Tim Graham
193c109327
Switched TestCase to SimpleTestCase where possible in Django's tests.
2018-11-27 08:58:44 -05:00
Mathew Payne
26bb2611a5
Fixed #29952 -- Lowercased all passwords in contrib.auth's auth/common-passwords.txt.gz.
2018-11-15 14:11:03 -05:00
Jon Dufresne
c82893cb8c
Refs #27795 -- Removed force_bytes() usage from django/utils/http.py.
...
django.utils.http.urlsafe_base64_encode() now returns a string, not a
bytestring. Since URLs are represented as strings,
urlsafe_base64_encode() should return a string. All uses immediately
decoded the bytestring to a string anyway.
As the inverse operation, urlsafe_base64_decode() accepts a string.
2018-10-10 14:38:22 -04:00
Tim Graham
a7284cc0c3
Fixed #29809 -- Fixed a crash when a "view only" user POSTs to the admin user change form.
2018-10-01 10:09:50 +02:00
Carlton Gibson
bf39978a53
Fixed CVE-2018-16984 -- Fixed password hash disclosure to admin "view only" users.
...
Thanks Claude Paroz & Tim Graham for collaborating on the patch.
2018-10-01 10:05:01 +02:00
Ramon Saraiva
2349cbd909
Fixed #29782 -- Added better error message when filtering queryset with AnonymousUser.
2018-09-26 15:36:19 -04:00
Jon Dufresne
82f286cf6f
Refs #29784 -- Switched to https:// links where available.
2018-09-26 08:48:47 +02:00
Alexey
8624459586
Added a test for password_changed() with a custom validator.
2018-09-25 11:58:05 -04:00
Josh Schneier
3daac76cfb
Simplified how createsuperuser tests generate passwords.
2018-08-18 16:26:13 -04:00
Alexander Todorov
53ebd4cb13
Fixed #29686 -- Made UserAdmin.user_change_password() pass user to has_change_permission().
2018-08-17 17:43:00 -04:00
Josh Schneier
8b43e9b1af
Fixed #29616 -- Fixed createsuperuser for user models that don't have a password field.
2018-08-05 14:26:03 -04:00
Josh Schneier
793e9bb35a
Fixed #29628 -- Made createsuperuser validate password against username and required fields.
2018-08-04 08:44:25 -04:00
Tim Graham
f3fa86a89b
Fixed #29449 -- Reverted "Fixed #28757 -- Allowed using contrib.auth forms without installing contrib.auth."
...
This reverts commit 3333d935d2
due to
a crash if USERNAME_FIELD isn't a CharField.
2018-07-02 18:39:26 -04:00
Tim Graham
5d98d53fab
Refs #27398 -- Simplified some tests with assertRedirects().
2018-06-20 14:08:56 -04:00
Jan Pieter Waagmeester
24959e48d9
Fixed #27398 -- Added an assertion to compare URLs, ignoring the order of their query strings.
2018-06-20 13:26:12 -04:00
Hasan Ramezani
6df3d36801
Added a missing test for createsuperuser management command.
2018-06-07 19:49:25 -04:00
Claude Paroz
bec651a427
Fixed #10827 -- Ensured ContentTypes are created before permission creation.
2018-06-03 22:19:04 -04:00
Dohyeon Kim
f1f4aeb22e
Fixed #28044 -- Unified the logic for createsuperuser's interactive and --noinput modes.
2018-05-29 08:41:32 -04:00
Hasan Ramezani
e0ff88be4f
Added test for createsuperuser's handling of KeyboardInterrupt.
2018-05-27 19:24:07 -04:00
Tim Graham
9792af3648
Increased the default PBKDF2 iterations for Django 2.2.
2018-05-17 11:05:45 -04:00
olivierdalang
825f0beda8
Fixed #8936 -- Added a view permission and a read-only admin.
...
Co-authored-by: Petr Dlouhy <petr.dlouhy@email.cz>
Co-authored-by: Olivier Dalang <olivier.dalang@gmail.com>
2018-05-16 06:44:55 -04:00
Tim Graham
cae0107287
Increased the default PBKDF2 iterations for Django 2.1.
2018-05-13 20:06:20 -04:00
Claude Paroz
607970f31c
Replaced django.test.utils.patch_logger() with assertLogs().
...
Thanks Tim Graham for the review.
2018-05-07 09:34:00 -04:00
Nick Pope
df90e462d9
Fixed #29212 -- Doc'd redirect loop if @permission_required used with redirect_authenticated_user.
