Tim Graham
e39af5ea59
Fixed #21648 -- Deprecated is_admin_site option to auth.views.password_reset().
2014-08-23 19:32:58 -04:00
Preston Holmes
5307ce565f
Fixed #23066 -- Modified RemoteUserMiddleware to logout on REMOTE_USER change.
...
This is a security fix. Disclosure following shortly.
2014-08-20 14:39:40 -04:00
Claude Paroz
efa67b897b
Fetched translations from Transifex
...
Forward port of 49280a73ea
from stable/1.7.x
2014-08-20 10:22:41 +02:00
Collin Anderson
1d79d08d9a
Fixed #23294 -- Add related_name to existing migrations.
...
Thanks to Florian Apolloner for the review; refs #23288 .
2014-08-15 12:39:06 -04:00
Gabriel Muñumel
deed00c0d8
Fixed #23162 -- Renamed forms.Field._has_changed() to has_changed().
2014-08-15 08:14:45 -04:00
Trey Hunner
6868643063
Added newlines to the ends of CSS, HTML, and JavaScript files missing them.
2014-08-12 19:22:09 -04:00
Tim Graham
a9fd740d22
Fixed #23276 -- Deprecated passing views as strings to url().
2014-08-12 13:15:40 -04:00
Andrew Godwin
059f5d17c5
Fixed #23163 : Align user help text with migrations
2014-08-04 13:57:02 +10:00
Tim Graham
a2479f46f3
Fixed #7220 -- Allowed AbstractBaseUser.last_login to be null.
...
Thanks veena for the suggestion and Simon Charette and Kévin Etienne for reviews.
2014-08-01 17:51:49 -04:00
Jürno Ader
76f2f58a18
Fixed #22956 -- Made PermissionManager.get_by_natural_key() use the correct database for content type lookup.
2014-07-31 13:35:27 -04:00
Iain Dawson
b4cf7e3d1d
Fixed typo in PermissionsMixin.groups.help_text.
2014-07-21 20:03:45 +00:00
Iain Dawson
8fbf13a6c8
Replaced instances of 'his/her' with 'their'.
2014-07-21 19:49:12 +00:00
Alex Gaynor
6732566967
Bump the default iterations for PBKDF2.
...
The rate at which we've increased this has not been keeping up with hardware (and software) improvements, and we're now considerably behind where we should be. The delta between our performance and an optimized implementation's performance prevents us from improving that further, but hopefully once Python 2.7.8 and 3.4+ get into more hands we can more aggressively increase this number.
2014-07-11 22:43:26 -07:00
Tim Graham
d5e1a2d5eb
Added contrib.auth migration for refs #13147 .
2014-07-10 13:06:42 -04:00
Yin Jifeng
849538d03d
Fixed #13147 -- Moved User validation logic from form to model.
2014-07-10 09:36:43 -04:00
Anubhav Joshi
75ff7b8fb8
Fixed #21832 -- Updated prompt, tests, and docs to show that USERNAME_FIELD supports FK after 9bc2d76
.
...
Also added get_input_data() hook in createsuperuser.
Thanks Chris Jerdonek and Tim Graham for review.
2014-07-08 08:21:41 -04:00
Tim Graham
7fd55c3481
Fixed #20631 -- Increased the default EmailField max_length to 254.
...
Thanks pmartin for the report.
2014-07-04 14:15:00 -04:00
Anubhav Joshi
9bc2d766a0
Fixed #21755 -- Added ForeignKey support to REQUIRED_FIELDS.
...
This allows specifying ForeignKeys in REQUIRED_FIELDS when using a
custom User model.
Thanks cjerdonek and bmispelon for suggestion and timgraham for review.
2014-07-03 07:42:52 -04:00
Tim Graham
c26579eaa7
Removed django/contrib/auth/create_superuser.py
...
It's a shim that calls the actual createsuperuser management command and
it's been marked as deprecated since Django 1.0.
2014-07-01 08:51:06 -04:00
Tim Graham
cf252dbea6
Fixed #8162 -- Increased Permission.name max_length to 255 characters.
2014-06-30 14:20:51 -04:00
Tim Graham
150d88cc2c
Restored is_anonymous() check in ModelBackend permission checking removed in refs #17903 .
...
Thanks Florian Apolloner for raising the issue.
