Commit Graph

629 Commits

Author SHA1 Message Date
Curtis Maloney 07876cf02b Deprecated SortedDict (replaced with collections.OrderedDict)
Thanks Loic Bistuer for the review.
2013-08-04 07:09:39 -04:00
Tim Graham 425d076d0c Fixed #18923 -- Corrected usage of sensitive_post_parameters in contrib.auth
Thanks Collin Anderson for the report.
2013-08-02 14:46:17 -04:00
Tim Graham a1889397a9 Fixed #12103 -- Added AuthenticationForm.confirm_login_allowed to allow customizing the logic policy.
Thanks ejucovy and lasko for work on the patch.
2013-07-31 13:54:05 -04:00
Aymeric Augustin 5b47a9c5a0 Fixed a test that could fail depending on PASSWORD_HASHERS.
Thanks Claude. Refs #20760.
2013-07-30 16:14:53 +02:00
Andrew Godwin 12e9804d16 Rename allow_syncdb to allow_migrate 2013-07-30 12:08:59 +01:00
Andrew Godwin 68e0a169c4 Rename pre_ and post_syncdb to *_migrate, with aliases from old names 2013-07-30 11:52:52 +01:00
Claude Paroz fdd7a355bf Deprecated django.utils.importlib
This was a shim for pre-Python 2.7 support.
2013-07-29 17:10:22 +02:00
Serge G. Spaolonzi e07e4030b9 Fixed #18511 -- Cleaned up admin password reset template titles. 2013-07-27 14:23:04 -04:00
Aymeric Augustin 5dbca13f3b Fixed #20760 -- Reduced timing variation in ModelBackend.
Thanks jpaglier and erikr.
2013-07-23 15:43:12 +02:00
Kirill Fomichev 33242fe015 Fixed #19019 -- Fixed UserAdmin to log password change.
Thanks Tuttle for the report.
2013-07-23 08:33:07 -04:00
Loic Bistuer 3a00229189 Cleaned up UserAdmin.get_form() that worked around a bug fixed in 23e1b59.
Refs #18681.
2013-07-18 23:59:45 +07:00
Tim Graham f407f75aae Fixed #20673 -- Clarified that HttpRequest.user uses AUTH_USER_MODEL.
Thanks littlepig for the report.
2013-07-04 09:32:32 -04:00
Simon Charette 8759778185 Fixed #20675 -- `check_password` should work when no password is specified.
The regression was introduced by 2c4fe761a. refs #20593.
2013-07-03 14:09:58 -04:00
Aymeric Augustin cfcf4b3605 Stopped using django.utils.unittest in the test suite.
Refs #20680.
2013-07-01 14:29:33 +02:00
Ramiro Morales d51b7794bf Removed django.contrib.auth.views.password_reset_confirm_uidb36() view to finish its accelerated deprecation schedule. 2013-06-29 12:22:15 -03:00
Claude Paroz 6118d6d1c9 More import removals
Following the series of commits removing deprecated features in
Django 1.7, here are some more unneeded imports removed and other
minor cleanups.
2013-06-29 11:58:36 +02:00
Aymeric Augustin c8756e17fb Removed obsolete comment. Refs #20079.
Thanks Gavin Wahl.
2013-06-29 11:42:34 +02:00
Ramiro Morales c196564132 Removed custom profile model functionality as per deprecation TL. 2013-06-28 21:48:16 -03:00
Ramiro Morales f02a703ca6 Removed AuthenticationForm.check_for_test_cookie() as per deprecation TL. 2013-06-28 21:48:15 -03:00
Andrew Godwin f325f86971 Fixed #20244: PermissionsMixin now defines a related_query_name for M2Ms 2013-06-27 15:44:22 +01:00
Anton Baklanov cab333cb16 Fixed #20541 -- don't raise db signals twice when creating superuser 2013-06-27 05:58:01 -04:00
Tim Graham 1184d07789 Fixed #14881 -- Modified password reset to work with a non-integer UserModel.pk.
uid is now base64 encoded in password reset URLs/views. A backwards compatible
password_reset_confirm view/URL will allow password reset links generated before
this change to continue to work. This view will be removed in Django 1.7.

Thanks jonash for the initial patch and claudep for the review.
2013-06-26 13:11:47 -04:00
Simon Charette b91787910c Fixed #20642 -- Deprecated `Option.get_(add|change|delete)_permission`.
Those methods were only used by `contrib.admin` internally and exclusively
related to `contrib.auth`. Since they were undocumented but used
in the wild the raised deprecation warning point to an also undocumented
alternative that lives in `contrib.auth`.