2018-04-19 10:21:24 -04:00
Mads Jensen
9c651641f1
Added additional AdminPasswordChangeForm tests.
2018-04-04 11:25:28 -04:00
Malte Gerth
874977d388
Fixed #29270 -- Fixed UserChangeForm crash if password field is excluded.
2018-03-29 15:25:54 -04:00
Abeer Upadhyay
1bf4646f91
Fixed #29258 -- Added type checking for login()'s backend argument.
2018-03-28 10:10:18 -04:00
Tim Graham
a4f0e9aec7
Fixed #28718 -- Allowed user to request a password reset if their password doesn't use an enabled hasher.
...
Regression in aeb1389442
.
Reverted changes to is_password_usable() from
703c266682
and documentation changes from
92f48680db
.
2018-03-22 10:03:43 -04:00
Mariusz Felisiak
362813d628
Fixed hanging indentation in various code.
2018-03-16 10:54:34 +01:00
Mattia Procopio
aeb8c38178
Fixed #29206 -- Fixed PasswordResetConfirmView crash when the URL contains a non-UUID where one is expected.
2018-03-15 21:33:15 -04:00
Christophe Mehay
40bac28faa
Fixed #29176 -- Fixed AbstractBaseUser.normalize_username() crash if username isn't a string.
2018-03-02 11:32:53 -05:00
Tim Graham
5b589a47b9
Fixed #29161 -- Removed BCryptPasswordHasher from PASSWORD_HASHERS.
2018-02-26 09:05:18 -05:00
Mikhail Porokhovnichenko
14e34dcf8c
Fixed #29132 -- Avoided connecting update_last_login() handler if User.last_login isn't a field.
2018-02-21 10:36:31 -05:00
Dylan Verheul
9b1125bfc7
Fixed #28379 -- Made AccessMixin raise Permissiondenied for authenticated users.
2018-02-16 13:58:55 -05:00
Tim Graham
fa75b2cb51
Refs #27795 -- Removed force_bytes/text() usage in tests.
2018-02-07 14:20:04 -05:00
Tim Graham
af33fb250e
Fixed CVE-2018-6188 -- Fixed information leakage in AuthenticationForm.
...
Reverted 359370a8b8
(refs #28645 ).
This is a security fix.
2018-02-01 09:05:14 -05:00
shanghui
3333d935d2
Fixed #28757 -- Allowed using contrib.auth forms without installing contrib.auth.
...
Also fixed #28608 -- Allowed UserCreationForm and UserChangeForm to
work with custom user models.
Thanks Sagar Chalise and Rômulo Collopy for reports, and Tim Graham
and Tim Martin for reviews.
2018-01-05 14:47:37 -05:00
Дилян Палаузов
d7b2aa24f7
Fixed #28982 -- Simplified code with and/or.
2018-01-03 20:12:23 -05:00
Tim Graham
acc8dd4142
Fixed #28984 -- Made assorted code simplifications.
2018-01-03 13:24:02 -05:00
Alvin Lindstam
2cb6b7732d
Fixed #28902 -- Fixed password_validators_help_text_html() double escaping.
2018-01-02 19:51:06 -05:00
shanghui
359370a8b8
Fixed #28645 -- Reallowed AuthenticationForm to raise the inactive user error when using ModelBackend.
...
Regression in e0a3d93730
.
Thanks Guilherme Junqueira for the report and Tim Graham for the review.
2017-11-08 09:39:12 -05:00
Дилян Палаузов
6c0042430e
Fixed #28776 -- Fixed a/an/and typos in docs and comments.
2017-11-06 22:41:03 -05:00
Tom
b81905bfd4
Fixed #28571 -- Added a prompt to bypass password validation in createsuperuser.
2017-11-03 20:00:08 -04:00
Tim Graham
872be5976d
Improved technique for matching input prompts in contrib.auth management tests.
2017-11-03 20:00:08 -04:00
Jon Dufresne
6ed347d851
Fixed #28706 -- Moved AuthenticationFormn invalid login ValidationError to a method for reuse.
2017-10-23 09:10:45 -04:00
Lucas Connors
5ceaf14686
Fixed #27515 -- Made AuthenticationForm's username field use the max_length from the model field.
...
Thanks Ramin Farajpour Cami for the report.
2017-10-20 11:13:26 -04:00
Lucas Connors
d233391208
Refs #19130 -- Added a test for AuthenticationForm.username max_length.
...
This will be a more useful regression test after refs #27515 .
