p15693087
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
31,138 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

375 Commits

Author SHA1 Message Date
Baptiste Mispelon 3df3c5e670 Fixed #26480 -- Fixed crash of contrib.auth.authenticate() on decorated authenticate() methods of authentication backends. 
The Signature API (PEP 362) has better support for decorated functions
(by default, it follows the __wrapped__ attribute set by
functools.wraps for example).
 2019-12-10 09:36:30 +01:00
Carlton Gibson 11c5e0609b Fixed CVE-2019-19118 -- Required edit permissions on parent model for editable inlines in admin. 
Thank you to Shen Ying for reporting this issue.
 2019-12-02 08:56:08 +01:00
Mariusz Felisiak e8fcdaad5c Fixed #31021 -- Fixed proxy model permissions data migration crash with a multiple databases setup. 
Regression in 98296f86b3.
 2019-11-29 08:23:01 +01:00
Jon Dufresne 7f0946298e Replaced encode() usage with bytes literals. 2019-11-18 15:31:42 +01:00
Mariusz Felisiak ca0d50f34a Fixed random auth_tests.test_tokens.TokenGeneratorTest.test_10265 failures. 
Random failures depended on the current timestamp.
 2019-11-13 14:22:23 +01:00
Mariusz Felisiak 3b4b36fb1d Moved MockedPasswordResetTokenGenerator outside of TokenGeneratorTest.test_timeout(). 2019-11-13 14:22:23 +01:00
Sergey Fedoseev d4e767911f Added tests for middlewares' checks. 2019-10-23 08:18:02 +02:00
Hasan Ramezani 226ebb1729 Fixed #28622 -- Allowed specifying password reset link expiration in seconds and deprecated PASSWORD_RESET_TIMEOUT_DAYS. 2019-09-20 13:52:04 +02:00
Sam Reynolds 6c9778a58e Fixed #30776 -- Restored max length validation on AuthenticationForm.UsernameField. 
Regression in 5ceaf14686.

Thanks gopackgo90 for the report and Mariusz Felisiak for tests.
 2019-09-18 11:37:38 +02:00
Carlton Gibson b5db65c4fb Increased the default PBKDF2 iterations for Django 3.1. 2019-09-12 17:24:01 +02:00
Mariusz Felisiak d17be88afd Refs #30037 -- Required the RemoteUserBackend.configure_user() to have request as the first positional argument. 
Per deprecation timeline.
 2019-09-10 12:01:00 +02:00
Berker Peksag 400ec5125e Fixed #18763 -- Added ModelBackend/UserManager.with_perm() methods. 
Co-authored-by: Nick Pope <nick.pope@flightdataservices.com>
 2019-08-29 19:32:12 +02:00
daniel a rios b5a5c92c72 Fixed #30066 -- Enabled super user creation without email and password 2019-08-29 12:49:16 +02:00
Carlton Gibson 57b9604451 Converted auth test to use subTest(). 2019-08-29 12:49:16 +02:00
Hasan Ramezani 03dbdfd9bb Fixed #29019 -- Added ManyToManyField support to REQUIRED_FIELDS. 2019-08-26 14:48:40 +02:00
Hasan Ramezani a5308514fb Fixed #27801 -- Made createsuperuser fall back to environment variables for password and required fields. 2019-07-02 12:55:09 +02:00
Jon Dufresne 42b9a23267 Fixed #30400 -- Improved typography of user facing strings. 
Thanks Claude Paroz for assistance with translations.
 2019-06-28 16:46:18 +02:00
Sanyam Khurana 87f5d07eed Fixed #12952 -- Adjusted admin log change messages to use form labels instead of field names. 2019-06-14 18:20:29 +02:00
Aymeric Augustin 3ee0834a46 Fixed #30556 -- Avoided useless query and hasher call in ModelBackend.authenticate() when credentials aren't provided. 
There's no need to fetch a user instance from the database unless
a username and a password are provided as credentials.