2014-06-24 07:09:38 -04:00
Jorge C. Leitão
c33447a50c
Fixed #17903 -- Modified ModelBackend to eliminate permissions on inactive users.
...
Thanks to @SmileyChris for the report and @timgraham for review.
2014-06-23 19:57:20 -04:00
Jorge C. Leitão
0a8c0eda2a
Simplified test of contrib.auth.tests.
2014-06-23 19:30:06 -04:00
Tim Graham
b341f33697
Added database migration for contrib.auth.
...
refs #22170 .
2014-06-16 16:21:37 -04:00
Claude Paroz
f17b24e407
Converted remaining management commands to argparse
2014-06-14 13:43:44 +02:00
mlavin
4696cd9671
Fixed #22477 -- Removed contrib middleware from the global settings defaults.
...
Also added a compatibility check for changed middleware defaults.
Forwardport of d94de802d3
from stable/1.7.x
2014-06-13 12:45:56 -04:00
Jorge C. Leitão
cc35bd461d
Fixed #7599 -- Added get_user_permissions to ModelBackend.
...
Thanks to @gdub for the report and intial patch and
@charettes and @timgraham for the review.
2014-06-13 09:34:04 -04:00
Tim Graham
93d05536fd
Fixed #22770 -- Removed create_superuser from post_migrate signals.
...
Moved logic to syncdb command for backwards compatibility.
2014-06-10 14:37:37 -04:00
Jorge C. Leitão
a00b78b1e2
Fixed #17431 -- Added send_mail() method to PasswordResetForm.
...
Credits for the initial patch go to ejucovy;
big thanks to Tim Graham for the review.
2014-06-10 14:00:52 -04:00
Alex Gaynor
1dcc603eff
Fixed several typos in Django
2014-05-28 17:39:14 -07:00
Claude Paroz
b8c480a12b
Removed unused translations in auth tests
2014-05-20 12:21:05 +02:00
Claude Paroz
1a69d276bd
Updated translation catalogs
2014-05-19 15:17:35 +02:00
Tim Graham
b68fac7e88
Fixed #22652 -- Replaced UserModel.objects with UserModel._default_manager.
...
Thanks alexdlaird for the report.
2014-05-19 08:35:44 -04:00
Jorge C. Leitão
2e364a0aac
Fixed #15716 - Authentication backends can short-circuit authorization.
...
Authorization backends can now raise PermissionDenied in "has_perm"
and "has_module_perms" to short-circuit authorization process.
2014-05-16 12:57:38 -04:00
Erik Romijn
255449c1ee
Added additional checks in is_safe_url to account for flexible parsing.
...
This is a security fix. Disclosure following shortly.
2014-05-14 10:19:48 +02:00
Alex Gaynor
2bcb8bfc8d
Fix many many typos in comments throughout the codebase
2014-04-26 10:18:45 -07:00
Tim Graham
9e7f86b890
Fixed #22515 -- Fixed the object_id of the LogEntry that's created after a user password change in the admin.
...
Thanks ross at servercode.co.uk for the report.
2014-04-25 08:20:25 -04:00
Aymeric Augustin
428c0bbe1b
Appeased flake8 2.1.0.
2014-04-21 12:27:34 +02:00
Tim Graham
11e30b684d
Fixed a KeyError on login with legacy sessions; refs #21649 .
...
Thanks Loic for the report.
2014-04-17 19:57:20 -04:00
John Paulett
b5a9166f7e
Fixed #22364 -- Sanitized getpass input in changepassword.
...
Python 2 getpass on Windows does not accept unicode, even
when containing on ASCII characters. Related #190807 .
2014-04-10 13:15:37 -04:00
Tim Graham
b513fa5fc6
Fixed #22195 -- Used constants to define built-in tags for check framework.
...
Thanks Elvard for the patch.
2014-04-10 08:45:48 -04:00
Aymeric Augustin
2791fbf59d
Used more specific test assertions.
2014-04-09 22:20:22 +02:00
Anubhav Joshi
cd914e31c9
Fixed #21977 -- Deprecated SimpleTestCase.urls
2014-04-06 17:33:43 -04:00
Tim Graham
fd23c06023
Fixed #21649 -- Added optional invalidation of sessions when user password changes.
...
