Tom
7afb476469
Fixed #28226 -- Replaced use of str.join() with concatenation.
2017-05-27 13:59:05 -04:00
jannh
c930c241f8
Fixed #28017 -- Allowed customizing PasswordResetTokenGenerator's secret.
2017-05-26 07:37:36 -04:00
Daniel Hahler
a3ba2662cd
Refs #28207 -- Fixed contrib.auth.authenticate() if 'backend' is in the credentials.
...
Regression in 3008f30f19
.
2017-05-22 12:24:38 -04:00
Jon Dufresne
f599747fc8
Fixed #28152 -- Made migrations serialize sets as set literals rather than set().
2017-05-18 09:33:40 -04:00
Tamas Szabo
3008f30f19
Fixed #28207 -- Fixed contrib.auth.authenticate() if multiple auth backends don't accept a request.
2017-05-15 07:48:15 -04:00
Josh Schneier
5df0ff4155
Fixed #28089 -- Removed requirement to implement get_short_name() and get_full_name() in AbstractBaseUser subclasses.
2017-05-06 17:05:42 -04:00
Claude Paroz
e7f75b0b14
Fixed #28085 -- Added missing plural forms in en translation catalogs
2017-05-05 21:25:37 +02:00
Claude Paroz
301de774c2
Refs #27795 -- Replaced many force_text() with str()
...
Thanks Tim Graham for the review.
2017-04-27 09:10:02 +02:00
Claude Paroz
c52ae33a0c
Fixed #28100 -- Removed link in UserChangeForm.password's translatable help_text
2017-04-22 15:39:15 +02:00
Tim Graham
dff559ff83
Fixed #28097 -- Fixed layout of ReadOnlyPasswordHashWidget.
2017-04-19 12:59:30 -04:00
Claude Paroz
2dba812d86
Updated contrib translations from Transifex
...
Forward port of 290b2849f7
from stable/1.11.x
2017-04-04 12:39:02 +02:00
Jon Dufresne
7bbb5161ea
Removed implicit default store_true/false argparse args.
...
argparse automatically sets the default value for store_true/false
arguments to its opposite.
2017-04-01 20:03:56 -04:00
Camilo Nova
5db465d5a6
Fixed #27891 -- Added PasswordResetConfirmView.post_reset_login_backend.
2017-03-07 19:52:26 -05:00
Claude Paroz
8346680e1c
Refs #27795 -- Removed unneeded force_text calls
...
Thanks Tim Graham for the review.
2017-03-04 18:18:21 +01:00
Tim Graham
c31e7ab5a4
Refs #25187 -- Fixed AuthBackend.authenticate() compatibility for signatures that accept a request kwarg.
2017-02-24 10:15:41 -05:00
Markus Holtermann
b9b35f9efa
Fixed #27840 -- Fixed KeyError in PasswordResetConfirmView.form_valid().
...
When a user is already logged in when submitting the password and
password confirmation to reset a password, a KeyError occurred while
removing the reset session token from the session.
Refs #17209
Thanks Quentin Marlats for the report and Florian Apolloner and Tim
Graham for the review.
2017-02-15 00:35:04 +01:00
Tim Graham
500532c95d
Refs #23919 -- Removed default 'utf-8' argument for str.encode()/decode().
2017-02-09 09:03:47 -05:00
Claude Paroz
3a148f958d
Refs #27795 -- Removed force_text from the template layer
...
Thanks Tim Graham for the review.
2017-02-07 17:14:02 +01:00
Tim Graham
854f695014
Refs #27815 -- Reordered LoginView.get_form_kwargs().
2017-02-07 10:15:43 -05:00
Zoltan Gyarmati
41ba27fefd
Fixed #27815 -- Made LoginView pass the request kwarg to AuthenticationForm.
2017-02-07 08:54:21 -05:00
Claude Paroz
c651331b34
Converted usage of ugettext* functions to their gettext* aliases
...
Thanks Tim Graham for the review.
2017-02-07 09:04:04 +01:00
Anton Samarchyan
5411821e3b
Refs #27656 -- Updated django.contrib docstring verb style according to PEP 257.
2017-02-04 16:39:28 -05:00
Tim Graham
29f607927f
Fixed spelling of "nonexistent".
2017-02-03 08:01:45 -05:00
Thom Wiggers
d5b573d872
Fixed #26993 -- Increased User.last_name max_length to 150 characters.
2017-01-28 09:29:00 -05:00
Vytis Banaitis
d1bab24e01
Refs #23919 , #27778 -- Removed obsolete mentions of unicode.
2017-01-26 08:19:27 -05:00
Tim Graham
1c466994d9
Refs #23919 -- Removed misc Python 2/3 references.
2017-01-25 13:59:25 -05:00
chillaranand
d6eaf7c018
Refs #23919 -- Replaced super(ClassName, self) with super().
2017-01-25 12:23:46 -05:00
Tim Graham
9e6e32bf5d
Refs #23919 -- Removed django.utils.decorators.available_attrs() usage.
...
It's only needed to workaround a bug on Python 2.
2017-01-21 13:20:17 -05:00
Tim Graham
4e729feaa6
Refs #23919 -- Removed django.utils._os.upath()/npath()/abspathu() usage.
...
These functions do nothing on Python 3.
2017-01-20 08:01:02 -05:00
Claude Paroz
dc8834cad4
Refs #23919 -- Removed unneeded force_str calls
2017-01-20 08:44:31 +01:00
Simon Charette
4c5ed3e683
Refs #23919 -- Removed __nonzero__() methods (for Python 2).
...
Thanks Tim for the review.
2017-01-19 11:26:26 -05:00
Simon Charette
cecc079168
Refs #23919 -- Stopped inheriting from object to define new style classes.
2017-01-19 08:39:46 +01:00
Aymeric Augustin
eb422e476f
Refs #23919 -- Removed obsolete __ne__() methods.
...
__ne__() defaults to the opposite of __eq__() on Python 3
when it doesn't return NotImplemented.
