Mariusz Felisiak
767e06b5a8
[3.1.x] Fixed #32130 -- Fixed pre-Django 3.1 password reset tokens validation.
...
Thanks Gordon Wrigley for the report and implementation idea.
Regression in 226ebb1729
.
Backport of 3418092238
from master
2020-10-22 13:22:00 +02:00
Mariusz Felisiak
9857352655
[3.1.x] Fixed #31842 -- Added DEFAULT_HASHING_ALGORITHM transitional setting.
...
It's a transitional setting helpful in migrating multiple instance of
the same project to Django 3.1+.
Thanks Markus Holtermann for the report and review, Florian
Apolloner for the implementation idea and review, and Carlton Gibson
for the review.
Backport of d907371ef9
from master.
2020-08-04 09:39:29 +02:00
Jon Dufresne
1c2d0fdf3e
[3.1.x] Fixed #31575 -- Added system check for admin sidebar request context processor dependency.
...
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Backport of d522b51c40
from master
2020-05-14 11:01:22 +02:00
Jon Dufresne
d6aff369ad
Refs #30116 -- Simplified regex match group access with Match.__getitem__().
...
The method has been available since Python 3.6. The shorter syntax is
also marginally faster.
2020-05-11 12:01:28 +02:00
François Freitag
a0df5dea33
Removed unnecessary inner methods in CreatesuperuserManagementCommandTestCase.
2020-05-01 20:51:44 +02:00
Mariusz Felisiak
54646a423b
Refs #27468 -- Made user sessions use SHA-256 algorithm.
2020-04-29 16:45:00 +02:00
François Freitag
9ef4a18dbe
Changed django.forms.ValidationError imports to django.core.exceptions.ValidationError.
...
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-04-28 10:49:00 +02:00
Jon Dufresne
505fec6bad
Capitalized Unicode in docs, strings, and comments.
2020-04-20 12:10:33 +02:00
François Freitag
c86201b6ed
Disabled management commands output with verbosity 0 in various tests.
...
Instead of capturing the command output and discard it immediately,
tell the command not to log.
2020-04-20 09:09:26 +02:00
François Freitag
45e96b4d9d
Removed unnecessary capturing of stdout/stderr in auth_tests.test_management.
2020-04-20 09:08:43 +02:00
Hasan Ramezani
8aa71f4e87
Fixed #31375 -- Made contrib.auth.hashers.make_password() accept only bytes or strings.
2020-03-31 10:52:56 +02:00
Hasan Ramezani
b3ab92cc5a
Refs #31375 -- Added test for contrib.auth.hashers.make_password() bytes support.
2020-03-31 10:49:39 +02:00
Jon Dufresne
3857a08bdb
Fixed #31361 -- Fixed invalid action="" in admin forms.
...
The attribute action="" (empty string) on the <form> element is invalid
HTML5. The spec (https://html.spec.whatwg.org/#attr-fs-action ) says:
> The action and formaction content attributes, if specified, must have
> a value that is a valid non-empty URL potentially surrounded by
> spaces.
Emphasis on non-empty. The action attribute is allowed to be omitted, in
which case the current URL is used which is the same behavior as now.
2020-03-16 07:31:19 +01:00
Mariusz Felisiak
8725d04764
Fixed random auth_tests.test_tokens.TokenGeneratorTest.test_timeout failures.
...
Random failures depended on the current timestamp.
Thanks Matthijs Kooijman for the review.
2020-03-12 10:56:38 +01:00
Colton Hicks
f283ffaa84
Fixed #28699 -- Fixed CSRF validation with remote user middleware.
...
Ensured process_view() always accesses the CSRF token from the session
or cookie, rather than the request, as rotate_token() may have been called
by an authentication middleware during the process_request() phase.
2020-02-26 17:25:20 +01:00
aryan
fba5d3b6e6
Fixed #31289 -- Added hint for USERNAME_FIELD/REQUIRED_FIELDS system check.
2020-02-26 08:40:36 +01:00
Claude Paroz
4d973f5939
Refs #26601 -- Deprecated passing None as get_response arg to middleware classes.
...
This is the new contract since middleware refactoring in Django 1.10.
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-02-18 20:03:44 +01:00
Claude Paroz
da4923ea87
Refs #27468 -- Made PasswordResetTokenGenerator use SHA-256 algorithm.
2020-02-12 21:46:56 +01:00
Claude Paroz
27f67317da
Removed unnecessary token regex in auth_tests URLs.
...
All URLs in django.contrib.auth use a "<uidb64>/<token>" pattern.
2020-02-12 10:45:53 +01:00
Hasan Ramezani
fc4f45ebdc
Used assertRaisesMessage() in various tests.
2020-02-07 12:46:23 +01:00
Hasan Ramezani
579f33eb79
Replaced assertWarns() with SimpleTestCase.assertWarnsMessage() in tests.
2020-01-30 11:19:50 +01:00
Jon Dufresne
f791673537
Made token tests in auth_tests use assertIs() rather than assertTrue/False().
2020-01-29 09:01:18 +01:00
Michael Mulholland
5a68a223c7
Fixed #31200 -- Added system checks for permissions codenames max length.
2020-01-23 12:22:59 +01:00
Matthijs Kooijman
2a2ea4ee18
Refs #31117 -- Made various tests properly handle unexpected databases aliases.
...
- Used selected "databases" instead of django.db.connections.
- Made routers in tests.migrations skip migrations on unexpected
databases.
- Added DiscoverRunnerGetDatabasesTests.assertSkippedDatabases() hook
which properly asserts messages about skipped databases.
