edeec1247e
Passed strict=True to Path.resolve() to enforce that the path must exist.
2019-11-05 14:22:20 +01:00
b9fe7f9294
Fixed #30947 -- Changed tuples to lists in model Meta options in django.contrib modules.
...
The Django "Model Meta options" docs provide examples and generally
point the reader to use lists for the unique_together and ordering
options. Follow our own advice for contrib models.
More generally, lists should be used for homogeneous sequences of
arbitrary lengths of which both unique_together and ordering are.
2019-11-05 08:16:31 +01:00
2f010795e6
Simplified AuthenticationMiddleware a bit.
...
SimpleLazyObject already caches value in _wrapped.
2019-10-29 13:20:13 +01:00
0315c18fe1
Refs #26601 -- Removed obsolete workarounds for MIDDLEWARE_CLASSES setting.
2019-10-23 08:18:48 +02:00
226ebb1729
Fixed #28622 -- Allowed specifying password reset link expiration in seconds and deprecated PASSWORD_RESET_TIMEOUT_DAYS.
2019-09-20 13:52:04 +02:00
6c9778a58e
Fixed #30776 -- Restored max length validation on AuthenticationForm.UsernameField.
...
Regression in 5ceaf14686
2019-09-18 11:37:38 +02:00
b5db65c4fb
Increased the default PBKDF2 iterations for Django 3.1.
2019-09-12 17:24:01 +02:00
d17be88afd
Refs #30037 -- Required the RemoteUserBackend.configure_user() to have request as the first positional argument.
...
Per deprecation timeline.
2019-09-10 12:01:00 +02:00
5495ea3ae0
Updated translation catalogs
2019-09-08 17:35:32 +02:00
4f61810751
Fixed #30747 -- Renamed is_safe_url() to url_has_allowed_host_and_scheme().
2019-09-02 15:32:23 +02:00
999891bd80
Refs #29379 -- Moved autocomplete attribute to UsernameField.
...
Moving the autocomplete attribute into UsernameField allows this to work
for custom forms making use of UsernameField, removes some duplication
in the code, and keeps consistency with the autocapitalize attribute
that is already defined on UsernameField.
2019-09-02 10:50:56 +02:00
400ec5125e
Fixed #18763 -- Added ModelBackend/UserManager.with_perm() methods.
...
Co-authored-by: Nick Pope <nick.pope@flightdataservices.com>
2019-08-29 19:32:12 +02:00
b5a5c92c72
Fixed #30066 -- Enabled super user creation without email and password
2019-08-29 12:49:16 +02:00
03dbdfd9bb
Fixed #29019 -- Added ManyToManyField support to REQUIRED_FIELDS.
2019-08-26 14:48:40 +02:00
a5308514fb
Fixed #27801 -- Made createsuperuser fall back to environment variables for password and required fields.
2019-07-02 12:55:09 +02:00
d54baf6970
Updated translations from Transifex
...
Forward port of b3f7262e6e
2019-06-29 16:17:16 +02:00
42b9a23267
Fixed #30400 -- Improved typography of user facing strings.
...
Thanks Claude Paroz for assistance with translations.
2019-06-28 16:46:18 +02:00
3ee0834a46
Fixed #30556 -- Avoided useless query and hasher call in ModelBackend.authenticate() when credentials aren't provided.
...
There's no need to fetch a user instance from the database unless
a username and a password are provided as credentials.
2019-06-10 11:12:31 +02:00
dcb8f00d06
Fixed #29379 -- Added autocomplete attribute to contrib.auth.forms fields.
...
Thank you to Nick Pope for review.
Co-authored-by: CHI Cheng <cloudream@gmail.com>
2019-06-07 12:44:39 +02:00
581a0f4545
Refs #30226 -- Added User.get_user_permissions() method.
...
Added to mirror the existing User.get_group_permissions().
2019-06-05 13:56:37 +02:00
75337a6050
Fixed #30226 -- Added BaseBackend for authentication.
2019-06-05 13:39:46 +02:00
58df8aa40f
Fixed #28780 -- Allowed specyfing a token parameter displayed in password reset URLs.
...
Co-authored-by: Tim Givois <tim.givois.mendez@gmail.com>
2019-05-24 08:40:25 +02:00
2007e11d70
Forced utf-8 encoding when loading common passwords in CommonPasswordValidator.
...
Previously we used `decode()` which defaults to utf-8. This change
restores previous behavior.
Follow up to 28eac41510
2019-05-23 08:39:16 +02:00
b711eafd2a
Refs #30116 -- Removed unnecessary str() calls in CommonPasswordValidator.
...
open() and gzip.open() supports path-like objects since Python 3.6.
2019-05-22 19:47:28 +02:00
28eac41510
Improved performance of loading common passwords in CommonPasswordValidator.
...
CommonPasswordValidator.__init__ previously called either splitlines or
readlines, creating an unneeded intermediate list in memory. For large
custom password files, this could be burdensome.