Thanks Paul McMillan, Aymeric Augustin, and Erik Romijn for reviews.
2014-04-05 12:50:51 -04:00
Tim Graham
d73d0e071c
Fixed #22218 -- Deprecated django.conf.urls.patterns.
...
Thanks Carl Meyer for the suggestion and Alex Gaynor and Carl for reviews.
2014-04-03 07:28:10 -04:00
Tim Graham
246face209
Fixed #22362 -- Improved AuthenticationMiddleware assertion message.
...
Thanks Keryn Knight.
2014-03-31 08:10:59 -04:00
Tim Graham
ed4c2e1c0d
Fixed #22329 -- Used label_tag() in some admin auth templates.
...
refs #17922 .
2014-03-29 08:54:56 -04:00
Tim Graham
6d1ae5e27c
Removed reading of old 'django_language' session variable per deprecation timeline.
...
refs #5789 .
2014-03-21 09:53:16 -04:00
Ramiro Morales
1d42a86ec7
Tweak password admin change form view context. Refs #21293 .
2014-03-11 09:52:43 -03:00
James Jenkins
ec675ed6cc
Fixed #22070 -- Changed verbose_name for apps in django.contrib to use title case
...
Thanks bendavis78 for the report.
2014-03-06 18:43:04 -05:00
Rodolfo Carvalho
0d91225892
Fixed many typos in comments and docstrings.
...
Thanks Piotr Kasprzyk for help with the patch.
2014-03-03 07:38:09 -05:00
Russell Keith-Magee
84207b6134
Edited contrib.auth check messages for grammar and consistency.
2014-03-03 13:39:58 +08:00
Claude Paroz
27e9069710
Allowed some auth tests to be run independently
2014-02-23 20:05:45 +01:00
Erik Romijn
8cd32f0965
Fixed #22120 -- Documented persistent activation of languages and cleaned up language session key use
2014-02-22 18:29:06 +01:00
Tim Graham
e1c8bc8fea
Fixed #21790 -- Removed reliance on an assert in auth.get_user().
...
Thanks matklad for the report.
2014-02-18 14:23:38 -05:00
Tim Graham
20f455b3d6
flake8 fixes (unused imports and variables).
2014-02-18 11:33:30 -05:00
Baptiste Mispelon
6b310bafc5
Fixed broken tests when running with a non-TTY stdin.
2014-02-18 11:36:07 +01:00
Baptiste Mispelon
2a9ee49f3c
Removed BaseCommand.stdin introduced in 116d39842d
.
...
This option is not actually very useful in the general case
because it doesn't override sys.stdin.
It's still marginally useful for testing some features of
the createsuperuser command so it was moved there.
This commit also makes the detection of a TTY in createsuperuser
a bit more robust, after a suggestion of appolo13.
2014-02-18 11:36:06 +01:00
Baptiste Mispelon
b78f9a12c8
Consolidated all tests for createsuperuser in the same TestCase.
2014-02-18 11:36:06 +01:00
Baptiste Mispelon
a7639722f5
Fixed #7423 -- Skip superuser creation when not running in a TTY.
...
Thanks to trac user galaxy4sale for the original report
and to AeroNotix for the patch.
2014-02-17 04:58:31 +01:00
Berker Peksag
5d263dee30
Fixed #21674 -- Deprecated the import_by_path() function in favor of import_string().
...
Thanks Aymeric Augustin for the suggestion and review.
2014-02-08 11:12:19 -05:00
Aymeric Augustin
f9698c4391
Suppressed the `if Site._meta.installed` pattern.
...
The purpose of this construct is to test if the django.contrib.sites
application is installed. But in Django 1.9 it will be forbidden to
import the Site model when the django.contrib.sites application isn't
installed.
No model besides Site used this pattern.
Refs #21719 , #21923 .
2014-02-01 20:38:15 +01:00
Aymeric Augustin
f901b4d6c8
Took advantage of the new get_model API. Refs #21702 .
2014-01-26 13:08:05 +01:00
Aymeric Augustin
9ffab9cee1
Moved RequestSite and get_current_site.
...
Following the app-loading refactor, these objects must live outside of
django.contrib.sites.models because they must be available without
importing the django.contrib.sites.models module when
django.contrib.sites isn't installed.
