innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
14,430 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

193 Commits

Author SHA1 Message Date
Preston Holmes a49e7dd2a3 Fixed #20114 -- support custom project login_url in tests 
Thanks to Matias Bordese for the patch
 2013-04-05 09:03:28 -07:00
Preston Timmons fde2e4fd6e Modified auth to work with unittest2 discovery. 2013-04-02 21:59:45 -06:00
Jacob Kaplan-Moss 9e462f8101 Fixed #20078: don't allow filtering on password in the user admin. 2013-03-27 11:24:36 -05:00
Donald Stufft 25f2acfed0 Fixed #20138 -- Added BCryptSHA256PasswordHasher 
BCryptSHA256PasswordHasher pre-hashes the users password using
SHA256 to prevent the 72 byte truncation inherient in the BCrypt
algorithm.
 2013-03-26 13:26:57 -04:00
Claude Paroz 2f121dfe63 Fixed #17051 -- Removed some 'invalid' field error messages 
When the 'invalid' error message is set at field level, it masks
the error message raised by the validator, if any.
 2013-03-14 17:03:43 +01:00
matiasb f39fead1c3 Fixed #19945 -- Fixed default User model Meta inheritance. 
Updated default User model Meta class to extend AbstractUser Meta
where translated verbose_name and verbose_name_plural are
defined.
 2013-03-01 19:32:20 -03:00
Aymeric Augustin f1255a3c09 Fixed #18144 -- Restored compatibility with SHA1 hashes with empty salt. 
Thanks dahool for the report and initial version of the patch.
 2013-02-25 20:21:58 +01:00
Florian Apolloner f56ca3f0e6 Fixed the usage of the deprecated assertEquals. 2013-02-24 11:15:17 +01:00
Preston Holmes 22d82a7742 Fixed #15198 -- pass request to AuthenticationForm 
Thanks to Ciantic for the report, claudep and slurms for initial work
 2013-02-23 15:28:49 -08:00
Horst Gutmann 2f4a4703e1 Fixed #19758 -- Avoided leaking email existence through the password reset form. 2013-02-23 14:31:21 +01:00
Carl Meyer d51fb74360 Added a new required ALLOWED_HOSTS setting for HTTP host header validation. 
This is a security fix; disclosure and advisory coming shortly.
 2013-02-19 11:23:29 -07:00
Claude Paroz 5ec0405a09 Fixed #19839 -- Isolated auth tests from customized TEMPLATE_LOADERS 
Thanks limscoder for the report.
 2013-02-18 09:22:25 +01:00
Claude Paroz a8d1421dd9 Avoided unneeded assertion on Python 3 
Fixes failure introduced in 02e5909f7a.
 2013-02-15 16:09:31 +01:00
Claude Paroz 02e5909f7a Fixed #19807 -- Sanitized getpass input in createsuperuser 
Python 2 getpass on Windows doesn't accept unicode, even when
containing only ascii chars.
Thanks Semmel for the report and tests.
 2013-02-15 15:44:27 +01:00
Russell Keith-Magee f5e4a699ca Fixed #19822 -- Added validation for uniqueness on USERNAME_FIELD on custom User models. 
Thanks to Claude Peroz for the draft patch.
 2013-02-15 09:00:55 +08:00
Claude Paroz f1029b308f Fixed a misnamed variable introduced in commit 142ec8b283 
Refs #8404.
 2013-02-14 08:33:10 +01:00
Claude Paroz 142ec8b283 Fixed #8404 -- Isolated auth password-related tests from custom templates 2013-02-13 23:11:49 +01:00
Hiroki Kiyohara e94f405d94 Fixed #18558 -- Added url property to HttpResponseRedirect* 
Thanks coolRR for the report.
 2013-02-13 10:29:32 +01:00
Preston Holmes c44d748272 Fixed #19662 -- alter auth modelbackend to accept custom username fields 
Thanks to Aymeric and Carl for the review.
 2013-02-07 16:07:56 -08:00
Claude Paroz 2390fe3f4f Fixed #19745 -- Forced resolution of verbose names in createsupersuser 
Thanks Baptiste Mispelon for the report and Preston Holmes for the review.
 2013-02-06 10:06:21 +01:00
Claude Paroz 55c585f1c7 Fixed #19725 -- Made createsuperuser handle non-ascii prompts 
Thanks Michisu for the report.
 2013-02-04 10:09:10 +01:00
Claude Paroz 63d6a50dd8 Fixed #18144 -- Added backwards compatibility with old unsalted MD5 passwords 
Thanks apreobrazhensky at gmail.com for the report.
 2013-02-02 12:02:36 +01:00
Claude Paroz 1686e0d184 Fixed #18460 -- Fixed change detection of ReadOnlyPasswordHashField 
Thanks jose.sanchez et ezeep.com for the report and Vladimir Ulupov
for the initial patch.
 2013-01-25 21:27:49 +01:00
Florian Apolloner cc4de61a2b Fixed #19596 -- Use `_default_manager` instead of `objects` in the auth app. 
This is needed to support custom user models which don't define a manager
named `objects`.
 2013-01-22 12:47:34 +01:00
Nick Sandford cdad0b28d4 Fixed #19573 -- Allow override of username field label in AuthenticationForm 2013-01-10 09:06:04 +01:00
Claude Paroz 34ee7d9875 Updated deprecated test assertions 2013-01-08 19:08:15 +01:00
Aymeric Augustin 4e5369a596 Silenced warnings in the tests of deprecated features. 2012-12-29 22:32:07 +01:00
Claude Paroz 0dc3fc954f Fixed #19509 -- Fixed crypt/bcrypt non-ascii password encoding 
Also systematically added non-ascii passwords in hashers test suite.
Thanks Vaal for the report.
 2012-12-22 16:04:10 +01:00
Russell Keith-Magee 9facca28b6 Corrected tests depending on the error message on the AuthenticationForm. 
Refs #19368, and the fix introduced in 27f8129d64.
 2012-12-16 07:18:45 +08:00
Russell Keith-Magee 47e1df896b Fixed #19412 -- Added PermissionsMixin to the auth.User heirarchy. 
This makes it easier to make a ModelBackend-compliant (with regards to
permissions) User model.

