django1/django/contrib/auth/tests
Russell Keith-Magee aae5a96d57 Ensure that passwords are never long enough for a DoS.
* Limit the password length to 4096 bytes
  * Password hashers will raise a ValueError
  * django.contrib.auth forms will fail validation
* Document in release notes that this is a backwards incompatible change

Thanks to Josh Wright for the report, and Donald Stufft for the patch.

This is a security fix; disclosure to follow shortly.
2013-09-15 13:42:23 +08:00
..
templates Fixed #20832 -- Enabled HTML password reset email 2013-08-05 09:47:28 -04:00
__init__.py Fixed #17365, #17366, #18727 -- Switched to discovery test runner. 2013-05-10 23:08:45 -04:00
test_auth_backends.py Fixed #18171 -- Checked signature of authenticate() to avoid supressing TypeErrors. 2013-08-28 07:51:45 -04:00
test_basic.py Replaced "not PY3" by "PY2", new in six 1.4.0. 2013-09-02 12:11:02 +02:00
test_context_processors.py Fixed a number of lint warnings, particularly around unused variables. 2013-08-04 09:17:10 -07:00
test_custom_user.py Fixed #20244: PermissionsMixin now defines a related_query_name for M2Ms 2013-06-27 15:44:22 +01:00
test_decorators.py Fixed #20828 -- Allowed @permission_required to take a list of permissions 2013-08-10 10:10:18 -04:00
test_forms.py Combine consecutive with statements 2013-08-16 20:12:10 +02:00
test_handlers.py Defined available_apps in relevant tests. 2013-06-10 11:30:01 +02:00
test_hashers.py Ensure that passwords are never long enough for a DoS. 2013-09-15 13:42:23 +08:00
test_management.py SQLite test fix -- refs #9057 2013-08-09 10:57:25 -04:00
test_models.py Fixed #11400 -- Passed kwargs from AbstractUser.email_user() to send_mail() 2013-08-14 07:46:11 -04:00
test_remote_user.py Removed several unused imports. 2013-06-19 17:18:40 +02:00
test_signals.py Modified auth to work with unittest2 discovery. 2013-04-02 21:59:45 -06:00
test_templates.py Fixed #18511 -- Cleaned up admin password reset template titles. 2013-07-27 14:23:04 -04:00
test_tokens.py Stopped using django.utils.unittest in the test suite. 2013-07-01 14:29:33 +02:00
test_views.py Took advantage of django.utils.six.moves.urllib.*. 2013-09-05 14:39:23 -05:00
urls.py Removed a ton of unused local vars 2013-09-08 08:05:16 -07:00
urls_admin.py Fixed #20078: don't allow filtering on password in the user admin. 2013-03-27 11:24:36 -05:00
utils.py Stopped using django.utils.unittest in the test suite. 2013-07-01 14:29:33 +02:00