Refs #21680 . Thanks Carl and Loic for reporting this issue.
2014-01-26 08:50:47 +01:00
Aymeric Augustin
2ff93e027c
Fixed #21829 -- Added default AppConfigs.
...
Thanks Russell for the report, Marc for the initial patch, Carl for the
final review, and everyone who contributed to the design discussion.
2014-01-25 10:41:56 +01:00
Russell Keith-Magee
d818e0c9b2
Fixed #16905 -- Added extensible checks (nee validation) framework
...
This is the result of Christopher Medrela's 2013 Summer of Code project.
Thanks also to Preston Holmes, Tim Graham, Anssi Kääriäinen, Florian
Apolloner, and Alex Gaynor for review notes along the way.
Also: Fixes #8579 , fixes #3055 , fixes #19844 .
2014-01-20 10:45:21 +08:00
Marc Tamlyn
2607fa9016
Fixed #21774 -- Isolate all test urls from eachother.
...
This (nearly) completes the work to isolate all the test modules from
each other. This is now more important as importing models from another
module will case PendingDeprecationWarnings if those modules are not in
INSTALLED_APPS. The only remaining obvious dependencies are:
- d.c.auth depends on d.c.admin (because of the is_admin flag to some
views), but this is not so important and d.c.admin is in
always_installed_apps
- test_client_regress depends on test_client. Eventually these should
become a single module, as the split serves no useful purpose.
2014-01-14 15:43:27 +00:00
Aymeric Augustin
d562527a16
Fixed #21477 -- Renamed db to using in pre/post_migrate signals.
2014-01-12 22:24:33 +01:00
Andrew Godwin
f343f5e538
Fix wording of auth superuser post-migrate handler
2014-01-08 13:06:53 +00:00
Aymeric Augustin
27afd302c6
Fixed #21675 -- Added app configs for contrib apps.
2014-01-05 21:18:33 +01:00
Aymeric Augustin
e5bcd1d455
Changed get_validation_errors to use an app config.
2013-12-29 21:48:58 +01:00
Aymeric Augustin
21f22f9544
Added Apps.clear_cache().
...
This avoid leaking implementation details to tests that swap models.
2013-12-29 20:43:10 +01:00
Aymeric Augustin
82aadbb5d5
Fixed a typo.
...
Thanks Simon.
2013-12-29 20:35:58 +01:00
Aymeric Augustin
7b88a96553
Added AppConfig.get_models().
2013-12-29 20:31:59 +01:00
Aymeric Augustin
308960b92a
Cleared get_models cache when swapping User model.
...
Thanks Florian for isolating the shortest way to reproduce this issue:
./runtests.py \
django.contrib.auth.tests.test_context_processors.AuthContextProcessorTests.test_perms_attrs \
django.contrib.auth.tests.test_auth_backends.ChangedBackendSettingsTest.test_changed_backend_settings \
django.contrib.auth.tests.test_auth_backends.CustomUserModelBackendAuthenticateTest.test_authenticate \
django.contrib.auth.tests.test_basic.BasicTestCase.test_createsuperuser_management_command
2013-12-29 18:25:22 +01:00
Aymeric Augustin
00110904ac
Refactored the migration signals to use app configs.
...
De-aliased pre/post_syncdb to pre/post_migrate to increase
backwards-compatibility.
2013-12-29 17:53:42 +01:00
Aymeric Augustin
ba7206cd81
Changed get_model to raise an exception on errors.
...
Returning None on errors required unpythonic error checking and was
inconsistent with get_app_config.
get_model was a private API until the previous commit, but given that it
was certainly used in third party software, the change is explained in
the release notes.
Applied the same change to get_registered_model, which is a new private
API introduced during the recent refactoring.
2013-12-28 20:53:00 +01:00
Aymeric Augustin
8f04f53dd8
Removed a few gratuitous lambdas.
2013-12-26 14:03:50 +01:00
Tim Graham
4e7aa573ec
Added missing newline in previous commit.
2013-12-26 07:52:31 -05:00
Jon Lønne
398642fd9b
Fixed #21627 -- Added unicode_literals to changepassword command.
...
Fixed a crash when executing changepassword command when the user object
representation contained non-ASCII characters.
2013-12-26 07:35:50 -05:00
Aymeric Augustin
1716b7ce5a
Renamed AppCache to Apps.
