Commit Graph

298 Commits

Author SHA1 Message Date
Nick Pope df90e462d9 Fixed #29212 -- Doc'd redirect loop if @permission_required used with redirect_authenticated_user. 2018-04-19 10:21:24 -04:00
Brett Cannon 64b74804c5 Fixed #29334 -- Updated pypi.python.org URLs to pypi.org. 2018-04-17 20:24:27 -04:00
GS-14 93331877c8 Fixed #29274 -- Increased the number of common passwords from 1k to 20k. 2018-04-16 11:01:47 -04:00
Tim Graham a4f0e9aec7 Fixed #28718 -- Allowed user to request a password reset if their password doesn't use an enabled hasher.
Regression in aeb1389442.
Reverted changes to is_password_usable() from
703c266682 and documentation changes from
92f48680db.
2018-03-22 10:03:43 -04:00
Tim Graham 5b589a47b9
Fixed #29161 -- Removed BCryptPasswordHasher from PASSWORD_HASHERS. 2018-02-26 09:05:18 -05:00
Dylan Verheul 9b1125bfc7 Fixed #28379 -- Made AccessMixin raise Permissiondenied for authenticated users. 2018-02-16 13:58:55 -05:00
Jon Dufresne ff05de760c Fixed #29038 -- Removed closing slash from HTML void tags. 2018-01-21 02:09:10 -05:00
Karmen 4fcd28d442 Fixed #28881 -- Doc'd that CommonPasswordValidator's password list must be lowercase. 2018-01-15 10:16:27 -05:00
shanghui 3333d935d2 Fixed #28757 -- Allowed using contrib.auth forms without installing contrib.auth.
Also fixed #28608 -- Allowed UserCreationForm and UserChangeForm to
work with custom user models.

Thanks Sagar Chalise and Rômulo Collopy for reports, and Tim Graham
and Tim Martin for reviews.
2018-01-05 14:47:37 -05:00
Mariusz Felisiak 83a36ac49a
Removed unnecessary trailing commas and spaces in various code. 2017-12-28 21:07:29 +01:00
Tim Graham 4114b441ee
Fixed #28886 -- Updated prefix for example django.contrib.auth.urls URLs. 2017-12-06 09:23:42 -05:00
Tim Graham d392fc293c Fixed #28802 -- Fixed typo in docs/topics/auth/default.txt. 2017-11-16 10:37:50 -05:00
Botond Beres 51d7feff87 Fixed #28131 -- Corrected examples of using attribute lookups on the "perms" template variable. 2017-10-28 12:15:07 -04:00
Tim Graham 3642c3758b Suggested LoginView rather than @login_required as an alternative to authenticate(). 2017-10-25 11:17:17 -04:00
Tim Graham 5446b72003 Removed versionadded/changed annotations for 1.11. 2017-09-22 12:51:18 -04:00
Tim Graham 5e31be1b96 Refs #25187 -- Required the authenticate() method of authentication backends to have request as the first positional argument.
Per deprecation timeline.
2017-09-22 12:51:18 -04:00
Tim Graham 6e40b70bf4 Refs #26929 -- Removed extra_context parameter of contrib.auth.views.logout_then_login().
Per deprecation timeline.
2017-09-22 12:51:17 -04:00
Tim Graham 4f313e284e Refs #17209 -- Removed login/logout and password reset/change function-based views.
Per deprecation timeline.
2017-09-22 12:51:17 -04:00
Sjoerd Job Postmus df41b5a05d Fixed #28593 -- Added a simplified URL routing syntax per DEP 0201.
Thanks Aymeric Augustin for shepherding the DEP and patch review.
Thanks Marten Kenbeek and Tim Graham for contributing to the code.
Thanks Tom Christie, Shai Berger, and Tim Graham for the docs.
2017-09-20 18:04:42 -04:00
Mariusz Felisiak 081e787160 Refs #23919 -- Stopped inheriting from object to define new style classes.
Tests and docs complement to cecc079168.
2017-06-26 10:30:31 -04:00
Josh Schneier 5df0ff4155 Fixed #28089 -- Removed requirement to implement get_short_name() and get_full_name() in AbstractBaseUser subclasses. 2017-05-06 17:05:42 -04:00
shinriyo d510971088 Fixed typo in docs/topics/auth/default.txt. 2017-04-29 06:56:28 -04:00
Nauman Tariq 6684af1e43 Added content_type filtering in Permission querying example. 2017-04-26 13:28:06 -04:00
David D Lowe 9269dec05e Fixed #27911 -- Doc'd how to register custom User with admin. 2017-03-08 12:14:58 -05:00
Camilo Nova 5db465d5a6 Fixed #27891 -- Added PasswordResetConfirmView.post_reset_login_backend. 2017-03-07 19:52:26 -05:00
Claude Paroz c651331b34 Converted usage of ugettext* functions to their gettext* aliases
Thanks Tim Graham for the review.
2017-02-07 09:04:04 +01:00
chillaranand dc165ec8e5 Refs #23919 -- Replaced super(ClassName, self) with super() in docs. 2017-01-25 11:53:05 -05:00
Tim Graham f6acd1d271 Refs #23919 -- Removed Python 2 notes in docs. 2017-01-18 11:51:29 -05:00
Tim Graham e27e4c0339 Removed versionadded/changed annotations for 1.10. 2017-01-17 20:52:05 -05:00
Tim Graham 401c5b2e42 Refs #23957 -- Removed the useless SessionAuthenticationMiddleware. 2017-01-17 20:52:05 -05:00
Tim Graham eba093e8b0 Refs #25847 -- Removed support for User.is_(anonymous|authenticated) as methods.
Per deprecation timeline.
2017-01-17 20:52:03 -05:00
Tim Graham 9f9a3d643e Refs #24126 -- Removed auth views' current_app parameter per deprecation timeline. 2017-01-17 20:52:00 -05:00
Tim Graham 432b25ace0 Removed nonexistent LogoutView context from docs. 2016-12-31 07:57:39 -05:00
Tim Graham d7e6b8febd Fixed typo in docs/topics/auth/customizing.txt. 2016-11-28 16:39:54 -05:00
Aymeric Augustin cb7bbf97a7
Fixed #25966 -- Made get_user_model() work at import time.
This makes it equivalent to: `from django.contrib.auth.models import User`.

