b9b35f9efa
Fixed #27840 -- Fixed KeyError in PasswordResetConfirmView.form_valid().
...
When a user is already logged in when submitting the password and
password confirmation to reset a password, a KeyError occurred while
removing the reset session token from the session.
Refs #17209
Thanks Quentin Marlats for the report and Florian Apolloner and Tim
Graham for the review.
2017-02-15 00:35:04 +01:00
500532c95d
Refs #23919 -- Removed default 'utf-8' argument for str.encode()/decode().
2017-02-09 09:03:47 -05:00
3a148f958d
Refs #27795 -- Removed force_text from the template layer
...
Thanks Tim Graham for the review.
2017-02-07 17:14:02 +01:00
854f695014
Refs #27815 -- Reordered LoginView.get_form_kwargs().
2017-02-07 10:15:43 -05:00
41ba27fefd
Fixed #27815 -- Made LoginView pass the request kwarg to AuthenticationForm.
2017-02-07 08:54:21 -05:00
c651331b34
Converted usage of ugettext* functions to their gettext* aliases
...
Thanks Tim Graham for the review.
2017-02-07 09:04:04 +01:00
5411821e3b
Refs #27656 -- Updated django.contrib docstring verb style according to PEP 257.
2017-02-04 16:39:28 -05:00
29f607927f
Fixed spelling of "nonexistent".
2017-02-03 08:01:45 -05:00
d5b573d872
Fixed #26993 -- Increased User.last_name max_length to 150 characters.
2017-01-28 09:29:00 -05:00
d1bab24e01
Refs #23919 , #27778 -- Removed obsolete mentions of unicode.
2017-01-26 08:19:27 -05:00
1c466994d9
Refs #23919 -- Removed misc Python 2/3 references.
2017-01-25 13:59:25 -05:00
d6eaf7c018
Refs #23919 -- Replaced super(ClassName, self) with super().
2017-01-25 12:23:46 -05:00
9e6e32bf5d
Refs #23919 -- Removed django.utils.decorators.available_attrs() usage.
...
It's only needed to workaround a bug on Python 2.
2017-01-21 13:20:17 -05:00
4e729feaa6
Refs #23919 -- Removed django.utils._os.upath()/npath()/abspathu() usage.
...
These functions do nothing on Python 3.
2017-01-20 08:01:02 -05:00
dc8834cad4
Refs #23919 -- Removed unneeded force_str calls
2017-01-20 08:44:31 +01:00
4c5ed3e683
Refs #23919 -- Removed __nonzero__() methods (for Python 2).
...
Thanks Tim for the review.
2017-01-19 11:26:26 -05:00
cecc079168
Refs #23919 -- Stopped inheriting from object to define new style classes.
2017-01-19 08:39:46 +01:00
eb422e476f
Refs #23919 -- Removed obsolete __ne__() methods.
...
__ne__() defaults to the opposite of __eq__() on Python 3
when it doesn't return NotImplemented.
2017-01-18 21:44:00 -05:00
3cc5f01d9b
Refs #23919 -- Stopped using django.utils.lru_cache().
2017-01-18 21:42:40 -05:00
2b281cc35e
Refs #23919 -- Removed most of remaining six usage
...
Thanks Tim Graham for the review.
2017-01-18 21:33:28 +01:00
7b2f2e74ad
Refs #23919 -- Removed six.<various>_types usage
...
Thanks Tim Graham and Simon Charette for the reviews.
2017-01-18 20:18:46 +01:00
c716fe8782
Refs #23919 -- Removed six.PY2/PY3 usage
...
Thanks Tim Graham for the review.
2017-01-18 16:21:28 +01:00
f3c43ad1fd
Refs #23919 -- Removed python_2_unicode_compatible decorator usage
2017-01-18 13:44:34 +01:00
d7b9aaa366
Refs #23919 -- Removed encoding preambles and future imports
2017-01-18 09:55:19 +01:00
0bf3228eec
Increased the default PBKDF2 iterations for the 1.11 release cycle.
2017-01-17 20:52:05 -05:00
401c5b2e42
Refs #23957 -- Removed the useless SessionAuthenticationMiddleware.
2017-01-17 20:52:05 -05:00
eba093e8b0
Refs #25847 -- Removed support for User.is_(anonymous|authenticated) as methods.
...
Per deprecation timeline.
