innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
23,114 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

844 Commits

Author SHA1 Message Date
Berker Peksag 3c18f8a3d2 Fixed #27111 -- Fixed KeyError if USERNAME_FIELD isn't in UserCreationForm.fields. 2016-08-24 13:20:12 -04:00
Przemysław Suliga 549b90fab3 Refs #26902 -- Protected against insecure redirects in Login/LogoutView. 2016-08-19 19:01:01 -04:00
Tim Graham 7549eb0004 Fixed #27009 -- Made update_session_auth_hash() rotate the session key. 2016-08-15 19:29:12 -04:00
Curtis Maloney d7e0cf04b7 Used all() and a generator for PermissionsMixin.has_perms(). 2016-08-13 08:46:51 -04:00
Andrew Nester 4591cf3fd8 Fixed #26909 -- Allowed UserAttributeSimilarityValidator to validate against model properties. 2016-08-10 15:08:06 -04:00
jordij 0814566bf1 Fixed #26960 -- Added PasswordResetConfirmView option to automatically log in after a reset. 2016-08-10 10:23:16 -04:00
Olexander Yermakov 975a76a964 Fixed #26951 -- Allowed AuthenticationForm to work with a username of 0. 2016-08-10 09:44:48 -04:00
Ville Skyttä a2fb2b3a1f Fixed #27020 -- Used a context manager to close files. 2016-08-04 19:45:14 -04:00
Tim Graham 967aa7f6cc Fixed #27010 -- Made Argon2PasswordHasher decode with ASCII. 
The underlying hasher only generates strings containing ASCII
characters so this is merely a cosmetic change.
 2016-08-04 10:57:37 -04:00
Sergey Yurchenko 4e64e3bb6e Fixed #26997 -- Fixed checks crash with empty Meta.default_permissions. 2016-08-03 09:14:01 -04:00
Claude Paroz 374b6091ac Pulled contrib translations from Transifex 
Forward port f19cadd391 from stable/1.10.x
 2016-08-01 19:47:19 +02:00
Andrew Nester 0ba179194b Fixed #26929 -- Deprecated extra_context parameter of contrib.auth.views.logout_then_login(). 2016-07-28 11:57:02 -04:00
Andrew Nester dde6288fbe Fixed #26882 -- Added tests for auth.views.logout_then_login(). 2016-07-22 15:04:13 -04:00
Claude Paroz 255fb99284 Fixed #17209 -- Added password reset/change class-based views 
Thanks Tim Graham for the review.
 2016-07-16 10:36:12 +02:00
Claude Paroz 490107f14d Added Upper/Lower Sorbian translations 2016-06-29 21:11:30 +02:00
Bang Dao + Tam Huynh 09119dff14 Fixed #26719 -- Normalized email in AbstractUser.clean(). 2016-06-24 10:37:38 -04:00
Claude Paroz 78963495d0 Refs #17209 -- Added LoginView and LogoutView class-based views 
Thanks Tim Graham for the review.
 2016-06-24 10:45:13 +02:00
Tim Graham 39805686b3 Refs #21379, #26719 -- Moved username normalization to AbstractBaseUser. 
Thanks Huynh Thanh Tam for the initial patch and Claude Paroz for review.
 2016-06-21 16:19:37 -04:00
Tim Graham 1915a7e5c5 Increased the default PBKDF2 iterations. 2016-05-20 09:19:19 -04:00
Claude Paroz 5ccee815ff Updated translation catalogs 2016-05-17 23:21:35 +02:00
Florian Apolloner 9baf692a58 Fixed #26601 -- Improved middleware per DEP 0005. 
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
 2016-05-17 07:22:22 -04:00
Claude Paroz 9935f97cd2 Refs #21379 -- Normalized unicode username inputs 2016-05-16 19:38:02 +02:00
Claude Paroz 526575c641 Fixed #21379 -- Created auth-specific username validators 
Thanks Tim Graham for the review.
 2016-05-16 19:37:57 +02:00
Simon Charette 61a16e0270 Fixed #24075 -- Used post-migration models in contrib apps receivers. 
Thanks Markus and Tim for the review.
 2016-05-15 19:51:16 -04:00
Tim Graham 094ea69e07 Fixed #26614 -- Used constant_time_compare() in checking session auth hash in login(). 2016-05-13 18:26:10 -04:00
Claude Paroz b26fedacef Fixed #26544 -- Delayed translations of SetPasswordForm help_texts 
Thanks Michael Bitzi for the reporti and Tim Graham for the review.
 2016-05-07 10:17:49 +02:00
Tim Graham 03efa304bc Refs #25847 -- Added system check for UserModel.is_anonymous/is_authenticated methods. 2016-05-06 08:56:06 -04:00
Claude Paroz 8dcf352c03 Pulled translations from Transifex 2016-04-30 14:27:07 +02:00
Claude Paroz d9a00ad16b Removed deprecated Chinese language codes for contrib apps 
Refs #18149.
 2016-04-30 14:26:47 +02:00
Bas Westerbaan a5033dbc58 Refs #26033 -- Added password hasher support for Argon2 v1.3. 
The previous version of Argon2 uses encoded hashes of the form:
   $argon2d$m=8,t=1,p=1$<salt>$<data>

