Commit Graph

22 Commits

Author SHA1 Message Date
Luke Plant 25020ddb05 Fixed #4604 - Configurable message passing system, supporting anonymous users
This deprecates User.message_set in favour of a configurable messaging
system, with backends provided for cookie storage, session storage and
backward compatibility.

Many thanks to Tobias McNulty for the bulk of the work here, with
contributions from Chris Beaven (SmileyChris) and lots of code review from
Russell Keith-Magee, and input from many others.  Also credit to the authors
of various messaging systems for Django whose ideas may have been pinched
:-)



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11804 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-12-09 16:57:23 +00:00
Luke Plant 8e70cef9b6 Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default.
This is a large change to CSRF protection for Django.  It includes:

 * removing the dependency on the session framework.
 * deprecating CsrfResponseMiddleware, and replacing with a core template tag.
 * turning on CSRF protection by default by adding CsrfViewMiddleware to
   the default value of MIDDLEWARE_CLASSES.
 * protecting all contrib apps (whatever is in settings.py)
   using a decorator.

For existing users of the CSRF functionality, it should be a seamless update,
but please note that it includes DEPRECATION of features in Django 1.1,
and there are upgrade steps which are detailed in the docs.

Many thanks to 'Glenn' and 'bthomas', who did a lot of the thinking and work
on the patch, and to lots of other people including Simon Willison and
Russell Keith-Magee who refined the ideas.

Details of the rationale for these changes is found here:

http://code.djangoproject.com/wiki/CsrfProtection

As of this commit, the CSRF code is mainly in 'contrib'.  The code will be
moved to core in a separate commit, to make the changeset as readable as
possible.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-26 23:23:07 +00:00
Jacob Kaplan-Moss 7098664940 Removed mentions of Python 2.3 support from the docs -- Django 1.2 drops support for Python 2.3 -- and added a quick FAQ about that dropping of support.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11640 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-23 19:30:23 +00:00
Luke Plant c46ddbf1fc Fixed #8274 - allow custom forms for auth 'login' and 'password_change' views
Thanks to julien for the suggestion and patch, and SmileyChris for work on the patch.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11618 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-12 15:32:24 +00:00
Russell Keith-Magee 0e07f80cf4 Fixed #9414 -- Clarified the documentation on the permission decorators. Thanks to timo for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11547 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-13 01:13:40 +00:00
Russell Keith-Magee 7dfd7cb836 Fixed #10864 -- Clarified the role played by redirect_to_field in the login_required auth decorator. Thanks to trigeek38 for the suggestion, and SmileyChris for the draft.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11544 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-13 00:12:26 +00:00
Luke Plant 404a82e156 Fixed #7376: auth docs don't say they depend on contenttypes.
Thanks arien


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11487 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-10 15:41:00 +00:00
Karen Tracey b527a59da8 Fixed #10855: Reference doc on creating superusers in the tutorial at the point where an account is needed, so that readers who neglected to create one earlier (or who forgot the password) don't get stuck or think they have to start all over. Thanks cwolf127 and timo.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10810 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-17 17:54:51 +00:00
Jacob Kaplan-Moss bc514fe87e Fixed #10273: added an explanation of `SetPasswordForm` and `UserChangeForm` to the docs. Thanks, Tarken.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10772 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-14 02:02:58 +00:00
Jacob Kaplan-Moss de642e4d3d Fixed #10272: documented the signatures for the contrib.auth views. Thanks, Idan Gazit.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10770 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-14 02:01:17 +00:00
Jacob Kaplan-Moss c6c25adf6d Fixed a whole bunch of small docs typos, errors, and ommissions.
Fixes #8358, #8396, #8724, #9043, #9128, #9247, #9267, #9267, #9375, #9409, #9414, #9416, #9446, #9454, #9464, #9503, #9518, #9533, #9657, #9658, #9683, #9733, #9771, #9835, #9836, #9837, #9897, #9906, #9912, #9945, #9986, #9992, #10055, #10084, #10091, #10145, #10245, #10257, #10309, #10358, #10359, #10424, #10426, #10508, #10531, #10551, #10635, #10637, #10656, #10658, #10690, #10699, #19528.

Thanks to all the respective authors of those tickets.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10371 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-03 18:30:54 +00:00
Jacob Kaplan-Moss 516051bfd2 A whole lotta documentation fixes: Fixes #8704, #8826, #8980, #9243, #9343, #9529,
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10303 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-31 23:34:03 +00:00
James Bennett 33e87318c0 Fixed #10306: Corrected form action in auth login example.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10269 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-31 17:00:59 +00:00
Gary Wilson Jr b994387d8d Fixed #689 -- Added a middleware and authentication backend to contrib.auth for supporting external authentication solutions. Thanks to all who contributed to this patch, including Ian Holsman, garthk, Koen Biermans, Marc Fargas, ekarulf, and Ramiro Morales.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10063 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-15 05:54:28 +00:00
Gary Wilson Jr 88837875f2 Auth-related doc cleanups:
* Added to documentation of missing characters from `allowed_chars` in `make_random_password`.
  * Fixed several long lines and word wraps.
  * Added a reference link to the "How to log a user in" section and made a later reference to this section an actual link using the `:ref:` directive.
  * Turned a command line code example into a code block.
  * Added attribute reference link for a ``request.META`` mention.
  * Added `code-block:: html` directives for HTML examples.
  * Corrected reference links for all the `auth.views` functions.
  * Added a few function signatures and documentation of optional parameters that were missing for some of the the `auth.views` functions (refs #10272).


git-svn-id: http://code.djangoproject.com/svn/django/trunk@9835 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-02-16 05:10:31 +00:00
Adrian Holovaty 89dc5b894a Added some documentation explaining (1) that it's possible to add users via the Django admin site, and (2) that in order to be able to add users via the admin site, you need to have both 'add user' and 'change user' permissions. Refs #9866
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9684 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-12-25 06:19:14 +00:00
Gary Wilson Jr ff3e1a7d40 Fixed #9718 -- Removed a reference to oldforms FormWrapper object in the user authentication docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9595 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-12-08 05:27:04 +00:00
Malcolm Tredinnick 644ad9073f Fixed #9477 -- Removed and edited a bunch of references to "development
version". Some were replaced with versionadded or versionchanged directives.
Other, more minor ones, were removed altogether.

Based on a patch from James Bennett.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@9454 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-15 05:51:25 +00:00
Karen Tracey c483583023 Fixed #9497 - Doc typos. Many thanks ramiro.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9330 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-02 20:43:20 +00:00
Malcolm Tredinnick 49c61ab1ab Fixed #7011 -- Clarified what User.is_active really means in the documentation.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9176 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-10-06 11:20:15 +00:00
Jacob Kaplan-Moss 64a9469127 Fixed #8753: converted "new in ..." callouts to proper Sphinx "versionadded/versionchanged" directives. Thanks to Marc Fargas for all the heavy lifting here.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8843 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-02 03:40:42 +00:00
Jacob Kaplan-Moss 97cb07c3a1 Massive reorganization of the docs. See the new docs online at http://docs.djangoproject.com/.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8506 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-23 22:25:40 +00:00