innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
30,449 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

1110 Commits

Author SHA1 Message Date
Claude Paroz beb7ddbcee Updated translations from Transifex. 
Updated Bulgarian, Czech, German, Uzbek, and Vietnamese translations.

Forwardport of 7a1c6533eb from stable/4.0.x.
 2022-01-29 19:01:15 +01:00
Mariusz Felisiak 0a4a5e5bac
Refs #32681 -- Fixed VariableDoesNotExist when rendering some admin template. 
Regression in 84609b3205.

Follow up to 4e5bbb6ef2.

Thanks Sourav Kumar for the report.
 2022-01-13 10:10:48 +01:00
Florian Apolloner 968a3d01fa Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator. 
Thanks Chris Bailey for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
 2022-01-04 10:02:05 +01:00
Adam Johnson b0d16d0129 Changed signatures of setting_changed signal receivers. 2021-12-17 13:07:04 +01:00
Adam Johnson 41329b9852
Improved wording in password validators docs and docstrings. 2021-12-13 18:53:07 +01:00
Mariusz Felisiak 628b6a6869 Updated translations from Transifex. 
This also fixes related i18n tests.

Forwardport of 4c5215ab03 from stable/4.0.x

Co-authored-by: Claude Paroz <claude@2xlibre.net>
 2021-12-06 20:31:03 +01:00
Lie Ryan 05cde4764d Fixed #33269 -- Made AnonymousUser/PermissionsMixin.has_perms() raise ValueError on string or non-iterable perm_list. 2021-11-11 20:26:29 +01:00
Ade Lee d10c7bfe56 Fixed #28401 -- Allowed hashlib.md5() calls to work with FIPS kernels. 
md5 is not an approved algorithm in FIPS mode, and trying to instantiate
a hashlib.md5() will fail when the system is running in FIPS mode.

md5 is allowed when in a non-security context. There is a plan to add a
keyword parameter (usedforsecurity) to hashlib.md5() to annotate whether
or not the instance is being used in a security context.

In the case where it is not, the instantiation of md5 will be allowed.
See https://bugs.python.org/issue9216 for more details.

Some downstream python versions already support this parameter. To
support these versions, a new encapsulation of md5() has been added.
This encapsulation will pass through the usedforsecurity parameter in
the case where the parameter is supported, and strip it if it is not.

Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2021-10-12 08:58:27 +02:00
Christophe Henry b1b26b37af Fixed #33178 -- Made createsuperuser validate required fields passed in options in interactive mode. 2021-10-12 08:08:05 +02:00
Christophe Henry 4ff500f294 Refs #21755 -- Fixed createsuperuser crash for required foreign keys passed in options in interactive mode. 
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2021-10-12 06:59:46 +02:00
Mariusz Felisiak da266b3c5c
Refs #29628, Refs #33178 -- Made createsuperuser validate password against required fields passed in options. 2021-10-12 06:21:14 +02:00
Christophe Henry df2d2bc95c Fixed #33151 -- Fixed createsuperuser crash for many-to-many required fields in non-interactive mode. 2021-10-07 12:37:16 +02:00
Mariusz Felisiak 5bac1719a2
Refs #32355 -- Used @functools.lru_cache as a straight decorator. 2021-09-27 09:10:58 +02:00
Mariusz Felisiak 7d909b2282 Updated source translation catalogs. 
Forwardport of 5b8cc4ce26 from stable/4.0.x.
 2021-09-21 13:40:07 +02:00
Mariusz Felisiak 32b7ffc2bb Increased the default PBKDF2 iterations for Django 4.1. 2021-09-20 21:23:01 +02:00
Mateo Radman a7f27fca52 Refs #32508 -- Raised TypeError/ValueError instead of using "assert" in encode() methods of remaining password hashers. 2021-09-06 07:47:53 +02:00
Premkumar Chalmeti fffeb5df55
Removed redundant definition of UserModel in ModelBackend.with_perm(). 2021-08-09 10:36:55 +02:00
David Smith 1024b5e74a Fixed 32956 -- Lowercased spelling of "web" and "web framework" where appropriate. 2021-07-29 06:24:12 +02:00
ryowright 1783b3cb24 Fixed #32275 -- Added scrypt password hasher. 
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2021-07-22 12:40:33 +02:00
Mariusz Felisiak 83022d279c
Refs #32508 -- Raised TypeError/ValueError instead of using "assert" in encode() methods of some password hashers. 2021-07-22 09:42:07 +02:00
Mariusz Felisiak a56531ab1b
Fixed #32910 -- Unified different plural equations for the same language in contrib apps. 
Thanks Martin Svoboda for the report and initial patch.
 2021-07-15 20:42:17 +02:00
Claude Paroz 495083e3e1 Updated translations from Transifex. 
Forwardport of 04b744050f from stable/3.2.x.
 2021-06-28 07:08:39 +02:00
Mateo Radman 8a7ac78b70 Refs #32508 -- Raised ImproperlyConfigured/TypeError instead of using "assert" in various code. 2021-06-25 06:55:47 +02:00
abhiabhi94 22da686ca9 Refs #24121 -- Added __repr__() to PermWrapper. 2021-05-28 08:03:23 +02:00
David Sanders 2978c63a34 Fixed #32771 -- Used IS_POPUP_VAR constant instead of hard-coded value. 2021-05-20 07:04:26 +02:00
David Sanders 536c155e67 Fixed #32765 -- Removed "for" HTML attribute from ReadOnlyPasswordHashWidget. 
ReadOnlyPasswordHashWidget doesn't have any labelable elements.
 2021-05-19 20:34:57 +02:00
David Wobrock ee3b719a81 Refs #32675 -- Removed to_field from ForeignKeys in contrib apps' migrations. 
Refs #22889.
 2021-04-29 07:46:22 +02:00
François Freitag 6b0b3eafd6 Fixed #32664 -- Made PasswordResetTokenGenerator.secret validation lazy. 
Django apps initialization to run management command triggers the admin
autodiscovery. Importing django.contrib.auth.tokens creates an instance
of PasswordResetTokenGenerator which required a SECRET_KEY.