2017-01-18 21:44:00 -05:00
Aymeric Augustin
3cc5f01d9b
Refs #23919 -- Stopped using django.utils.lru_cache().
2017-01-18 21:42:40 -05:00
Claude Paroz
2b281cc35e
Refs #23919 -- Removed most of remaining six usage
...
Thanks Tim Graham for the review.
2017-01-18 21:33:28 +01:00
Claude Paroz
7b2f2e74ad
Refs #23919 -- Removed six.<various>_types usage
...
Thanks Tim Graham and Simon Charette for the reviews.
2017-01-18 20:18:46 +01:00
Claude Paroz
c716fe8782
Refs #23919 -- Removed six.PY2/PY3 usage
...
Thanks Tim Graham for the review.
2017-01-18 16:21:28 +01:00
Claude Paroz
f3c43ad1fd
Refs #23919 -- Removed python_2_unicode_compatible decorator usage
2017-01-18 13:44:34 +01:00
Claude Paroz
d7b9aaa366
Refs #23919 -- Removed encoding preambles and future imports
2017-01-18 09:55:19 +01:00
Tim Graham
0bf3228eec
Increased the default PBKDF2 iterations for the 1.11 release cycle.
2017-01-17 20:52:05 -05:00
Tim Graham
401c5b2e42
Refs #23957 -- Removed the useless SessionAuthenticationMiddleware.
2017-01-17 20:52:05 -05:00
Tim Graham
eba093e8b0
Refs #25847 -- Removed support for User.is_(anonymous|authenticated) as methods.
...
Per deprecation timeline.
2017-01-17 20:52:03 -05:00
Tim Graham
9f9a3d643e
Refs #24126 -- Removed auth views' current_app parameter per deprecation timeline.
2017-01-17 20:52:00 -05:00
Tim Graham
e90c745afd
Refs #22993 -- Removed skipIfCustomUser per deprecation timeline.
2017-01-17 14:09:29 -05:00
Romain Garrigues
ede59ef6f3
Fixed #27518 -- Prevented possibie password reset token leak via HTTP Referer header.
...
Thanks Florian Apolloner for contributing to this patch and
Collin Anderson, Markus Holtermann, and Tim Graham for review.
2017-01-13 09:17:54 -05:00
Preston Timmons
b52c73008a
Fixed #15667 -- Added template-based widget rendering.
...
Thanks Carl Meyer and Tim Graham for contributing to the patch.
2016-12-27 17:50:10 -05:00
Vinay Karanam
4a246a02bd
Refs #17235 -- Made MultiPartParser leave request.POST immutable.
2016-12-07 08:28:46 -05:00
Nik Nyby
9992decbf1
Quoted group name in django/contrib/auth/models.py docstring.
2016-11-28 16:41:37 -05:00
Aymeric Augustin
cb7bbf97a7
Fixed #25966 -- Made get_user_model() work at import time.
...
This makes it equivalent to: `from django.contrib.auth.models import User`.
Thanks Aymeric Augustin for the initial patch and Tim Graham for the
review.
2016-11-25 14:15:49 +01:00
Florian Apolloner
51eaff6d35
Refs #17209 -- Fixed token verification for PasswordResetConfirmView POST requests.
2016-11-21 13:42:25 -05:00
Tim Graham
0d9ff873d9
Fixed #27467 -- Made UserAttributeSimilarityValidator max_similarity=0/1 work as documented.
...
Thanks goblinJoel for the report and feedback.
2016-11-16 17:40:37 -05:00
Ramin Farajpour Cami
967be82443
Fixed E305 flake8 warnings.
2016-11-14 12:30:46 -05:00
Jon Dufresne
f3ea0c4bbd
Reverted "Fixed #26401 -- Added BaseAuthConfig to use auth without migrations."
...
This reverts commit 1ec1633cb2
as it
doesn't handle ContentType's auth.Permission dependency. Thus, it
doesn't allow auth without migrations.
2016-10-25 17:32:59 -07:00
Claude Paroz
63bf615d5e
Updated translations from Transifex
...
Forward port of bfc9c72725
from stable/1.10.x.
2016-09-30 22:12:41 +02:00
levental
617e36dc1e
Fixed #20705 -- Allowed using PasswordResetForm with user models with an email field not named 'email'.
2016-09-27 11:59:00 -04:00
Tim Graham
8119b679eb
Refs #27025 -- Fixed "invalid escape sequence" warnings in Python 3.6.
...
http://bugs.python.org/issue27364
2016-09-17 15:44:06 -04:00
Jibodeah
9459ec82aa
Fixed #26170 -- Made ModelAdmin views run transactions on the correct database.
...
Thanks juntatalor for the initial patch.
2016-09-14 16:06:39 -04:00
Gavin Wahl
f0f3de3c96
Fixed #23155 -- Added request argument to user_login_failed signal.
2016-09-12 20:30:34 -04:00
Aleksej Manaev
4b9330ccc0
Fixed #25187 -- Made request available in authentication backends.
2016-09-12 20:11:53 -04:00
Jon Dufresne
1ec1633cb2
Fixed #26401 -- Added BaseAuthConfig to use auth without migrations.
2016-09-10 16:38:05 -07:00
Alexander Gaevsky
536db42cf0
Fixed #26097 -- Added password_validators_help_text_html to UserCreationForm.
2016-09-10 18:23:18 -04:00
Jon Dufresne
66e1ebbffc
Fixed #26956 -- Added success_url_allowed_hosts to LoginView and LogoutView.
...
Allows specifying additional hosts to redirect after login and log out.
2016-09-07 19:56:25 -07:00
Jon Dufresne
f227b8d15d
Refs #26956 -- Allowed is_safe_url() to validate against multiple hosts
2016-09-07 19:56:25 -07:00
Curtis Maloney
4c94336510
Removed transitive import of types.MethodType from six.
2016-09-06 07:19:27 -04:00
Jon Dufresne
ae98d40c35
Fixed #27136 -- Changed auth forms' autofocus attribute to HTML5 boolean syntax.