2017-10-20 11:10:32 -04:00
Yuri Kaszubowski Lopes
d98210c255
Fixed #28713 -- Prevented ModelBackend.get_all_permissions() from mutating get_user_permissions().
2017-10-14 20:47:49 -04:00
Hasan Ramezani
6aec130a4c
Fixed #28591 -- Added an error message for createsuperuser --username= (blank).
2017-10-09 21:49:35 -04:00
Mads Jensen
3e72f4b7b6
Completed test coverage for BasePasswordHasher.
2017-09-29 09:28:25 -04:00
Mads Jensen
776f6902d9
Moved BasePasswordHasher tests to its own test case.
2017-09-29 09:28:24 -04:00
Mads Jensen
d917c17a3b
Completed test coverage for AnonymousUser.
2017-09-28 13:11:23 -04:00
Mads Jensen
7fce4dc5ff
Moved AnonymousUser tests to its own test case.
2017-09-28 13:11:07 -04:00
Mads Jensen
4803834aaa
Added a test for PermWrapper.__iter__().
2017-09-26 19:42:50 -04:00
Tim Graham
67a6ba391b
Reverted "Fixed #28248 -- Fixed password reset tokens being valid for 1 day longer than PASSWORD_RESET_TIMEOUT_DAYS."
...
This reverts commit 95993a89ce
.
2017-09-25 09:05:00 -04:00
Tim Graham
5e31be1b96
Refs #25187 -- Required the authenticate() method of authentication backends to have request as the first positional argument.
...
Per deprecation timeline.
2017-09-22 12:51:18 -04:00
Tim Graham
6e40b70bf4
Refs #26929 -- Removed extra_context parameter of contrib.auth.views.logout_then_login().
...
Per deprecation timeline.
2017-09-22 12:51:17 -04:00
Tim Graham
4f313e284e
Refs #17209 -- Removed login/logout and password reset/change function-based views.
...
Per deprecation timeline.
2017-09-22 12:51:17 -04:00
Luoxzhg
ffbee67f8e
Fixed some comments referring to a nonexistent TestClient class.
2017-09-09 11:21:15 -04:00
ZachLiuGIS
2dacc2ccd9
Fixed #28550 -- Restored contrib.auth's login() and logout() views' respect of positional arguments.
...
Regression in 78963495d0
.
Forwardport of f8e0557b01
from stable/1.11.x
2017-09-03 12:06:44 -04:00
François Freitag
18dd9ba481
Fixed test in auth_tests modifying data from setUpTestData().
2017-09-01 21:43:41 -04:00
hui shang
c0f4c60edd
Fixed #28513 -- Added POST request support to LogoutView.
2017-08-24 09:11:16 -04:00
Mads Jensen
a51c4de194
Used assertRaisesMessage() to test Django's error messages.
2017-07-29 19:07:23 -04:00
Andrew Pinkham
a96b981d84
Fixed #28127 -- Allowed UserCreationForm's password validation to check all user fields.
2017-06-21 09:22:15 -04:00
Chandrakant Kumar
2b09e4c88e
Fixed #27787 -- Made call_command() validate the options it receives.
2017-06-16 21:28:38 -04:00
Mikhail Golubev
e7dc39fb65
Fixed #28229 -- Fixed the value of LoginView's "next" template variable.
2017-06-13 09:13:22 -04:00
Jon Dufresne
2c69824e5a
Refs #23968 -- Removed unnecessary lists, generators, and tuple calls.
2017-06-01 19:08:59 -04:00
Linus Lewandowski
eedc88bd4a
Fixed #26823 -- Prevented update_last_login signal receiver from crashing if User model doesn't have last_login field.
2017-05-29 17:31:18 -04:00
Nick Zaccardi
95993a89ce
Fixed #28248 -- Fixed password reset tokens being valid for 1 day longer than PASSWORD_RESET_TIMEOUT_DAYS.
2017-05-29 09:22:22 -04:00
jannh
c930c241f8
Fixed #28017 -- Allowed customizing PasswordResetTokenGenerator's secret.
2017-05-26 07:37:36 -04:00
Bruno Alla
6092ea8fa6
Refs #27804 -- Used subTest() in several tests.
2017-05-24 08:36:34 -04:00
Daniel Hahler
a3ba2662cd
Refs #28207 -- Fixed contrib.auth.authenticate() if 'backend' is in the credentials.
...
Regression in 3008f30f19
.
2017-05-22 12:24:38 -04:00
Tamas Szabo
3008f30f19
Fixed #28207 -- Fixed contrib.auth.authenticate() if multiple auth backends don't accept a request.
