innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
23,640 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

864 Commits

Author SHA1 Message Date
Jeremy Lainé c1aec0feda Fixed #25847 -- Made User.is_(anonymous|authenticated) properties. 2016-04-09 14:54:18 -04:00
Tim Graham df8d8d4292 Fixed E128 flake8 warnings in django/. 2016-04-08 09:51:06 -04:00
Simon Charette a872194802 Fixed #26470 -- Converted auth permission validation to system checks. 
Thanks Tim for the review.
 2016-04-06 22:40:43 -04:00
Alexander Gaevsky e0a3d93730 Fixed #25232 -- Made ModelBackend/RemoteUserBackend reject inactive users. 2016-03-23 09:01:48 -04:00
Tim Graham 1243fdf5cb Fixed #26395 -- Skipped the CryptPasswordHasher tests on platforms with a dummy crypt module. 2016-03-22 11:22:21 -04:00
Berker Peksag efa9539787 Fixed #26381 -- Made UserCreationForm reusable with custom user models that define USERNAME_FIELD. 2016-03-21 12:32:42 -04:00
Vincenzo Pandolfo d0fe6c9156 Fixed #26334 -- Removed whitespace stripping from contrib.auth password fields. 2016-03-14 20:20:24 -04:00
ieatkittens ab8af342b1 Fixed #26343 -- Sent user_login_failed signal if an auth backend raises PermissionDenied. 2016-03-12 16:44:39 -05:00
Bas Westerbaan b4250ea04a Fixed #26033 -- Added Argon2 password hasher. 2016-03-08 11:22:18 -05:00
Jon Dufresne 1845bc1d10 Refs #26315 -- Cleaned up argparse options in commands. 
* Removed type coercion. Options created by argparse are already coerced
  to the correct type.
* Removed fallback default values. Options created by argparse already
  have a default value.
* Used direct indexing. Options created by argparse are always set. This
  eliminates the need to use dict.get().
 2016-03-05 13:19:29 -05:00
Florian Apolloner 67b46ba701 Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login. 
This is a security fix.
 2016-03-01 11:25:28 -05:00
Olivier Le Thanh Duong 10781b4c6f Fixed #12233 -- Allowed redirecting authenticated users away from the login view. 
contrib.auth.views.login() has a new parameter `redirect_authenticated_user`
to automatically redirect authenticated users visiting the login page.

Thanks to dmathieu and Alex Buchanan for the original code and to Carl Meyer
for the help and review.
 2016-02-25 07:18:33 -05:00
Mounir Messelmeni 50931dfa53 Fixed #25304 -- Allowed management commands to check if migrations are applied. 2016-02-12 13:34:56 -05:00
Tim Graham 004ba0f99e Removed unneeded hint=None/obj=None in system check messages. 2016-02-12 13:01:25 -05:00
Tim Graham 926d41f0e7 Updated some comments for BCryptSHA256PasswordHasher. 2016-02-11 11:57:12 -05:00
Charlie Denton 46c13fef46 Fix typo in comment 2016-02-11 11:14:06 +00:00
Simon Charette 6eb3ce11e4 Fixed #26089 -- Removed custom user test models from public API. 
Thanks to Tim Graham for the review.
 2016-02-04 12:30:34 -05:00
Hugo Osvaldo Barrera dcee1dfc79 Fixed #12405 -- Added LOGOUT_REDIRECT_URL setting. 
After a user logs out via auth.views.logout(), they're redirected
to LOGOUT_REDIRECT_URL if no `next_page` argument is provided.
 2016-02-04 10:35:37 -05:00
Matt Robenolt 8048411c97 Fixed a typo in BCryptPasswordHasher docstring 
There is no BCryptSHA512PasswordHasher.
 2016-01-09 12:14:51 -05:00
Collin Anderson 780bddf75b Fixed #20846 -- Decreased User.username max_length to 150 characters. 2016-01-08 18:06:44 -05:00
Paulo Poiati b643386668 Fixed #24855 -- Allowed using contrib.auth.login() without credentials. 
Added an optional `backend` argument to login().
 2016-01-07 08:56:07 -05:00
Simon Charette a08fda2111 Fixed #25746 -- Isolated inlined test models registration. 
Thanks to Tim for the review.
 2016-01-06 20:00:07 -05:00
Tim Graham f0ad641628 Fixed #26016 -- Restored contrib.auth hashers compatibility with py-bcrypt. 
Reverted "Explicitly passed rounds as rounds to bcrypt.gensalt()"

This reverts commit 23529fb195.
 2016-01-02 06:54:13 -05:00
Marten Kenbeek 16411b8400 Fixed #26013 -- Moved django.core.urlresolvers to django.urls. 
Thanks to Tim Graham for the review.
 2015-12-31 14:21:29 -05:00
Claude Paroz f14ab700c3 Updated translations from Transifex 
Forward port of 59f3590ca7 from stable/1.9.x.
 2015-12-31 15:53:02 +01:00
Thomas Grainger d638cdc42a Fixed #25165 -- Removed inline JavaScript from the admin. 
This allows setting a Content-Security-Policy HTTP header
(refs #15727).