Also did some PEP8 and other cleanups in the affected modules.
2013-06-25 12:22:37 -04:00
Loic Bistuer 7462a78c1b Fixed #20288 -- Fixed inconsistency in the naming of the popup GET parameter.
Thanks to Keryn Knight for the initial report and reviews,
and to tomask for the original patch.
2013-06-19 22:16:16 +02:00
Aymeric Augustin ffcf24c9ce Removed several unused imports. 2013-06-19 17:18:40 +02:00
Erik Romijn aeb1389442 Fixed #20079 -- Improve security of password reset tokens 2013-06-18 20:02:00 +02:00
Erik Romijn 2c4fe761a0 Fixed #20593 -- Allow blank passwords in check_password() and set_password() 2013-06-18 13:32:54 -04:00
Loic Bistuer ee77d4b253 Fixed #20199 -- Allow ModelForm fields to override error_messages from model fields 2013-06-18 08:01:17 -04:00
Claude Paroz beb652e069 Worked around Python 3.3 modified exception repr
Refs #20599.
2013-06-15 11:14:59 +02:00
Jaap Roes 990f8d92dc Fixed #20599 -- Changed wording of ValueError raised by _load_library
The _load_library method on BasePasswordHasher turns ImportErrors
into ValueErrors, this masks ImportErrors in the algorithm library.
Changed it to a clearer worded error message that includes
the ImportError string.
2013-06-15 10:50:55 +02:00
Aymeric Augustin c6e6d4eeb7 Defined available_apps in relevant tests.
Fixed #20483.
2013-06-10 11:30:01 +02:00
Aymeric Augustin 4daf570b98 Added TransactionTestCase.available_apps.
This can be used to make Django's test suite significantly faster by
reducing the number of models for which content types and permissions
must be created and tables must be flushed in each non-transactional
test.

It's documented for Django contributors and committers but it's branded
as a private API to preserve our freedom to change it in the future.

Most of the credit goes to Anssi. He got the idea and did the research.

Fixed #20483.
2013-06-10 11:24:10 +02:00
Chris Streeter 69373f3420 Fixed #19925 - Added validation for REQUIRED_FIELDS being a list
Thanks Roman Alexander for the suggestion.
2013-06-07 19:58:41 -04:00
Gavin Wahl 4f4e9243e4 Fixed #20532 -- Reverse auth views by name, not by path.
Auth views should be reversed by name, not their locations in
`django.contrib.auth.views`. This allows substituting your own
implementations of the auth views.
2013-06-03 13:30:40 -04:00
Gavin Wahl 01ae881bb4 Don't hard-code class names when calling static methods
normalize_email should be called on the instance, not the class. This
has the same effect normally but is more helpful to subclassers. When
methods are called directly on the class, subclasses can't override
them.
2013-05-29 16:11:26 -06:00
Ramiro Morales 0fa8d43e74 Replaced `and...or...` constructs with PEP 308 conditional expressions. 2013-05-26 23:47:50 -03:00
Preston Holmes d228c1192e Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.
SuspiciousOperations have been differentiated into subclasses, and
are now logged to a 'django.security.*' logger. SuspiciousOperations
that reach django.core.handlers.base.BaseHandler will now return a 400
instead of a 500.

Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft
for review.
2013-05-25 16:27:34 -07:00
Andrew Godwin 1514f17aa6 Rotate CSRF token on login 2013-05-24 22:15:08 +01:00
Baptiste Mispelon 3cb1e9b93c Fix test failure introduced by 980ae2ab29. 2013-05-19 16:51:36 +02:00
Baptiste Mispelon 980ae2ab29 Fix #20447: URL names given to contrib.auth.views are now resolved.
This commit also adds tests for the redirect feature of most auth views.
It also cleans up the tests, most notably using @override_settings instead
of ad-hoc setUp/tearDown methods.

Thanks to caumons for the report.

Conflicts:
	docs/releases/1.6.txt
2013-05-19 14:36:38 +02:00
Peter Inglesby cafcc22b01 Typo in comment 2013-05-19 09:28:36 +02:00
Claude Paroz 710c59bf9b Slightly reworked imports in contrib.auth.__init__ 2013-05-18 16:01:47 +02:00
Jorge Bastida dc43fbc2f2 Fixed #18998 - Prevented session crash when auth backend removed
Removing a backend configured in AUTHENTICATION_BACKENDS should not
raise an exception for existing sessions, but should make already
logged-in users disconnect.
Thanks Bradley Ayers for the report.
2013-05-18 15:58:29 +02:00
Jacob Burch 340115200f Fixed #20432 -- Test failure in admin_views.
The failure was triggered by a cache leak.
2013-05-18 13:13:33 +02:00
Mark Huang 0732c8e8c6 Fixed #20357 -- Allow empty username field label in `AuthentificationForm`. 2013-05-16 11:41:52 -04:00
Donald Stufft 8f0a4665d6 Recommend using the bcrypt library instead of py-bcrypt
* py-bcrypt has not been updated in some time
* py-bcrypt does not support Python3
* py3k-bcrypt, a port of py-bcrypt to python3 is not compatible
  with Django
* bcrypt is supported on all versions of Python that Django
  supports
2013-05-13 23:49:00 -04:00
Donald Stufft 3070e8f711 Properly force bytes or str for bcrypt on Python3 2013-05-11 11:16:06 -04:00
Carl Meyer 9012833af8 Fixed #17365, #17366, #18727 -- Switched to discovery test runner.
Thanks to Preston Timmons for the bulk of the work on the patch, especially
updating Django's own test suite to comply with the requirements of the new
runner. Thanks also to Jannis Leidel and Mahdi Yusuf for earlier work on the
patch and the discovery runner.