2017-05-15 07:48:15 -04:00
Sławek Ehlert
faaf62f616
Improved test coverage for createsuperuser command.
2017-05-12 10:29:56 -04:00
Josh Schneier
5df0ff4155
Fixed #28089 -- Removed requirement to implement get_short_name() and get_full_name() in AbstractBaseUser subclasses.
2017-05-06 17:05:42 -04:00
Tim Graham
dff559ff83
Fixed #28097 -- Fixed layout of ReadOnlyPasswordHashWidget.
2017-04-19 12:59:30 -04:00
Tim Graham
d4d79d0f20
Refs #27025 -- Fixed "invalid escape sequence" warning in auth_tests on Python 3.6.
2017-04-02 20:02:55 -04:00
Camilo Nova
5db465d5a6
Fixed #27891 -- Added PasswordResetConfirmView.post_reset_login_backend.
2017-03-07 19:52:26 -05:00
Tim Graham
72ff9d53e6
Factored out uid/user tokens in auth_tests urlpatterns.
2017-03-07 18:56:10 -05:00
Anton Samarchyan
7588d7e439
Improved test coverage for django.contrib.auth.
2017-03-01 17:29:50 -05:00
Tim Graham
c31e7ab5a4
Refs #25187 -- Fixed AuthBackend.authenticate() compatibility for signatures that accept a request kwarg.
2017-02-24 10:15:41 -05:00
Markus Holtermann
b9b35f9efa
Fixed #27840 -- Fixed KeyError in PasswordResetConfirmView.form_valid().
...
When a user is already logged in when submitting the password and
password confirmation to reset a password, a KeyError occurred while
removing the reset session token from the session.
Refs #17209
Thanks Quentin Marlats for the report and Florian Apolloner and Tim
Graham for the review.
2017-02-15 00:35:04 +01:00
Zoltan Gyarmati
41ba27fefd
Fixed #27815 -- Made LoginView pass the request kwarg to AuthenticationForm.
2017-02-07 08:54:21 -05:00
Claude Paroz
c651331b34
Converted usage of ugettext* functions to their gettext* aliases
...
Thanks Tim Graham for the review.
2017-02-07 09:04:04 +01:00
Tim Graham
29f607927f
Fixed spelling of "nonexistent".
2017-02-03 08:01:45 -05:00
Claude Paroz
fee42fd99e
Refs #23919 -- Replaced usage of django.utils.http utilities with Python equivalents
...
Thanks Tim Graham for the review.
2017-01-26 19:49:03 +01:00
Tim Graham
1c466994d9
Refs #23919 -- Removed misc Python 2/3 references.
2017-01-25 13:59:25 -05:00
chillaranand
d6eaf7c018
Refs #23919 -- Replaced super(ClassName, self) with super().
2017-01-25 12:23:46 -05:00
Claude Paroz
2366100872
Removed unneeded force_text calls in the test suite
2017-01-24 18:45:54 +01:00
Tim Graham
d170c63351
Refs #23919 -- Removed misc references to Python 2.
2017-01-21 20:02:00 -05:00
Tim Graham
7aba69145d
Refs #23919 -- Removed django.test.mock Python 2 compatibility shim.
2017-01-20 08:17:20 -05:00
Claude Paroz
042b7350a0
Refs #23919 -- Removed unneeded str() calls
2017-01-20 14:13:55 +01:00
Tim Graham
4e729feaa6
Refs #23919 -- Removed django.utils._os.upath()/npath()/abspathu() usage.
...
These functions do nothing on Python 3.
2017-01-20 08:01:02 -05:00
Tim Graham
109b33f64c
Refs #23919 -- Simplified assertRaisesRegex()'s that accounted for Python 2.
2017-01-20 08:49:47 +01:00
Claude Paroz
dc8834cad4
Refs #23919 -- Removed unneeded force_str calls
2017-01-20 08:44:31 +01:00
Simon Charette
9695b14982
Refs #23919 -- Removed str() conversion of type and method __name__.
2017-01-19 11:31:07 -05:00
Simon Charette
cecc079168
Refs #23919 -- Stopped inheriting from object to define new style classes.
2017-01-19 08:39:46 +01:00
Claude Paroz
2b281cc35e
Refs #23919 -- Removed most of remaining six usage
...
Thanks Tim Graham for the review.
2017-01-18 21:33:28 +01:00
Claude Paroz
7b2f2e74ad
Refs #23919 -- Removed six.<various>_types usage
...
Thanks Tim Graham and Simon Charette for the reviews.