The new version of Argon2 adds its version into the hash:
   $argon2d$v=19$m=8,t=1,p=1$<salt>$<data>

This lets Django handle both version properly.
 2016-04-25 21:17:53 -04:00
Jeremy Lainé c1aec0feda Fixed #25847 -- Made User.is_(anonymous|authenticated) properties. 2016-04-09 14:54:18 -04:00
Tim Graham df8d8d4292 Fixed E128 flake8 warnings in django/. 2016-04-08 09:51:06 -04:00
Simon Charette a872194802 Fixed #26470 -- Converted auth permission validation to system checks. 
Thanks Tim for the review.
 2016-04-06 22:40:43 -04:00
Alexander Gaevsky e0a3d93730 Fixed #25232 -- Made ModelBackend/RemoteUserBackend reject inactive users. 2016-03-23 09:01:48 -04:00
Tim Graham 1243fdf5cb Fixed #26395 -- Skipped the CryptPasswordHasher tests on platforms with a dummy crypt module. 2016-03-22 11:22:21 -04:00
Berker Peksag efa9539787 Fixed #26381 -- Made UserCreationForm reusable with custom user models that define USERNAME_FIELD. 2016-03-21 12:32:42 -04:00
Vincenzo Pandolfo d0fe6c9156 Fixed #26334 -- Removed whitespace stripping from contrib.auth password fields. 2016-03-14 20:20:24 -04:00
ieatkittens ab8af342b1 Fixed #26343 -- Sent user_login_failed signal if an auth backend raises PermissionDenied. 2016-03-12 16:44:39 -05:00
Bas Westerbaan b4250ea04a Fixed #26033 -- Added Argon2 password hasher. 2016-03-08 11:22:18 -05:00
Jon Dufresne 1845bc1d10 Refs #26315 -- Cleaned up argparse options in commands. 
* Removed type coercion. Options created by argparse are already coerced
  to the correct type.
* Removed fallback default values. Options created by argparse already
  have a default value.
* Used direct indexing. Options created by argparse are always set. This
  eliminates the need to use dict.get().
 2016-03-05 13:19:29 -05:00
Florian Apolloner 67b46ba701 Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login. 
This is a security fix.
 2016-03-01 11:25:28 -05:00
Olivier Le Thanh Duong 10781b4c6f Fixed #12233 -- Allowed redirecting authenticated users away from the login view. 
contrib.auth.views.login() has a new parameter `redirect_authenticated_user`
to automatically redirect authenticated users visiting the login page.

Thanks to dmathieu and Alex Buchanan for the original code and to Carl Meyer
for the help and review.
 2016-02-25 07:18:33 -05:00
Mounir Messelmeni 50931dfa53 Fixed #25304 -- Allowed management commands to check if migrations are applied. 2016-02-12 13:34:56 -05:00
Tim Graham 004ba0f99e Removed unneeded hint=None/obj=None in system check messages. 2016-02-12 13:01:25 -05:00
Tim Graham 926d41f0e7 Updated some comments for BCryptSHA256PasswordHasher. 2016-02-11 11:57:12 -05:00
Charlie Denton 46c13fef46 Fix typo in comment 2016-02-11 11:14:06 +00:00
Simon Charette 6eb3ce11e4 Fixed #26089 -- Removed custom user test models from public API. 
Thanks to Tim Graham for the review.
 2016-02-04 12:30:34 -05:00
Hugo Osvaldo Barrera dcee1dfc79 Fixed #12405 -- Added LOGOUT_REDIRECT_URL setting. 
After a user logs out via auth.views.logout(), they're redirected
to LOGOUT_REDIRECT_URL if no `next_page` argument is provided.
 2016-02-04 10:35:37 -05:00
Matt Robenolt 8048411c97 Fixed a typo in BCryptPasswordHasher docstring 
There is no BCryptSHA512PasswordHasher.
 2016-01-09 12:14:51 -05:00
Collin Anderson 780bddf75b Fixed #20846 -- Decreased User.username max_length to 150 characters. 2016-01-08 18:06:44 -05:00