Refs #11077, #17032, and #18670.
2013-05-10 23:08:45 -04:00
Luke Plant f026a519ae Fixed #19733 - deprecated ModelForms without 'fields' or 'exclude', and added '__all__' shortcut
This also updates all dependent functionality, including modelform_factory
 and modelformset_factory, and the generic views `ModelFormMixin`,
 `CreateView` and `UpdateView` which gain a new `fields` attribute.
2013-05-09 16:44:36 +01:00
Claude Paroz 9f7a01ef2b Updated translation templates and removed en translations
"en" translations have been mistakenly committed in 87cc3da81.
2013-05-02 16:25:23 +02:00
Preston Holmes a49e7dd2a3 Fixed #20114 -- support custom project login_url in tests
Thanks to Matias Bordese for the patch
2013-04-05 09:03:28 -07:00
Preston Timmons fde2e4fd6e Modified auth to work with unittest2 discovery. 2013-04-02 21:59:45 -06:00
Alisson 80b658f5aa Remove unnecessary if conditions
if obj it None, it's None, there's no need to check it
2013-03-30 12:22:28 +01:00
Claude Paroz 244e765a94 Updated translation templates 2013-03-28 10:06:11 +01:00
Claude Paroz 0a22f7aad2 Added Burmese language
Thanks to Yhal Htet Aung for the translation work.
2013-03-28 10:01:30 +01:00
Claude Paroz ab76467d54 Added Ossetic language
Thanks to Xwybylty Soslan for the translation work.
2013-03-28 09:54:16 +01:00
Claude Paroz c5084e7557 Updated translations from Transifex
Polish, Telugu, Georgian, Azerbaijani, Norwegian Bokmål, Basque,
Dutch, Thai, Spanish (Argentina), Afrikaans.
2013-03-28 09:24:07 +01:00
Jacob Kaplan-Moss 9e462f8101 Fixed #20078: don't allow filtering on password in the user admin. 2013-03-27 11:24:36 -05:00
Donald Stufft 25f2acfed0 Fixed #20138 -- Added BCryptSHA256PasswordHasher
BCryptSHA256PasswordHasher pre-hashes the users password using
SHA256 to prevent the 72 byte truncation inherient in the BCrypt
algorithm.
2013-03-26 13:26:57 -04:00
Claude Paroz 2f121dfe63 Fixed #17051 -- Removed some 'invalid' field error messages
When the 'invalid' error message is set at field level, it masks
the error message raised by the validator, if any.
2013-03-14 17:03:43 +01:00
Aymeric Augustin 3710a918b2 Switched the admin to use @transaction.atomic. 2013-03-11 19:58:08 +01:00
Loic Bistuer 6983a1a540 Fixed #15363 -- Renamed and normalized to `get_queryset` the methods that return a QuerySet. 2013-03-08 10:11:45 -05:00
Ramiro Morales 03e40140ff Merge pull request #871 from matiasb/ticket_19945
Fixed #19945 -- Fixed default User model Meta inheritance.
2013-03-03 14:30:36 -08:00
Claude Paroz 8e8c9b908a Fixed getting default encoding in get_system_username
Refs #19933.
2013-03-02 22:41:08 +01:00
matiasb f39fead1c3 Fixed #19945 -- Fixed default User model Meta inheritance.
Updated default User model Meta class to extend AbstractUser Meta
where translated verbose_name and verbose_name_plural are
defined.
2013-03-01 19:32:20 -03:00
Aymeric Augustin 2ee21d9f0d Implemented persistent database connections.
Thanks Anssi Kääriäinen and Karen Tracey for their inputs.
2013-02-28 15:28:13 +01:00
Claude Paroz 87cc3da814 Merged contrib translations from 1.5 branch 2013-02-26 21:51:06 +01:00
Aymeric Augustin f1255a3c09 Fixed #18144 -- Restored compatibility with SHA1 hashes with empty salt.
Thanks dahool for the report and initial version of the patch.
2013-02-25 20:21:58 +01:00
Florian Apolloner f56ca3f0e6 Fixed the usage of the deprecated assertEquals. 2013-02-24 11:15:17 +01:00
Preston Holmes 22d82a7742 Fixed #15198 -- pass request to AuthenticationForm
Thanks to Ciantic for the report, claudep and slurms for initial work
2013-02-23 15:28:49 -08:00
Preston Holmes 9d2c0a0ae6 Removed superfluous cookie check from auth login.
This is ensured through the CSRF protection of the view
2013-02-23 15:28:49 -08:00
Horst Gutmann 2f4a4703e1 Fixed #19758 -- Avoided leaking email existence through the password reset form. 2013-02-23 14:31:21 +01:00
Carl Meyer d51fb74360 Added a new required ALLOWED_HOSTS setting for HTTP host header validation.
This is a security fix; disclosure and advisory coming shortly.
2013-02-19 11:23:29 -07:00
Claude Paroz 5ec0405a09 Fixed #19839 -- Isolated auth tests from customized TEMPLATE_LOADERS
Thanks limscoder for the report.
2013-02-18 09:22:25 +01:00
Claude Paroz a8d1421dd9 Avoided unneeded assertion on Python 3
Fixes failure introduced in 02e5909f7a.
2013-02-15 16:09:31 +01:00
Claude Paroz 02e5909f7a Fixed #19807 -- Sanitized getpass input in createsuperuser
Python 2 getpass on Windows doesn't accept unicode, even when
containing only ascii chars.
Thanks Semmel for the report and tests.
2013-02-15 15:44:27 +01:00
Russell Keith-Magee f5e4a699ca Fixed #19822 -- Added validation for uniqueness on USERNAME_FIELD on custom User models.
Thanks to Claude Peroz for the draft patch.
2013-02-15 09:00:55 +08:00
Claude Paroz f1029b308f Fixed a misnamed variable introduced in commit 142ec8b283
Refs #8404.
2013-02-14 08:33:10 +01:00
Claude Paroz 142ec8b283 Fixed #8404 -- Isolated auth password-related tests from custom templates 2013-02-13 23:11:49 +01:00
Hiroki Kiyohara e94f405d94 Fixed #18558 -- Added url property to HttpResponseRedirect*
Thanks coolRR for the report.
2013-02-13 10:29:32 +01:00
Preston Holmes 0e18fb04ba Made modwsgi groups_for_user consistent with check_password
2b5f848207 based its changes on #19061
that made the is_active attribute mandatory for user models.
The try/except was not removed for the groups_for_user function.