2017-01-18 20:18:46 +01:00
Claude Paroz
c716fe8782
Refs #23919 -- Removed six.PY2/PY3 usage
...
Thanks Tim Graham for the review.
2017-01-18 16:21:28 +01:00
Claude Paroz
f3c43ad1fd
Refs #23919 -- Removed python_2_unicode_compatible decorator usage
2017-01-18 13:44:34 +01:00
Claude Paroz
d7b9aaa366
Refs #23919 -- Removed encoding preambles and future imports
2017-01-18 09:55:19 +01:00
Tim Graham
0bf3228eec
Increased the default PBKDF2 iterations for the 1.11 release cycle.
2017-01-17 20:52:05 -05:00
Tim Graham
d334f46b7a
Refs #26601 -- Removed support for old-style middleware using settings.MIDDLEWARE_CLASSES.
2017-01-17 20:52:04 -05:00
Tim Graham
eba093e8b0
Refs #25847 -- Removed support for User.is_(anonymous|authenticated) as methods.
...
Per deprecation timeline.
2017-01-17 20:52:03 -05:00
Romain Garrigues
ede59ef6f3
Fixed #27518 -- Prevented possibie password reset token leak via HTTP Referer header.
...
Thanks Florian Apolloner for contributing to this patch and
Collin Anderson, Markus Holtermann, and Tim Graham for review.
2017-01-13 09:17:54 -05:00
Tim Graham
3226536127
Split AuthTemplateTests into test methods.
2017-01-12 13:18:49 -05:00
Tim Graham
b5f0b3478d
Fixed #27579 -- Added aliases for Python 3's assertion names in SimpleTestCase.
2016-12-07 17:42:31 -05:00
Tim Graham
93a081946d
Normalized casing of "custom user model".
2016-11-23 15:14:28 -05:00
Florian Apolloner
51eaff6d35
Refs #17209 -- Fixed token verification for PasswordResetConfirmView POST requests.
2016-11-21 13:42:25 -05:00
Tim Graham
0d9ff873d9
Fixed #27467 -- Made UserAttributeSimilarityValidator max_similarity=0/1 work as documented.
...
Thanks goblinJoel for the report and feedback.
2016-11-16 17:40:37 -05:00
Ramin Farajpour Cami
967be82443
Fixed E305 flake8 warnings.
2016-11-14 12:30:46 -05:00
za
321e94fa41
Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings.
2016-11-10 21:30:21 -05:00
Tim Graham
20be1918e7
Simplified some auth_tests with assertRedirects().
2016-10-28 11:52:52 -04:00
Jon Dufresne
f3ea0c4bbd
Reverted "Fixed #26401 -- Added BaseAuthConfig to use auth without migrations."
...
This reverts commit 1ec1633cb2
as it
doesn't handle ContentType's auth.Permission dependency. Thus, it
doesn't allow auth without migrations.
2016-10-25 17:32:59 -07:00
levental
617e36dc1e
Fixed #20705 -- Allowed using PasswordResetForm with user models with an email field not named 'email'.
2016-09-27 11:59:00 -04:00
Berker Peksag
f7e91cac68
Fixed #27053 -- Documented contrib.auth.get_user().
2016-09-27 10:41:14 -04:00
Tim Graham
8119b679eb
Refs #27025 -- Fixed "invalid escape sequence" warnings in Python 3.6.
...
http://bugs.python.org/issue27364
2016-09-17 15:44:06 -04:00
Jibodeah
9459ec82aa
Fixed #26170 -- Made ModelAdmin views run transactions on the correct database.
...
Thanks juntatalor for the initial patch.
2016-09-14 16:06:39 -04:00
Gavin Wahl
f0f3de3c96
Fixed #23155 -- Added request argument to user_login_failed signal.
2016-09-12 20:30:34 -04:00
Aleksej Manaev
4b9330ccc0
Fixed #25187 -- Made request available in authentication backends.
2016-09-12 20:11:53 -04:00
Tim Graham
e07b18252b
Added a blank line per isort.
2016-09-12 20:03:31 -04:00
Jon Dufresne
1ec1633cb2
Fixed #26401 -- Added BaseAuthConfig to use auth without migrations.
2016-09-10 16:38:05 -07:00
Tim Graham
0368d63a78
Fixed indentation in previous commit.
2016-09-10 18:39:13 -04:00
Alexander Gaevsky
536db42cf0
Fixed #26097 -- Added password_validators_help_text_html to UserCreationForm.