2017-01-17 20:52:03 -05:00
9f9a3d643e
Refs #24126 -- Removed auth views' current_app parameter per deprecation timeline.
2017-01-17 20:52:00 -05:00
e90c745afd
Refs #22993 -- Removed skipIfCustomUser per deprecation timeline.
2017-01-17 14:09:29 -05:00
ede59ef6f3
Fixed #27518 -- Prevented possibie password reset token leak via HTTP Referer header.
...
Thanks Florian Apolloner for contributing to this patch and
Collin Anderson, Markus Holtermann, and Tim Graham for review.
2017-01-13 09:17:54 -05:00
b52c73008a
Fixed #15667 -- Added template-based widget rendering.
...
Thanks Carl Meyer and Tim Graham for contributing to the patch.
2016-12-27 17:50:10 -05:00
4a246a02bd
Refs #17235 -- Made MultiPartParser leave request.POST immutable.
2016-12-07 08:28:46 -05:00
9992decbf1
Quoted group name in django/contrib/auth/models.py docstring.
2016-11-28 16:41:37 -05:00
cb7bbf97a7
Fixed #25966 -- Made get_user_model() work at import time.
...
This makes it equivalent to: `from django.contrib.auth.models import User`.
Thanks Aymeric Augustin for the initial patch and Tim Graham for the
review.
2016-11-25 14:15:49 +01:00
51eaff6d35
Refs #17209 -- Fixed token verification for PasswordResetConfirmView POST requests.
2016-11-21 13:42:25 -05:00
0d9ff873d9
Fixed #27467 -- Made UserAttributeSimilarityValidator max_similarity=0/1 work as documented.
...
Thanks goblinJoel for the report and feedback.
2016-11-16 17:40:37 -05:00
967be82443
Fixed E305 flake8 warnings.
2016-11-14 12:30:46 -05:00
f3ea0c4bbd
Reverted "Fixed #26401 -- Added BaseAuthConfig to use auth without migrations."
...
This reverts commit 1ec1633cb2
2016-10-25 17:32:59 -07:00
63bf615d5e
Updated translations from Transifex
...
Forward port of bfc9c72725
2016-09-30 22:12:41 +02:00
617e36dc1e
Fixed #20705 -- Allowed using PasswordResetForm with user models with an email field not named 'email'.
2016-09-27 11:59:00 -04:00
8119b679eb
Refs #27025 -- Fixed "invalid escape sequence" warnings in Python 3.6.
...
http://bugs.python.org/issue27364
2016-09-17 15:44:06 -04:00
9459ec82aa
Fixed #26170 -- Made ModelAdmin views run transactions on the correct database.
...
Thanks juntatalor for the initial patch.
2016-09-14 16:06:39 -04:00
f0f3de3c96
Fixed #23155 -- Added request argument to user_login_failed signal.
2016-09-12 20:30:34 -04:00
4b9330ccc0
Fixed #25187 -- Made request available in authentication backends.
2016-09-12 20:11:53 -04:00
1ec1633cb2
Fixed #26401 -- Added BaseAuthConfig to use auth without migrations.
2016-09-10 16:38:05 -07:00
536db42cf0
Fixed #26097 -- Added password_validators_help_text_html to UserCreationForm.
2016-09-10 18:23:18 -04:00
66e1ebbffc
Fixed #26956 -- Added success_url_allowed_hosts to LoginView and LogoutView.
...
Allows specifying additional hosts to redirect after login and log out.
2016-09-07 19:56:25 -07:00
f227b8d15d
Refs #26956 -- Allowed is_safe_url() to validate against multiple hosts
2016-09-07 19:56:25 -07:00
4c94336510
Removed transitive import of types.MethodType from six.
2016-09-06 07:19:27 -04:00
ae98d40c35
Fixed #27136 -- Changed auth forms' autofocus attribute to HTML5 boolean syntax.
2016-08-28 17:19:50 -07:00
a02b5848ae
Replaced property() usage with decorator in several places.
2016-08-25 20:06:22 -04:00
3c18f8a3d2
Fixed #27111 -- Fixed KeyError if USERNAME_FIELD isn't in UserCreationForm.fields.
2016-08-24 13:20:12 -04:00
549b90fab3
Refs #26902 -- Protected against insecure redirects in Login/LogoutView.
