Shai Berger
fdf0f62521
Fixed ReadOnlyPasswordHashWidget's template for RTL languages.
2022-09-01 21:20:15 +02:00
Claude Paroz
3b79dab19a
Refs #33691 -- Deprecated insecure password hashers.
...
SHA1PasswordHasher, UnsaltedSHA1PasswordHasher, and UnsaltedMD5PasswordHasher
are now deprecated.
2022-07-23 21:29:31 +02:00
Ciaran McCormick
286e7d076c
Fixed #33764 -- Deprecated BaseUserManager.make_random_password().
2022-06-03 07:30:57 +02:00
Aymeric Augustin
6485894157
Renamed wrapped functions to wrapper.
...
All these functions are wrapping another function. They're the wrapper,
while the function they're wrapping is the wrapped.
2022-05-25 10:53:52 +02:00
Carlton Gibson
3c6f1fd1f8
Increased the default PBKDF2 iterations for Django 4.2.
2022-05-17 14:22:06 +02:00
Mariusz Felisiak
02dbf1667c
Fixed #33691 -- Deprecated django.contrib.auth.hashers.CryptPasswordHasher.
2022-05-11 09:13:45 +02:00
Aymeric Augustin
5dfa6fca96
Refactored out RedirectURLMixin.get_success_url().
...
This also adds a default implementation of get_default_redirect_url().
2022-04-20 10:04:29 +02:00
Aymeric Augustin
04bc2564b6
Simplified LogoutView.get_success_url().
...
This preserves the behavior of redirecting to the logout URL without
query string parameters when an insecure ?next=... parameter is given.
It changes the behavior of a POST to the logout URL, as shown by the
test that is changed. Currently, this results in a GET to the logout
URL. However, such GET requests are deprecated. This change would be
necessary in Django 5.0 anyway. This commit merely anticipates it.
2022-04-20 10:04:29 +02:00
Aymeric Augustin
5591a72571
Fixed #33648 -- Prevented extra redirect in LogoutView on invalid next page when LOGOUT_REDIRECT_URL is set.
2022-04-18 16:33:10 +02:00
Mariusz Felisiak
8e89dfe1c2
Fixed various tests on MySQL with MyISAM storage engine.
2022-04-18 07:05:52 +02:00
Lucidiot
13a9cde133
Fixed #33613 -- Made createsuperuser detect uniqueness of USERNAME_FIELD when using Meta.constraints.
2022-04-01 11:39:41 +02:00
René Fleschenberg
eb07b5be0c
Fixed #15619 -- Deprecated log out via GET requests.
...
Thanks Florian Apolloner for the implementation idea.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-03-29 06:42:14 +02:00
Mariusz Felisiak
94d8ed55fa
Refs #15619 -- Logged out with POST requests in admin.
2022-03-24 17:41:53 +01:00
Carlton Gibson
bb61f0186d
Refs #32365 -- Removed internal uses of utils.timezone.utc alias.
...
Remaining test case ensures that uses of the alias are mapped
canonically by the migration writer.
2022-03-24 06:29:50 +01:00
Adrian Torres
d90e34c61b
Fixed #33561 -- Allowed synchronization of user attributes in RemoteUserBackend.
2022-03-10 12:57:19 +01:00
Nick Pope
847f46e9bf
Removed redundant QuerySet.all() calls in docs and tests.
...
Most QuerySet methods are mapped onto the Manager and, in general,
it isn't necessary to call .all() on the manager.
2022-02-22 10:29:38 +01:00
Mariusz Felisiak
7119f40c98
Refs #33476 -- Refactored code to strictly match 88 characters line length.
2022-02-07 20:37:05 +01:00
django-bot
9c19aff7c7
Refs #33476 -- Reformatted code with Black.
2022-02-07 20:37:05 +01:00
tschilling
0dcd549bbe
Fixed #30360 -- Added support for secret key rotation.
...
Thanks Florian Apolloner for the implementation idea.
Co-authored-by: Andreas Pelme <andreas@pelme.se>
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com>
2022-02-01 11:12:24 +01:00
Florian Apolloner
968a3d01fa
Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator.
...
Thanks Chris Bailey for the report.
Co-authored-by: Adam Johnson <me@adamj.eu>
2022-01-04 10:02:05 +01:00
Lie Ryan
05cde4764d
Fixed #33269 -- Made AnonymousUser/PermissionsMixin.has_perms() raise ValueError on string or non-iterable perm_list.
2021-11-11 20:26:29 +01:00
Christophe Henry
b1b26b37af
Fixed #33178 -- Made createsuperuser validate required fields passed in options in interactive mode.
2021-10-12 08:08:05 +02:00
Christophe Henry
57273e1569
Refs #33178 -- Added createsuperuser tests for validation of foreign keys.
2021-10-12 07:54:50 +02:00
Christophe Henry
4ff500f294
Refs #21755 -- Fixed createsuperuser crash for required foreign keys passed in options in interactive mode.
...
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-10-12 06:59:46 +02:00
Mariusz Felisiak
da266b3c5c
Refs #29628 , Refs #33178 -- Made createsuperuser validate password against required fields passed in options.