2016-09-10 18:23:18 -04:00
Jon Dufresne
66e1ebbffc
Fixed #26956 -- Added success_url_allowed_hosts to LoginView and LogoutView.
...
Allows specifying additional hosts to redirect after login and log out.
2016-09-07 19:56:25 -07:00
Jon Dufresne
488b3d2b38
Fixed typo in auth management test.
2016-08-28 19:20:35 -07:00
Berker Peksag
3c18f8a3d2
Fixed #27111 -- Fixed KeyError if USERNAME_FIELD isn't in UserCreationForm.fields.
2016-08-24 13:20:12 -04:00
Przemysław Suliga
549b90fab3
Refs #26902 -- Protected against insecure redirects in Login/LogoutView.
2016-08-19 19:01:01 -04:00
Tim Graham
13857b45ca
Removed unused 'password' parameter in auth_tests.
2016-08-18 19:01:28 -04:00
Tim Graham
7549eb0004
Fixed #27009 -- Made update_session_auth_hash() rotate the session key.
2016-08-15 19:29:12 -04:00
Andrew Nester
4591cf3fd8
Fixed #26909 -- Allowed UserAttributeSimilarityValidator to validate against model properties.
2016-08-10 15:08:06 -04:00
jordij
0814566bf1
Fixed #26960 -- Added PasswordResetConfirmView option to automatically log in after a reset.
2016-08-10 10:23:16 -04:00
Olexander Yermakov
975a76a964
Fixed #26951 -- Allowed AuthenticationForm to work with a username of 0.
2016-08-10 09:44:48 -04:00
Sergey Yurchenko
4e64e3bb6e
Fixed #26997 -- Fixed checks crash with empty Meta.default_permissions.
2016-08-03 09:14:01 -04:00
Andrew Nester
0ba179194b
Fixed #26929 -- Deprecated extra_context parameter of contrib.auth.views.logout_then_login().
2016-07-28 11:57:02 -04:00
Tim Graham
412b4126d7
Removed a blank line per isort and a trailing whitespace.
2016-07-28 11:56:25 -04:00
Andrew Nester
dde6288fbe
Fixed #26882 -- Added tests for auth.views.logout_then_login().
2016-07-22 15:04:13 -04:00
Claude Paroz
255fb99284
Fixed #17209 -- Added password reset/change class-based views
...
Thanks Tim Graham for the review.
2016-07-16 10:36:12 +02:00
Bang Dao + Tam Huynh
09119dff14
Fixed #26719 -- Normalized email in AbstractUser.clean().
2016-06-24 10:37:38 -04:00
Claude Paroz
78963495d0
Refs #17209 -- Added LoginView and LogoutView class-based views
...
Thanks Tim Graham for the review.
2016-06-24 10:45:13 +02:00
Tim Graham
39805686b3
Refs #21379 , #26719 -- Moved username normalization to AbstractBaseUser.
...
Thanks Huynh Thanh Tam for the initial patch and Claude Paroz for review.
2016-06-21 16:19:37 -04:00
Jon Dufresne
4f336f6652
Fixed #26747 -- Used more specific assertions in the Django test suite.
2016-06-16 14:19:18 -04:00
Tim Graham
1915a7e5c5
Increased the default PBKDF2 iterations.
2016-05-20 09:19:19 -04:00
Simon Charette
7694e196ce
Moved the AUTH_USER_MODEL setting changed receiver.
...
Test suites besides Django's may need the same behavior.
2016-05-18 09:56:29 -04:00
Loïc Bistuer
4ff1e6ef58
Fixed running auth_tests in isolation after 3a47d42fa3
.
2016-05-18 06:38:42 -04:00
Tim Graham
ece4d24f8e
Refs #26601 -- Deprecated old-style middleware.
2016-05-17 07:22:26 -04:00
Florian Apolloner
9baf692a58
Fixed #26601 -- Improved middleware per DEP 0005.
...
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-05-17 07:22:22 -04:00
Loïc Bistuer
3a47d42fa3
Fixed #20932 , #25897 -- Streamlined manager inheritance.
2016-05-17 02:29:22 +07:00
Claude Paroz
9935f97cd2
Refs #21379 -- Normalized unicode username inputs
2016-05-16 19:38:02 +02:00
Claude Paroz
526575c641
Fixed #21379 -- Created auth-specific username validators
...
Thanks Tim Graham for the review.
2016-05-16 19:37:57 +02:00
Simon Charette
61a16e0270
Fixed #24075 -- Used post-migration models in contrib apps receivers.
...
Thanks Markus and Tim for the review.
