a872194802
Fixed #26470 -- Converted auth permission validation to system checks.
...
Thanks Tim for the review.
2016-04-06 22:40:43 -04:00
fc34be896d
Extracted auth checks tests into their own module.
2016-04-06 22:40:43 -04:00
e0a3d93730
Fixed #25232 -- Made ModelBackend/RemoteUserBackend reject inactive users.
2016-03-23 09:01:48 -04:00
1243fdf5cb
Fixed #26395 -- Skipped the CryptPasswordHasher tests on platforms with a dummy crypt module.
2016-03-22 11:22:21 -04:00
efa9539787
Fixed #26381 -- Made UserCreationForm reusable with custom user models that define USERNAME_FIELD.
2016-03-21 12:32:42 -04:00
d0fe6c9156
Fixed #26334 -- Removed whitespace stripping from contrib.auth password fields.
2016-03-14 20:20:24 -04:00
ab8af342b1
Fixed #26343 -- Sent user_login_failed signal if an auth backend raises PermissionDenied.
2016-03-12 16:44:39 -05:00
5ca045cd25
Moved createsuperuser test app into auth_tests.
2016-03-08 13:06:58 -05:00
b4250ea04a
Fixed #26033 -- Added Argon2 password hasher.
2016-03-08 11:22:18 -05:00
4115288b4f
Fixed #26315 -- Allowed call_command() to accept a Command object as the first argument.
2016-03-05 13:05:10 -05:00
8d3fcfa39e
Cleaned up tests to use call_command() instead of Command.execute().
2016-03-05 12:59:30 -05:00
8c42cf0cbd
Fixed #26303 -- Updated links to mod_wsgi docs.
2016-03-01 19:22:32 -05:00
67b46ba701
Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login.
...
This is a security fix.
2016-03-01 11:25:28 -05:00
eac1423f9e
Removed obsolete test CreatesuperuserManagementCommandTestCase.test_nolocale.
...
Test was added in 4c934f3921
2016-02-29 08:46:37 -05:00
10781b4c6f
Fixed #12233 -- Allowed redirecting authenticated users away from the login view.
...
contrib.auth.views.login() has a new parameter `redirect_authenticated_user`
to automatically redirect authenticated users visiting the login page.
Thanks to dmathieu and Alex Buchanan for the original code and to Carl Meyer
for the help and review.
2016-02-25 07:18:33 -05:00
c62807968d
Fixed a stray __unicode__() method in auth_tests.
2016-02-23 13:20:50 -05:00
47b5a6a43c
Fixed #26187 -- Removed weak password hashers from PASSWORD_HASHERS.
2016-02-22 18:59:23 -05:00
f0425c7260
Refs #19353 -- Added tests for using custom user models with built-in auth forms.
...
Also updated topics/auth/customizing.txt to reflect that subclasses of
UserCreationForm and UserChangeForm can be used with custom user models.
Thanks Baptiste Mispelon for the initial documentation.
2016-02-17 10:26:07 -05:00
fcd08c1757
Fixed #11665 -- Made TestCase check deferrable constraints after each test.
2016-02-13 06:53:39 -05:00
004ba0f99e
Removed unneeded hint=None/obj=None in system check messages.
2016-02-12 13:01:25 -05:00
015fad9060
Fixed #26175 -- Removed SHA1 password hashes in tests.
2016-02-06 08:47:21 -05:00
6eb3ce11e4
Fixed #26089 -- Removed custom user test models from public API.
...
Thanks to Tim Graham for the review.
2016-02-04 12:30:34 -05:00
dcee1dfc79
Fixed #12405 -- Added LOGOUT_REDIRECT_URL setting.
...
After a user logs out via auth.views.logout(), they're redirected
to LOGOUT_REDIRECT_URL if no `next_page` argument is provided.
2016-02-04 10:35:37 -05:00
26ad01719d
Refs #26022 -- Replaced six.assertRaisesRegex with assertRaisesMessage as appropriate.
2016-01-29 13:37:33 -05:00
253adc2b8a
Refs #26022 -- Used context manager version of assertRaisesMessage in tests.
2016-01-29 13:03:39 -05:00
3d0dcd7f5a
Refs #26022 -- Used context manager version of assertRaises in tests.
2016-01-29 12:32:18 -05:00
cf7894be88
Fixed #21113 -- Made LogEntry.change_message language independent
...
Thanks Tim Graham for the review.
2016-01-08 20:34:59 +01:00
b643386668
Fixed #24855 -- Allowed using contrib.auth.login() without credentials.
...
Added an optional `backend` argument to login().
2016-01-07 08:56:07 -05:00
a08fda2111
Fixed #25746 -- Isolated inlined test models registration.
