innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
13,950 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

459 Commits

Author SHA1 Message Date
Preston Holmes 9d2c0a0ae6 Removed superfluous cookie check from auth login. 
This is ensured through the CSRF protection of the view
 2013-02-23 15:28:49 -08:00
Horst Gutmann 2f4a4703e1 Fixed #19758 -- Avoided leaking email existence through the password reset form. 2013-02-23 14:31:21 +01:00
Carl Meyer d51fb74360 Added a new required ALLOWED_HOSTS setting for HTTP host header validation. 
This is a security fix; disclosure and advisory coming shortly.
 2013-02-19 11:23:29 -07:00
Claude Paroz 5ec0405a09 Fixed #19839 -- Isolated auth tests from customized TEMPLATE_LOADERS 
Thanks limscoder for the report.
 2013-02-18 09:22:25 +01:00
Claude Paroz a8d1421dd9 Avoided unneeded assertion on Python 3 
Fixes failure introduced in 02e5909f7a.
 2013-02-15 16:09:31 +01:00
Claude Paroz 02e5909f7a Fixed #19807 -- Sanitized getpass input in createsuperuser 
Python 2 getpass on Windows doesn't accept unicode, even when
containing only ascii chars.
Thanks Semmel for the report and tests.
 2013-02-15 15:44:27 +01:00
Russell Keith-Magee f5e4a699ca Fixed #19822 -- Added validation for uniqueness on USERNAME_FIELD on custom User models. 
Thanks to Claude Peroz for the draft patch.
 2013-02-15 09:00:55 +08:00
Claude Paroz f1029b308f Fixed a misnamed variable introduced in commit 142ec8b283 
Refs #8404.
 2013-02-14 08:33:10 +01:00
Claude Paroz 142ec8b283 Fixed #8404 -- Isolated auth password-related tests from custom templates 2013-02-13 23:11:49 +01:00
Hiroki Kiyohara e94f405d94 Fixed #18558 -- Added url property to HttpResponseRedirect* 
Thanks coolRR for the report.
 2013-02-13 10:29:32 +01:00
Preston Holmes 0e18fb04ba Made modwsgi groups_for_user consistent with check_password 
2b5f848207 based its changes on #19061
that made the is_active attribute mandatory for user models.
The try/except was not removed for the groups_for_user function.

refs #19780
 2013-02-09 09:31:04 -08:00
Preston Holmes c44d748272 Fixed #19662 -- alter auth modelbackend to accept custom username fields 
Thanks to Aymeric and Carl for the review.
 2013-02-07 16:07:56 -08:00
Florian Apolloner 2b916895a1 Updated createsuperuser to use unicode_literals. Refs #19757. 2013-02-07 14:33:36 +01:00
Claude Paroz 2390fe3f4f Fixed #19745 -- Forced resolution of verbose names in createsupersuser 
Thanks Baptiste Mispelon for the report and Preston Holmes for the review.
 2013-02-06 10:06:21 +01:00
Simon Charette ec469ade2b Fixed #19689 -- Renamed `Model._meta.module_name` to `model_name`. 2013-02-05 04:16:07 -05:00
Claude Paroz 7c5b244826 Fixed #17061 -- Factored out importing object from a dotted path 
Thanks Carl Meyer for the report.
 2013-02-04 16:38:25 +01:00
Claude Paroz 55c585f1c7 Fixed #19725 -- Made createsuperuser handle non-ascii prompts 
Thanks Michisu for the report.
 2013-02-04 10:09:10 +01:00
Claude Paroz 1f8e7bb075 Added missing parentheses in if clause 2013-02-02 12:13:47 +01:00
Claude Paroz 63d6a50dd8 Fixed #18144 -- Added backwards compatibility with old unsalted MD5 passwords 
Thanks apreobrazhensky at gmail.com for the report.
 2013-02-02 12:02:36 +01:00
Claude Paroz 1686e0d184 Fixed #18460 -- Fixed change detection of ReadOnlyPasswordHashField 
Thanks jose.sanchez et ezeep.com for the report and Vladimir Ulupov
for the initial patch.
 2013-01-25 21:27:49 +01:00
Florian Apolloner cc4de61a2b Fixed #19596 -- Use `_default_manager` instead of `objects` in the auth app. 
This is needed to support custom user models which don't define a manager
named `objects`.
 2013-01-22 12:47:34 +01:00
Nick Sandford cdad0b28d4 Fixed #19573 -- Allow override of username field label in AuthenticationForm 2013-01-10 09:06:04 +01:00
Claude Paroz 34ee7d9875 Updated deprecated test assertions 2013-01-08 19:08:15 +01:00
Anssi Kääriäinen a2396a4c8f Fixed #19173 -- Made EmptyQuerySet a marker class only 
The guarantee that no queries will be made when accessing results is
done by new EmptyWhere class which is used for query.where and having.

Thanks to Simon Charette for reviewing and valuable suggestions.
 2013-01-06 19:18:28 +02:00
Aymeric Augustin 4e5369a596 Silenced warnings in the tests of deprecated features. 2012-12-29 22:32:07 +01:00
Aymeric Augustin ef017a5f00 Advanced pending deprecation warnings. 
Also added stacklevel argument, fixed #18127.
 2012-12-29 21:59:07 +01:00
Julien Phalip 35d1cd0b28 Fixed #19505 -- A more flexible implementation for customizable admin redirect urls. 
Work by Julien Phalip.