 2019-06-10 11:12:31 +02:00
Hasan Ramezani dcb8f00d06 Fixed #29379 -- Added autocomplete attribute to contrib.auth.forms fields. 
Thank you to Nick Pope for review.

Co-authored-by: CHI Cheng <cloudream@gmail.com>
 2019-06-07 12:44:39 +02:00
Tobias Bengfort 581a0f4545 Refs #30226 -- Added User.get_user_permissions() method. 
Added to mirror the existing User.get_group_permissions().
 2019-06-05 13:56:37 +02:00
Tobias Bengfort 75337a6050 Fixed #30226 -- Added BaseBackend for authentication. 2019-06-05 13:39:46 +02:00
Mattia Procopio aff61790a3 Refs #24944 -- Added test for overriding domain in email context in PasswordResetView. 2019-05-27 11:50:30 +02:00
Rob 58df8aa40f Fixed #28780 -- Allowed specyfing a token parameter displayed in password reset URLs. 
Co-authored-by: Tim Givois <tim.givois.mendez@gmail.com>
 2019-05-24 08:40:25 +02:00
Ally Weir bd228cb599 Fixed mis-capitalisation in comment. 2019-05-15 12:14:59 +02:00
Carlton Gibson 98296f86b3
Fixed #30351 -- Handled pre-existing permissions in proxy model permissions data migration. 
Regression in 181fb60159.
 2019-04-27 20:18:22 +02:00
Jon Dufresne 8d76443aba Fixed #30399 -- Changed django.utils.html.escape()/urlize() to use html.escape()/unescape(). 2019-04-25 15:09:07 +02:00
Markus Holtermann da0b2554ec Renamed camelCaseTestMethods to snake_case_test_methods 2019-04-14 16:14:14 +02:00
pmisteli 9410db9683 Fixed #30236 -- Made UsernameField render with autocapitalize="none" HTML attribute. 
This prevents automatic capitalization, which is the default behavior in
some browsers.
 2019-03-29 15:24:44 +01:00
Ryan J Schave cbf7e71558 Fixed #30257 -- Made UsernameValidators prohibit trailing newlines. 2019-03-22 13:16:25 -04:00
Jon Dufresne 95b7699ffc Cleaned up exception message checking in some tests. 2019-03-15 19:27:57 -04:00
Claude Paroz a8e2a9bac6 Refs #15902 -- Deprecated storing user's language in the session. 2019-02-14 10:23:02 -05:00
Tim Graham 06670015f7 Increased the default PBKDF2 iterations for Django 3.0. 2019-01-17 11:15:27 -05:00
Arthur Rio 181fb60159 Fixed #11154, #22270 -- Made proxy model permissions use correct content type. 
Co-Authored-By: Simon Charette <charette.s@gmail.com>
Co-Authored-By: Antoine Catton <acatton@fusionbox.com>
 2019-01-16 10:07:28 -05:00
Simon Charette 8c775391b7 Refs #28478 -- Deprecated TestCase's allow_database_queries and multi_db in favor of databases. 2019-01-10 19:11:21 -05:00
Joshua Cannon db1b10ef0d Fixed #30037 -- Added request arg to RemoteUserBackend.configure_user(). 2019-01-09 20:01:04 -05:00
Tim Graham 043bd70942 Updated test URL patterns to use path() and re_path(). 2018-12-31 10:47:32 -05:00
Tim Graham 194a4b526c Added tests for ContentType/Group/Permission.__str__(). 2018-12-21 12:45:02 -05:00
Simon Charette 0f212db29d Made reused RequestFactory instances class attributes. 2018-11-27 09:49:02 -05:00
Simon Charette 84e7a9f4a7 Switched setUp() to setUpTestData() where possible in Django's tests. 2018-11-27 09:35:17 -05:00
Tim Graham 193c109327 Switched TestCase to SimpleTestCase where possible in Django's tests. 2018-11-27 08:58:44 -05:00
Mathew Payne 26bb2611a5 Fixed #29952 -- Lowercased all passwords in contrib.auth's auth/common-passwords.txt.gz. 2018-11-15 14:11:03 -05:00
Jon Dufresne c82893cb8c Refs #27795 -- Removed force_bytes() usage from django/utils/http.py. 
django.utils.http.urlsafe_base64_encode() now returns a string, not a
bytestring. Since URLs are represented as strings,
urlsafe_base64_encode() should return a string. All uses immediately
decoded the bytestring to a string anyway.