2016-08-28 17:19:50 -07:00
Berker Peksag
a02b5848ae
Replaced property() usage with decorator in several places.
2016-08-25 20:06:22 -04:00
Berker Peksag
3c18f8a3d2
Fixed #27111 -- Fixed KeyError if USERNAME_FIELD isn't in UserCreationForm.fields.
2016-08-24 13:20:12 -04:00
Przemysław Suliga
549b90fab3
Refs #26902 -- Protected against insecure redirects in Login/LogoutView.
2016-08-19 19:01:01 -04:00
Tim Graham
7549eb0004
Fixed #27009 -- Made update_session_auth_hash() rotate the session key.
2016-08-15 19:29:12 -04:00
Curtis Maloney
d7e0cf04b7
Used all() and a generator for PermissionsMixin.has_perms().
2016-08-13 08:46:51 -04:00
Andrew Nester
4591cf3fd8
Fixed #26909 -- Allowed UserAttributeSimilarityValidator to validate against model properties.
2016-08-10 15:08:06 -04:00
jordij
0814566bf1
Fixed #26960 -- Added PasswordResetConfirmView option to automatically log in after a reset.
2016-08-10 10:23:16 -04:00
Olexander Yermakov
975a76a964
Fixed #26951 -- Allowed AuthenticationForm to work with a username of 0.
2016-08-10 09:44:48 -04:00
Ville Skyttä
a2fb2b3a1f
Fixed #27020 -- Used a context manager to close files.
2016-08-04 19:45:14 -04:00
Tim Graham
967aa7f6cc
Fixed #27010 -- Made Argon2PasswordHasher decode with ASCII.
...
The underlying hasher only generates strings containing ASCII
characters so this is merely a cosmetic change.
2016-08-04 10:57:37 -04:00
Sergey Yurchenko
4e64e3bb6e
Fixed #26997 -- Fixed checks crash with empty Meta.default_permissions.
2016-08-03 09:14:01 -04:00
Claude Paroz
374b6091ac
Pulled contrib translations from Transifex
...
Forward port f19cadd391
from stable/1.10.x
2016-08-01 19:47:19 +02:00
Andrew Nester
0ba179194b
Fixed #26929 -- Deprecated extra_context parameter of contrib.auth.views.logout_then_login().
2016-07-28 11:57:02 -04:00
Andrew Nester
dde6288fbe
Fixed #26882 -- Added tests for auth.views.logout_then_login().
2016-07-22 15:04:13 -04:00
Claude Paroz
255fb99284
Fixed #17209 -- Added password reset/change class-based views
...
Thanks Tim Graham for the review.
2016-07-16 10:36:12 +02:00
Claude Paroz
490107f14d
Added Upper/Lower Sorbian translations
2016-06-29 21:11:30 +02:00
Bang Dao + Tam Huynh
09119dff14
Fixed #26719 -- Normalized email in AbstractUser.clean().
2016-06-24 10:37:38 -04:00
Claude Paroz
78963495d0
Refs #17209 -- Added LoginView and LogoutView class-based views
...
Thanks Tim Graham for the review.
2016-06-24 10:45:13 +02:00
Tim Graham
39805686b3
Refs #21379 , #26719 -- Moved username normalization to AbstractBaseUser.
...
Thanks Huynh Thanh Tam for the initial patch and Claude Paroz for review.
2016-06-21 16:19:37 -04:00
Tim Graham
1915a7e5c5
Increased the default PBKDF2 iterations.
2016-05-20 09:19:19 -04:00
Claude Paroz
5ccee815ff
Updated translation catalogs
2016-05-17 23:21:35 +02:00
Florian Apolloner
9baf692a58
Fixed #26601 -- Improved middleware per DEP 0005.
...
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-05-17 07:22:22 -04:00
Claude Paroz
9935f97cd2
Refs #21379 -- Normalized unicode username inputs
2016-05-16 19:38:02 +02:00
Claude Paroz
526575c641
Fixed #21379 -- Created auth-specific username validators
...
Thanks Tim Graham for the review.
2016-05-16 19:37:57 +02:00
Simon Charette
61a16e0270
Fixed #24075 -- Used post-migration models in contrib apps receivers.
...
Thanks Markus and Tim for the review.
2016-05-15 19:51:16 -04:00
Tim Graham
094ea69e07
Fixed #26614 -- Used constant_time_compare() in checking session auth hash in login().
2016-05-13 18:26:10 -04:00
Claude Paroz
b26fedacef
Fixed #26544 -- Delayed translations of SetPasswordForm help_texts
...
Thanks Michael Bitzi for the reporti and Tim Graham for the review.
2016-05-07 10:17:49 +02:00
Tim Graham
03efa304bc
Refs #25847 -- Added system check for UserModel.is_anonymous/is_authenticated methods.
2016-05-06 08:56:06 -04:00
Claude Paroz
8dcf352c03
Pulled translations from Transifex
2016-04-30 14:27:07 +02:00
Claude Paroz
d9a00ad16b
Removed deprecated Chinese language codes for contrib apps
...
Refs #18149 .
2016-04-30 14:26:47 +02:00
Bas Westerbaan
a5033dbc58
Refs #26033 -- Added password hasher support for Argon2 v1.3.
...
The previous version of Argon2 uses encoded hashes of the form:
$argon2d$m=8,t=1,p=1$<salt>$<data>
The new version of Argon2 adds its version into the hash:
$argon2d$v=19$m=8,t=1,p=1$<salt>$<data>
This lets Django handle both version properly.
2016-04-25 21:17:53 -04:00
Jeremy Lainé
c1aec0feda
Fixed #25847 -- Made User.is_(anonymous|authenticated) properties.
2016-04-09 14:54:18 -04:00
Tim Graham
df8d8d4292
Fixed E128 flake8 warnings in django/.
2016-04-08 09:51:06 -04:00
Simon Charette
a872194802
Fixed #26470 -- Converted auth permission validation to system checks.