For several management commands, the token generator is unused. It
should only complain about a missing SECRET_KEY when it is used.
 2021-04-20 07:34:53 +02:00
Claude Paroz 90b95d2959 Updated translations from Transifex. 
Forwardport of 1ea5e98315 from stable/3.2.x.
 2021-04-06 06:19:31 +02:00
William Schwartz 9ee693bd6c Fixed #32316 -- Deferred accessing __file__. 
Deferred accessing the module-global variable __file__ because the
Python import API does not guarantee it always exists—in particular, it
does not exist in certain "frozen" environments. The following changes
advanced this goal.

Thanks to Carlton Gibson, Tom Forbes, Mariusz Felisiak, and Shreyas
Ravi for review and feedback.
 2021-04-01 14:33:30 +02:00
Hasan Ramezani a2d5ea626e Refs #32508 -- Raised ImproperlyConfigured instead of using "assert" in middlewares. 2021-03-11 08:34:28 +01:00
ThinkChaos b99d6c9cbc Fixed #28216 -- Added next_page/get_default_redirect_url() to LoginView. 2021-02-08 21:08:05 +01:00
Mariusz Felisiak a948d9df39 Increased the default PBKDF2 iterations for Django 4.0. 2021-01-14 17:50:04 +01:00
Mariusz Felisiak 0aa6a602b2 Refs #31842 -- Removed DEFAULT_HASHING_ALGORITHM transitional setting. 
Per deprecation timeline.
 2021-01-14 17:50:04 +01:00
Mariusz Felisiak 6b4941dd57 Refs #27468 -- Removed support for the pre-Django 3.1 user sessions. 
Per deprecation timeline.
 2021-01-14 17:50:04 +01:00
Mariusz Felisiak 66b4046d68 Refs #27468 -- Removed support for the pre-Django 3.1 password reset tokens. 
Per deprecation timeline.
 2021-01-14 17:50:04 +01:00
Jon Moroney 76ae6ccf85 Fixed #31358 -- Increased salt entropy of password hashers. 
Co-authored-by: Florian Apolloner <florian@apolloner.eu>
 2021-01-14 11:20:28 +01:00
Florian Apolloner 64cc9dcdad Refs #31358 -- Added constant for get_random_string()'s default alphabet. 2021-01-13 20:40:40 +01:00
Florian Apolloner c76d51b3ad Refs #31358 -- Fixed decoding salt in Argon2PasswordHasher. 
Argon2 encodes the salt as base64 for representation in the final hash
output. To be able to accurately return the used salt from decode(),
add padding, b64decode, and decode from latin1 (for the remote
possibility that someone supplied a custom hash consisting solely of
bytes -- this would require a manual construction of the hash though,
Django's interface does not allow for that).
 2020-12-28 11:02:08 +01:00
Florian Apolloner 1b7086b2ea Refs #31358 -- Simplified Argon2PasswordHasher.must_update() by using decode(). 2020-12-28 11:02:03 +01:00
Tom Forbes b5e12d490a Fixed #31007 -- Allowed specifying type of auto-created primary keys. 
This also changes the default type of auto-created primary keys
for new apps and projects to BigAutoField.
 2020-12-15 11:25:46 +01:00
Timo Ludwig d8dfff2ab0 Fixed #32235 -- Made ReadOnlyPasswordHashField disabled by default. 2020-12-03 09:32:08 +01:00
Martin Thoma 302caa40e4 Made small readability improvements. 2020-10-28 20:20:20 +01:00
Hasan Ramezani 4eb756793b
Refs #28215 -- Marked auth credentials as sensitive variables. 
Co-authored-by: Collin Anderson <collin@onetencommunications.com>
 2020-10-28 14:21:53 +01:00
Mariusz Felisiak 3418092238
Fixed #32130 -- Fixed pre-Django 3.1 password reset tokens validation. 
Thanks Gordon Wrigley for the report and implementation idea.

Regression in 226ebb1729.
 2020-10-22 13:21:14 +02:00
Jacob Walls 0362b0e986 Fixed #26615 -- Made password reset token invalidate when changing email. 
Co-Authored-By: Silas Barta <sbarta@gmail.com>
 2020-10-21 09:29:53 +02:00
Hannes Ljungberg f7963615eb Fixed #32121 -- Fixed detecting uniqueness of USERNAME_FIELD when using Meta.constraints. 
Co-authored-by: Simon Charette <charettes@users.noreply.github.com>
 2020-10-20 07:23:51 +02:00
Claude Paroz 5fcfe5361e Updated translations from Transifex. 
Forwardport of f7397bb7c8 from stable/3.1.x.
 2020-09-30 10:25:48 +02:00
Mariusz Felisiak e39e727ded
Fixed #31912 -- Removed strict=True in Path.resolve() in project template and CommonPasswordValidator. 
This caused permission errors when user didn't have permissions to
all intermediate directories in a Django installation path.

Thanks tytusd and leonyxz for reports.

Regression in edeec1247e and
26554cf5d1.
 2020-08-28 05:57:36 +02:00
Phil Gyford e02738bf55 Refs #31913 -- Corrected comment in PasswordResetTokenGenerator. 
Follow up to da4923ea87.
 2020-08-27 12:57:16 +02:00