refs #19780
2013-02-09 09:31:04 -08:00
Preston Holmes c44d748272 Fixed #19662 -- alter auth modelbackend to accept custom username fields
Thanks to Aymeric and Carl for the review.
2013-02-07 16:07:56 -08:00
Florian Apolloner 2b916895a1 Updated createsuperuser to use unicode_literals. Refs #19757. 2013-02-07 14:33:36 +01:00
Claude Paroz 2390fe3f4f Fixed #19745 -- Forced resolution of verbose names in createsupersuser
Thanks Baptiste Mispelon for the report and Preston Holmes for the review.
2013-02-06 10:06:21 +01:00
Simon Charette ec469ade2b Fixed #19689 -- Renamed `Model._meta.module_name` to `model_name`. 2013-02-05 04:16:07 -05:00
Claude Paroz 7c5b244826 Fixed #17061 -- Factored out importing object from a dotted path
Thanks Carl Meyer for the report.
2013-02-04 16:38:25 +01:00
Claude Paroz 55c585f1c7 Fixed #19725 -- Made createsuperuser handle non-ascii prompts
Thanks Michisu for the report.
2013-02-04 10:09:10 +01:00
Claude Paroz 1f8e7bb075 Added missing parentheses in if clause 2013-02-02 12:13:47 +01:00
Claude Paroz 63d6a50dd8 Fixed #18144 -- Added backwards compatibility with old unsalted MD5 passwords
Thanks apreobrazhensky at gmail.com for the report.
2013-02-02 12:02:36 +01:00
Claude Paroz 1686e0d184 Fixed #18460 -- Fixed change detection of ReadOnlyPasswordHashField
Thanks jose.sanchez et ezeep.com for the report and Vladimir Ulupov
for the initial patch.
2013-01-25 21:27:49 +01:00
Florian Apolloner cc4de61a2b Fixed #19596 -- Use `_default_manager` instead of `objects` in the auth app.
This is needed to support custom user models which don't define a manager
named `objects`.
2013-01-22 12:47:34 +01:00
Nick Sandford cdad0b28d4 Fixed #19573 -- Allow override of username field label in AuthenticationForm 2013-01-10 09:06:04 +01:00
Claude Paroz 34ee7d9875 Updated deprecated test assertions 2013-01-08 19:08:15 +01:00
Anssi Kääriäinen a2396a4c8f Fixed #19173 -- Made EmptyQuerySet a marker class only
The guarantee that no queries will be made when accessing results is
done by new EmptyWhere class which is used for query.where and having.