...
Thanks Tim for the review.
2016-04-06 22:40:43 -04:00
Alexander Gaevsky
e0a3d93730
Fixed #25232 -- Made ModelBackend/RemoteUserBackend reject inactive users.
2016-03-23 09:01:48 -04:00
Tim Graham
1243fdf5cb
Fixed #26395 -- Skipped the CryptPasswordHasher tests on platforms with a dummy crypt module.
2016-03-22 11:22:21 -04:00
Berker Peksag
efa9539787
Fixed #26381 -- Made UserCreationForm reusable with custom user models that define USERNAME_FIELD.
2016-03-21 12:32:42 -04:00
Vincenzo Pandolfo
d0fe6c9156
Fixed #26334 -- Removed whitespace stripping from contrib.auth password fields.
2016-03-14 20:20:24 -04:00
ieatkittens
ab8af342b1
Fixed #26343 -- Sent user_login_failed signal if an auth backend raises PermissionDenied.
2016-03-12 16:44:39 -05:00
Bas Westerbaan
b4250ea04a
Fixed #26033 -- Added Argon2 password hasher.
2016-03-08 11:22:18 -05:00
Jon Dufresne
1845bc1d10
Refs #26315 -- Cleaned up argparse options in commands.
...
* Removed type coercion. Options created by argparse are already coerced
to the correct type.
* Removed fallback default values. Options created by argparse already
have a default value.
* Used direct indexing. Options created by argparse are always set. This
eliminates the need to use dict.get().
2016-03-05 13:19:29 -05:00
Florian Apolloner
67b46ba701
Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login.
...
This is a security fix.
2016-03-01 11:25:28 -05:00
Olivier Le Thanh Duong
10781b4c6f
Fixed #12233 -- Allowed redirecting authenticated users away from the login view.
...
contrib.auth.views.login() has a new parameter `redirect_authenticated_user`
to automatically redirect authenticated users visiting the login page.
Thanks to dmathieu and Alex Buchanan for the original code and to Carl Meyer
for the help and review.
2016-02-25 07:18:33 -05:00
Mounir Messelmeni
50931dfa53
Fixed #25304 -- Allowed management commands to check if migrations are applied.
2016-02-12 13:34:56 -05:00
Tim Graham
004ba0f99e
Removed unneeded hint=None/obj=None in system check messages.
2016-02-12 13:01:25 -05:00
Tim Graham
926d41f0e7
Updated some comments for BCryptSHA256PasswordHasher.
2016-02-11 11:57:12 -05:00
Charlie Denton
46c13fef46
Fix typo in comment
2016-02-11 11:14:06 +00:00
Simon Charette
6eb3ce11e4
Fixed #26089 -- Removed custom user test models from public API.
...
Thanks to Tim Graham for the review.
2016-02-04 12:30:34 -05:00
Hugo Osvaldo Barrera
dcee1dfc79
Fixed #12405 -- Added LOGOUT_REDIRECT_URL setting.
...
After a user logs out via auth.views.logout(), they're redirected
to LOGOUT_REDIRECT_URL if no `next_page` argument is provided.
2016-02-04 10:35:37 -05:00
Matt Robenolt
8048411c97
Fixed a typo in BCryptPasswordHasher docstring
...
There is no BCryptSHA512PasswordHasher.
2016-01-09 12:14:51 -05:00
Collin Anderson
780bddf75b
Fixed #20846 -- Decreased User.username max_length to 150 characters.
2016-01-08 18:06:44 -05:00
Paulo Poiati
b643386668
Fixed #24855 -- Allowed using contrib.auth.login() without credentials.
...
Added an optional `backend` argument to login().
2016-01-07 08:56:07 -05:00
Simon Charette
a08fda2111
Fixed #25746 -- Isolated inlined test models registration.
...
Thanks to Tim for the review.
2016-01-06 20:00:07 -05:00
Tim Graham
f0ad641628
Fixed #26016 -- Restored contrib.auth hashers compatibility with py-bcrypt.
...
Reverted "Explicitly passed rounds as rounds to bcrypt.gensalt()"
This reverts commit 23529fb195
.
2016-01-02 06:54:13 -05:00
Marten Kenbeek
16411b8400
Fixed #26013 -- Moved django.core.urlresolvers to django.urls.
...
Thanks to Tim Graham for the review.
2015-12-31 14:21:29 -05:00
Claude Paroz
f14ab700c3
Updated translations from Transifex
...
Forward port of 59f3590ca7
from stable/1.9.x.
2015-12-31 15:53:02 +01:00
Thomas Grainger
d638cdc42a
Fixed #25165 -- Removed inline JavaScript from the admin.
...
This allows setting a Content-Security-Policy HTTP header
(refs #15727 ).
Special thanks to blighj, the original author of this patch.
2015-12-05 15:51:57 -05:00
Josh Soref
93452a70e8
Fixed many spelling mistakes in code, comments, and docs.
2015-12-03 12:48:24 -05:00
Claude Paroz
273ce8aa6a
Pulled contrib translations from Transifex
...
Forward port of 6a4649c27e
from stable/1.9.x
2015-12-01 20:37:57 +01:00
Tim Graham
15ef1dd478
Fixed #20846 -- Increased User.username max_length to 254 characters.
...
Thanks Collin Anderson and Nick Sandford for work on the patch.
2015-10-29 08:58:49 -04:00
Tim Graham
5acf203db2
Fixed #25596 -- Fixed regression in password change view with custom user model.
...
The reverse() added in 50aa1a790c
crashed on a custom user model.
2015-10-27 08:18:22 -04:00
Claude Paroz
5171f56fae
Pluralized translatable strings in password_validation.py
...
Forward port of 86dc4889f
from master.
2015-10-10 15:17:21 +02:00
Claude Paroz
f233aa3ff9
Updated translation catalogs
...
Forward port of f717cb2ab4
from stable/1.9.x.
2015-10-09 18:02:47 +02:00
Kaleb Elwert
adcf823359
Fixed #25490 -- Made the logout() view send "no-cache" headers.