As the inverse operation, urlsafe_base64_decode() accepts a string.
 2018-10-10 14:38:22 -04:00
Tim Graham a7284cc0c3 Fixed #29809 -- Fixed a crash when a "view only" user POSTs to the admin user change form. 2018-10-01 10:09:50 +02:00
Carlton Gibson bf39978a53 Fixed CVE-2018-16984 -- Fixed password hash disclosure to admin "view only" users. 
Thanks Claude Paroz & Tim Graham for collaborating on the patch.
 2018-10-01 10:05:01 +02:00
Ramon Saraiva 2349cbd909 Fixed #29782 -- Added better error message when filtering queryset with AnonymousUser. 2018-09-26 15:36:19 -04:00
Jon Dufresne 82f286cf6f Refs #29784 -- Switched to https:// links where available. 2018-09-26 08:48:47 +02:00
Alexey 8624459586 Added a test for password_changed() with a custom validator. 2018-09-25 11:58:05 -04:00
Josh Schneier 3daac76cfb Simplified how createsuperuser tests generate passwords. 2018-08-18 16:26:13 -04:00
Alexander Todorov 53ebd4cb13 Fixed #29686 -- Made UserAdmin.user_change_password() pass user to has_change_permission(). 2018-08-17 17:43:00 -04:00
Josh Schneier 8b43e9b1af Fixed #29616 -- Fixed createsuperuser for user models that don't have a password field. 2018-08-05 14:26:03 -04:00
Josh Schneier 793e9bb35a Fixed #29628 -- Made createsuperuser validate password against username and required fields. 2018-08-04 08:44:25 -04:00
Tim Graham f3fa86a89b Fixed #29449 -- Reverted "Fixed #28757 -- Allowed using contrib.auth forms without installing contrib.auth." 
This reverts commit 3333d935d2 due to
a crash if USERNAME_FIELD isn't a CharField.
 2018-07-02 18:39:26 -04:00
Tim Graham 5d98d53fab Refs #27398 -- Simplified some tests with assertRedirects(). 2018-06-20 14:08:56 -04:00
Jan Pieter Waagmeester 24959e48d9 Fixed #27398 -- Added an assertion to compare URLs, ignoring the order of their query strings. 2018-06-20 13:26:12 -04:00
Hasan Ramezani 6df3d36801 Added a missing test for createsuperuser management command. 2018-06-07 19:49:25 -04:00
Claude Paroz bec651a427 Fixed #10827 -- Ensured ContentTypes are created before permission creation. 2018-06-03 22:19:04 -04:00
Dohyeon Kim f1f4aeb22e Fixed #28044 -- Unified the logic for createsuperuser's interactive and --noinput modes. 2018-05-29 08:41:32 -04:00
Hasan Ramezani e0ff88be4f Added test for createsuperuser's handling of KeyboardInterrupt. 2018-05-27 19:24:07 -04:00
Tim Graham 9792af3648 Increased the default PBKDF2 iterations for Django 2.2. 2018-05-17 11:05:45 -04:00
olivierdalang 825f0beda8 Fixed #8936 -- Added a view permission and a read-only admin. 
Co-authored-by: Petr Dlouhy <petr.dlouhy@email.cz>
Co-authored-by: Olivier Dalang <olivier.dalang@gmail.com>
 2018-05-16 06:44:55 -04:00
Tim Graham cae0107287 Increased the default PBKDF2 iterations for Django 2.1. 2018-05-13 20:06:20 -04:00
Claude Paroz 607970f31c Replaced django.test.utils.patch_logger() with assertLogs(). 
