5a3d7cf462
Used urllib.parse.urljoin() in auth_tests to join URLs.
...
As the strings represent URLs and not paths, should use urllib to
manipulate them.
2020-07-09 12:03:03 +02:00
d6aff369ad
Refs #30116 -- Simplified regex match group access with Match.__getitem__().
...
The method has been available since Python 3.6. The shorter syntax is
also marginally faster.
2020-05-11 12:01:28 +02:00
54646a423b
Refs #27468 -- Made user sessions use SHA-256 algorithm.
2020-04-29 16:45:00 +02:00
3857a08bdb
Fixed #31361 -- Fixed invalid action="" in admin forms.
...
The attribute action="" (empty string) on the <form> element is invalid
HTML5. The spec (https://html.spec.whatwg.org/#attr-fs-action ) says:
> The action and formaction content attributes, if specified, must have
> a value that is a valid non-empty URL potentially surrounded by
> spaces.
Emphasis on non-empty. The action attribute is allowed to be omitted, in
which case the current URL is used which is the same behavior as now.
2020-03-16 07:31:19 +01:00
4d973f5939
Refs #26601 -- Deprecated passing None as get_response arg to middleware classes.
...
This is the new contract since middleware refactoring in Django 1.10.
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-02-18 20:03:44 +01:00
11c5e0609b
Fixed CVE-2019-19118 -- Required edit permissions on parent model for editable inlines in admin.
...
Thank you to Shen Ying for reporting this issue.
2019-12-02 08:56:08 +01:00
7f0946298e
Replaced encode() usage with bytes literals.
2019-11-18 15:31:42 +01:00
87f5d07eed
Fixed #12952 -- Adjusted admin log change messages to use form labels instead of field names.
2019-06-14 18:20:29 +02:00
aff61790a3
Refs #24944 -- Added test for overriding domain in email context in PasswordResetView.
2019-05-27 11:50:30 +02:00
58df8aa40f
Fixed #28780 -- Allowed specyfing a token parameter displayed in password reset URLs.
...
Co-authored-by: Tim Givois <tim.givois.mendez@gmail.com>
2019-05-24 08:40:25 +02:00
95b7699ffc
Cleaned up exception message checking in some tests.
2019-03-15 19:27:57 -04:00
a8e2a9bac6
Refs #15902 -- Deprecated storing user's language in the session.
2019-02-14 10:23:02 -05:00
043bd70942
Updated test URL patterns to use path() and re_path().
2018-12-31 10:47:32 -05:00
84e7a9f4a7
Switched setUp() to setUpTestData() where possible in Django's tests.
2018-11-27 09:35:17 -05:00
c82893cb8c
Refs #27795 -- Removed force_bytes() usage from django/utils/http.py.
...
django.utils.http.urlsafe_base64_encode() now returns a string, not a
bytestring. Since URLs are represented as strings,
urlsafe_base64_encode() should return a string. All uses immediately
decoded the bytestring to a string anyway.
As the inverse operation, urlsafe_base64_decode() accepts a string.
2018-10-10 14:38:22 -04:00
a7284cc0c3
Fixed #29809 -- Fixed a crash when a "view only" user POSTs to the admin user change form.
2018-10-01 10:09:50 +02:00
bf39978a53
Fixed CVE-2018-16984 -- Fixed password hash disclosure to admin "view only" users.
...
Thanks Claude Paroz & Tim Graham for collaborating on the patch.
2018-10-01 10:05:01 +02:00
53ebd4cb13
Fixed #29686 -- Made UserAdmin.user_change_password() pass user to has_change_permission().
2018-08-17 17:43:00 -04:00
5d98d53fab
Refs #27398 -- Simplified some tests with assertRedirects().
2018-06-20 14:08:56 -04:00
24959e48d9
Fixed #27398 -- Added an assertion to compare URLs, ignoring the order of their query strings.
2018-06-20 13:26:12 -04:00
607970f31c
Replaced django.test.utils.patch_logger() with assertLogs().
...
Thanks Tim Graham for the review.
2018-05-07 09:34:00 -04:00
df90e462d9
Fixed #29212 -- Doc'd redirect loop if @permission_required used with redirect_authenticated_user.
2018-04-19 10:21:24 -04:00
aeb8c38178
Fixed #29206 -- Fixed PasswordResetConfirmView crash when the URL contains a non-UUID where one is expected.
2018-03-15 21:33:15 -04:00
fa75b2cb51
Refs #27795 -- Removed force_bytes/text() usage in tests.
2018-02-07 14:20:04 -05:00
6e40b70bf4
Refs #26929 -- Removed extra_context parameter of contrib.auth.views.logout_then_login().