2015-10-02 12:29:54 -04:00
Antoine Catton
53ccffdb8c
Refs #16860 -- Fixed password help text when there aren't any validators.
...
This avoids creating an empty list which is invalid HTML 4.
2015-09-28 15:30:16 -04:00
Tzu-ping Chung
7372cdebed
Fixed #25457 -- Improved formatting of password validation errors in management command output.
2015-09-24 19:45:19 -04:00
Tim Graham
593c9eb660
Increased the default PBKDF2 iterations for the 1.10 release cycle.
2015-09-23 19:31:11 -04:00
Tim Graham
849037af36
Refs #23957 -- Required session verification per deprecation timeline.
2015-09-23 19:31:10 -04:00
Tim Graham
f1761e3fef
Refs #21648 -- Removed is_admin_site option from password_reset() view.
...
Per deprecation timeline.
2015-09-23 19:31:10 -04:00
sujayskumar
d8d853378b
Fixed #24944 -- Added extra_email_context parameter to password_reset() view.
2015-09-18 18:56:04 -04:00
Dražen Odobašić
b1e33ceced
Fixed #23395 -- Limited line lengths to 119 characters.
2015-09-12 11:40:50 -04:00
Raphael Michel
1bbca7961c
Fixed #25350 -- Added alias --no-input for --noinput to management commands.
2015-09-08 08:41:03 -04:00
Maxime Lorant
5153a3bfdc
Fixed #25331 -- Removed trailing blank lines in docstrings.
2015-08-31 17:37:21 -04:00
Y3K
235caabacc
Fixed #25324 -- Registered ModelAdmin instances with @admin.register decorator
2015-08-31 15:41:09 +10:00
Alex Becker
53d28f8339
Fixed #25089 -- Added password validation to createsuperuser/changepassword.
2015-08-01 20:18:26 -04:00
Tim Graham
264eeaf14a
Removed unnecessary if statement in createsuperuser command.
2015-08-01 20:00:05 -04:00
Flavio Curella
c2e70f0265
Fixed #21127 -- Started deprecation toward requiring on_delete for ForeignKey/OneToOneField
2015-07-27 18:28:13 -04:00
Akis Kesoglou
29465d438e
Fixed #25142 -- Added PermissionRequiredMixin.has_permission() to allow customization.
2015-07-27 10:23:56 -04:00
lukasz.wojcik
927b30a6ab
Fixed #24126 -- Deprecated current_app parameter to auth views.
2015-07-21 08:26:41 -04:00
Wim Feijen
c082363527
Reworded contrib.auth forms' password confirmation help_text.
...
"As above" refers to a spatial orientation, which might
not be present, for example when the two password fields
are shown next to each other.
2015-07-20 15:51:50 -04:00
Tim Graham
774c16d16e
Fixed #25052 ; refs #16860 -- Added password validation to UserCreationForm.
2015-07-20 13:44:34 -04:00
Tim Graham
f5e9d67907
Refs #16860 -- Moved password_changed() logic to AbstractBaseUser.
...
Thanks Carl Meyer for review.
2015-07-20 13:44:26 -04:00
Tim Graham
e25ba6e8bb
Refs #25073 -- Copied recently added verbose_names to migrations.
2015-07-17 14:07:18 -04:00
Curtis Maloney
23529fb195
Explicitly passed rounds as rounds to bcrypt.gensalt()
2015-07-13 12:35:24 -04:00
Szilveszter Farkas
f576b23a65
Fixed #25073 -- Added verbose_name to contrib's model fields that were missing it.
2015-07-12 13:44:16 -04:00
Jan Pazdziora
a570701e02
Fixed #25029 -- Added PersistentRemoteUserMiddleware for login-page-only external authentication.
2015-07-02 17:38:10 -04:00
Tim Graham
7da3923ba0
Sorted imports in __init__.py files.
2015-06-27 11:53:33 -04:00
Tim Graham
aaacaeb096
Renamed RemovedInDjangoXYWarnings for new roadmap.
...
Forwardport of ae1d663b79
from stable/1.8.x plus more.
2015-06-24 16:08:20 -04:00
Francisco Albarran
e75b614640
Fixed #25009 -- Allowed User.objects.create_user(...,is_staff=True) to work.
2015-06-22 11:34:26 -04:00
Markus Holtermann
e5cb4e1411
Fixed #24914 -- Added authentication mixins for CBVs
...
Added the mixins LoginRequiredMixin, PermissionRequiredMixin and
UserPassesTestMixin to contrib.auth as counterparts to the respective
view decorators.
The authentication mixins UserPassesTestMixin, LoginRequiredMixin and
PermissionRequiredMixin have been inspired by django-braces
<https://github.com/brack3t/django-braces/ >
Thanks Raphael Michel for the initial patch, tests and docs on the PR
and Ana Balica, Kenneth Love, Marc Tamlyn, and Tim Graham for the
review.
2015-06-17 23:19:10 +02:00
Tim Graham
09f2cdbe1a
Refs #16860 -- Fixed a resource and deprecation warning in password validation.
2015-06-16 11:02:27 -04:00
elena
841a87785a
Corrected to not erroneously mention email as being required.
...
Email field isn't required.
2015-06-15 14:58:48 +02:00
Tim Graham
55b3bd8468
Refs #16860 -- Minor edits and fixes to password validation.
2015-06-10 07:41:01 -04:00
Raphael Michel
39937de7e6
Fixed #24929 -- Allowed permission_required decorator to take any iterable
2015-06-08 13:44:39 -04:00
Erik Romijn
1daae25bdc
Fixed #16860 -- Added password validation to django.contrib.auth.
2015-06-07 19:31:20 +02:00
Alasdair Nicol
1ea87c8c79
Fixed #24910 -- Added createsuperuser support for non-unique USERNAME_FIELDs
...
Clarified docs to say that a non-unique USERNAME_FIELD is permissable
as long as the custom auth backend can support it.