Thanks Tim Graham for the review.
 2018-05-07 09:34:00 -04:00
Nick Pope df90e462d9 Fixed #29212 -- Doc'd redirect loop if @permission_required used with redirect_authenticated_user. 2018-04-19 10:21:24 -04:00
Mads Jensen 9c651641f1 Added additional AdminPasswordChangeForm tests. 2018-04-04 11:25:28 -04:00
Malte Gerth 874977d388 Fixed #29270 -- Fixed UserChangeForm crash if password field is excluded. 2018-03-29 15:25:54 -04:00
Abeer Upadhyay 1bf4646f91 Fixed #29258 -- Added type checking for login()'s backend argument. 2018-03-28 10:10:18 -04:00
Tim Graham a4f0e9aec7 Fixed #28718 -- Allowed user to request a password reset if their password doesn't use an enabled hasher. 
Regression in aeb1389442.
Reverted changes to is_password_usable() from
703c266682 and documentation changes from
92f48680db.
 2018-03-22 10:03:43 -04:00
Mariusz Felisiak 362813d628
Fixed hanging indentation in various code. 2018-03-16 10:54:34 +01:00
Mattia Procopio aeb8c38178 Fixed #29206 -- Fixed PasswordResetConfirmView crash when the URL contains a non-UUID where one is expected. 2018-03-15 21:33:15 -04:00
Christophe Mehay 40bac28faa Fixed #29176 -- Fixed AbstractBaseUser.normalize_username() crash if username isn't a string. 2018-03-02 11:32:53 -05:00
Tim Graham 5b589a47b9
Fixed #29161 -- Removed BCryptPasswordHasher from PASSWORD_HASHERS. 2018-02-26 09:05:18 -05:00
Mikhail Porokhovnichenko 14e34dcf8c Fixed #29132 -- Avoided connecting update_last_login() handler if User.last_login isn't a field. 2018-02-21 10:36:31 -05:00
Dylan Verheul 9b1125bfc7 Fixed #28379 -- Made AccessMixin raise Permissiondenied for authenticated users. 2018-02-16 13:58:55 -05:00
Tim Graham fa75b2cb51
Refs #27795 -- Removed force_bytes/text() usage in tests. 2018-02-07 14:20:04 -05:00
Tim Graham af33fb250e Fixed CVE-2018-6188 -- Fixed information leakage in AuthenticationForm. 
Reverted 359370a8b8 (refs #28645).

This is a security fix.
 2018-02-01 09:05:14 -05:00
shanghui 3333d935d2 Fixed #28757 -- Allowed using contrib.auth forms without installing contrib.auth. 
Also fixed #28608 -- Allowed UserCreationForm and UserChangeForm to
work with custom user models.

Thanks Sagar Chalise and Rômulo Collopy for reports, and Tim Graham
and Tim Martin for reviews.
 2018-01-05 14:47:37 -05:00
Дилян Палаузов d7b2aa24f7 Fixed #28982 -- Simplified code with and/or. 2018-01-03 20:12:23 -05:00
Tim Graham acc8dd4142
Fixed #28984 -- Made assorted code simplifications. 2018-01-03 13:24:02 -05:00
Alvin Lindstam 2cb6b7732d Fixed #28902 -- Fixed password_validators_help_text_html() double escaping. 2018-01-02 19:51:06 -05:00
shanghui 359370a8b8 Fixed #28645 -- Reallowed AuthenticationForm to raise the inactive user error when using ModelBackend. 
Regression in e0a3d93730.

Thanks Guilherme Junqueira for the report and Tim Graham for the review.