...
Per deprecation timeline.
2017-09-22 12:51:17 -04:00
ffbee67f8e
Fixed some comments referring to a nonexistent TestClient class.
2017-09-09 11:21:15 -04:00
c0f4c60edd
Fixed #28513 -- Added POST request support to LogoutView.
2017-08-24 09:11:16 -04:00
e7dc39fb65
Fixed #28229 -- Fixed the value of LoginView's "next" template variable.
2017-06-13 09:13:22 -04:00
6092ea8fa6
Refs #27804 -- Used subTest() in several tests.
2017-05-24 08:36:34 -04:00
5db465d5a6
Fixed #27891 -- Added PasswordResetConfirmView.post_reset_login_backend.
2017-03-07 19:52:26 -05:00
b9b35f9efa
Fixed #27840 -- Fixed KeyError in PasswordResetConfirmView.form_valid().
...
When a user is already logged in when submitting the password and
password confirmation to reset a password, a KeyError occurred while
removing the reset session token from the session.
Refs #17209
Thanks Quentin Marlats for the report and Florian Apolloner and Tim
Graham for the review.
2017-02-15 00:35:04 +01:00
41ba27fefd
Fixed #27815 -- Made LoginView pass the request kwarg to AuthenticationForm.
2017-02-07 08:54:21 -05:00
29f607927f
Fixed spelling of "nonexistent".
2017-02-03 08:01:45 -05:00
fee42fd99e
Refs #23919 -- Replaced usage of django.utils.http utilities with Python equivalents
...
Thanks Tim Graham for the review.
2017-01-26 19:49:03 +01:00
d6eaf7c018
Refs #23919 -- Replaced super(ClassName, self) with super().
2017-01-25 12:23:46 -05:00
2366100872
Removed unneeded force_text calls in the test suite
2017-01-24 18:45:54 +01:00
2b281cc35e
Refs #23919 -- Removed most of remaining six usage
...
Thanks Tim Graham for the review.
2017-01-18 21:33:28 +01:00
d7b9aaa366
Refs #23919 -- Removed encoding preambles and future imports
2017-01-18 09:55:19 +01:00
ede59ef6f3
Fixed #27518 -- Prevented possibie password reset token leak via HTTP Referer header.
...
Thanks Florian Apolloner for contributing to this patch and
Collin Anderson, Markus Holtermann, and Tim Graham for review.
2017-01-13 09:17:54 -05:00
51eaff6d35
Refs #17209 -- Fixed token verification for PasswordResetConfirmView POST requests.
2016-11-21 13:42:25 -05:00
321e94fa41
Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings.
2016-11-10 21:30:21 -05:00
20be1918e7
Simplified some auth_tests with assertRedirects().
2016-10-28 11:52:52 -04:00
66e1ebbffc
Fixed #26956 -- Added success_url_allowed_hosts to LoginView and LogoutView.
...
Allows specifying additional hosts to redirect after login and log out.
2016-09-07 19:56:25 -07:00
549b90fab3
Refs #26902 -- Protected against insecure redirects in Login/LogoutView.
2016-08-19 19:01:01 -04:00
13857b45ca
Removed unused 'password' parameter in auth_tests.
2016-08-18 19:01:28 -04:00
7549eb0004
Fixed #27009 -- Made update_session_auth_hash() rotate the session key.
2016-08-15 19:29:12 -04:00
0814566bf1
Fixed #26960 -- Added PasswordResetConfirmView option to automatically log in after a reset.
2016-08-10 10:23:16 -04:00
0ba179194b
Fixed #26929 -- Deprecated extra_context parameter of contrib.auth.views.logout_then_login().
2016-07-28 11:57:02 -04:00
dde6288fbe
Fixed #26882 -- Added tests for auth.views.logout_then_login().
2016-07-22 15:04:13 -04:00
78963495d0
Refs #17209 -- Added LoginView and LogoutView class-based views
...
Thanks Tim Graham for the review.
2016-06-24 10:45:13 +02:00
Jon Dufresne
Mariusz Felisiak
Claude Paroz
Carlton Gibson
Sanyam Khurana
Mattia Procopio
Rob
Tim Graham
Simon Charette
Alexander Todorov
Jan Pieter Waagmeester
Nick Pope
Luoxzhg
hui shang
Mikhail Golubev
Bruno Alla
Camilo Nova
Markus Holtermann
Zoltan Gyarmati
chillaranand
Romain Garrigues
Florian Apolloner
za
Przemysław Suliga
jordij
Andrew Nester