2015-06-06 09:33:02 -04:00
Tim Graham
8047e3666b
Added contrib.auth migration for refs #13147 .
2015-05-28 15:22:22 -04:00
Piotr Jakimiak
4157c502a5
Removed unnecessary arguments in .get method calls
2015-05-13 20:51:18 +02:00
Edvinas Jurevicius
72f6513eba
Improved formatting of auth model fields.
2015-05-05 12:59:19 -04:00
Dan Watson
fe914341c8
Fixed #24564 -- Moved AbstractBaseUser and BaseUserManager so they can be used without auth in INSTALLED_APPS
2015-05-05 12:03:48 -04:00
Luis Del Giudice
db0a0c4b8a
Fixed #24737 -- Removed unnecesary kwargs in UserManager._create_user()
2015-05-02 21:07:58 -04:00
Claude Paroz
6aed5cfc6f
Updated translations from Transifex
...
Updates for languages: Indonesian, Belarusian, Persian, and Dutch.
Forward port of cb370f8510
from stable/1.8.x
2015-04-30 14:29:08 +02:00
Matt Robenolt
6387d9d41f
Refactored PasswordResetTokenGenerator to be a bit more extensible.
2015-04-20 14:27:12 -04:00
Christopher Luc
e37d52bd5e
Fixed #22993 -- Deprecated skipIfCustomUser decorator
2015-04-07 09:45:32 -04:00
Claude Paroz
88dfe544f6
Fetched updated contrib translations from Transifex
...
Forward port of 5483c66f85
from stable/1.8.x
2015-04-01 19:51:50 +02:00
Tim Graham
b86abbceb9
Fixed #24115 -- Allowed bcrypt hashers to upgrade passwords on rounds change.
...
Thanks Florian Apolloner for the review.
2015-03-30 18:52:59 -04:00
Claude Paroz
c2bfd76ec3
Refs #15779 -- Fixed UserChangeForm regression introduced by 1791a7e75
...
Thanks Tim Graham for reporting the regression.
2015-03-28 09:24:01 +01:00
Anssi Kääriäinen
8f30556329
Renamed Field.rel attribute to remote_field
...
Field.rel is now deprecated. Rel objects have now also remote_field
attribute. This means that self == self.remote_field.remote_field.
In addition, made the Rel objects a bit more like Field objects. Still,
marked ManyToManyFields as null=True.
2015-03-25 08:16:12 -04:00
Claude Paroz
465edf2bb2
Updated translation catalogs
...
Strings are frozen in anticipation of the Django 1.8 release.
Forward port of 1cd2584c98
from stable/1.8.x
2015-03-18 09:31:00 +01:00
Joeri Bekker
0ed20d5cc4
Fixed #23926 -- Improved validation error for custom permissions that are too long.
2015-03-16 12:13:49 -04:00
Thomas Tanner
28986da4ca
Fixed #5986 -- Added ability to customize order of Form fields
2015-03-16 09:12:57 -04:00
Simon Charette
19f7278c86
Removed reference to iteration count in the PBKDF2 hasher docstring.
2015-02-20 16:37:29 -05:00
Frank Wiles
e43f99d1a9
Fixed PBKDF2PasswordHasher comments to reflect reality.
2015-02-20 16:00:51 -05:00
Loic Bistuer
bed504d70b
Fixed #24351 , #24346 -- Changed the signature of allow_migrate().
...
The new signature enables better support for routing RunPython and
RunSQL operations, especially w.r.t. reusable and third-party apps.
This commit also takes advantage of the deprecation cycle for the old
signature to remove the backward incompatibility introduced in #22583 ;
RunPython and RunSQL won't call allow_migrate() when when the router
has the old signature.
Thanks Aymeric Augustin and Tim Graham for helping shape up the patch.
Refs 22583.
2015-02-20 21:34:09 +07:00
Tim Graham
4538cbf17d
Fixed #24299 -- Added an auth migration to ensure contenttypes is migrated.
...
Without this migration, the auth signal handlers will fail if migrating
only auth.
2015-02-16 14:52:30 -05:00
Tim Graham
002425fe39
Fixed #24315 -- Fixed auth.views.password_reset_confirm() with a UUID user.
2015-02-13 09:56:31 -05:00
Tim Graham
fdf20093e0
Fixed #24334 -- Allowed admin password reset to work with non-digit custom user model primary key.
...
Thanks Loic for help and Simon for review.
2015-02-13 09:42:49 -05:00
Tim Graham
0f7f5bc9e7
Fixed #24161 -- Stored the user primary key as a serialized value in the session.
...
This allows using a UUIDField primary key along with the JSON session
serializer.
Thanks to Trac alias jamesbeith for the report and Simon Charette
for the initial patch.
2015-02-12 07:38:16 -05:00
Tim Graham
5ab327a389
Moved non-documented auth test models to the new test location.
2015-02-11 10:29:48 -05:00
Tim Graham
2d7aca3da0
Moved contrib.auth tests out of contrib.
2015-02-11 10:19:22 -05:00
Tim Graham
197dd4b8f1
Prevented some test commands from needlessly running system checks.
...
This is a performance optimization and also fixes test errors with the
upcoming merge of contrib tests into tests/. The tests failed on MySQL
because the models with GeometryField were being checked but the
non-GIS MySQL backend didn't know how to handle them.
2015-02-11 10:14:38 -05:00
Claude Paroz
50aa1a790c
Replaced some more hardcoded admin URLs
2015-02-09 17:29:53 +01:00
Tim Graham
1256274750
Removed stray comment in auth.views.
2015-02-09 07:50:47 -05:00
Claude Paroz
32e6a7d3a5
Replaced hardcoded URLs in admin_* tests
...
Refs #15779 . This will allow easier admin URL changes, when needed.
Thanks Simon Charette for the review.
2015-02-08 20:55:09 +01:00
Markus Holtermann
2832a9b028
Revert "Fixed #24075 -- Prevented running post_migrate signals when unapplying initial migrations of contenttypes and auth"
...