...
Thanks to Tim for the review.
2016-01-06 20:00:07 -05:00
3096f4b082
Imported required models directly in auth management tests.
2016-01-06 20:00:07 -05:00
16411b8400
Fixed #26013 -- Moved django.core.urlresolvers to django.urls.
...
Thanks to Tim Graham for the review.
2015-12-31 14:21:29 -05:00
93452a70e8
Fixed many spelling mistakes in code, comments, and docs.
2015-12-03 12:48:24 -05:00
9350616211
Removed explicit User ids in tests.
2015-11-24 09:59:20 -05:00
590b8c1c57
Removed unnecessary app_label='auth' on auth_tests models.
...
This is a relic of when the tests were stored in contrib.auth.tests.
2015-10-27 08:19:45 -04:00
5acf203db2
Fixed #25596 -- Fixed regression in password change view with custom user model.
...
The reverse() added in 50aa1a790c
2015-10-27 08:18:22 -04:00
adcf823359
Fixed #25490 -- Made the logout() view send "no-cache" headers.
2015-10-02 12:29:54 -04:00
53ccffdb8c
Refs #16860 -- Fixed password help text when there aren't any validators.
...
This avoids creating an empty list which is invalid HTML 4.
2015-09-28 15:30:16 -04:00
7372cdebed
Fixed #25457 -- Improved formatting of password validation errors in management command output.
2015-09-24 19:45:19 -04:00
593c9eb660
Increased the default PBKDF2 iterations for the 1.10 release cycle.
2015-09-23 19:31:11 -04:00
849037af36
Refs #23957 -- Required session verification per deprecation timeline.
2015-09-23 19:31:10 -04:00
f1761e3fef
Refs #21648 -- Removed is_admin_site option from password_reset() view.
...
Per deprecation timeline.
2015-09-23 19:31:10 -04:00
8dc3ba5ceb
Removed obsolete supports_* auth backend attributes in tests
2015-09-20 12:16:28 +02:00
c21410aeeb
Fixed typo in "pbkdf2" test names.
2015-09-19 20:44:37 -04:00
d8d853378b
Fixed #24944 -- Added extra_email_context parameter to password_reset() view.
2015-09-18 18:56:04 -04:00
b1e33ceced
Fixed #23395 -- Limited line lengths to 119 characters.
2015-09-12 11:40:50 -04:00
39b55537ec
Added two more tests for user-entered passwords when creating a superuser.
2015-08-18 16:22:14 -04:00
fa14fb9771
Fixed flake8 warning.
2015-08-02 21:30:13 -04:00
53d28f8339
Fixed #25089 -- Added password validation to createsuperuser/changepassword.
2015-08-01 20:18:26 -04:00
c2e70f0265
Fixed #21127 -- Started deprecation toward requiring on_delete for ForeignKey/OneToOneField
2015-07-27 18:28:13 -04:00
774c16d16e
Fixed #25052 ; refs #16860 -- Added password validation to UserCreationForm.
2015-07-20 13:44:34 -04:00
f5e9d67907
Refs #16860 -- Moved password_changed() logic to AbstractBaseUser.
...
Thanks Carl Meyer for review.
2015-07-20 13:44:26 -04:00
a570701e02
Fixed #25029 -- Added PersistentRemoteUserMiddleware for login-page-only external authentication.
2015-07-02 17:38:10 -04:00
7da3923ba0
Sorted imports in __init__.py files.
2015-06-27 11:53:33 -04:00
aaacaeb096
Renamed RemovedInDjangoXYWarnings for new roadmap.
...
Forwardport of ae1d663b79
2015-06-24 16:08:20 -04:00
e75b614640
Fixed #25009 -- Allowed User.objects.create_user(...,is_staff=True) to work.
2015-06-22 11:34:26 -04:00
7f1168e387
Removed support for Python 3.3.
2015-06-18 08:36:50 -04:00
e5cb4e1411
Fixed #24914 -- Added authentication mixins for CBVs
...
Added the mixins LoginRequiredMixin, PermissionRequiredMixin and
UserPassesTestMixin to contrib.auth as counterparts to the respective
view decorators.
The authentication mixins UserPassesTestMixin, LoginRequiredMixin and
PermissionRequiredMixin have been inspired by django-braces
<https://github.com/brack3t/django-braces/ >
Thanks Raphael Michel for the initial patch, tests and docs on the PR
and Ana Balica, Kenneth Love, Marc Tamlyn, and Tim Graham for the
review.
2015-06-17 23:19:10 +02:00
09f2cdbe1a
Refs #16860 -- Fixed a resource and deprecation warning in password validation.