2016-08-19 19:01:01 -04:00
7549eb0004
Fixed #27009 -- Made update_session_auth_hash() rotate the session key.
2016-08-15 19:29:12 -04:00
d7e0cf04b7
Used all() and a generator for PermissionsMixin.has_perms().
2016-08-13 08:46:51 -04:00
4591cf3fd8
Fixed #26909 -- Allowed UserAttributeSimilarityValidator to validate against model properties.
2016-08-10 15:08:06 -04:00
0814566bf1
Fixed #26960 -- Added PasswordResetConfirmView option to automatically log in after a reset.
2016-08-10 10:23:16 -04:00
975a76a964
Fixed #26951 -- Allowed AuthenticationForm to work with a username of 0.
2016-08-10 09:44:48 -04:00
a2fb2b3a1f
Fixed #27020 -- Used a context manager to close files.
2016-08-04 19:45:14 -04:00
967aa7f6cc
Fixed #27010 -- Made Argon2PasswordHasher decode with ASCII.
...
The underlying hasher only generates strings containing ASCII
characters so this is merely a cosmetic change.
2016-08-04 10:57:37 -04:00
4e64e3bb6e
Fixed #26997 -- Fixed checks crash with empty Meta.default_permissions.
2016-08-03 09:14:01 -04:00
374b6091ac
Pulled contrib translations from Transifex
...
Forward port f19cadd391
2016-08-01 19:47:19 +02:00
0ba179194b
Fixed #26929 -- Deprecated extra_context parameter of contrib.auth.views.logout_then_login().
2016-07-28 11:57:02 -04:00
dde6288fbe
Fixed #26882 -- Added tests for auth.views.logout_then_login().
2016-07-22 15:04:13 -04:00
255fb99284
Fixed #17209 -- Added password reset/change class-based views
...
Thanks Tim Graham for the review.
2016-07-16 10:36:12 +02:00
490107f14d
Added Upper/Lower Sorbian translations
2016-06-29 21:11:30 +02:00
09119dff14
Fixed #26719 -- Normalized email in AbstractUser.clean().
2016-06-24 10:37:38 -04:00
78963495d0
Refs #17209 -- Added LoginView and LogoutView class-based views
...
Thanks Tim Graham for the review.
2016-06-24 10:45:13 +02:00
39805686b3
Refs #21379 , #26719 -- Moved username normalization to AbstractBaseUser.
...
Thanks Huynh Thanh Tam for the initial patch and Claude Paroz for review.
2016-06-21 16:19:37 -04:00
1915a7e5c5
Increased the default PBKDF2 iterations.
2016-05-20 09:19:19 -04:00
5ccee815ff
Updated translation catalogs
2016-05-17 23:21:35 +02:00
9baf692a58
Fixed #26601 -- Improved middleware per DEP 0005.
...
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-05-17 07:22:22 -04:00
9935f97cd2
Refs #21379 -- Normalized unicode username inputs
2016-05-16 19:38:02 +02:00
526575c641
Fixed #21379 -- Created auth-specific username validators
...
Thanks Tim Graham for the review.
2016-05-16 19:37:57 +02:00
61a16e0270
Fixed #24075 -- Used post-migration models in contrib apps receivers.
...
Thanks Markus and Tim for the review.
2016-05-15 19:51:16 -04:00
094ea69e07
Fixed #26614 -- Used constant_time_compare() in checking session auth hash in login().
2016-05-13 18:26:10 -04:00
b26fedacef
Fixed #26544 -- Delayed translations of SetPasswordForm help_texts
...
Thanks Michael Bitzi for the reporti and Tim Graham for the review.
2016-05-07 10:17:49 +02:00
03efa304bc
Refs #25847 -- Added system check for UserModel.is_anonymous/is_authenticated methods.
2016-05-06 08:56:06 -04:00
8dcf352c03
Pulled translations from Transifex
2016-04-30 14:27:07 +02:00
d9a00ad16b
Removed deprecated Chinese language codes for contrib apps
...
Refs #18149 .
2016-04-30 14:26:47 +02:00
a5033dbc58
Refs #26033 -- Added password hasher support for Argon2 v1.3.
...
The previous version of Argon2 uses encoded hashes of the form:
$argon2d$m=8,t=1,p=1$<salt>$<data>
The new version of Argon2 adds its version into the hash:
$argon2d$v=19$m=8,t=1,p=1$<salt>$<data>
This lets Django handle both version properly.
