Commit Graph

395 Commits

Author SHA1 Message Date
HappyDingning 674c23999c Fixed #34565 -- Added support for async checking of user passwords. 2023-05-18 09:39:04 +02:00
Gary Jarrel fcc7dc5781 Fixed #34438 -- Reallowed extending UserCreationForm.
Regression in 298d02a77a.
2023-03-28 11:33:20 +02:00
Liyang Zhang f9f9215d3e
Fixed some typos in comments, docstrings, and tests. 2023-03-20 08:07:23 +01:00
Hrushikesh Vaidya a52bdea5a2 Fixed #33985 -- Used app_config.verbose_name in ContentType.__str__(). 2023-03-09 10:27:08 +01:00
David Wobrock 2396933ca9 Fixed #34384 -- Fixed session validation when rotation secret keys.
Bug in 0dcd549bbe.

Thanks Eric Zarowny for the report.
2023-03-08 10:48:04 +01:00
Jon Janzen e846c5e724 Fixed #31920 -- Made AuthenticationMiddleware add request.auser(). 2023-03-07 13:11:22 +01:00
Mariusz Felisiak 5e9aded33f
Increased the default PBKDF2 iterations for Django 5.0.
Follow up to 9a1848f48c.
2023-02-04 13:37:44 +01:00
David Smith 097e3a70c1 Refs #33476 -- Applied Black's 2023 stable style.
Black 23.1.0 is released which, as the first release of the year,
introduces the 2023 stable style. This incorporates most of last year's
preview style.

https://github.com/psf/black/releases/tag/23.1.0
2023-02-01 11:04:38 +01:00
Mariusz Felisiak 4fc711a108 Increased the default PBKDF2 iterations for Django 5.0. 2023-01-17 11:49:15 +01:00
Mariusz Felisiak b5ac6e78f8 Refs #33691 -- Removed django.contrib.auth.hashers.CryptPasswordHasher per deprecation timeline. 2023-01-17 11:49:15 +01:00
Mariusz Felisiak 9a01311d20 Refs #15619 -- Removed support for logging out via GET requests.
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Mariusz Felisiak ba082e0952 Refs #33561 -- Made created=True required in signature of RemoteUserBackend.configure_user() subclasses.
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
David Wobrock 99bd5fb4c2 Refs #34074 -- Used headers argument for RequestFactory and Client in docs and tests. 2023-01-04 09:11:36 +01:00
Paul Schilling 298d02a77a Fixed #25617 -- Added case-insensitive unique username validation in UserCreationForm.
Co-Authored-By: Neven Mundar <nmundar@gmail.com>
2022-12-29 09:42:22 +01:00
David Wobrock 5aaad5f39c Fixed #34165 -- Made permissions creation respect the "using" parameter. 2022-12-24 11:58:33 +01:00
sdolemelipone 9d726c7902 Fixed #34187 -- Made UserCreationForm save many-to-many fields. 2022-11-29 05:56:53 +01:00
Nick Pope 9bd174b9a7 Updated documentation and comments for RFC updates.
- Updated references to RFC 1123 to RFC 5322
  - Only partial as RFC 5322 sort of sub-references RFC 1123.
- Updated references to RFC 2388 to RFC 7578
  - Except RFC 2388 Section 5.3 which has no equivalent.
- Updated references to RFC 2396 to RFC 3986
- Updated references to RFC 2616 to RFC 9110
- Updated references to RFC 3066 to RFC 5646
- Updated references to RFC 7230 to RFC 9112
- Updated references to RFC 7231 to RFC 9110
- Updated references to RFC 7232 to RFC 9110
- Updated references to RFC 7234 to RFC 9111
- Tidied up style of text when referring to RFC documents
2022-11-10 13:52:17 +01:00
Simon Kern de2c2127b6 Fixed #34066 -- Fixed link to password reset view in UserChangeForm.password's help text when using to_field.
Co-Authored-By: David Sanders <shang.xiao.sanders@gmail.com>
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-10-27 09:23:34 +02:00
Marcelo Galigniana b440493eaa Completed test coverage for contrib.auth.forms. 2022-10-26 12:52:18 +02:00
HieuPham9720 3e928de8ad
Skipped scrypt tests when OpenSSL 1.1+ is not installed. 2022-10-20 18:50:48 -07:00
Marcelo Galigniana 67c34c1a37 Completed test coverage for createsuperuser command. 2022-09-27 09:57:16 +02:00
Shai Berger fdf0f62521 Fixed ReadOnlyPasswordHashWidget's template for RTL languages. 2022-09-01 21:20:15 +02:00
Claude Paroz 3b79dab19a Refs #33691 -- Deprecated insecure password hashers.
SHA1PasswordHasher, UnsaltedSHA1PasswordHasher, and UnsaltedMD5PasswordHasher
are now deprecated.
2022-07-23 21:29:31 +02:00
Ciaran McCormick 286e7d076c Fixed #33764 -- Deprecated BaseUserManager.make_random_password(). 2022-06-03 07:30:57 +02:00
Aymeric Augustin 6485894157 Renamed wrapped functions to wrapper.
All these functions are wrapping another function. They're the wrapper,
while the function they're wrapping is the wrapped.
2022-05-25 10:53:52 +02:00
Carlton Gibson 3c6f1fd1f8 Increased the default PBKDF2 iterations for Django 4.2. 2022-05-17 14:22:06 +02:00
Mariusz Felisiak 02dbf1667c
Fixed #33691 -- Deprecated django.contrib.auth.hashers.CryptPasswordHasher. 2022-05-11 09:13:45 +02:00
Aymeric Augustin 5dfa6fca96 Refactored out RedirectURLMixin.get_success_url().
This also adds a default implementation of get_default_redirect_url().
2022-04-20 10:04:29 +02:00
Aymeric Augustin 04bc2564b6 Simplified LogoutView.get_success_url().
This preserves the behavior of redirecting to the logout URL without
query string parameters when an insecure ?next=... parameter is given.