Thanks Aymeric Augustin for the initial patch and Tim Graham for the
review.
2016-11-25 14:15:49 +01:00
Alex Scott da4c0e8cc9 Fixed typo in docs/topics/auth/customizing.txt. 2016-11-24 05:41:21 -05:00
Tim Graham 93a081946d Normalized casing of "custom user model". 2016-11-23 15:14:28 -05:00
Krzysztof Gogolewski d02a03d574 Fixed #24370 -- Recommended starting with a custom user model. 2016-11-23 14:43:17 -05:00
Tim Graham 0d9ff873d9 Fixed #27467 -- Made UserAttributeSimilarityValidator max_similarity=0/1 work as documented.
Thanks goblinJoel for the report and feedback.
2016-11-16 17:40:37 -05:00
Jon Dufresne f3ea0c4bbd Reverted "Fixed #26401 -- Added BaseAuthConfig to use auth without migrations."
This reverts commit 1ec1633cb2 as it
doesn't handle ContentType's auth.Permission dependency. Thus, it
doesn't allow auth without migrations.
2016-10-25 17:32:59 -07:00
Markus Holtermann b5fc192b99 Fixed #27352 -- Doc'd social media fingerprinting consideration with login's redirect_authenticated_user. 2016-10-18 11:37:56 -04:00
Tim Graham e262f00231 Fixed #27292 -- Removed unnecessary password assignment in auth backend example. 2016-10-04 14:02:06 -04:00
Lewis Cowles 1d25eb9688 Fixed #27294 -- Documented UserCreationForm's fields. 2016-09-30 13:56:53 -04:00
levental 617e36dc1e Fixed #20705 -- Allowed using PasswordResetForm with user models with an email field not named 'email'. 2016-09-27 11:59:00 -04:00
Berker Peksag 0a6ed6b1d9 Simplified has_perm() example in topics/auth/customizing.txt. 2016-09-23 15:28:32 -04:00
aruseni cdde2eac5b Fixed a typo in docs/topics/auth/default.txt. 2016-09-17 20:09:15 -04:00
Aleksej Manaev 4b9330ccc0 Fixed #25187 -- Made request available in authentication backends. 2016-09-12 20:11:53 -04:00
Jon Dufresne 1ec1633cb2 Fixed #26401 -- Added BaseAuthConfig to use auth without migrations. 2016-09-10 16:38:05 -07:00
Jon Dufresne 66e1ebbffc Fixed #26956 -- Added success_url_allowed_hosts to LoginView and LogoutView.
Allows specifying additional hosts to redirect after login and log out.
2016-09-07 19:56:25 -07:00
Tim Graham 9f27735612 Fixed #27013 -- Clarified commands to install argon2/bcrypt packages. 2016-08-19 19:23:12 -04:00
Tim Graham 7549eb0004 Fixed #27009 -- Made update_session_auth_hash() rotate the session key. 2016-08-15 19:29:12 -04:00
Tim Graham 4c2a6fe75b Clarified session verification with respect to the current session. 2016-08-11 12:08:50 -04:00
an0o0nym c412aaca73 Fixed #26957 -- Corrected authenticate() docs regarding User.is_active. 2016-08-10 19:52:01 -04:00
Tim Graham 796cc62026 Fixed #27045 -- Documented that AUTH_PASSWORD_VALIDATORS aren't applied at the model level. 2016-08-10 15:52:16 -04:00
jordij 0814566bf1 Fixed #26960 -- Added PasswordResetConfirmView option to automatically log in after a reset. 2016-08-10 10:23:16 -04:00