This reverts commit 737d24923a
.
2015-02-07 20:14:49 +01:00
Markus Holtermann
bd3d796ecd
Revert "Refs #24075 -- Silenced needless call_command output while running tests"
...
This reverts commit 51dc617b21
.
2015-02-07 19:22:31 +01:00
Tim Graham
0ed7d15563
Sorted imports with isort; refs #23860 .
2015-02-06 08:16:28 -05:00
Tim Graham
4444ff39a4
Removed direct manipulation of settings in auth tests; refs #21230 .
2015-02-04 09:56:55 -05:00
darkryder
9ec8aa5e5d
Fixed #24149 -- Normalized tuple settings to lists.
2015-02-03 14:59:45 -05:00
Tim Graham
a53541852d
Removed contrib.auth.forms.mask_password()
...
This function is unused since dce820ff70
after being introduced in 718a5ba1a1
2015-02-02 11:13:14 -05:00
Adam Taylor
039465a6a7
Fixed typos in code comments.
2015-01-20 12:18:03 -05:00
Claude Paroz
53e1423eda
Updated en translation catalogs
...
Forward port of 666c12e52
from stable/1.8.x
2015-01-17 11:19:37 +01:00
Tim Graham
c51258882b
Increased the default PBKDF2 iterations.
2015-01-16 19:27:10 -05:00
Claude Paroz
b4ac232907
Fixed #24099 -- Removed contenttype.name deprecated field
...
This finsishes the work started on #16803 .
Thanks Simon Charette, Tim Graham and Collin Anderson for the
reviews.
2015-01-16 20:21:34 +01:00
Markus Holtermann
51dc617b21
Refs #24075 -- Silenced needless call_command output while running tests
...
Thanks Tim Graham for the report
2015-01-15 21:07:39 +01:00
Markus Holtermann
737d24923a
Fixed #24075 -- Prevented running post_migrate signals when unapplying initial migrations of contenttypes and auth
...
Thanks Florian Apolloner for the report and Claude Paroz and Tim Graham for the review and help on the patch.
2015-01-14 19:59:39 +01:00
Aymeric Augustin
5f7230e12f
Fixed #24124 (again) -- Updated tests with new default context_processors.
...
Thanks Collin for the review.
2015-01-12 22:31:44 +01:00
Claude Paroz
d7bc37d611
Fixed #24097 -- Prevented AttributeError in redirect_to_login
...
Thanks Peter Schmidt for the report and the initial patch.
Thanks to Oktay Sancak for writing the original failing test and
Alvin Savoy for supporting contributing back to the community.
2015-01-10 10:05:02 +01:00
Tim Graham
4986653d9d
Fixed a typo in contrib/auth/tests/custom_user.py docstring.
2015-01-09 14:33:04 -05:00
Tim Graham
40a8504357
Fixed #23891 -- Moved deprecation of IPAddressField to system check framework.
...
Thanks Markus Holtermann for review.
2015-01-01 13:30:52 -05:00
Thomas Tanner
46068d850d
Fixed #22295 -- Replaced permission check for displaying admin user-tools
2014-12-31 16:31:59 -05:00
Claude Paroz
51890ce889
Applied ignore_warnings to Django tests
2014-12-30 18:16:25 +01:00
Aymeric Augustin
cf0fd65ed4
Deprecated TEMPLATE_LOADERS.
2014-12-28 17:02:30 +01:00
Aymeric Augustin
cf1f36bb6e
Deprecated current_app in TemplateResponse and render(_to_response).
2014-12-28 17:02:29 +01:00
Aymeric Augustin
fdbfc98003
Deprecated some arguments of django.shortcuts.render(_to_response).
...
dictionary and context_instance and superseded by context.
Refactored tests that relied context_instance with more modern idioms.
2014-12-28 17:02:29 +01:00
Tim Graham
271d4f8f85
Fixed #23948 -- Moved password help text from the template to the form.
...
Thanks Mithos for the report and patch.
2014-12-26 08:09:12 -05:00
Collin Anderson
5dddd79433
Fixed #20349 -- Moved setting_changed signal to django.core.signals.
...
This removes the need to load django.test when not testing.
2014-12-24 07:18:43 -05:00
Tim Graham
0d5ca7b560
Moved an import in an auth test; refs #23925 .
...
This keeps tests/__init__.py from importing other modules and may fix a problem
with test discovery revealed in formtools tests on Travis CI.
2014-12-15 10:09:18 -05:00
Markus Holtermann
aa5ef0d4fc
Fixed #23822 -- Added support for serializing model managers in migration
...
Thanks to Shai Berger, Loïc Bistuer, Simon Charette, Andrew Godwin,
Tim Graham, Carl Meyer, and others for their review and input.
2014-12-15 08:34:15 -05:00
Berker Peksag
560b4207b1
Removed redundant numbered parameters from str.format().
...
Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}".
2014-12-03 14:27:38 -05:00
Tim Graham
b06dfad88f
Fixed #23939 -- Moved session verification out of SessionAuthenticationMiddleware.
...
Thanks andrewbadr for the report and Carl Meyer for the review.
2014-12-03 13:11:47 -05:00
sdeprez
9e80c5f457
Fixed #23925 -- Allowed settings.AUTHENTICATION_BACKENDS to reference import aliases
2014-11-28 10:47:33 -05:00
Diego Guimarães
f39b0421b4
Fixed #23338 -- Added warning when unique=True on ForeigKey
...
Thanks Jonathan Lindén for the initial patch, and Tim Graham
and Gabe Jackson for the suggestions.
2014-11-27 19:42:30 -05:00
wrwrwr
dd35cc232a
Fixed #23641 -- Moved post_migrate signals for contrib apps to AppConfig.ready().
2014-11-27 13:06:35 -05:00
Aymeric Augustin
7331788300
Avoided rewrapping Contexts in render_to_response.
...
This change preserves backwards-compatibility for a very common misuse
of render_to_response which even occurred in the official documentation.