2016-05-15 19:51:16 -04:00
Claude Paroz
b26fedacef
Fixed #26544 -- Delayed translations of SetPasswordForm help_texts
...
Thanks Michael Bitzi for the reporti and Tim Graham for the review.
2016-05-07 10:17:49 +02:00
Tim Graham
03efa304bc
Refs #25847 -- Added system check for UserModel.is_anonymous/is_authenticated methods.
2016-05-06 08:56:06 -04:00
Tim Graham
f945fb24a3
Fixed #26554 -- Updated docs URLs to readthedocs.io
2016-04-28 10:09:57 -04:00
Bas Westerbaan
a5033dbc58
Refs #26033 -- Added password hasher support for Argon2 v1.3.
...
The previous version of Argon2 uses encoded hashes of the form:
$argon2d$m=8,t=1,p=1$<salt>$<data>
The new version of Argon2 adds its version into the hash:
$argon2d$v=19$m=8,t=1,p=1$<salt>$<data>
This lets Django handle both version properly.
2016-04-25 21:17:53 -04:00
Jeremy Lainé
c1aec0feda
Fixed #25847 -- Made User.is_(anonymous|authenticated) properties.
2016-04-09 14:54:18 -04:00
Tim Graham
92053acbb9
Fixed E128 flake8 warnings in tests/.
2016-04-08 10:12:33 -04:00
Simon Charette
a872194802
Fixed #26470 -- Converted auth permission validation to system checks.
...
Thanks Tim for the review.
2016-04-06 22:40:43 -04:00
Simon Charette
fc34be896d
Extracted auth checks tests into their own module.
2016-04-06 22:40:43 -04:00
Alexander Gaevsky
e0a3d93730
Fixed #25232 -- Made ModelBackend/RemoteUserBackend reject inactive users.
2016-03-23 09:01:48 -04:00
Tim Graham
1243fdf5cb
Fixed #26395 -- Skipped the CryptPasswordHasher tests on platforms with a dummy crypt module.
2016-03-22 11:22:21 -04:00
Berker Peksag
efa9539787
Fixed #26381 -- Made UserCreationForm reusable with custom user models that define USERNAME_FIELD.
2016-03-21 12:32:42 -04:00
Vincenzo Pandolfo
d0fe6c9156
Fixed #26334 -- Removed whitespace stripping from contrib.auth password fields.
2016-03-14 20:20:24 -04:00
ieatkittens
ab8af342b1
Fixed #26343 -- Sent user_login_failed signal if an auth backend raises PermissionDenied.
2016-03-12 16:44:39 -05:00
Tim Graham
5ca045cd25
Moved createsuperuser test app into auth_tests.
2016-03-08 13:06:58 -05:00
Bas Westerbaan
b4250ea04a
Fixed #26033 -- Added Argon2 password hasher.
2016-03-08 11:22:18 -05:00
Jon Dufresne
4115288b4f
Fixed #26315 -- Allowed call_command() to accept a Command object as the first argument.
2016-03-05 13:05:10 -05:00
Jon Dufresne
8d3fcfa39e
Cleaned up tests to use call_command() instead of Command.execute().
2016-03-05 12:59:30 -05:00
Alasdair Nicol
8c42cf0cbd
Fixed #26303 -- Updated links to mod_wsgi docs.
2016-03-01 19:22:32 -05:00
Florian Apolloner
67b46ba701
Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login.
...
This is a security fix.
2016-03-01 11:25:28 -05:00
Jon Dufresne
eac1423f9e
Removed obsolete test CreatesuperuserManagementCommandTestCase.test_nolocale.
...
Test was added in 4c934f3921
to verify that
the commend works when locale.getdefaultlocale() doesn't return a locale.
getdefaultlocale() no longer runs at runtime, so the test isn't needed.
2016-02-29 08:46:37 -05:00
Olivier Le Thanh Duong
10781b4c6f
Fixed #12233 -- Allowed redirecting authenticated users away from the login view.
...
contrib.auth.views.login() has a new parameter `redirect_authenticated_user`
to automatically redirect authenticated users visiting the login page.
Thanks to dmathieu and Alex Buchanan for the original code and to Carl Meyer
for the help and review.
2016-02-25 07:18:33 -05:00
Tim Graham
c62807968d
Fixed a stray __unicode__() method in auth_tests.
2016-02-23 13:20:50 -05:00
Tim Graham
47b5a6a43c
Fixed #26187 -- Removed weak password hashers from PASSWORD_HASHERS.