2020-01-20 14:39:02 +01:00
Mariusz Felisiak
1960d55f8b
Refs #31040 -- Fixed crypt.crypt() call in test_hashers.py.
...
An empty string is invalid salt in Python 3 and raises exception since
Python 3.9, see https://bugs.python.org/issue38402 .
2020-01-03 07:47:04 +01:00
Simon Charette
5b1fbcef7a
Fixed CVE-2019-19844 -- Used verified user email for password reset requests.
...
Co-Authored-By: Florian Apolloner <florian@apolloner.eu>
2019-12-18 09:11:39 +01:00
Baptiste Mispelon
3df3c5e670
Fixed #26480 -- Fixed crash of contrib.auth.authenticate() on decorated authenticate() methods of authentication backends.
...
The Signature API (PEP 362) has better support for decorated functions
(by default, it follows the __wrapped__ attribute set by
functools.wraps for example).
2019-12-10 09:36:30 +01:00
Carlton Gibson
11c5e0609b
Fixed CVE-2019-19118 -- Required edit permissions on parent model for editable inlines in admin.
...
Thank you to Shen Ying for reporting this issue.
2019-12-02 08:56:08 +01:00
Mariusz Felisiak
e8fcdaad5c
Fixed #31021 -- Fixed proxy model permissions data migration crash with a multiple databases setup.
...
Regression in 98296f86b3
.
2019-11-29 08:23:01 +01:00
Jon Dufresne
7f0946298e
Replaced encode() usage with bytes literals.
2019-11-18 15:31:42 +01:00
Mariusz Felisiak
ca0d50f34a
Fixed random auth_tests.test_tokens.TokenGeneratorTest.test_10265 failures.
...
Random failures depended on the current timestamp.
2019-11-13 14:22:23 +01:00
Mariusz Felisiak
3b4b36fb1d
Moved MockedPasswordResetTokenGenerator outside of TokenGeneratorTest.test_timeout().
2019-11-13 14:22:23 +01:00
Sergey Fedoseev
d4e767911f
Added tests for middlewares' checks.
2019-10-23 08:18:02 +02:00
Hasan Ramezani
226ebb1729
Fixed #28622 -- Allowed specifying password reset link expiration in seconds and deprecated PASSWORD_RESET_TIMEOUT_DAYS.
2019-09-20 13:52:04 +02:00
Sam Reynolds
6c9778a58e
Fixed #30776 -- Restored max length validation on AuthenticationForm.UsernameField.
...
Regression in 5ceaf14686
.
Thanks gopackgo90 for the report and Mariusz Felisiak for tests.
2019-09-18 11:37:38 +02:00
Carlton Gibson
b5db65c4fb
Increased the default PBKDF2 iterations for Django 3.1.
2019-09-12 17:24:01 +02:00
Mariusz Felisiak
d17be88afd
Refs #30037 -- Required the RemoteUserBackend.configure_user() to have request as the first positional argument.
...
Per deprecation timeline.
2019-09-10 12:01:00 +02:00
Berker Peksag
400ec5125e
Fixed #18763 -- Added ModelBackend/UserManager.with_perm() methods.
...
Co-authored-by: Nick Pope <nick.pope@flightdataservices.com>
2019-08-29 19:32:12 +02:00
daniel a rios
b5a5c92c72
Fixed #30066 -- Enabled super user creation without email and password
2019-08-29 12:49:16 +02:00
Carlton Gibson
57b9604451
Converted auth test to use subTest().
2019-08-29 12:49:16 +02:00
Hasan Ramezani
03dbdfd9bb
Fixed #29019 -- Added ManyToManyField support to REQUIRED_FIELDS.
2019-08-26 14:48:40 +02:00
Hasan Ramezani
a5308514fb
Fixed #27801 -- Made createsuperuser fall back to environment variables for password and required fields.
2019-07-02 12:55:09 +02:00
Jon Dufresne
42b9a23267
Fixed #30400 -- Improved typography of user facing strings.
...
Thanks Claude Paroz for assistance with translations.
2019-06-28 16:46:18 +02:00
Sanyam Khurana
87f5d07eed
Fixed #12952 -- Adjusted admin log change messages to use form labels instead of field names.
2019-06-14 18:20:29 +02:00
Aymeric Augustin
3ee0834a46
Fixed #30556 -- Avoided useless query and hasher call in ModelBackend.authenticate() when credentials aren't provided.
...
There's no need to fetch a user instance from the database unless
a username and a password are provided as credentials.
2019-06-10 11:12:31 +02:00
Hasan Ramezani
dcb8f00d06
Fixed #29379 -- Added autocomplete attribute to contrib.auth.forms fields.
...
Thank you to Nick Pope for review.
Co-authored-by: CHI Cheng <cloudream@gmail.com>
2019-06-07 12:44:39 +02:00
Tobias Bengfort
581a0f4545
Refs #30226 -- Added User.get_user_permissions() method.
...
Added to mirror the existing User.get_group_permissions().
2019-06-05 13:56:37 +02:00
Tobias Bengfort
75337a6050
Fixed #30226 -- Added BaseBackend for authentication.
2019-06-05 13:39:46 +02:00
Mattia Procopio
aff61790a3
Refs #24944 -- Added test for overriding domain in email context in PasswordResetView.
2019-05-27 11:50:30 +02:00
Rob
58df8aa40f
Fixed #28780 -- Allowed specyfing a token parameter displayed in password reset URLs.
...
Co-authored-by: Tim Givois <tim.givois.mendez@gmail.com>
2019-05-24 08:40:25 +02:00