innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
21,957 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

115 Commits

Author SHA1 Message Date
Thomas Grainger d638cdc42a Fixed #25165 -- Removed inline JavaScript from the admin. 
This allows setting a Content-Security-Policy HTTP header
(refs #15727).

Special thanks to blighj, the original author of this patch.
 2015-12-05 15:51:57 -05:00
sujayskumar d8d853378b Fixed #24944 -- Added extra_email_context parameter to password_reset() view. 2015-09-18 18:56:04 -04:00
Maxime Lorant 5153a3bfdc Fixed #25331 -- Removed trailing blank lines in docstrings. 2015-08-31 17:37:21 -04:00
Wim Feijen c082363527 Reworded contrib.auth forms' password confirmation help_text. 
"As above" refers to a spatial orientation, which might
not be present, for example when the two password fields
are shown next to each other.
 2015-07-20 15:51:50 -04:00
Tim Graham 774c16d16e Fixed #25052; refs #16860 -- Added password validation to UserCreationForm. 2015-07-20 13:44:34 -04:00
Tim Graham f5e9d67907 Refs #16860 -- Moved password_changed() logic to AbstractBaseUser. 
Thanks Carl Meyer for review.
 2015-07-20 13:44:26 -04:00
Erik Romijn 1daae25bdc Fixed #16860 -- Added password validation to django.contrib.auth. 2015-06-07 19:31:20 +02:00
Piotr Jakimiak 4157c502a5 Removed unnecessary arguments in .get method calls 2015-05-13 20:51:18 +02:00
Claude Paroz c2bfd76ec3 Refs #15779 -- Fixed UserChangeForm regression introduced by 1791a7e75 
Thanks Tim Graham for reporting the regression.
 2015-03-28 09:24:01 +01:00
Thomas Tanner 28986da4ca Fixed #5986 -- Added ability to customize order of Form fields 2015-03-16 09:12:57 -04:00
Tim Graham 0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00
Tim Graham a53541852d Removed contrib.auth.forms.mask_password() 
This function is unused since dce820ff70
after being introduced in 718a5ba1a1
 2015-02-02 11:13:14 -05:00
Tim Graham 271d4f8f85 Fixed #23948 -- Moved password help text from the template to the form. 
Thanks Mithos for the report and patch.
 2014-12-26 08:09:12 -05:00
Berker Peksag 560b4207b1 Removed redundant numbered parameters from str.format(). 
Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}".
 2014-12-03 14:27:38 -05:00
Carl Meyer 89559bcfb0 Fixed #23409 -- Extract PasswordResetForm.get_users method. 
Allows easier customization of policies regarding which users are allowed to
reset their password.

Thanks Aymeric for review.
 2014-09-03 12:25:11 -06:00
Gabriel Muñumel deed00c0d8 Fixed #23162 -- Renamed forms.Field._has_changed() to has_changed(). 2014-08-15 08:14:45 -04:00
Iain Dawson 8fbf13a6c8 Replaced instances of 'his/her' with 'their'. 2014-07-21 19:49:12 +00:00
Yin Jifeng 849538d03d Fixed #13147 -- Moved User validation logic from form to model. 2014-07-10 09:36:43 -04:00
Jorge C. Leitão a00b78b1e2 Fixed #17431 -- Added send_mail() method to PasswordResetForm. 
Credits for the initial patch go to ejucovy;
big thanks to Tim Graham for the review.
 2014-06-10 14:00:52 -04:00
Tim Graham ed4c2e1c0d Fixed #22329 -- Used label_tag() in some admin auth templates. 
refs #17922.
 2014-03-29 08:54:56 -04:00
Aymeric Augustin 9ffab9cee1 Moved RequestSite and get_current_site. 
Following the app-loading refactor, these objects must live outside of
django.contrib.sites.models because they must be available without
importing the django.contrib.sites.models module when
django.contrib.sites isn't installed.

Refs #21680. Thanks Carl and Loic for reporting this issue.
 2014-01-26 08:50:47 +01:00
Aymeric Augustin 8f04f53dd8 Removed a few gratuitous lambdas. 2013-12-26 14:03:50 +01:00
Loic Bistuer 6685713869 Fixed E127 pep8 warnings. 2013-12-14 11:59:15 -05:00
Claude Paroz 5f52590368 Fixed #21291 -- Ensured inactive users cannot reset their passwords 
Thanks kz26 for the report and the suggested fix. Refs #19758.
 2013-10-19 10:43:06 +02:00
Florian Apolloner 5d74853e15 Revert "Ensure that passwords are never long enough for a DoS." 
This reverts commit aae5a96d57.

This fix is no longer necessary, our pbkdf2 (see next commit) implementation
no longer rehashes the password every iteration.
 2013-09-24 21:01:21 +02:00
Tim Graham 18ffdb1772 Fixed #17627 -- Renamed util.py files to utils.py 
Thanks PaulM for the suggestion and Luke Granger-Brown and
Wiktor Kołodziej for the initial patch.
 2013-09-16 12:52:05 -04:00
Russell Keith-Magee aae5a96d57 Ensure that passwords are never long enough for a DoS. 
* Limit the password length to 4096 bytes
  * Password hashers will raise a ValueError
  * django.contrib.auth forms will fail validation
* Document in release notes that this is a backwards incompatible change

Thanks to Josh Wright for the report, and Donald Stufft for the patch.