2016-04-25 21:17:53 -04:00
c1aec0feda
Fixed #25847 -- Made User.is_(anonymous|authenticated) properties.
2016-04-09 14:54:18 -04:00
df8d8d4292
Fixed E128 flake8 warnings in django/.
2016-04-08 09:51:06 -04:00
a872194802
Fixed #26470 -- Converted auth permission validation to system checks.
...
Thanks Tim for the review.
2016-04-06 22:40:43 -04:00
e0a3d93730
Fixed #25232 -- Made ModelBackend/RemoteUserBackend reject inactive users.
2016-03-23 09:01:48 -04:00
1243fdf5cb
Fixed #26395 -- Skipped the CryptPasswordHasher tests on platforms with a dummy crypt module.
2016-03-22 11:22:21 -04:00
efa9539787
Fixed #26381 -- Made UserCreationForm reusable with custom user models that define USERNAME_FIELD.
2016-03-21 12:32:42 -04:00
d0fe6c9156
Fixed #26334 -- Removed whitespace stripping from contrib.auth password fields.
2016-03-14 20:20:24 -04:00
ab8af342b1
Fixed #26343 -- Sent user_login_failed signal if an auth backend raises PermissionDenied.
2016-03-12 16:44:39 -05:00
b4250ea04a
Fixed #26033 -- Added Argon2 password hasher.
2016-03-08 11:22:18 -05:00
1845bc1d10
Refs #26315 -- Cleaned up argparse options in commands.
...
* Removed type coercion. Options created by argparse are already coerced
to the correct type.
* Removed fallback default values. Options created by argparse already
have a default value.
* Used direct indexing. Options created by argparse are always set. This
eliminates the need to use dict.get().
2016-03-05 13:19:29 -05:00
67b46ba701
Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login.
...
This is a security fix.
2016-03-01 11:25:28 -05:00
10781b4c6f
Fixed #12233 -- Allowed redirecting authenticated users away from the login view.
...
contrib.auth.views.login() has a new parameter `redirect_authenticated_user`
to automatically redirect authenticated users visiting the login page.
Thanks to dmathieu and Alex Buchanan for the original code and to Carl Meyer
for the help and review.
2016-02-25 07:18:33 -05:00
50931dfa53
Fixed #25304 -- Allowed management commands to check if migrations are applied.
2016-02-12 13:34:56 -05:00
004ba0f99e
Removed unneeded hint=None/obj=None in system check messages.
2016-02-12 13:01:25 -05:00
926d41f0e7
Updated some comments for BCryptSHA256PasswordHasher.
2016-02-11 11:57:12 -05:00
46c13fef46
Fix typo in comment
2016-02-11 11:14:06 +00:00
6eb3ce11e4
Fixed #26089 -- Removed custom user test models from public API.
...
Thanks to Tim Graham for the review.
2016-02-04 12:30:34 -05:00
dcee1dfc79
Fixed #12405 -- Added LOGOUT_REDIRECT_URL setting.
...
After a user logs out via auth.views.logout(), they're redirected
to LOGOUT_REDIRECT_URL if no `next_page` argument is provided.
2016-02-04 10:35:37 -05:00
8048411c97
Fixed a typo in BCryptPasswordHasher docstring
...
There is no BCryptSHA512PasswordHasher.
2016-01-09 12:14:51 -05:00
Markus Holtermann
Tim Graham
Claude Paroz
Zoltan Gyarmati
Anton Samarchyan
Thom Wiggers
Vytis Banaitis
chillaranand
Simon Charette
Simon Charette
Aymeric Augustin
Romain Garrigues
Preston Timmons
Vinay Karanam
Nik Nyby
Florian Apolloner
Ramin Farajpour Cami
Jon Dufresne
levental
Jibodeah
Gavin Wahl
Aleksej Manaev
Alexander Gaevsky
Curtis Maloney
Berker Peksag
Przemysław Suliga
Andrew Nester
jordij
Olexander Yermakov
Ville Skyttä
Sergey Yurchenko
Bang Dao + Tam Huynh
Bas Westerbaan
Jeremy Lainé
Vincenzo Pandolfo
ieatkittens
Olivier Le Thanh Duong
Mounir Messelmeni
Charlie Denton
Hugo Osvaldo Barrera
Matt Robenolt