2015-06-16 11:02:27 -04:00
55b3bd8468
Refs #16860 -- Minor edits and fixes to password validation.
2015-06-10 07:41:01 -04:00
1e82094f1b
Fixed #21927 -- Made application and instance namespaces more distinct.
...
Made URL application namespaces be set in the included URLconf and
instance namespaces in the call to include(). Deprecated other ways
to set application and instance namespaces.
2015-06-08 15:12:20 -04:00
39937de7e6
Fixed #24929 -- Allowed permission_required decorator to take any iterable
2015-06-08 13:44:39 -04:00
1daae25bdc
Fixed #16860 -- Added password validation to django.contrib.auth.
2015-06-07 19:31:20 +02:00
1ea87c8c79
Fixed #24910 -- Added createsuperuser support for non-unique USERNAME_FIELDs
...
Clarified docs to say that a non-unique USERNAME_FIELD is permissable
as long as the custom auth backend can support it.
2015-06-06 09:33:02 -04:00
be67400b47
Refs #24652 -- Used SimpleTestCase where appropriate.
2015-05-20 13:46:13 -04:00
ae1efb853c
Refs #24553 -- Fixed urlpatterns leakage in auth_tests
2015-05-19 07:43:40 -04:00
eef95ea96f
Fixed #24696 -- Made CSRF_COOKIE computation lazy.
...
Only compute the CSRF_COOKIE when it is actually used. This is a
significant speedup for clients not using cookies.
Changed result of the “test_token_node_no_csrf_cookie” test: It gets
a valid CSRF token now which seems like the correct behavior.
Changed auth_tests.test_views.LoginTest.test_login_csrf_rotate to
use get_token() to trigger CSRF cookie inclusion instead of changing
request.META["CSRF_COOKIE_USED"] directly.
2015-05-02 19:45:14 -04:00
88d7fcebde
Use mock.patch in migrations tests
...
Currently some of the migrations tests rely on the fact 'input' is aliased
because of six, instead of using mock.patch. Replace this code with proper
use of mock.patch.
Also, replace one case of excessively specific python version check with
testing six.PY3
2015-04-09 11:16:12 +10:00
b86abbceb9
Fixed #24115 -- Allowed bcrypt hashers to upgrade passwords on rounds change.
...
Thanks Florian Apolloner for the review.
2015-03-30 18:52:59 -04:00
c2bfd76ec3
Refs #15779 -- Fixed UserChangeForm regression introduced by 1791a7e75
...
Thanks Tim Graham for reporting the regression.
2015-03-28 09:24:01 +01:00
0ed20d5cc4
Fixed #23926 -- Improved validation error for custom permissions that are too long.
2015-03-16 12:13:49 -04:00
39a7eed1bb
Converted test fixtures to setUpTestData methods
2015-03-05 10:10:32 +11:00
e0b3926026
Isolated auth_tests from contenttypes_tests; refs #11505 .
2015-02-14 22:04:48 -05:00
002425fe39
Fixed #24315 -- Fixed auth.views.password_reset_confirm() with a UUID user.
2015-02-13 09:56:31 -05:00
fdf20093e0
Fixed #24334 -- Allowed admin password reset to work with non-digit custom user model primary key.
...
Thanks Loic for help and Simon for review.
2015-02-13 09:42:49 -05:00
0f7f5bc9e7
Fixed #24161 -- Stored the user primary key as a serialized value in the session.
...
This allows using a UUIDField primary key along with the JSON session
serializer.
Thanks to Trac alias jamesbeith for the report and Simon Charette
for the initial patch.
2015-02-12 07:38:16 -05:00
5ab327a389
Moved non-documented auth test models to the new test location.
2015-02-11 10:29:48 -05:00
2d7aca3da0
Moved contrib.auth tests out of contrib.
2015-02-11 10:19:22 -05:00
Simon Charette
Alexander Gaevsky
Tim Graham
Berker Peksag
Vincenzo Pandolfo
ieatkittens
Bas Westerbaan
Jon Dufresne
Alasdair Nicol
Florian Apolloner
Olivier Le Thanh Duong
Hugo Osvaldo Barrera
Hasan
Claude Paroz
Paulo Poiati
Marten Kenbeek
Josh Soref
Kaleb Elwert
Antoine Catton
Tzu-ping Chung
sujayskumar
Dražen Odobašić
David Gibbons
Alex Becker
Flavio Curella
Jan Pazdziora
Francisco Albarran
Markus Holtermann
Raphael Michel
Erik Romijn
Riccardo Magliocchetti
Jay Cox
Curtis Maloney
Joeri Bekker
Josh Smeaton