2016-02-22 18:59:23 -05:00
Berker Peksag
f0425c7260
Refs #19353 -- Added tests for using custom user models with built-in auth forms.
...
Also updated topics/auth/customizing.txt to reflect that subclasses of
UserCreationForm and UserChangeForm can be used with custom user models.
Thanks Baptiste Mispelon for the initial documentation.
2016-02-17 10:26:07 -05:00
Jon Dufresne
fcd08c1757
Fixed #11665 -- Made TestCase check deferrable constraints after each test.
2016-02-13 06:53:39 -05:00
Tim Graham
004ba0f99e
Removed unneeded hint=None/obj=None in system check messages.
2016-02-12 13:01:25 -05:00
Tim Graham
015fad9060
Fixed #26175 -- Removed SHA1 password hashes in tests.
2016-02-06 08:47:21 -05:00
Simon Charette
6eb3ce11e4
Fixed #26089 -- Removed custom user test models from public API.
...
Thanks to Tim Graham for the review.
2016-02-04 12:30:34 -05:00
Hugo Osvaldo Barrera
dcee1dfc79
Fixed #12405 -- Added LOGOUT_REDIRECT_URL setting.
...
After a user logs out via auth.views.logout(), they're redirected
to LOGOUT_REDIRECT_URL if no `next_page` argument is provided.
2016-02-04 10:35:37 -05:00
Hasan
26ad01719d
Refs #26022 -- Replaced six.assertRaisesRegex with assertRaisesMessage as appropriate.
2016-01-29 13:37:33 -05:00
Hasan
253adc2b8a
Refs #26022 -- Used context manager version of assertRaisesMessage in tests.
2016-01-29 13:03:39 -05:00
Hasan
3d0dcd7f5a
Refs #26022 -- Used context manager version of assertRaises in tests.
2016-01-29 12:32:18 -05:00
Claude Paroz
cf7894be88
Fixed #21113 -- Made LogEntry.change_message language independent
...
Thanks Tim Graham for the review.
2016-01-08 20:34:59 +01:00
Paulo Poiati
b643386668
Fixed #24855 -- Allowed using contrib.auth.login() without credentials.
...
Added an optional `backend` argument to login().
2016-01-07 08:56:07 -05:00
Simon Charette
a08fda2111
Fixed #25746 -- Isolated inlined test models registration.
...
Thanks to Tim for the review.
2016-01-06 20:00:07 -05:00
Simon Charette
3096f4b082
Imported required models directly in auth management tests.
2016-01-06 20:00:07 -05:00
Marten Kenbeek
16411b8400
Fixed #26013 -- Moved django.core.urlresolvers to django.urls.
...
Thanks to Tim Graham for the review.
2015-12-31 14:21:29 -05:00
Josh Soref
93452a70e8
Fixed many spelling mistakes in code, comments, and docs.
2015-12-03 12:48:24 -05:00
Tim Graham
9350616211
Removed explicit User ids in tests.
2015-11-24 09:59:20 -05:00
Tim Graham
590b8c1c57
Removed unnecessary app_label='auth' on auth_tests models.
...
This is a relic of when the tests were stored in contrib.auth.tests.
2015-10-27 08:19:45 -04:00
Tim Graham
5acf203db2
Fixed #25596 -- Fixed regression in password change view with custom user model.
...
The reverse() added in 50aa1a790c
crashed on a custom user model.
2015-10-27 08:18:22 -04:00
Kaleb Elwert
adcf823359
Fixed #25490 -- Made the logout() view send "no-cache" headers.
2015-10-02 12:29:54 -04:00
Antoine Catton
53ccffdb8c
Refs #16860 -- Fixed password help text when there aren't any validators.
...
This avoids creating an empty list which is invalid HTML 4.
2015-09-28 15:30:16 -04:00
Tzu-ping Chung
7372cdebed
Fixed #25457 -- Improved formatting of password validation errors in management command output.
2015-09-24 19:45:19 -04:00
Tim Graham
593c9eb660
Increased the default PBKDF2 iterations for the 1.10 release cycle.
2015-09-23 19:31:11 -04:00
Tim Graham
849037af36
Refs #23957 -- Required session verification per deprecation timeline.
2015-09-23 19:31:10 -04:00
Tim Graham
f1761e3fef
Refs #21648 -- Removed is_admin_site option from password_reset() view.
...
Per deprecation timeline.
2015-09-23 19:31:10 -04:00
Claude Paroz
8dc3ba5ceb
Removed obsolete supports_* auth backend attributes in tests
2015-09-20 12:16:28 +02:00