...
Also renamed app_cache to apps and "app cache" to "app registry".
Deprecated AppCache.app_cache_ready() in favor of Apps.ready().
2013-12-24 12:25:17 +01:00
Aymeric Augustin
e32095616c
Imported override_settings from its new location.
2013-12-23 21:37:56 +01:00
Aymeric Augustin
5891990b6e
Refactored INSTALLED_APPS overrides.
...
* Introduced [un]set_installed_apps to handle changes to the
INSTALLED_APPS setting.
* Refactored [un]set_available_apps to share its implementation
with [un]set_installed_apps.
* Implemented a receiver to clear some app-related caches.
* Removed test_missing_app as it is basically impossible to reproduce
this situation with public methods of the new app cache.
2013-12-23 20:15:08 +01:00
Aymeric Augustin
2fef9e5375
Moved apps back in the toplevel django namespace.
...
Reverted 4a56a93cc4
.
2013-12-22 11:39:55 +01:00
Aymeric Augustin
4a56a93cc4
Moved the new app cache inside core.
2013-12-17 10:17:46 +01:00
Aymeric Augustin
69039becde
Deprecated get_app().
2013-12-17 10:17:45 +01:00
Aymeric Augustin
8662654d6d
Removed module-level functions for the app cache.
...
Since the original ones in django.db.models.loading were kept only for
backwards compatibility, there's no need to recreate them. However, many
internals of Django still relied on them.
They were also imported in django.db.models. They never appear in the
documentation, except a quick mention of get_models and get_app in the
1.2 release notes to document an edge case in GIS. I don't think that
makes them a public API.
This commit doesn't change the overall amount of global state but
clarifies that it's tied to the app_cache object instead of hiding it
behind half a dozen functions.
2013-12-17 10:17:44 +01:00
Aymeric Augustin
860c2c8bc5
Moved django.db.models.loading to django.apps.cache.
...
This commit doesn't contain any code changes; it's purely a refactoring.
2013-12-17 10:17:43 +01:00
Bartolomé Sánchez
8f994f1bcc
Fixed #21250 -- Made HTTP auth user header configurable in tests
...
Currently, if the authentication mechanism uses a custom HTTP header
and not REMOTE_USER, it is not easy to test. This commit modifies
remote user tests in order to make them more generic.
2013-12-14 13:02:56 -05:00
Loic Bistuer
6685713869
Fixed E127 pep8 warnings.
2013-12-14 11:59:15 -05:00
Ludwik Trammer
9922ed46e2
Fixed #21473 -- Limited language preservation to logout
...
Current language is no longer saved to session by LocaleMiddleware
on every response (the behavior introduced in #14825 ).
Instead language stored in session is reintroduced into new session
after logout.
Forward port of c558a43fd6
to master.
2013-12-12 10:24:43 +01:00
Loic Bistuer
a2814846ca
Fixed E124 pep8 warnings.
2013-12-10 15:12:48 -05:00
Tim Graham
fddb0131d3
Fixed #21535 -- Fixed password hash iteration upgrade.
...
Thanks jared_mess for the report.
2013-11-30 14:18:37 -05:00
Tim Graham
f3e7ab366c
Removed gender-based pronouns per [ c0a2daad78
].
2013-11-30 08:37:15 -05:00
Alex Gaynor
9af7e18f35
Fixed an unescisarily gendered pronoun in a docstring
2013-11-29 16:57:36 -06:00
Christopher Medrela
7477a4ffde
Fixed E125 pep8 warnings
2013-11-28 08:50:11 -05:00
Matt Robenolt
3560ef043e
Propagate get_user_model exception from get_user
...
Fixes #21439
2013-11-14 12:02:26 -08:00
Bouke Haarsma
4142d15102
Fixed #21388 -- Corrected language code for Frisian
2013-11-11 13:34:01 +01:00
Tim Graham
d15985d81f
Fixed #21398 -- Fixed BCryptSHA256PasswordHasher with py-bcrypt and Python 3.
...
Thanks arjan at anymore.nl for the report.
2013-11-09 10:11:50 -05:00
Ramiro Morales
a9093dd376
Fixed #21387 -- Merge two very similar help texts.
2013-11-06 00:35:20 -03:00