Commit Graph

338 Commits

Author SHA1 Message Date
HappyDingning 674c23999c Fixed #34565 -- Added support for async checking of user passwords. 2023-05-18 09:39:04 +02:00
Tim Graham 2c4dc64760 Used extlinks for PyPI links.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2023-04-17 06:55:32 +02:00
David Wobrock 2396933ca9 Fixed #34384 -- Fixed session validation when rotation secret keys.
Bug in 0dcd549bbe.

Thanks Eric Zarowny for the report.
2023-03-08 10:48:04 +01:00
Jon Janzen e846c5e724 Fixed #31920 -- Made AuthenticationMiddleware add request.auser(). 2023-03-07 13:11:22 +01:00
django-bot 14459f80ee Fixed #34140 -- Reformatted code blocks in docs with blacken-docs. 2023-03-01 13:03:56 +01:00
Joseph Victor Zammit ba755ca131 Refs #34140 -- Corrected rst code-block and various formatting issues in docs. 2023-02-28 12:21:37 +01:00
Carlton Gibson 534ac48297 Refs #34140 -- Applied rst code-block to non-Python examples.
Thanks to J.V. Zammit, Paolo Melchiorre, and Mariusz Felisiak for
reviews.
2023-02-10 19:19:13 +01:00
fschwebel 0265b1b49b
Fixed typo in docs/topics/auth/passwords.txt.
Wrapped hashing is only possible if the inner wrapped function is the
same as the previous hasher.
2023-01-30 08:31:39 +01:00
Mariusz Felisiak 9a01311d20 Refs #15619 -- Removed support for logging out via GET requests.
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
Paul Schilling 298d02a77a Fixed #25617 -- Added case-insensitive unique username validation in UserCreationForm.
Co-Authored-By: Neven Mundar <nmundar@gmail.com>
2022-12-29 09:42:22 +01:00
sdolemelipone 9d726c7902 Fixed #34187 -- Made UserCreationForm save many-to-many fields. 2022-11-29 05:56:53 +01:00
Mariusz Felisiak 662497cece
Doc's check_password()'s setter and preferred arguments.
Follow up to 90e05aaeac.
2022-11-28 08:13:51 +01:00
Tony Lechner b088cc2fea
Fixed #34154 -- Made mixin headers consistent in auth docs. 2022-11-14 05:28:27 +01:00
Trey Hunner fad070b07b
Improved readability of string interpolation in frequently used examples in docs. 2022-11-10 13:18:38 +01:00
Paolo Melchiorre fa3afc5d86 Fixed #34056 -- Updated the list of common passwords for CommonPasswordValidator. 2022-09-28 18:40:05 +02:00
Ritik Soni c11336cd99
Fixed #34017 -- Doc'd that Argon2id variant is used by Argon2PasswordHasher. 2022-09-17 09:49:09 +02:00
DevilsAutumn 6b0bbaf453 Fixed #34019 -- Removed obsolete references to "model design considerations" note. 2022-09-17 08:02:13 +02:00
Alex Morega de6c9c7054 Refs #30947 -- Changed tuples to lists where appropriate. 2022-08-30 09:57:17 +02:00
Claude Paroz 3b79dab19a Refs #33691 -- Deprecated insecure password hashers.
SHA1PasswordHasher, UnsaltedSHA1PasswordHasher, and UnsaltedMD5PasswordHasher
are now deprecated.
2022-07-23 21:29:31 +02:00
Ciaran McCormick 286e7d076c Fixed #33764 -- Deprecated BaseUserManager.make_random_password(). 2022-06-03 07:30:57 +02:00
Mariusz Felisiak ac90529cc5 Fixed docs build with sphinxcontrib-spelling 7.5.0+.
sphinxcontrib-spelling 7.5.0+ includes captions of figures in the set
of nodes for which the text is checked.
2022-05-31 11:17:01 +02:00
Carlton Gibson ca1c3151c3 Removed versionadded/changed annotations for 4.0. 2022-05-17 14:22:06 +02:00
Mariusz Felisiak 02dbf1667c
Fixed #33691 -- Deprecated django.contrib.auth.hashers.CryptPasswordHasher. 2022-05-11 09:13:45 +02:00
David ce586ed693 Removed hyphen from pre-/re- prefixes.
"prepopulate", "preload", and "preprocessing" are already in the
spelling_wordlist.

This also removes hyphen from double "e" combinations with "pre" and
"re", e.g. preexisting, preempt, reestablish, or reenter.