Andrew Nester 0ba179194b Fixed #26929 -- Deprecated extra_context parameter of contrib.auth.views.logout_then_login(). 2016-07-28 11:57:02 -04:00
Tim Graham 412b4126d7 Removed a blank line per isort and a trailing whitespace. 2016-07-28 11:56:25 -04:00
Claude Paroz 255fb99284 Fixed #17209 -- Added password reset/change class-based views
Thanks Tim Graham for the review.
2016-07-16 10:36:12 +02:00
Jiang Haiyun 6d61ec0e1a Fixed a typo in auth docs. 2016-07-04 11:02:11 -04:00
Ramiro Morales c962b9104a Added missing trailing '$' to url() patterns in docs. 2016-06-27 09:18:44 -04:00
Bang Dao + Tam Huynh 09119dff14 Fixed #26719 -- Normalized email in AbstractUser.clean(). 2016-06-24 10:37:38 -04:00
Claude Paroz 78963495d0 Refs #17209 -- Added LoginView and LogoutView class-based views
Thanks Tim Graham for the review.
2016-06-24 10:45:13 +02:00
Tim Graham 39805686b3 Refs #21379, #26719 -- Moved username normalization to AbstractBaseUser.
Thanks Huynh Thanh Tam for the initial patch and Claude Paroz for review.
2016-06-21 16:19:37 -04:00
Ville Skyttä 96f97691ad Fixed broken links in docs and comments. 2016-06-15 21:20:23 -04:00
Ed Henderson 4a4d7f980e Fixed #26021 -- Applied hanging indentation to docs. 2016-06-03 11:44:34 -04:00
Bas Westerbaan 9407cc966b Fixed #26635 -- Clarified Argon2PasswordHasher's memory_cost differs from command line utility. 2016-05-27 18:37:12 -04:00
Tim Graham 46a38307c2 Removed versionadded/changed annotations for 1.9. 2016-05-20 11:44:29 -04:00
Florian Apolloner 9baf692a58 Fixed #26601 -- Improved middleware per DEP 0005.
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-05-17 07:22:22 -04:00
Claude Paroz 9935f97cd2 Refs #21379 -- Normalized unicode username inputs 2016-05-16 19:38:02 +02:00
Tim Graham 5238af3257 Used 'classmethod' annotation in docs/topics/auth/customizing.txt 2016-05-14 18:58:09 -04:00
Tim Graham 2c4c67af94 Fixed #26514 -- Documented that User.refresh_from_db() doesn't clear the permission cache. 2016-04-18 09:02:56 -04:00
Jeremy Lainé c1aec0feda Fixed #25847 -- Made User.is_(anonymous|authenticated) properties. 2016-04-09 14:54:18 -04:00
Alexander Gaevsky e0a3d93730 Fixed #25232 -- Made ModelBackend/RemoteUserBackend reject inactive users. 2016-03-23 09:01:48 -04:00
Tim Graham c41737dc00 Fixed #26392 -- Corrected login_required/permission_required stacking example. 2016-03-21 19:56:15 -04:00
Bas Westerbaan b4250ea04a Fixed #26033 -- Added Argon2 password hasher. 2016-03-08 11:22:18 -05:00
Florian Apolloner 67b46ba701 Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login.
This is a security fix.
2016-03-01 11:25:28 -05:00
Olivier Le Thanh Duong 10781b4c6f Fixed #12233 -- Allowed redirecting authenticated users away from the login view.
contrib.auth.views.login() has a new parameter `redirect_authenticated_user`
to automatically redirect authenticated users visiting the login page.