Thanks to cdestigter for the report about the relationship between
ModelBackend and permissions, and to the many users on django-dev that
contributed to the discussion about mixins.
 2012-12-15 22:44:47 +08:00
Claude Paroz c91667338a Fixed #19357 -- Allow non-ASCII chars in filesystem paths 
Thanks kujiu for the report and Aymeric Augustin for the review.
 2012-12-08 11:13:52 +01:00
Claude Paroz a0cd6dd11e Fixed #19349 -- Fixed re-rendering of ReadOnlyPasswordHashWidget 
Thanks tim.bowden at mapforge.com.au for the report, Andreas Hug
for the patch and Anton Baklanov for the review.
 2012-12-01 12:22:43 +01:00
Preston Holmes 84a5294788 Added missing custom user skip decorator 
PermissionDeniedBackendTest references User model.
 2012-11-30 22:54:42 -08:00
Claude Paroz 0eeae15056 Fixed #19354 -- Do not assume usermodel.pk == usermodel.id 
Thanks markteisman at hotmail.com for the report.
 2012-11-29 21:45:43 +01:00
Claude Paroz a962bc7c45 Updated User manager when testing custom AUTH_USER_MODEL 
This is giving more real test conditions when AUTH_USER_MODEL is
set with override_settings.
 2012-11-24 16:00:00 +01:00
Jannis Leidel 1520748dac Fixed #2550 -- Allow the auth backends to raise the PermissionDenied exception to completely stop the authentication chain. Many thanks to namn, danielr, Dan Julius, Łukasz Rekucki, Aashu Dwivedi and umbrae for working this over the years. 2012-11-17 20:24:54 +01:00
Preston Holmes 9741912a9a Fixed #17869 - force logout when REMOTE_USER header disappears 
If the current sessions user was logged in via a remote user backend log out
the user if REMOTE_USER header not available - otherwise leave it to other auth
middleware to install the AnonymousUser.

Thanks to Sylvain Bouchard for the initial patch and ticket maintenance.
 2012-10-29 22:58:14 -07:00
Preston Holmes 2b5f848207 Fixed #19057 (again) -- added additional tests 2012-10-29 22:24:42 -07:00
Russell Keith-Magee 81f5d4a1a7 Added some test guards for some recently added auth tests. 
Refs #19061, #19057.
 2012-10-30 10:28:35 +08:00
Claude Paroz b774c5993c Fixed #19172 -- Isolated poisoned_http_host tests from 500 handlers 
Thanks bernardofontes for the report.
 2012-10-29 17:28:04 +01:00
Preston Holmes 4ea8105120 Fixed #19061 -- added is_active attribute to AbstractBaseUser 2012-10-28 23:04:03 -07:00
Russell Keith-Magee 04b53ebfb7 Fixed #19133 -- Corrected regression in form handling for user passwords. 
Thanks to pressureman for the report, and to Preston Holmes for the draft patch.
 2012-10-20 11:41:54 +08:00
Preston Holmes 9305c0e12d Fixed a security issue related to password resets 
Full disclosure and new release are forthcoming
 2012-10-17 14:36:41 -07:00
Russell Keith-Magee b3b3db3d95 Fixed #19067 -- Clarified handling of username in createsuperuser. 
Thanks to clelland for the report, and Preston Holmes for the draft patch.
 2012-10-13 13:36:07 +08:00
Anssi Kääriäinen b5f224e8e2 Fixed tests introduced for #15915 
The tests didn't clean up properly. The commit that introduced the
errors was 8c427448d5.

Thanks to Trac alias rizumu for spotting this.
 2012-10-12 00:10:49 +03:00
Russell Keith-Magee b9039268a1 Fixed #19060 -- Corrected assumptions about the name of the User model in the ModelBackend. 
Thanks to Ivan Virabyan for the report and initial patch.
 2012-10-06 12:43:29 +08:00
Mateusz Haligowski 8c427448d5 Fixed #15915 -- Cleaned handling of duplicate permission codenames 
Previously, a duplicate model, codename for permission would lead to
database integrity error. Cleaned the implementation so that this case
now raises an CommandError instead.
 2012-10-03 23:10:32 +03:00
Russell Keith-Magee 934f35f1f9 Corrected test docstring. 2012-10-03 09:16:33 +08:00
Preston Holmes 5f8b97f9fb Fixed #19057 -- support custom user models in mod_wsgi auth handler 
thanks @freakboy3742 for the catch and review
 2012-10-02 06:42:05 -07:00
Michael Farrell 7cc4068c44 Fixed #18616 -- added user_login_fail signal to contrib.auth 
Thanks to Brad Pitcher for documentation
 2012-09-30 22:34:50 -07:00