Special thanks to blighj, the original author of this patch.
 2015-12-05 15:51:57 -05:00
Josh Soref 93452a70e8 Fixed many spelling mistakes in code, comments, and docs. 2015-12-03 12:48:24 -05:00
Claude Paroz 273ce8aa6a Pulled contrib translations from Transifex 
Forward port of 6a4649c27e from stable/1.9.x
 2015-12-01 20:37:57 +01:00
Tim Graham 15ef1dd478 Fixed #20846 -- Increased User.username max_length to 254 characters. 
Thanks Collin Anderson and Nick Sandford for work on the patch.
 2015-10-29 08:58:49 -04:00
Tim Graham 5acf203db2 Fixed #25596 -- Fixed regression in password change view with custom user model. 
The reverse() added in 50aa1a790c
crashed on a custom user model.
 2015-10-27 08:18:22 -04:00
Claude Paroz 5171f56fae Pluralized translatable strings in password_validation.py 
Forward port of 86dc4889f from master.
 2015-10-10 15:17:21 +02:00
Claude Paroz f233aa3ff9 Updated translation catalogs 
Forward port of f717cb2ab4 from stable/1.9.x.
 2015-10-09 18:02:47 +02:00
Kaleb Elwert adcf823359 Fixed #25490 -- Made the logout() view send "no-cache" headers. 2015-10-02 12:29:54 -04:00
Antoine Catton 53ccffdb8c Refs #16860 -- Fixed password help text when there aren't any validators. 
This avoids creating an empty list which is invalid HTML 4.
 2015-09-28 15:30:16 -04:00
Tzu-ping Chung 7372cdebed Fixed #25457 -- Improved formatting of password validation errors in management command output. 2015-09-24 19:45:19 -04:00
Tim Graham 593c9eb660 Increased the default PBKDF2 iterations for the 1.10 release cycle. 2015-09-23 19:31:11 -04:00
Tim Graham 849037af36 Refs #23957 -- Required session verification per deprecation timeline. 2015-09-23 19:31:10 -04:00
Tim Graham f1761e3fef Refs #21648 -- Removed is_admin_site option from password_reset() view. 
Per deprecation timeline.
 2015-09-23 19:31:10 -04:00
sujayskumar d8d853378b Fixed #24944 -- Added extra_email_context parameter to password_reset() view. 2015-09-18 18:56:04 -04:00
Dražen Odobašić b1e33ceced Fixed #23395 -- Limited line lengths to 119 characters. 2015-09-12 11:40:50 -04:00
Raphael Michel 1bbca7961c Fixed #25350 -- Added alias --no-input for --noinput to management commands. 2015-09-08 08:41:03 -04:00
Maxime Lorant 5153a3bfdc Fixed #25331 -- Removed trailing blank lines in docstrings. 2015-08-31 17:37:21 -04:00
Y3K 235caabacc Fixed #25324 -- Registered ModelAdmin instances with @admin.register decorator 2015-08-31 15:41:09 +10:00
Alex Becker 53d28f8339 Fixed #25089 -- Added password validation to createsuperuser/changepassword. 2015-08-01 20:18:26 -04:00
Tim Graham 264eeaf14a Removed unnecessary if statement in createsuperuser command. 2015-08-01 20:00:05 -04:00
Flavio Curella c2e70f0265 Fixed #21127 -- Started deprecation toward requiring on_delete for ForeignKey/OneToOneField 2015-07-27 18:28:13 -04:00
Akis Kesoglou 29465d438e Fixed #25142 -- Added PermissionRequiredMixin.has_permission() to allow customization. 2015-07-27 10:23:56 -04:00
lukasz.wojcik 927b30a6ab Fixed #24126 -- Deprecated current_app parameter to auth views. 2015-07-21 08:26:41 -04:00
Wim Feijen c082363527 Reworded contrib.auth forms' password confirmation help_text. 
"As above" refers to a spatial orientation, which might
not be present, for example when the two password fields
are shown next to each other.
 2015-07-20 15:51:50 -04:00
Tim Graham 774c16d16e Fixed #25052; refs #16860 -- Added password validation to UserCreationForm. 2015-07-20 13:44:34 -04:00
Tim Graham f5e9d67907 Refs #16860 -- Moved password_changed() logic to AbstractBaseUser. 
Thanks Carl Meyer for review.
 2015-07-20 13:44:26 -04:00
Tim Graham e25ba6e8bb Refs #25073 -- Copied recently added verbose_names to migrations. 2015-07-17 14:07:18 -04:00
Curtis Maloney 23529fb195 Explicitly passed rounds as rounds to bcrypt.gensalt() 2015-07-13 12:35:24 -04:00
Szilveszter Farkas f576b23a65 Fixed #25073 -- Added verbose_name to contrib's model fields that were missing it. 2015-07-12 13:44:16 -04:00
Jan Pazdziora a570701e02 Fixed #25029 -- Added PersistentRemoteUserMiddleware for login-page-only external authentication. 2015-07-02 17:38:10 -04:00
Tim Graham 7da3923ba0 Sorted imports in __init__.py files. 2015-06-27 11:53:33 -04:00
Tim Graham aaacaeb096 Renamed RemovedInDjangoXYWarnings for new roadmap. 
Forwardport of ae1d663b79
from stable/1.8.x plus more.
 2015-06-24 16:08:20 -04:00
Francisco Albarran e75b614640 Fixed #25009 -- Allowed User.objects.create_user(...,is_staff=True) to work. 2015-06-22 11:34:26 -04:00
Markus Holtermann e5cb4e1411 Fixed #24914 -- Added authentication mixins for CBVs 
Added the mixins LoginRequiredMixin, PermissionRequiredMixin and
UserPassesTestMixin to contrib.auth as counterparts to the respective
view decorators.