See also:
- https://ahdictionary.com/word/search.html?q=rerun
- https://ahdictionary.com/word/search.html?q=recreate
- https://ahdictionary.com/word/search.html?q=predetermined
- https://ahdictionary.com/word/search.html?q=reuse
- https://ahdictionary.com/word/search.html?q=reopening
2022-04-28 10:44:14 +02:00
Lucidiot 13a9cde133 Fixed #33613 -- Made createsuperuser detect uniqueness of USERNAME_FIELD when using Meta.constraints. 2022-04-01 11:39:41 +02:00
René Fleschenberg eb07b5be0c Fixed #15619 -- Deprecated log out via GET requests.
Thanks Florian Apolloner for the implementation idea.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-03-29 06:42:14 +02:00
tschilling 0dcd549bbe Fixed #30360 -- Added support for secret key rotation.
Thanks Florian Apolloner for the implementation idea.

Co-authored-by: Andreas Pelme <andreas@pelme.se>
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com>
2022-02-01 11:12:24 +01:00
Brad Solomon b55ebe3241 Fixed #33443 -- Clarified when PasswordResetView sends an email. 2022-01-17 07:44:46 +01:00
Adam Johnson 652c68ffee
Clarified how contrib.auth picks a password hasher for verification. 2022-01-13 20:46:18 +01:00
David cc8e771c64 Fixed malformed attribute directives in docs. 2022-01-05 08:11:13 +01:00
Florian Apolloner 968a3d01fa Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator.
Thanks Chris Bailey for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
2022-01-04 10:02:05 +01:00
Mariusz Felisiak ad6bb20557
Avoided counting attributes and methods in docs. 2021-12-28 12:36:57 +01:00
Adam Johnson b0d16d0129 Changed signatures of setting_changed signal receivers. 2021-12-17 13:07:04 +01:00
Adam Johnson 41329b9852
Improved wording in password validators docs and docstrings. 2021-12-13 18:53:07 +01:00
Mariusz Felisiak fd881e8cd9
Refs #33207 -- Clarified that AUTH_USER_MODEL expects an app label. 2021-10-19 13:05:13 +02:00
Mariusz Felisiak 97237ad3fe Removed versionadded/changed annotations for 3.2. 2021-09-20 21:23:01 +02:00
Andrew Northall c23aa73626 Fixed #32964 -- Corrected 'setup'/'set up' usage in docs. 2021-08-17 12:18:07 +02:00
David Smith 1024b5e74a Fixed 32956 -- Lowercased spelling of "web" and "web framework" where appropriate. 2021-07-29 06:24:12 +02:00
ryowright 1783b3cb24 Fixed #32275 -- Added scrypt password hasher.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-07-22 12:40:33 +02:00
yyyyyyyan e197dcca36 Clarified docs about increasing the work factor for bcrypt hasher. 2021-05-20 20:24:51 +02:00
Nick Pope c156e36955 Refs #32720 -- Updated various links in docs to avoid redirects and use HTTPS. 2021-05-17 09:46:09 +02:00
ThinkChaos b99d6c9cbc Fixed #28216 -- Added next_page/get_default_redirect_url() to LoginView. 2021-02-08 21:08:05 +01:00
Mariusz Felisiak 59841170ba
Used .. attribute:: directive in authentication views docs. 2021-02-08 18:12:58 +01:00
Mariusz Felisiak b7dd89ed53 Removed versionadded/changed annotations for 3.1. 2021-01-14 17:50:04 +01:00
Jon Moroney 76ae6ccf85 Fixed #31358 -- Increased salt entropy of password hashers.
Co-authored-by: Florian Apolloner <florian@apolloner.eu>
2021-01-14 11:20:28 +01:00
Timo Ludwig d8dfff2ab0 Fixed #32235 -- Made ReadOnlyPasswordHashField disabled by default. 2020-12-03 09:32:08 +01:00
Roy Zheng 804f2b7024 Added note about password updates on argon2 attributes change. 2020-08-11 07:51:27 +02:00
Nick Pope feb91dbda1 Used :mimetype: role in various docs. 2020-05-13 09:14:04 +02:00
Mariusz Felisiak 4c5236ef93 Removed versionadded/changed annotations for 3.0. 2020-05-13 09:07:51 +02:00
Mariusz Felisiak 54646a423b
Refs #27468 -- Made user sessions use SHA-256 algorithm. 2020-04-29 16:45:00 +02:00