Refs #8001, #18310, #19505. See also 0b908b92a2.
 2012-12-24 15:44:19 -03:00
Claude Paroz 0dc3fc954f Fixed #19509 -- Fixed crypt/bcrypt non-ascii password encoding 
Also systematically added non-ascii passwords in hashers test suite.
Thanks Vaal for the report.
 2012-12-22 16:04:10 +01:00
Russell Keith-Magee 9facca28b6 Corrected tests depending on the error message on the AuthenticationForm. 
Refs #19368, and the fix introduced in 27f8129d64.
 2012-12-16 07:18:45 +08:00
Russell Keith-Magee 27f8129d64 Fixed #19368 -- Ensured that login error messages adapt to changes in the User model. 
Thanks to un33k for the report.
 2012-12-15 22:44:47 +08:00
Russell Keith-Magee 47e1df896b Fixed #19412 -- Added PermissionsMixin to the auth.User heirarchy. 
This makes it easier to make a ModelBackend-compliant (with regards to
permissions) User model.

Thanks to cdestigter for the report about the relationship between
ModelBackend and permissions, and to the many users on django-dev that
contributed to the discussion about mixins.
 2012-12-15 22:44:47 +08:00
Florian Apolloner a2f2a39956 Fixed #18856 -- Ensured that redirects can't be poisoned by malicious users. 2012-12-10 22:11:39 +01:00
Claude Paroz c91667338a Fixed #19357 -- Allow non-ASCII chars in filesystem paths 
Thanks kujiu for the report and Aymeric Augustin for the review.
 2012-12-08 11:13:52 +01:00
Ramiro Morales b64d30405a Fixed #18697 -- Made values accepted for two customizable admin templates consistent. 
Thanks and at cloverfastfood dot com for the report.
 2012-12-04 01:13:01 -03:00
Claude Paroz a0cd6dd11e Fixed #19349 -- Fixed re-rendering of ReadOnlyPasswordHashWidget 
Thanks tim.bowden at mapforge.com.au for the report, Andreas Hug
for the patch and Anton Baklanov for the review.
 2012-12-01 12:22:43 +01:00
Preston Holmes 84a5294788 Added missing custom user skip decorator 
PermissionDeniedBackendTest references User model.
 2012-11-30 22:54:42 -08:00
Claude Paroz 0eeae15056 Fixed #19354 -- Do not assume usermodel.pk == usermodel.id 
Thanks markteisman at hotmail.com for the report.
 2012-11-29 21:45:43 +01:00
Claude Paroz a962bc7c45 Updated User manager when testing custom AUTH_USER_MODEL 
This is giving more real test conditions when AUTH_USER_MODEL is
set with override_settings.
 2012-11-24 16:00:00 +01:00
Aymeric Augustin a026e480da Fixed #16039 -- Made post_syncdb handlers multi-db aware. 
Also reverted 8fb7a90026. Refs #17055.
 2012-11-22 20:53:59 +01:00
Aymeric Augustin 9e11253497 Merge pull request #511 from ryankask/username-password-admin 
Allowed custom User models to use the UserAdmin's change password view.

Fix #19056 (again).
 2012-11-22 06:50:37 -08:00
Jannis Leidel 1520748dac Fixed #2550 -- Allow the auth backends to raise the PermissionDenied exception to completely stop the authentication chain. Many thanks to namn, danielr, Dan Julius, Łukasz Rekucki, Aashu Dwivedi and umbrae for working this over the years. 2012-11-17 20:24:54 +01:00
Ryan Kaskel bfdedb687a Allow custom User models to use the UserAdmin's change password view. 2012-11-10 15:48:46 +00:00
Aymeric Augustin fc10418fba Fixed #18963 -- Used a subclass-friendly pattern 
for Python 2 object model compatibility methods.
 2012-11-03 22:07:35 +01:00
Preston Holmes 9741912a9a Fixed #17869 - force logout when REMOTE_USER header disappears 
If the current sessions user was logged in via a remote user backend log out
the user if REMOTE_USER header not available - otherwise leave it to other auth
middleware to install the AnonymousUser.

Thanks to Sylvain Bouchard for the initial patch and ticket maintenance.
 2012-10-29 22:58:14 -07:00
Preston Holmes 2b5f848207 Fixed #19057 (again) -- added additional tests 2012-10-29 22:24:42 -07:00
Russell Keith-Magee 81f5d4a1a7 Added some test guards for some recently added auth tests. 
Refs #19061, #19057.
 2012-10-30 10:28:35 +08:00
Claude Paroz b774c5993c Fixed #19172 -- Isolated poisoned_http_host tests from 500 handlers 
Thanks bernardofontes for the report.
 2012-10-29 17:28:04 +01:00
Preston Holmes 4ea8105120 Fixed #19061 -- added is_active attribute to AbstractBaseUser 2012-10-28 23:04:03 -07:00
Russell Keith-Magee 04b53ebfb7 Fixed #19133 -- Corrected regression in form handling for user passwords. 
Thanks to pressureman for the report, and to Preston Holmes for the draft patch.
 2012-10-20 11:41:54 +08:00
Ramiro Morales 0b908b92a2 Fixed #8001 -- Made redirections after add/edit in admin customizable. 
Also fixes #18310.
 2012-10-18 20:58:52 -03:00