Thanks to Simon Charette for reviewing and valuable suggestions.
2013-01-06 19:18:28 +02:00
Aymeric Augustin 4e5369a596 Silenced warnings in the tests of deprecated features. 2012-12-29 22:32:07 +01:00
Aymeric Augustin ef017a5f00 Advanced pending deprecation warnings.
Also added stacklevel argument, fixed #18127.
2012-12-29 21:59:07 +01:00
Julien Phalip 35d1cd0b28 Fixed #19505 -- A more flexible implementation for customizable admin redirect urls.
Work by Julien Phalip.

Refs #8001, #18310, #19505. See also 0b908b92a2.
2012-12-24 15:44:19 -03:00
Claude Paroz 0dc3fc954f Fixed #19509 -- Fixed crypt/bcrypt non-ascii password encoding
Also systematically added non-ascii passwords in hashers test suite.
Thanks Vaal for the report.
2012-12-22 16:04:10 +01:00
Russell Keith-Magee 9facca28b6 Corrected tests depending on the error message on the AuthenticationForm.
Refs #19368, and the fix introduced in 27f8129d64.
2012-12-16 07:18:45 +08:00
Russell Keith-Magee 27f8129d64 Fixed #19368 -- Ensured that login error messages adapt to changes in the User model.
Thanks to un33k for the report.
2012-12-15 22:44:47 +08:00
Russell Keith-Magee 47e1df896b Fixed #19412 -- Added PermissionsMixin to the auth.User heirarchy.
This makes it easier to make a ModelBackend-compliant (with regards to
permissions) User model.

Thanks to cdestigter for the report about the relationship between
ModelBackend and permissions, and to the many users on django-dev that
contributed to the discussion about mixins.
2012-12-15 22:44:47 +08:00
Florian Apolloner a2f2a39956 Fixed #18856 -- Ensured that redirects can't be poisoned by malicious users. 2012-12-10 22:11:39 +01:00
Claude Paroz c91667338a Fixed #19357 -- Allow non-ASCII chars in filesystem paths
Thanks kujiu for the report and Aymeric Augustin for the review.
2012-12-08 11:13:52 +01:00
Ramiro Morales b64d30405a Fixed #18697 -- Made values accepted for two customizable admin templates consistent.
Thanks and at cloverfastfood dot com for the report.
2012-12-04 01:13:01 -03:00
Claude Paroz a0cd6dd11e Fixed #19349 -- Fixed re-rendering of ReadOnlyPasswordHashWidget
Thanks tim.bowden at mapforge.com.au for the report, Andreas Hug
for the patch and Anton Baklanov for the review.
2012-12-01 12:22:43 +01:00
Preston Holmes 84a5294788 Added missing custom user skip decorator
PermissionDeniedBackendTest references User model.
2012-11-30 22:54:42 -08:00
Claude Paroz 0eeae15056 Fixed #19354 -- Do not assume usermodel.pk == usermodel.id
Thanks markteisman at hotmail.com for the report.
2012-11-29 21:45:43 +01:00
Claude Paroz a962bc7c45 Updated User manager when testing custom AUTH_USER_MODEL
This is giving more real test conditions when AUTH_USER_MODEL is
set with override_settings.
2012-11-24 16:00:00 +01:00
Aymeric Augustin a026e480da Fixed #16039 -- Made post_syncdb handlers multi-db aware.
Also reverted 8fb7a90026. Refs #17055.
2012-11-22 20:53:59 +01:00
Aymeric Augustin 9e11253497 Merge pull request #511 from ryankask/username-password-admin
Allowed custom User models to use the UserAdmin's change password view.

Fix #19056 (again).
2012-11-22 06:50:37 -08:00
Jannis Leidel 1520748dac Fixed #2550 -- Allow the auth backends to raise the PermissionDenied exception to completely stop the authentication chain. Many thanks to namn, danielr, Dan Julius, Łukasz Rekucki, Aashu Dwivedi and umbrae for working this over the years. 2012-11-17 20:24:54 +01:00
Ryan Kaskel bfdedb687a Allow custom User models to use the UserAdmin's change password view. 2012-11-10 15:48:46 +00:00
Aymeric Augustin fc10418fba Fixed #18963 -- Used a subclass-friendly pattern
for Python 2 object model compatibility methods.
2012-11-03 22:07:35 +01:00
Preston Holmes 9741912a9a Fixed #17869 - force logout when REMOTE_USER header disappears
If the current sessions user was logged in via a remote user backend log out
the user if REMOTE_USER header not available - otherwise leave it to other auth
middleware to install the AnonymousUser.