It changes the behavior of a POST to the logout URL, as shown by the
test that is changed. Currently, this results in a GET to the logout
URL. However, such GET requests are deprecated. This change would be
necessary in Django 5.0 anyway. This commit merely anticipates it.
2022-04-20 10:04:29 +02:00
Aymeric Augustin 5591a72571
Fixed #33648 -- Prevented extra redirect in LogoutView on invalid next page when LOGOUT_REDIRECT_URL is set. 2022-04-18 16:33:10 +02:00
Mariusz Felisiak 8e89dfe1c2 Fixed various tests on MySQL with MyISAM storage engine. 2022-04-18 07:05:52 +02:00
Lucidiot 13a9cde133 Fixed #33613 -- Made createsuperuser detect uniqueness of USERNAME_FIELD when using Meta.constraints. 2022-04-01 11:39:41 +02:00
René Fleschenberg eb07b5be0c Fixed #15619 -- Deprecated log out via GET requests.
Thanks Florian Apolloner for the implementation idea.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-03-29 06:42:14 +02:00
Mariusz Felisiak 94d8ed55fa
Refs #15619 -- Logged out with POST requests in admin. 2022-03-24 17:41:53 +01:00
Carlton Gibson bb61f0186d Refs #32365 -- Removed internal uses of utils.timezone.utc alias.
Remaining test case ensures that uses of the alias are mapped
canonically by the migration writer.
2022-03-24 06:29:50 +01:00
Adrian Torres d90e34c61b Fixed #33561 -- Allowed synchronization of user attributes in RemoteUserBackend. 2022-03-10 12:57:19 +01:00
Nick Pope 847f46e9bf
Removed redundant QuerySet.all() calls in docs and tests.
Most QuerySet methods are mapped onto the Manager and, in general,
it isn't necessary to call .all() on the manager.
2022-02-22 10:29:38 +01:00
Mariusz Felisiak 7119f40c98 Refs #33476 -- Refactored code to strictly match 88 characters line length. 2022-02-07 20:37:05 +01:00
django-bot 9c19aff7c7 Refs #33476 -- Reformatted code with Black. 2022-02-07 20:37:05 +01:00
tschilling 0dcd549bbe Fixed #30360 -- Added support for secret key rotation.
Thanks Florian Apolloner for the implementation idea.

Co-authored-by: Andreas Pelme <andreas@pelme.se>
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com>
2022-02-01 11:12:24 +01:00
Florian Apolloner 968a3d01fa Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator.
Thanks Chris Bailey for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
2022-01-04 10:02:05 +01:00
Lie Ryan 05cde4764d Fixed #33269 -- Made AnonymousUser/PermissionsMixin.has_perms() raise ValueError on string or non-iterable perm_list. 2021-11-11 20:26:29 +01:00
Christophe Henry b1b26b37af Fixed #33178 -- Made createsuperuser validate required fields passed in options in interactive mode. 2021-10-12 08:08:05 +02:00
Christophe Henry 57273e1569 Refs #33178 -- Added createsuperuser tests for validation of foreign keys. 2021-10-12 07:54:50 +02:00
Christophe Henry 4ff500f294 Refs #21755 -- Fixed createsuperuser crash for required foreign keys passed in options in interactive mode.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-10-12 06:59:46 +02:00
Mariusz Felisiak da266b3c5c
Refs #29628, Refs #33178 -- Made createsuperuser validate password against required fields passed in options. 2021-10-12 06:21:14 +02:00
Christophe Henry df2d2bc95c Fixed #33151 -- Fixed createsuperuser crash for many-to-many required fields in non-interactive mode. 2021-10-07 12:37:16 +02:00
Mariusz Felisiak 32b7ffc2bb Increased the default PBKDF2 iterations for Django 4.1. 2021-09-20 21:23:01 +02:00
Mateo Radman a7f27fca52 Refs #32508 -- Raised TypeError/ValueError instead of using "assert" in encode() methods of remaining password hashers. 2021-09-06 07:47:53 +02:00
Mariusz Felisiak 54a30a7a00 Refs #29898 -- Changed ProjectState.real_apps to set. 2021-08-11 09:01:14 +02:00