The authentication mixins UserPassesTestMixin, LoginRequiredMixin and
PermissionRequiredMixin have been inspired by django-braces
<https://github.com/brack3t/django-braces/>

Thanks Raphael Michel for the initial patch, tests and docs on the PR
and Ana Balica, Kenneth Love, Marc Tamlyn, and Tim Graham for the
review.
 2015-06-17 23:19:10 +02:00
Tim Graham 09f2cdbe1a Refs #16860 -- Fixed a resource and deprecation warning in password validation. 2015-06-16 11:02:27 -04:00
elena 841a87785a Corrected to not erroneously mention email as being required. 
Email field isn't required.
 2015-06-15 14:58:48 +02:00
Tim Graham 55b3bd8468 Refs #16860 -- Minor edits and fixes to password validation. 2015-06-10 07:41:01 -04:00
Raphael Michel 39937de7e6 Fixed #24929 -- Allowed permission_required decorator to take any iterable 2015-06-08 13:44:39 -04:00
Erik Romijn 1daae25bdc Fixed #16860 -- Added password validation to django.contrib.auth. 2015-06-07 19:31:20 +02:00
Alasdair Nicol 1ea87c8c79 Fixed #24910 -- Added createsuperuser support for non-unique USERNAME_FIELDs 
Clarified docs to say that a non-unique USERNAME_FIELD is permissable
as long as the custom auth backend can support it.
 2015-06-06 09:33:02 -04:00
Tim Graham 8047e3666b Added contrib.auth migration for refs #13147. 2015-05-28 15:22:22 -04:00
Piotr Jakimiak 4157c502a5 Removed unnecessary arguments in .get method calls 2015-05-13 20:51:18 +02:00
Edvinas Jurevicius 72f6513eba Improved formatting of auth model fields. 2015-05-05 12:59:19 -04:00
Dan Watson fe914341c8 Fixed #24564 -- Moved AbstractBaseUser and BaseUserManager so they can be used without auth in INSTALLED_APPS 2015-05-05 12:03:48 -04:00
Luis Del Giudice db0a0c4b8a Fixed #24737 -- Removed unnecesary kwargs in UserManager._create_user() 2015-05-02 21:07:58 -04:00
Claude Paroz 6aed5cfc6f Updated translations from Transifex 
Updates for languages: Indonesian, Belarusian, Persian, and Dutch.
Forward port of cb370f8510 from stable/1.8.x
 2015-04-30 14:29:08 +02:00
Matt Robenolt 6387d9d41f Refactored PasswordResetTokenGenerator to be a bit more extensible. 2015-04-20 14:27:12 -04:00
Christopher Luc e37d52bd5e Fixed #22993 -- Deprecated skipIfCustomUser decorator 2015-04-07 09:45:32 -04:00
Claude Paroz 88dfe544f6 Fetched updated contrib translations from Transifex 
Forward port of 5483c66f85 from stable/1.8.x
 2015-04-01 19:51:50 +02:00
Tim Graham b86abbceb9 Fixed #24115 -- Allowed bcrypt hashers to upgrade passwords on rounds change. 
Thanks Florian Apolloner for the review.
 2015-03-30 18:52:59 -04:00
Claude Paroz c2bfd76ec3 Refs #15779 -- Fixed UserChangeForm regression introduced by 1791a7e75 
Thanks Tim Graham for reporting the regression.
 2015-03-28 09:24:01 +01:00
Anssi Kääriäinen 8f30556329 Renamed Field.rel attribute to remote_field 
Field.rel is now deprecated. Rel objects have now also remote_field
attribute. This means that self == self.remote_field.remote_field.