Thanks to Sylvain Bouchard for the initial patch and ticket maintenance.
2012-10-29 22:58:14 -07:00
Preston Holmes 2b5f848207 Fixed #19057 (again) -- added additional tests 2012-10-29 22:24:42 -07:00
Russell Keith-Magee 81f5d4a1a7 Added some test guards for some recently added auth tests.
Refs #19061, #19057.
2012-10-30 10:28:35 +08:00
Claude Paroz b774c5993c Fixed #19172 -- Isolated poisoned_http_host tests from 500 handlers
Thanks bernardofontes for the report.
2012-10-29 17:28:04 +01:00
Preston Holmes 4ea8105120 Fixed #19061 -- added is_active attribute to AbstractBaseUser 2012-10-28 23:04:03 -07:00
Russell Keith-Magee 04b53ebfb7 Fixed #19133 -- Corrected regression in form handling for user passwords.
Thanks to pressureman for the report, and to Preston Holmes for the draft patch.
2012-10-20 11:41:54 +08:00
Ramiro Morales 0b908b92a2 Fixed #8001 -- Made redirections after add/edit in admin customizable.
Also fixes #18310.
2012-10-18 20:58:52 -03:00
Preston Holmes 9305c0e12d Fixed a security issue related to password resets
Full disclosure and new release are forthcoming
2012-10-17 14:36:41 -07:00
Russell Keith-Magee bfcda7781a Fixed #19130 -- Made some of the auth forms more flexible for user models. 2012-10-16 16:03:29 +08:00
Claude Paroz 58365401c9 Updated base translation files 2012-10-15 11:17:06 +02:00
Daniele Procida cc83a4af0c Added 'groups' to UserAdmin.filter_horizontal
Is there some reason it's not there already?

Our list of groups is very cumbersome to use with the standard widget.
2012-10-13 14:58:36 +01:00
Russell Keith-Magee b3b3db3d95 Fixed #19067 -- Clarified handling of username in createsuperuser.
Thanks to clelland for the report, and Preston Holmes for the draft patch.
2012-10-13 13:36:07 +08:00
Russell Keith-Magee c433fcb3fb Fixed #19077, #19079 -- Made USERNAME_FIELD a required field, and modified UserAdmin to match. 2012-10-13 11:44:50 +08:00
Anssi Kääriäinen b5f224e8e2 Fixed tests introduced for #15915
The tests didn't clean up properly. The commit that introduced the
errors was 8c427448d5.

Thanks to Trac alias rizumu for spotting this.
2012-10-12 00:10:49 +03:00
Russell Keith-Magee b9039268a1 Fixed #19060 -- Corrected assumptions about the name of the User model in the ModelBackend.
Thanks to Ivan Virabyan for the report and initial patch.
2012-10-06 12:43:29 +08:00
Mateusz Haligowski 8c427448d5 Fixed #15915 -- Cleaned handling of duplicate permission codenames
Previously, a duplicate model, codename for permission would lead to
database integrity error. Cleaned the implementation so that this case
now raises an CommandError instead.
2012-10-03 23:10:32 +03:00
Russell Keith-Magee 934f35f1f9 Corrected test docstring. 2012-10-03 09:16:33 +08:00
Preston Holmes 5f8b97f9fb Fixed #19057 -- support custom user models in mod_wsgi auth handler
thanks @freakboy3742 for the catch and review
2012-10-02 06:42:05 -07:00
Michael Farrell 7cc4068c44 Fixed #18616 -- added user_login_fail signal to contrib.auth
Thanks to Brad Pitcher for documentation
2012-09-30 22:34:50 -07:00
Anssi Kääriäinen d5a4f209c3 Fixed #18991 -- Allowed permission lookup by "if in"
When looking permissions from PermWrapper it is now possible to use
{% if "someapp.someperm" in perms %} instead of
{% if perms.someapp.someperm %}.
2012-09-30 19:38:16 +03:00
Claude Paroz 82a74dce24 Used TransactionTestCase in ModWsgiHandlerTestCase
Now the data created in setUp() is not discarded when the connection
is closed in the handler's methods.
2012-09-29 12:10:52 +02:00
Russell Keith-Magee 15d355d79d Fixed #19041 -- Corrected the handling of default usernames in createsuperuser. 2012-09-29 11:14:16 +08:00
Preston Holmes 373932fa6b fixed #10809 -- add a mod_wsgi authentication handler
Thanks to baumer1122 for the suggestion and initial 
patch and David Fischer for the contributions and
long term patch maintenance and docs.
2012-09-27 12:43:37 -07:00
Preston Holmes 01362745ba Fixed a small oversight in auth tests
Thanks to Vinicius Ruan Cainelli for the catch
closes #392
2012-09-27 10:24:34 -07:00
Anssi Kääriäinen 50d573d2c0 Fixed #18979 -- Avoid endless loop caused by "val in PermLookupDict"
Fixed by defining __iter__ which raises TypeError. This was done to
PermWrapper earlier.
2012-09-27 15:36:30 +03:00
Adrien Lemaire 2c8267bf3d Fixed #17899 -- Rewrote [Ee]-mail to [Ee]mail 2012-09-26 14:14:51 +02:00
Russell Keith-Magee 70a0de37d1 Fixed #3011 -- Added swappable auth.User models.
Thanks to the many people that contributed to the development and review of
this patch, including (but not limited to) Jacob Kaplan-Moss, Anssi
Kääriäinen, Ramiro Morales, Preston Holmes, Josh Ourisman, Thomas Sutton,
and Roger Barnes, as well as the many, many people who have contributed to
the design discussion around this ticket over many years.