Thanks to dmathieu and Alex Buchanan for the original code and to Carl Meyer
for the help and review.
2016-02-25 07:18:33 -05:00
Tim Graham 441c537b66 Fixed a function signature in docs/topics/auth/default.txt. 2016-02-24 16:24:33 -05:00
Tim Graham 47b5a6a43c Fixed #26187 -- Removed weak password hashers from PASSWORD_HASHERS. 2016-02-22 18:59:23 -05:00
Markus Holtermann b14470c7b7 Fixed spelling error 2016-02-23 10:24:38 +11:00
Tim Graham 5a541e2e6c Fixed #26188 -- Documented how to wrap password hashers. 2016-02-22 17:21:45 -05:00
Daniel Quinn de7edc005f Fixed import location of check_password() in docs. 2016-02-22 12:42:47 -05:00
Berker Peksag f0425c7260 Refs #19353 -- Added tests for using custom user models with built-in auth forms.
Also updated topics/auth/customizing.txt to reflect that subclasses of
UserCreationForm and UserChangeForm can be used with custom user models.

Thanks Baptiste Mispelon for the initial documentation.
2016-02-17 10:26:07 -05:00
Hugo Osvaldo Barrera dcee1dfc79 Fixed #12405 -- Added LOGOUT_REDIRECT_URL setting.
After a user logs out via auth.views.logout(), they're redirected
to LOGOUT_REDIRECT_URL if no `next_page` argument is provided.
2016-02-04 10:35:37 -05:00
Tim Graham 1e9150443e Refs #26089 -- Removed obsolete docs about custom user model testing. 2016-02-02 08:12:08 -05:00
Tim Graham 8ce8beb3f2 Unified some doc links to OneToOneField and ManyToManyField. 2016-02-01 11:02:26 -05:00
rowanv a6ef025dfb Fixed #26124 -- Added missing code formatting to docs headers. 2016-02-01 10:42:05 -05:00
Tim Graham e519aab43a Fixed #23868 -- Added support for non-unique django-admin-options in docs.
Also documented missing short command line options to fix #24134. This bumps
the minimum sphinx version required to build the docs to 1.3.4.

Thanks Simon Charette for review.
2016-01-14 18:21:33 -05:00
Paulo Poiati b643386668 Fixed #24855 -- Allowed using contrib.auth.login() without credentials.
Added an optional `backend` argument to login().
2016-01-07 08:56:07 -05:00
Gavin Wahl ec708803f7 Fixed user_passes_test() signature in docs. 2015-12-08 15:56:10 -05:00
Tim Graham 166e0490d3 Fixed #25895 -- Used a consistent style for UserAdmin overrides.
Thanks Justin Abrahms for the report.
2015-12-08 14:40:55 -05:00
Florian Apolloner 105028eec6 Removed deprecated usage of url tag from auth docs. 2015-12-05 19:21:30 +01:00
Josh Soref 93452a70e8 Fixed many spelling mistakes in code, comments, and docs. 2015-12-03 12:48:24 -05:00
Eliezer Kanal d3b488f5bd Updated link to 1000 common passwords.
xato.net is dead; replaced with link to archive.org.
2015-12-02 12:57:02 -05:00
Agnieszka Lasyk 1f8dad6915 Fixed #25755 -- Unified spelling of "website". 2015-11-16 06:44:14 -05:00
Anderson Resende ce4914eab4 Fixed #25744 -- Corrected reference to User object in auth docs. 2015-11-12 19:22:30 -05:00
Bryan Marty 9788625277 Fixed #25169 -- Documented stacking of permission_required and login_required. 2015-11-12 14:23:59 -05:00
japrogramer a10cbbbc17 Fixed typo in docs/topics/auth/default.txt. 2015-11-03 08:56:23 +00:00
Tim Graham 9c5e272860 Fixed #25550 -- Deprecated direct assignment to the reverse side of a related set. 2015-10-27 07:57:15 -04:00
Tim Graham c14b6b52ff Documented auth's login/logout function parameters. 2015-09-28 14:11:54 -04:00