 2017-11-08 09:39:12 -05:00
Дилян Палаузов 6c0042430e Fixed #28776 -- Fixed a/an/and typos in docs and comments. 2017-11-06 22:41:03 -05:00
Tom b81905bfd4 Fixed #28571 -- Added a prompt to bypass password validation in createsuperuser. 2017-11-03 20:00:08 -04:00
Tim Graham 872be5976d Improved technique for matching input prompts in contrib.auth management tests. 2017-11-03 20:00:08 -04:00
Jon Dufresne 6ed347d851 Fixed #28706 -- Moved AuthenticationFormn invalid login ValidationError to a method for reuse. 2017-10-23 09:10:45 -04:00
Lucas Connors 5ceaf14686 Fixed #27515 -- Made AuthenticationForm's username field use the max_length from the model field. 
Thanks Ramin Farajpour Cami for the report.
 2017-10-20 11:13:26 -04:00
Lucas Connors d233391208 Refs #19130 -- Added a test for AuthenticationForm.username max_length. 
This will be a more useful regression test after refs #27515.
 2017-10-20 11:10:32 -04:00
Yuri Kaszubowski Lopes d98210c255 Fixed #28713 -- Prevented ModelBackend.get_all_permissions() from mutating get_user_permissions(). 2017-10-14 20:47:49 -04:00
Hasan Ramezani 6aec130a4c Fixed #28591 -- Added an error message for createsuperuser --username= (blank). 2017-10-09 21:49:35 -04:00
Mads Jensen 3e72f4b7b6 Completed test coverage for BasePasswordHasher. 2017-09-29 09:28:25 -04:00
Mads Jensen 776f6902d9 Moved BasePasswordHasher tests to its own test case. 2017-09-29 09:28:24 -04:00
Mads Jensen d917c17a3b Completed test coverage for AnonymousUser. 2017-09-28 13:11:23 -04:00
Mads Jensen 7fce4dc5ff Moved AnonymousUser tests to its own test case. 2017-09-28 13:11:07 -04:00
Mads Jensen 4803834aaa Added a test for PermWrapper.__iter__(). 2017-09-26 19:42:50 -04:00
Tim Graham 67a6ba391b Reverted "Fixed #28248 -- Fixed password reset tokens being valid for 1 day longer than PASSWORD_RESET_TIMEOUT_DAYS." 
This reverts commit 95993a89ce.
 2017-09-25 09:05:00 -04:00
Tim Graham 5e31be1b96 Refs #25187 -- Required the authenticate() method of authentication backends to have request as the first positional argument. 
Per deprecation timeline.
 2017-09-22 12:51:18 -04:00
Tim Graham 6e40b70bf4 Refs #26929 -- Removed extra_context parameter of contrib.auth.views.logout_then_login(). 
Per deprecation timeline.
 2017-09-22 12:51:17 -04:00
Tim Graham 4f313e284e Refs #17209 -- Removed login/logout and password reset/change function-based views. 
Per deprecation timeline.
 2017-09-22 12:51:17 -04:00
Luoxzhg ffbee67f8e Fixed some comments referring to a nonexistent TestClient class. 2017-09-09 11:21:15 -04:00
ZachLiuGIS 2dacc2ccd9 Fixed #28550 -- Restored contrib.auth's login() and logout() views' respect of positional arguments. 
Regression in 78963495d0.