Squashed commit of the following:

commit d84749a0f0
Merge: 531e771 7c11b1a
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Wed Sep 26 18:37:04 2012 +0800

    Merge remote-tracking branch 'django/master' into t3011

commit 531e7715da
Merge: 29d1abb 1f84b04
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Wed Sep 26 07:09:23 2012 +0800

    Merged recent trunk changes.

commit 29d1abbe35
Merge: 8a527dd 54c81a1
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Mon Sep 24 07:49:46 2012 +0800

    Merge remote-tracking branch 'django/master' into t3011

commit 8a527dda13
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Mon Sep 24 07:48:05 2012 +0800

    Ensure sequences are reset correctly in the presence of swapped models.

commit e2b6e22f29
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 23 17:53:05 2012 +0800

    Modifications to the handling and docs for auth forms.

commit 98aba856b5
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 23 15:28:57 2012 +0800

    Improved error handling and docs for get_user_model()

commit 0229209c84
Merge: 6494bf9 8599f64
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 23 14:50:11 2012 +0800

    Merged recent Django trunk changes.

commit 6494bf91f2
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Mon Sep 17 21:38:44 2012 +0800

    Improved validation of swappable model settings.

commit 5a04cde342
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Mon Sep 17 07:15:14 2012 +0800

    Removed some unused imports.

commit ffd535e413
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 16 20:31:28 2012 +0800

    Corrected attribute access on for get_by_natural_key

commit 913e1ac84c
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 16 20:12:34 2012 +0800

    Added test for proxy model safeguards on swappable models.

commit 280bf19e94
Merge: dbb3900 935a863
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 16 18:16:49 2012 +0800

    Merge remote-tracking branch 'django/master' into t3011

commit dbb3900775
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 16 18:09:27 2012 +0800

    Fixes for Python 3 compatibility.

commit dfd72131d8
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 16 15:54:30 2012 +0800

    Added protection against proxying swapped models.

commit abcb027190
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 16 15:11:10 2012 +0800

    Cleanup and documentation of AbstractUser base class.

commit a9491a8776
Merge: fd8bb4e 08bcb4a
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 16 14:46:49 2012 +0800

    Merge commit '08bcb4aec1ed154cefc631b8510ee13e9af0c19d' into t3011

commit fd8bb4e3e4
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 16 14:20:14 2012 +0800

    Documentation improvements coming from community review.

commit b550a6d06d
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 16 13:52:47 2012 +0800

    Refactored skipIfCustomUser into the contrib.auth tests.

commit 52a02f1110
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 16 13:46:10 2012 +0800

    Refactored common 'get' pattern into manager method.

commit b441a6bbc7
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 16 13:41:33 2012 +0800

    Added note about backwards incompatible change to admin login messages.

commit 08bcb4aec1
Author: Anssi Kääriäinen <akaariai@gmail.com>
Date:   Sat Sep 15 18:30:33 2012 +0300

    Splitted User to AbstractUser and User

commit d9f5e5addb
Author: Anssi Kääriäinen <akaariai@gmail.com>
Date:   Sat Sep 15 18:30:02 2012 +0300

    Reworked REQUIRED_FIELDS + create_user() interaction

commit 579f152e4a
Merge: 9184972 93e6733
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sat Sep 15 20:18:37 2012 +0800

