013-02-02 12:02:36 +01:00
Claude Paroz
1686e0d184
Fixed #18460 -- Fixed change detection of ReadOnlyPasswordHashField
...
Thanks jose.sanchez et ezeep.com for the report and Vladimir Ulupov
for the initial patch.
2013-01-25 21:27:49 +01:00
Florian Apolloner
cc4de61a2b
Fixed #19596 -- Use `_default_manager` instead of `objects` in the auth app.
...
This is needed to support custom user models which don't define a manager
named `objects`.
2013-01-22 12:47:34 +01:00
Nick Sandford
cdad0b28d4
Fixed #19573 -- Allow override of username field label in AuthenticationForm
2013-01-10 09:06:04 +01:00
Claude Paroz
34ee7d9875
Updated deprecated test assertions
2013-01-08 19:08:15 +01:00
Anssi Kääriäinen
a2396a4c8f
Fixed #19173 -- Made EmptyQuerySet a marker class only
...
The guarantee that no queries will be made when accessing results is
done by new EmptyWhere class which is used for query.where and having.
Thanks to Simon Charette for reviewing and valuable suggestions.
2013-01-06 19:18:28 +02:00
Aymeric Augustin
4e5369a596
Silenced warnings in the tests of deprecated features.
2012-12-29 22:32:07 +01:00
Aymeric Augustin
ef017a5f00
Advanced pending deprecation warnings.
...
Also added stacklevel argument, fixed #18127 .
2012-12-29 21:59:07 +01:00
Julien Phalip
35d1cd0b28
Fixed #19505 -- A more flexible implementation for customizable admin redirect urls.
...
Work by Julien Phalip.
Refs #8001 , #18310 , #19505 . See also 0b908b92a2
.
2012-12-24 15:44:19 -03:00
Claude Paroz
0dc3fc954f
Fixed #19509 -- Fixed crypt/bcrypt non-ascii password encoding
...
Also systematically added non-ascii passwords in hashers test suite.
Thanks Vaal for the report.
2012-12-22 16:04:10 +01:00
Russell Keith-Magee
9facca28b6
Corrected tests depending on the error message on the AuthenticationForm.
...
Refs #19368 , and the fix introduced in 27f8129d64
.
2012-12-16 07:18:45 +08:00
Russell Keith-Magee
27f8129d64
Fixed #19368 -- Ensured that login error messages adapt to changes in the User model.
...
Thanks to un33k for the report.
2012-12-15 22:44:47 +08:00
Russell Keith-Magee
47e1df896b
Fixed #19412 -- Added PermissionsMixin to the auth.User heirarchy.
...
This makes it easier to make a ModelBackend-compliant (with regards to
permissions) User model.
Thanks to cdestigter for the report about the relationship between
ModelBackend and permissions, and to the many users on django-dev that
contributed to the discussion about mixins.
2012-12-15 22:44:47 +08:00
Florian Apolloner
a2f2a39956
Fixed #18856 -- Ensured that redirects can't be poisoned by malicious users.
2012-12-10 22:11:39 +01:00
Claude Paroz
c91667338a
Fixed #19357 -- Allow non-ASCII chars in filesystem paths
...
Thanks kujiu for the report and Aymeric Augustin for the review.
2012-12-08 11:13:52 +01:00
Ramiro Morales
b64d30405a
Fixed #18697 -- Made values accepted for two customizable admin templates consistent.
...
Thanks and at cloverfastfood dot com for the report.
2012-12-04 01:13:01 -03:00
Claude Paroz
a0cd6dd11e
Fixed #19349 -- Fixed re-rendering of ReadOnlyPasswordHashWidget
...
Thanks tim.bowden at mapforge.com.au for the report, Andreas Hug
for the patch and Anton Baklanov for the review.
2012-12-01 12:22:43 +01:00
Preston Holmes
84a5294788
Added missing custom user skip decorator
...
PermissionDeniedBackendTest references User model.
2012-11-30 22:54:42 -08:00
Claude Paroz
0eeae15056
Fixed #19354 -- Do not assume usermodel.pk == usermodel.id
...
Thanks markteisman at hotmail.com for the report.
2012-11-29 21:45:43 +01:00