Forwardport of f8e0557b01 from stable/1.11.x
 2017-09-03 12:06:44 -04:00
François Freitag 18dd9ba481 Fixed test in auth_tests modifying data from setUpTestData(). 2017-09-01 21:43:41 -04:00
hui shang c0f4c60edd Fixed #28513 -- Added POST request support to LogoutView. 2017-08-24 09:11:16 -04:00
Mads Jensen a51c4de194 Used assertRaisesMessage() to test Django's error messages. 2017-07-29 19:07:23 -04:00
Andrew Pinkham a96b981d84 Fixed #28127 -- Allowed UserCreationForm's password validation to check all user fields. 2017-06-21 09:22:15 -04:00
Chandrakant Kumar 2b09e4c88e Fixed #27787 -- Made call_command() validate the options it receives. 2017-06-16 21:28:38 -04:00
Mikhail Golubev e7dc39fb65 Fixed #28229 -- Fixed the value of LoginView's "next" template variable. 2017-06-13 09:13:22 -04:00
Jon Dufresne 2c69824e5a Refs #23968 -- Removed unnecessary lists, generators, and tuple calls. 2017-06-01 19:08:59 -04:00
Linus Lewandowski eedc88bd4a Fixed #26823 -- Prevented update_last_login signal receiver from crashing if User model doesn't have last_login field. 2017-05-29 17:31:18 -04:00
Nick Zaccardi 95993a89ce Fixed #28248 -- Fixed password reset tokens being valid for 1 day longer than PASSWORD_RESET_TIMEOUT_DAYS. 2017-05-29 09:22:22 -04:00
jannh c930c241f8 Fixed #28017 -- Allowed customizing PasswordResetTokenGenerator's secret. 2017-05-26 07:37:36 -04:00
Bruno Alla 6092ea8fa6 Refs #27804 -- Used subTest() in several tests. 2017-05-24 08:36:34 -04:00
Daniel Hahler a3ba2662cd Refs #28207 -- Fixed contrib.auth.authenticate() if 'backend' is in the credentials. 
Regression in 3008f30f19.
 2017-05-22 12:24:38 -04:00
Tamas Szabo 3008f30f19 Fixed #28207 -- Fixed contrib.auth.authenticate() if multiple auth backends don't accept a request. 2017-05-15 07:48:15 -04:00
Sławek Ehlert faaf62f616 Improved test coverage for createsuperuser command. 2017-05-12 10:29:56 -04:00
Josh Schneier 5df0ff4155 Fixed #28089 -- Removed requirement to implement get_short_name() and get_full_name() in AbstractBaseUser subclasses. 2017-05-06 17:05:42 -04:00
Tim Graham dff559ff83 Fixed #28097 -- Fixed layout of ReadOnlyPasswordHashWidget. 2017-04-19 12:59:30 -04:00
Tim Graham d4d79d0f20 Refs #27025 -- Fixed "invalid escape sequence" warning in auth_tests on Python 3.6. 2017-04-02 20:02:55 -04:00
Camilo Nova 5db465d5a6 Fixed #27891 -- Added PasswordResetConfirmView.post_reset_login_backend. 2017-03-07 19:52:26 -05:00
Tim Graham 72ff9d53e6 Factored out uid/user tokens in auth_tests urlpatterns. 2017-03-07 18:56:10 -05:00
Anton Samarchyan 7588d7e439 Improved test coverage for django.contrib.auth. 2017-03-01 17:29:50 -05:00
Tim Graham c31e7ab5a4 Refs #25187 -- Fixed AuthBackend.authenticate() compatibility for signatures that accept a request kwarg. 2017-02-24 10:15:41 -05:00
Markus Holtermann b9b35f9efa
Fixed #27840 -- Fixed KeyError in PasswordResetConfirmView.form_valid(). 
When a user is already logged in when submitting the password and
password confirmation to reset a password, a KeyError occurred while
removing the reset session token from the session.

Refs #17209

Thanks Quentin Marlats for the report and Florian Apolloner and Tim
Graham for the review.
 2017-02-15 00:35:04 +01:00
Zoltan Gyarmati 41ba27fefd Fixed #27815 -- Made LoginView pass the request kwarg to AuthenticationForm. 2017-02-07 08:54:21 -05:00
Claude Paroz c651331b34 Converted usage of ugettext* functions to their gettext* aliases 
Thanks Tim Graham for the review.
 2017-02-07 09:04:04 +01:00
Tim Graham 29f607927f Fixed spelling of "nonexistent". 2017-02-03 08:01:45 -05:00
Claude Paroz fee42fd99e Refs #23919 -- Replaced usage of django.utils.http utilities with Python equivalents 
Thanks Tim Graham for the review.