2021-10-12 06:21:14 +02:00
Christophe Henry
df2d2bc95c
Fixed #33151 -- Fixed createsuperuser crash for many-to-many required fields in non-interactive mode.
2021-10-07 12:37:16 +02:00
Mariusz Felisiak
32b7ffc2bb
Increased the default PBKDF2 iterations for Django 4.1.
2021-09-20 21:23:01 +02:00
Mateo Radman
a7f27fca52
Refs #32508 -- Raised TypeError/ValueError instead of using "assert" in encode() methods of remaining password hashers.
2021-09-06 07:47:53 +02:00
Mariusz Felisiak
54a30a7a00
Refs #29898 -- Changed ProjectState.real_apps to set.
2021-08-11 09:01:14 +02:00
David Smith
6802ac4415
Refs #32956 -- Corrected usage of "insure" and "assure".
2021-08-02 07:45:26 +02:00
ryowright
1783b3cb24
Fixed #32275 -- Added scrypt password hasher.
...
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-07-22 12:40:33 +02:00
Mariusz Felisiak
83022d279c
Refs #32508 -- Raised TypeError/ValueError instead of using "assert" in encode() methods of some password hashers.
2021-07-22 09:42:07 +02:00
Chris Jerdonek
f3825ee050
Fixed wording of AuthViewsTestCase's docstring.
2021-07-19 06:36:20 +02:00
Mads Jensen
c51bf80d56
Used more specific unittest assertions in tests.
2021-07-07 10:51:38 +02:00
Mateo Radman
8a7ac78b70
Refs #32508 -- Raised ImproperlyConfigured/TypeError instead of using "assert" in various code.
2021-06-25 06:55:47 +02:00
abhiabhi94
22da686ca9
Refs #24121 -- Added __repr__() to PermWrapper.
2021-05-28 08:03:23 +02:00
David Sanders
736bb9868a
Renamed "object" argument of ModelAdmin.log_addition(), log_change(), and log_deletion() methods.
2021-05-20 07:29:16 +02:00
David Sanders
536c155e67
Fixed #32765 -- Removed "for" HTML attribute from ReadOnlyPasswordHashWidget.
...
ReadOnlyPasswordHashWidget doesn't have any labelable elements.
2021-05-19 20:34:57 +02:00
François Freitag
6b0b3eafd6
Fixed #32664 -- Made PasswordResetTokenGenerator.secret validation lazy.
...
Django apps initialization to run management command triggers the admin
autodiscovery. Importing django.contrib.auth.tokens creates an instance
of PasswordResetTokenGenerator which required a SECRET_KEY.
For several management commands, the token generator is unused. It
should only complain about a missing SECRET_KEY when it is used.
2021-04-20 07:34:53 +02:00
François Freitag
b13af4752f
Refs #28017 -- Added test for PasswordResetTokenGenerator subclass with a custom secret.
2021-04-20 07:28:06 +02:00
Hasan Ramezani
a2d5ea626e
Refs #32508 -- Raised ImproperlyConfigured instead of using "assert" in middlewares.
2021-03-11 08:34:28 +01:00
ThinkChaos
b99d6c9cbc
Fixed #28216 -- Added next_page/get_default_redirect_url() to LoginView.
2021-02-08 21:08:05 +01:00
Mariusz Felisiak
a948d9df39
Increased the default PBKDF2 iterations for Django 4.0.
2021-01-14 17:50:04 +01:00
Mariusz Felisiak
0aa6a602b2
Refs #31842 -- Removed DEFAULT_HASHING_ALGORITHM transitional setting.
...
Per deprecation timeline.
2021-01-14 17:50:04 +01:00
Mariusz Felisiak
6b4941dd57
Refs #27468 -- Removed support for the pre-Django 3.1 user sessions.
...
Per deprecation timeline.
2021-01-14 17:50:04 +01:00
Mariusz Felisiak
66b4046d68
Refs #27468 -- Removed support for the pre-Django 3.1 password reset tokens.
...
Per deprecation timeline.
2021-01-14 17:50:04 +01:00
Mariusz Felisiak
12ac4916af
Refs #28622 -- Removed settings.PASSWORD_RESET_TIMEOUT_DAYS per deprecation timeline.
2021-01-14 17:50:04 +01:00
Jon Moroney
76ae6ccf85
Fixed #31358 -- Increased salt entropy of password hashers.
...
Co-authored-by: Florian Apolloner <florian@apolloner.eu>
2021-01-14 11:20:28 +01:00
Jon Moroney
6bd206e1ff
Refs #31358 -- Added bcrypt password hashers tests for must_update() with salt().
2021-01-14 11:20:28 +01:00
Florian Apolloner
c76d51b3ad
Refs #31358 -- Fixed decoding salt in Argon2PasswordHasher.
...
Argon2 encodes the salt as base64 for representation in the final hash
output. To be able to accurately return the used salt from decode(),
add padding, b64decode, and decode from latin1 (for the remote
possibility that someone supplied a custom hash consisting solely of
bytes -- this would require a manual construction of the hash though,
Django's interface does not allow for that).
2020-12-28 11:02:08 +01:00