In addition, made the Rel objects a bit more like Field objects. Still,
marked ManyToManyFields as null=True.
 2015-03-25 08:16:12 -04:00
Claude Paroz 465edf2bb2 Updated translation catalogs 
Strings are frozen in anticipation of the Django 1.8 release.
Forward port of 1cd2584c98 from stable/1.8.x
 2015-03-18 09:31:00 +01:00
Joeri Bekker 0ed20d5cc4 Fixed #23926 -- Improved validation error for custom permissions that are too long. 2015-03-16 12:13:49 -04:00
Thomas Tanner 28986da4ca Fixed #5986 -- Added ability to customize order of Form fields 2015-03-16 09:12:57 -04:00
Simon Charette 19f7278c86 Removed reference to iteration count in the PBKDF2 hasher docstring. 2015-02-20 16:37:29 -05:00
Frank Wiles e43f99d1a9 Fixed PBKDF2PasswordHasher comments to reflect reality. 2015-02-20 16:00:51 -05:00
Loic Bistuer bed504d70b Fixed #24351, #24346 -- Changed the signature of allow_migrate(). 
The new signature enables better support for routing RunPython and
RunSQL operations, especially w.r.t. reusable and third-party apps.

This commit also takes advantage of the deprecation cycle for the old
signature to remove the backward incompatibility introduced in #22583;
RunPython and RunSQL won't call allow_migrate() when when the router
has the old signature.

Thanks Aymeric Augustin and Tim Graham for helping shape up the patch.

Refs 22583.
 2015-02-20 21:34:09 +07:00
Tim Graham 4538cbf17d Fixed #24299 -- Added an auth migration to ensure contenttypes is migrated. 
Without this migration, the auth signal handlers will fail if migrating
only auth.
 2015-02-16 14:52:30 -05:00
Tim Graham 002425fe39 Fixed #24315 -- Fixed auth.views.password_reset_confirm() with a UUID user. 2015-02-13 09:56:31 -05:00
Tim Graham fdf20093e0 Fixed #24334 -- Allowed admin password reset to work with non-digit custom user model primary key. 
Thanks Loic for help and Simon for review.
 2015-02-13 09:42:49 -05:00
Tim Graham 0f7f5bc9e7 Fixed #24161 -- Stored the user primary key as a serialized value in the session. 
This allows using a UUIDField primary key along with the JSON session
serializer.

Thanks to Trac alias jamesbeith for the report and Simon Charette
for the initial patch.
 2015-02-12 07:38:16 -05:00
Tim Graham 5ab327a389 Moved non-documented auth test models to the new test location. 2015-02-11 10:29:48 -05:00
Tim Graham 2d7aca3da0 Moved contrib.auth tests out of contrib. 2015-02-11 10:19:22 -05:00
Tim Graham 197dd4b8f1 Prevented some test commands from needlessly running system checks. 
This is a performance optimization and also fixes test errors with the
upcoming merge of contrib tests into tests/. The tests failed on MySQL
because the models with GeometryField were being checked but the
non-GIS MySQL backend didn't know how to handle them.
 2015-02-11 10:14:38 -05:00
Claude Paroz 50aa1a790c Replaced some more hardcoded admin URLs 2015-02-09 17:29:53 +01:00
Tim Graham 1256274750 Removed stray comment in auth.views. 2015-02-09 07:50:47 -05:00
Claude Paroz 32e6a7d3a5 Replaced hardcoded URLs in admin_* tests 
Refs #15779. This will allow easier admin URL changes, when needed.
Thanks Simon Charette for the review.
 2015-02-08 20:55:09 +01:00
Markus Holtermann 2832a9b028 Revert "Fixed #24075 -- Prevented running post_migrate signals when unapplying initial migrations of contenttypes and auth" 
This reverts commit 737d24923a.
 2015-02-07 20:14:49 +01:00
Markus Holtermann bd3d796ecd Revert "Refs #24075 -- Silenced needless call_command output while running tests" 
This reverts commit 51dc617b21.
 2015-02-07 19:22:31 +01:00
Tim Graham 0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00
Tim Graham 4444ff39a4 Removed direct manipulation of settings in auth tests; refs #21230. 2015-02-04 09:56:55 -05:00
darkryder 9ec8aa5e5d Fixed #24149 -- Normalized tuple settings to lists. 2015-02-03 14:59:45 -05:00
Tim Graham a53541852d Removed contrib.auth.forms.mask_password() 
This function is unused since dce820ff70
after being introduced in 718a5ba1a1
 2015-02-02 11:13:14 -05:00
Adam Taylor 039465a6a7 Fixed typos in code comments. 2015-01-20 12:18:03 -05:00