 2017-01-26 19:49:03 +01:00
Tim Graham 1c466994d9 Refs #23919 -- Removed misc Python 2/3 references. 2017-01-25 13:59:25 -05:00
chillaranand d6eaf7c018 Refs #23919 -- Replaced super(ClassName, self) with super(). 2017-01-25 12:23:46 -05:00
Claude Paroz 2366100872 Removed unneeded force_text calls in the test suite 2017-01-24 18:45:54 +01:00
Tim Graham d170c63351 Refs #23919 -- Removed misc references to Python 2. 2017-01-21 20:02:00 -05:00
Tim Graham 7aba69145d Refs #23919 -- Removed django.test.mock Python 2 compatibility shim. 2017-01-20 08:17:20 -05:00
Claude Paroz 042b7350a0 Refs #23919 -- Removed unneeded str() calls 2017-01-20 14:13:55 +01:00
Tim Graham 4e729feaa6 Refs #23919 -- Removed django.utils._os.upath()/npath()/abspathu() usage. 
These functions do nothing on Python 3.
 2017-01-20 08:01:02 -05:00
Tim Graham 109b33f64c Refs #23919 -- Simplified assertRaisesRegex()'s that accounted for Python 2. 2017-01-20 08:49:47 +01:00
Claude Paroz dc8834cad4 Refs #23919 -- Removed unneeded force_str calls 2017-01-20 08:44:31 +01:00
Simon Charette 9695b14982 Refs #23919 -- Removed str() conversion of type and method __name__. 2017-01-19 11:31:07 -05:00
Simon Charette cecc079168 Refs #23919 -- Stopped inheriting from object to define new style classes. 2017-01-19 08:39:46 +01:00
Claude Paroz 2b281cc35e Refs #23919 -- Removed most of remaining six usage 
Thanks Tim Graham for the review.
 2017-01-18 21:33:28 +01:00
Claude Paroz 7b2f2e74ad Refs #23919 -- Removed six.<various>_types usage 
Thanks Tim Graham and Simon Charette for the reviews.
 2017-01-18 20:18:46 +01:00
Claude Paroz c716fe8782 Refs #23919 -- Removed six.PY2/PY3 usage 
Thanks Tim Graham for the review.
 2017-01-18 16:21:28 +01:00
Claude Paroz f3c43ad1fd Refs #23919 -- Removed python_2_unicode_compatible decorator usage 2017-01-18 13:44:34 +01:00
Claude Paroz d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
Tim Graham 0bf3228eec Increased the default PBKDF2 iterations for the 1.11 release cycle. 2017-01-17 20:52:05 -05:00
Tim Graham d334f46b7a Refs #26601 -- Removed support for old-style middleware using settings.MIDDLEWARE_CLASSES. 2017-01-17 20:52:04 -05:00
Tim Graham eba093e8b0 Refs #25847 -- Removed support for User.is_(anonymous|authenticated) as methods. 
Per deprecation timeline.
 2017-01-17 20:52:03 -05:00
Romain Garrigues ede59ef6f3 Fixed #27518 -- Prevented possibie password reset token leak via HTTP Referer header. 
Thanks Florian Apolloner for contributing to this patch and
Collin Anderson, Markus Holtermann, and Tim Graham for review.
 2017-01-13 09:17:54 -05:00
Tim Graham 3226536127 Split AuthTemplateTests into test methods. 2017-01-12 13:18:49 -05:00
Tim Graham b5f0b3478d Fixed #27579 -- Added aliases for Python 3's assertion names in SimpleTestCase. 2016-12-07 17:42:31 -05:00
Tim Graham 93a081946d Normalized casing of "custom user model". 2016-11-23 15:14:28 -05:00
Florian Apolloner 51eaff6d35 Refs #17209 -- Fixed token verification for PasswordResetConfirmView POST requests. 2016-11-21 13:42:25 -05:00