    Merge remote-tracking branch 'django/master' into t3011

commit 918497218c
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sat Sep 15 20:18:19 2012 +0800

    Deprecate AUTH_PROFILE_MODULE and get_profile().

commit 334cdfc1bb
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sat Sep 15 20:00:12 2012 +0800

    Added release notes for new swappable User feature.

commit 5d7bb22e8d
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sat Sep 15 19:59:49 2012 +0800

    Ensure swapped models can't be queried.

commit 57ac6e3d32
Merge: f2ec915 abfba3b
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sat Sep 15 14:31:54 2012 +0800

    Merge remote-tracking branch 'django/master' into t3011

commit f2ec915b20
Merge: 1952656 5e99a3d
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 9 08:29:51 2012 +0800

    Merge remote-tracking branch 'django/master' into t3011

commit 19526563b5
Merge: 2c5e833 c4aa26a
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 9 08:22:26 2012 +0800

    Merge recent changes from master.

commit 2c5e833a30
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 9 07:53:46 2012 +0800

    Corrected admin_views tests following removal of the email fallback on admin logins.

commit 20d1892491
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 9 01:00:37 2012 +0800

    Added conditional skips for all tests dependent on the default User model

commit 40ea8b8882
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sat Sep 8 23:47:02 2012 +0800

    Added documentation for REQUIRED_FIELDS in custom auth.

commit e6aaf65970
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sat Sep 8 23:20:02 2012 +0800

    Added first draft of custom User docs.

    Thanks to Greg Turner for the initial text.

commit 75118bd242
Author: Thomas Sutton <me@thomas-sutton.id.au>
Date:   Mon Aug 20 11:17:26 2012 +0800

    Admin app should not allow username discovery

    The admin app login form should not allow users to discover the username
    associated with an email address.

commit d088b3af58
Author: Thomas Sutton <me@thomas-sutton.id.au>
Date:   Mon Aug 20 10:32:13 2012 +0800

    Admin app login form should use swapped user model

commit 7e82e83d67
Merge: e29c010 39aa890
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Fri Sep 7 23:45:03 2012 +0800

    Merged master changes.

commit e29c010beb
Merge: 8e3fd70 30bdf22
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Mon Aug 20 13:12:57 2012 +0800

    Merge remote-tracking branch 'django/master' into t3011

commit 8e3fd703d0
Merge: 507bb50 26e0ba0
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Mon Aug 20 13:09:09 2012 +0800

    Merged recent changes from trunk.

commit 507bb50a92
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Mon Jun 4 20:41:37 2012 +0800

    Modified auth app so that login with alternate auth app is possible.

commit dabe362836
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Mon Jun 4 20:10:51 2012 +0800

    Modified auth management commands to handle custom user definitions.

commit 7cc0baf89d
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Mon Jun 4 14:17:28 2012 +0800

    Added model Meta option for swappable models, and made auth.User a swappable model
2012-09-26 18:48:09 +08:00
Dan Loewenherz 69ff1b7390 Fixed #16835 -- add groups to auth.user admin list_filter 2012-09-22 00:16:22 -07:00
Florian Apolloner 06f79354d0 Added tests for d21f3d9b17. 2012-09-17 21:56:19 +02:00
Florian Apolloner d21f3d9b17 Only update `last_login` instead of the whole user object in `update_last_login`. 2012-09-17 19:52:22 +02:00
Claude Paroz c7f44ae085 Fixed #17948 -- Isolated auth tests from custom template loaders
Thanks andrey@kostenko.name for the report.
2012-09-15 21:39:08 +02:00
Claude Paroz 1aa218b857 Fixed test output check when password is blank 2012-09-12 11:58:02 +02:00
Claude Paroz 703c266682 Fixed #18182 -- Made is_usable_password check if hashing algorithm is correct
The display of the ReadOnlyPasswordHashWidget has also been improved to
distinguish empty/unusable password from erroneous password.
Fixed #18453 also.
Thanks danielr and Leo for the reports and Moritz Sichert for the
initial patch.
2012-09-12 11:32:50 +02:00
Carl Meyer 75ef980e20 Fix Python 3 test failure introduced in a78dd109. 2012-09-09 11:37:21 -06:00
Carl Meyer a78dd109e6 Fixed #15552 -- LOGIN_URL and LOGIN_REDIRECT_URL can take URLpattern names.
Thanks UloPe and Eric Florenzano for the patch, and Malcolm Tredinnick for
review.
2012-09-08 16:58:35 -06:00
Alex Gaynor 292322f977 [py3k] Silence many warnings while running the tests. 2012-09-07 13:17:34 -04:00
Adrian Holovaty 4193a0f3d5 Negligible spacing fix in auth/forms.py 2012-09-04 16:47:45 -04:00