Tim Graham
a4f0e9aec7
Fixed #28718 -- Allowed user to request a password reset if their password doesn't use an enabled hasher.
...
Regression in aeb1389442
.
Reverted changes to is_password_usable() from
703c266682
and documentation changes from
92f48680db
.
2018-03-22 10:03:43 -04:00
Tim Graham
5b589a47b9
Fixed #29161 -- Removed BCryptPasswordHasher from PASSWORD_HASHERS.
2018-02-26 09:05:18 -05:00
Karmen
4fcd28d442
Fixed #28881 -- Doc'd that CommonPasswordValidator's password list must be lowercase.
2018-01-15 10:16:27 -05:00
Mariusz Felisiak
081e787160
Refs #23919 -- Stopped inheriting from object to define new style classes.
...
Tests and docs complement to cecc079168
.
2017-06-26 10:30:31 -04:00
Claude Paroz
c651331b34
Converted usage of ugettext* functions to their gettext* aliases
...
Thanks Tim Graham for the review.
2017-02-07 09:04:04 +01:00
chillaranand
dc165ec8e5
Refs #23919 -- Replaced super(ClassName, self) with super() in docs.
2017-01-25 11:53:05 -05:00
Tim Graham
e27e4c0339
Removed versionadded/changed annotations for 1.10.
2017-01-17 20:52:05 -05:00
Tim Graham
0d9ff873d9
Fixed #27467 -- Made UserAttributeSimilarityValidator max_similarity=0/1 work as documented.
...
Thanks goblinJoel for the report and feedback.
2016-11-16 17:40:37 -05:00
Tim Graham
9f27735612
Fixed #27013 -- Clarified commands to install argon2/bcrypt packages.
2016-08-19 19:23:12 -04:00
Tim Graham
796cc62026
Fixed #27045 -- Documented that AUTH_PASSWORD_VALIDATORS aren't applied at the model level.
2016-08-10 15:52:16 -04:00
Jiang Haiyun
6d61ec0e1a
Fixed a typo in auth docs.
2016-07-04 11:02:11 -04:00
Ville Skyttä
96f97691ad
Fixed broken links in docs and comments.
2016-06-15 21:20:23 -04:00
Bas Westerbaan
9407cc966b
Fixed #26635 -- Clarified Argon2PasswordHasher's memory_cost differs from command line utility.
2016-05-27 18:37:12 -04:00
Tim Graham
46a38307c2
Removed versionadded/changed annotations for 1.9.
2016-05-20 11:44:29 -04:00
Bas Westerbaan
b4250ea04a
Fixed #26033 -- Added Argon2 password hasher.
2016-03-08 11:22:18 -05:00
Florian Apolloner
67b46ba701
Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login.
...
This is a security fix.
2016-03-01 11:25:28 -05:00
Tim Graham
47b5a6a43c
Fixed #26187 -- Removed weak password hashers from PASSWORD_HASHERS.
2016-02-22 18:59:23 -05:00
Markus Holtermann
b14470c7b7
Fixed spelling error
2016-02-23 10:24:38 +11:00
Tim Graham
5a541e2e6c
Fixed #26188 -- Documented how to wrap password hashers.
2016-02-22 17:21:45 -05:00
rowanv
a6ef025dfb
Fixed #26124 -- Added missing code formatting to docs headers.
2016-02-01 10:42:05 -05:00
Eliezer Kanal
d3b488f5bd
Updated link to 1000 common passwords.
...
xato.net is dead; replaced with link to archive.org.
2015-12-02 12:57:02 -05:00
Tim Graham
cb1e779ceb
Refs #24115 -- Added docs for password updates on bcrypt rounds change.
2015-09-22 19:30:31 -04:00
Claude Paroz
64982cc2fb
Updated Wikipedia links to use https
2015-08-08 12:02:32 +02:00
Tim Graham
f5e9d67907
Refs #16860 -- Moved password_changed() logic to AbstractBaseUser.
...
Thanks Carl Meyer for review.
2015-07-20 13:44:26 -04:00
Tim Graham
55b3bd8468
Refs #16860 -- Minor edits and fixes to password validation.
2015-06-10 07:41:01 -04:00
Erik Romijn
1daae25bdc
Fixed #16860 -- Added password validation to django.contrib.auth.
2015-06-07 19:31:20 +02:00
Sam Thursfield
1119063c69
Fixed #24556 -- Added reminder about HTTPS to passwords docs.
2015-04-03 10:55:11 -04:00
darkryder
9ec8aa5e5d
Fixed #24149 -- Normalized tuple settings to lists.
2015-02-03 14:59:45 -05:00
Ilya Baryshev
ed7c4df1ee
Fixed documentation of make_password kwargs.
2014-10-27 06:36:55 -04:00
Alex Gaynor
0e27882b3a
Stray paren
2014-04-17 11:29:07 -07:00
Alex Gaynor
464b98b1fe
Include an 'extra_requires' for bcrypt
2014-04-17 11:28:09 -07:00
Tim Graham
51c8045145
Removed versionadded/changed annotations for 1.6.
2014-03-24 11:42:56 -04:00
Tim Graham
7f2505ad9e
Fixed doc typos.
2014-02-28 11:44:03 -05:00
Tim Graham
28b70425af
Added docs for the hasher's iteration count changes.
2013-10-21 20:32:02 +02:00
Erik Romijn
2c4fe761a0
Fixed #20593 -- Allow blank passwords in check_password() and set_password()
2013-06-18 13:32:54 -04:00
Donald Stufft
8f0a4665d6
Recommend using the bcrypt library instead of py-bcrypt
...
* py-bcrypt has not been updated in some time
* py-bcrypt does not support Python3
* py3k-bcrypt, a port of py-bcrypt to python3 is not compatible
with Django
* bcrypt is supported on all versions of Python that Django
supports
2013-05-13 23:49:00 -04:00
Donald Stufft
f2a0be6151
Fix a missing " character in the password documentation
2013-03-26 15:26:20 -04:00
Donald Stufft
25f2acfed0
Fixed #20138 -- Added BCryptSHA256PasswordHasher
...
BCryptSHA256PasswordHasher pre-hashes the users password using
SHA256 to prevent the 72 byte truncation inherient in the BCrypt
algorithm.
2013-03-26 13:26:57 -04:00
Tim Graham
93cffc3b37
Added missing markup to docs.
2013-03-22 13:50:07 -04:00
Preston Holmes
c8eff0dbcb
Fixed #19562 -- cleaned up password storage docs
2013-01-04 18:02:10 -08:00
Tim Graham
9b5f64cc6e
Fixed #19516 - Fixed remaining broken links.
...
Added -n to sphinx builds to catch issues going forward.
2013-01-02 18:32:57 -05:00
Aymeric Augustin
7ee7599ab3
Removed versionadded/changed annotations dating back to 1.4.
2012-12-29 21:59:08 +01:00
Preston Holmes
11ded967c4
Fixed #19498 -- refactored auth documentation
...
The auth doc was a single page which had grown unwieldy.
This refactor split and grouped the content into sub-topics.
Additional corrections and cleanups were made along the way.
2012-12-28 11:06:12 -08:00