2019-05-22 06:55:21 +02:00
98296f86b3
Fixed #30351 -- Handled pre-existing permissions in proxy model permissions data migration.
...
Regression in 181fb60159
2019-04-27 20:18:22 +02:00
3e01aab533
Updated contrib translations from Transifex.
...
Forwardport of 7090cbf542
2019-04-01 12:22:15 +02:00
9410db9683
Fixed #30236 -- Made UsernameField render with autocapitalize="none" HTML attribute.
...
This prevents automatic capitalization, which is the default behavior in
some browsers.
2019-03-29 15:24:44 +01:00
cbf7e71558
Fixed #30257 -- Made UsernameValidators prohibit trailing newlines.
2019-03-22 13:16:25 -04:00
a8e2a9bac6
Refs #15902 -- Deprecated storing user's language in the session.
2019-02-14 10:23:02 -05:00
48c17807a9
Fixed #16027 -- Added app_label to ContentType.__str__().
2019-02-07 19:56:47 -05:00
24b82cd201
Fixed #30159 -- Removed unneeded use of OrderedDict.
...
Dicts preserve order since Python 3.6.
2019-02-06 13:48:39 -05:00
7785e03ba8
Fixed #30137 -- Replaced OSError aliases with the canonical OSError.
...
Used more specific errors (e.g. FileExistsError) as appropriate.
2019-01-28 11:15:06 -05:00
06670015f7
Increased the default PBKDF2 iterations for Django 3.0.
2019-01-17 11:15:27 -05:00
181fb60159
Fixed #11154 , #22270 -- Made proxy model permissions use correct content type.
...
Co-Authored-By: Simon Charette <charette.s@gmail.com>
Co-Authored-By: Antoine Catton <acatton@fusionbox.com>
2019-01-16 10:07:28 -05:00
217f4456d8
Fetched Armenian translations from Transifex
2019-01-10 10:50:42 +01:00
db1b10ef0d
Fixed #30037 -- Added request arg to RemoteUserBackend.configure_user().
2019-01-09 20:01:04 -05:00
0004daa536
Used 4 space hanging indent for dictionaries.
...
Thanks Mariusz Felisiak for auditing.
2019-01-02 18:18:19 -05:00
e817ae74da
Followed style guide for model attribute ordering.
2018-12-27 19:34:14 -05:00
26bb2611a5
Fixed #29952 -- Lowercased all passwords in contrib.auth's auth/common-passwords.txt.gz.
2018-11-15 14:11:03 -05:00
e819554018
Fixed #29939 -- Increased Group.name max_length to 150 characters.
2018-11-14 15:13:34 -05:00
c82893cb8c
Refs #27795 -- Removed force_bytes() usage from django/utils/http.py.
...
django.utils.http.urlsafe_base64_encode() now returns a string, not a
bytestring. Since URLs are represented as strings,
urlsafe_base64_encode() should return a string. All uses immediately
decoded the bytestring to a string anyway.
As the inverse operation, urlsafe_base64_decode() accepts a string.
2018-10-10 14:38:22 -04:00
a7284cc0c3
Fixed #29809 -- Fixed a crash when a "view only" user POSTs to the admin user change form.
2018-10-01 10:09:50 +02:00
bf39978a53
Fixed CVE-2018-16984 -- Fixed password hash disclosure to admin "view only" users.
...
Thanks Claude Paroz & Tim Graham for collaborating on the patch.
2018-10-01 10:05:01 +02:00
033d842e84
Updated translations from Transifex
...
Forward port of d5ed08263b
2018-09-29 17:11:49 +02:00
8ef8bc0f64
Refs #28909 -- Simplifed code using unpacking generalizations.
2018-09-28 09:57:12 -04:00
2349cbd909
Fixed #29782 -- Added better error message when filtering queryset with AnonymousUser.
2018-09-26 15:36:19 -04:00
e40e7026ca
Fixed #29683 -- Added view permission to docs.
2018-09-26 15:06:43 -04:00
8d87350356
Refs #27795 -- Removed force_bytes() usage in contrib/auth/handlers/modwsgi.py.
2018-09-26 11:16:59 -04:00
c52ecbda61
Removed shadowing of built-in hash() function.
2018-09-13 10:04:36 -04:00
Jon Dufresne
Sergey Fedoseev
Hasan Ramezani
Sam Reynolds
Carlton Gibson
Mariusz Felisiak
Claude Paroz
Nick Pope
Berker Peksag
daniel a rios
Aymeric Augustin
Tobias Bengfort
Rob
Brad Solomon
pmisteli
Ryan J Schave
Gregory N. Schmit
Tim Graham
Arthur Rio
Joshua Cannon
Matt Wiens
Mathew Payne
Timothy Allen
Ramon Saraiva
Stephen James
Andrey Kostakov