It fixes that misuse wherever it happened in the code base and docs.
Context.__init__ is documented as accepting a dict and nothing else.
Since Context is dict-like, Context(Context({})) could work to some
extent. However, things get complicated with RequestContext and that
gets in the way of refactoring the template engine. This is the real
rationale for this change.
2014-11-22 17:58:38 +01:00
Aymeric Augustin
dca33ac15d
Simplified caching of password hashers.
...
load_hashers cached its result regardless of its password_hashers
argument which required fragile cache invalidation. Remove that
argument in favor of @override_settings and triggering cache
invalidation with a signal.
2014-11-19 21:35:39 +01:00
Erik Romijn
c1584e1df4
Refs #23793 -- Fixed test failure after password reset messages clarification
2014-11-15 17:05:24 +01:00
Yigit Guler
9dde0a211e
Fixed #23793 -- Clarified password reset messages.
2014-11-15 16:29:13 +01:00
averybigant
b7a5b6ab86
Fixed #23750 -- Allowed core.checks.register to be used as a function
2014-11-11 16:29:32 +01:00
Veres Lajos
a71a2ea756
Fixed typos using https://github.com/vlajos/misspell_fixer
2014-11-03 20:59:30 -05:00
Berker Peksag
f7969b0920
Fixed #23620 -- Used more specific assertions in the Django test suite.
2014-11-03 11:56:37 -05:00
Claude Paroz
b8f2c972d0
Removed redundant skip_checks option for call_command
2014-10-20 17:26:00 +02:00
Claude Paroz
d6a15026c4
Updated translations from Transifex
...
Forward port of e9c8aefbce
from stable/1.7.x
2014-09-30 20:55:50 +02:00
Thomas Chaumeny
b2aad7b836
Replaced set([foo, ...]) by {foo, ...} literals. Refs PR 3282.
...
Thanks Collin Anderson for the review.
2014-09-29 00:01:38 +07:00
Damien Baty
ad491ecc6e
Fixed #23488 -- Added AnonymousUser.get_username().
2014-09-18 10:48:28 -04:00
Aymeric Augustin
aa399f6b8b
Use "catch" instead of "trap" for exceptions.
...
This is the idiomatic word in the Python world.
2014-09-08 22:23:44 +02:00
Tim Graham
1101467ce0
Limited lines to 119 characters in django/
...
refs #23395 .
2014-09-05 09:22:16 -04:00
Carl Meyer
89559bcfb0
Fixed #23409 -- Extract PasswordResetForm.get_users method.
...
Allows easier customization of policies regarding which users are allowed to
reset their password.
Thanks Aymeric for review.
2014-09-03 12:25:11 -06:00
Tim Graham
e39af5ea59
Fixed #21648 -- Deprecated is_admin_site option to auth.views.password_reset().
2014-08-23 19:32:58 -04:00
Preston Holmes
5307ce565f
Fixed #23066 -- Modified RemoteUserMiddleware to logout on REMOTE_USER change.
...
This is a security fix. Disclosure following shortly.
2014-08-20 14:39:40 -04:00
Claude Paroz
efa67b897b
Fetched translations from Transifex
...
Forward port of 49280a73ea
from stable/1.7.x
2014-08-20 10:22:41 +02:00
Collin Anderson
1d79d08d9a
Fixed #23294 -- Add related_name to existing migrations.
...
Thanks to Florian Apolloner for the review; refs #23288 .
2014-08-15 12:39:06 -04:00
Gabriel Muñumel
deed00c0d8
Fixed #23162 -- Renamed forms.Field._has_changed() to has_changed().
2014-08-15 08:14:45 -04:00
Trey Hunner
6868643063
Added newlines to the ends of CSS, HTML, and JavaScript files missing them.
2014-08-12 19:22:09 -04:00
Tim Graham
a9fd740d22
Fixed #23276 -- Deprecated passing views as strings to url().
2014-08-12 13:15:40 -04:00
Andrew Godwin
059f5d17c5
Fixed #23163 : Align user help text with migrations
2014-08-04 13:57:02 +10:00
Tim Graham
a2479f46f3
Fixed #7220 -- Allowed AbstractBaseUser.last_login to be null.
...
Thanks veena for the suggestion and Simon Charette and Kévin Etienne for reviews.
2014-08-01 17:51:49 -04:00
Jürno Ader
76f2f58a18
Fixed #22956 -- Made PermissionManager.get_by_natural_key() use the correct database for content type lookup.
2014-07-31 13:35:27 -04:00
Iain Dawson
b4cf7e3d1d
Fixed typo in PermissionsMixin.groups.help_text.
2014-07-21 20:03:45 +00:00
Iain Dawson
8fbf13a6c8
Replaced instances of 'his/her' with 'their'.
2014-07-21 19:49:12 +00:00
Alex Gaynor
6732566967
Bump the default iterations for PBKDF2.
...
The rate at which we've increased this has not been keeping up with hardware (and software) improvements, and we're now considerably behind where we should be. The delta between our performance and an optimized implementation's performance prevents us from improving that further, but hopefully once Python 2.7.8 and 3.4+ get into more hands we can more aggressively increase this number.
2014-07-11 22:43:26 -07:00
Tim Graham
d5e1a2d5eb
Added contrib.auth migration for refs #13147 .
2014-07-10 13:06:42 -04:00
Yin Jifeng
849538d03d
Fixed #13147 -- Moved User validation logic from form to model.
2014-07-10 09:36:43 -04:00
Anubhav Joshi
75ff7b8fb8
Fixed #21832 -- Updated prompt, tests, and docs to show that USERNAME_FIELD supports FK after 9bc2d76
.
...
Also added get_input_data() hook in createsuperuser.
Thanks Chris Jerdonek and Tim Graham for review.
2014-07-08 08:21:41 -04:00
Tim Graham
7fd55c3481
Fixed #20631 -- Increased the default EmailField max_length to 254.
...
Thanks pmartin for the report.
2014-07-04 14:15:00 -04:00