This is a security fix; disclosure to follow shortly.
 2013-09-15 13:42:23 +08:00
Simon Charette 11cd7388f7 Fixed #20989 -- Removed useless explicit list comprehensions. 2013-08-30 10:57:51 -04:00
Justin Michalicek 6d88d47be6 Fixed #20832 -- Enabled HTML password reset email 
Added optional html_email_template_name parameter to password_reset view
and PasswordResetForm.
 2013-08-05 09:47:28 -04:00
Curtis Maloney 07876cf02b Deprecated SortedDict (replaced with collections.OrderedDict) 
Thanks Loic Bistuer for the review.
 2013-08-04 07:09:39 -04:00
Tim Graham a1889397a9 Fixed #12103 -- Added AuthenticationForm.confirm_login_allowed to allow customizing the logic policy. 
Thanks ejucovy and lasko for work on the patch.
 2013-07-31 13:54:05 -04:00
Kirill Fomichev 33242fe015 Fixed #19019 -- Fixed UserAdmin to log password change. 
Thanks Tuttle for the report.
 2013-07-23 08:33:07 -04:00
Claude Paroz 6118d6d1c9 More import removals 
Following the series of commits removing deprecated features in
Django 1.7, here are some more unneeded imports removed and other
minor cleanups.
 2013-06-29 11:58:36 +02:00
Ramiro Morales f02a703ca6 Removed AuthenticationForm.check_for_test_cookie() as per deprecation TL. 2013-06-28 21:48:15 -03:00
Tim Graham 1184d07789 Fixed #14881 -- Modified password reset to work with a non-integer UserModel.pk. 
uid is now base64 encoded in password reset URLs/views. A backwards compatible
password_reset_confirm view/URL will allow password reset links generated before
this change to continue to work. This view will be removed in Django 1.7.

Thanks jonash for the initial patch and claudep for the review.
 2013-06-26 13:11:47 -04:00
Erik Romijn aeb1389442 Fixed #20079 -- Improve security of password reset tokens 2013-06-18 20:02:00 +02:00
Loic Bistuer ee77d4b253 Fixed #20199 -- Allow ModelForm fields to override error_messages from model fields 2013-06-18 08:01:17 -04:00
Ramiro Morales 0fa8d43e74 Replaced `and...or...` constructs with PEP 308 conditional expressions. 2013-05-26 23:47:50 -03:00
Mark Huang 0732c8e8c6 Fixed #20357 -- Allow empty username field label in `AuthentificationForm`. 2013-05-16 11:41:52 -04:00
Luke Plant f026a519ae Fixed #19733 - deprecated ModelForms without 'fields' or 'exclude', and added '__all__' shortcut 
This also updates all dependent functionality, including modelform_factory
 and modelformset_factory, and the generic views `ModelFormMixin`,
 `CreateView` and `UpdateView` which gain a new `fields` attribute.
 2013-05-09 16:44:36 +01:00
Preston Holmes 22d82a7742 Fixed #15198 -- pass request to AuthenticationForm 
Thanks to Ciantic for the report, claudep and slurms for initial work
 2013-02-23 15:28:49 -08:00
Preston Holmes 9d2c0a0ae6 Removed superfluous cookie check from auth login. 
This is ensured through the CSRF protection of the view
 2013-02-23 15:28:49 -08:00
Horst Gutmann 2f4a4703e1 Fixed #19758 -- Avoided leaking email existence through the password reset form. 2013-02-23 14:31:21 +01:00
Claude Paroz 1686e0d184 Fixed #18460 -- Fixed change detection of ReadOnlyPasswordHashField 
Thanks jose.sanchez et ezeep.com for the report and Vladimir Ulupov
for the initial patch.
 2013-01-25 21:27:49 +01:00
Florian Apolloner cc4de61a2b Fixed #19596 -- Use `_default_manager` instead of `objects` in the auth app. 
This is needed to support custom user models which don't define a manager
named `objects`.
 2013-01-22 12:47:34 +01:00
Nick Sandford cdad0b28d4 Fixed #19573 -- Allow override of username field label in AuthenticationForm 2013-01-10 09:06:04 +01:00
Russell Keith-Magee 27f8129d64 Fixed #19368 -- Ensured that login error messages adapt to changes in the User model. 
Thanks to un33k for the report.
 2012-12-15 22:44:47 +08:00
Claude Paroz a0cd6dd11e Fixed #19349 -- Fixed re-rendering of ReadOnlyPasswordHashWidget 
Thanks tim.bowden at mapforge.com.au for the report, Andreas Hug
for the patch and Anton Baklanov for the review.
 2012-12-01 12:22:43 +01:00
Claude Paroz 0eeae15056 Fixed #19354 -- Do not assume usermodel.pk == usermodel.id 
Thanks markteisman at hotmail.com for the report.
 2012-11-29 21:45:43 +01:00
Preston Holmes 4ea8105120 Fixed #19061 -- added is_active attribute to AbstractBaseUser 2012-10-28 23:04:03 -07:00