Commit Graph

225 Commits

Author SHA1 Message Date
Tim Graham c41737dc00 Fixed #26392 -- Corrected login_required/permission_required stacking example. 2016-03-21 19:56:15 -04:00
Bas Westerbaan b4250ea04a Fixed #26033 -- Added Argon2 password hasher. 2016-03-08 11:22:18 -05:00
Florian Apolloner 67b46ba701 Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login.
This is a security fix.
2016-03-01 11:25:28 -05:00
Olivier Le Thanh Duong 10781b4c6f Fixed #12233 -- Allowed redirecting authenticated users away from the login view.
contrib.auth.views.login() has a new parameter `redirect_authenticated_user`
to automatically redirect authenticated users visiting the login page.

Thanks to dmathieu and Alex Buchanan for the original code and to Carl Meyer
for the help and review.
2016-02-25 07:18:33 -05:00
Tim Graham 441c537b66 Fixed a function signature in docs/topics/auth/default.txt. 2016-02-24 16:24:33 -05:00
Tim Graham 47b5a6a43c Fixed #26187 -- Removed weak password hashers from PASSWORD_HASHERS. 2016-02-22 18:59:23 -05:00
Markus Holtermann b14470c7b7 Fixed spelling error 2016-02-23 10:24:38 +11:00
Tim Graham 5a541e2e6c Fixed #26188 -- Documented how to wrap password hashers. 2016-02-22 17:21:45 -05:00
Daniel Quinn de7edc005f Fixed import location of check_password() in docs. 2016-02-22 12:42:47 -05:00
Berker Peksag f0425c7260 Refs #19353 -- Added tests for using custom user models with built-in auth forms.
Also updated topics/auth/customizing.txt to reflect that subclasses of
UserCreationForm and UserChangeForm can be used with custom user models.

Thanks Baptiste Mispelon for the initial documentation.
2016-02-17 10:26:07 -05:00
Hugo Osvaldo Barrera dcee1dfc79 Fixed #12405 -- Added LOGOUT_REDIRECT_URL setting.
After a user logs out via auth.views.logout(), they're redirected
to LOGOUT_REDIRECT_URL if no `next_page` argument is provided.
2016-02-04 10:35:37 -05:00
Tim Graham 1e9150443e Refs #26089 -- Removed obsolete docs about custom user model testing. 2016-02-02 08:12:08 -05:00
Tim Graham 8ce8beb3f2 Unified some doc links to OneToOneField and ManyToManyField. 2016-02-01 11:02:26 -05:00
rowanv a6ef025dfb Fixed #26124 -- Added missing code formatting to docs headers. 2016-02-01 10:42:05 -05:00
Tim Graham e519aab43a Fixed #23868 -- Added support for non-unique django-admin-options in docs.
Also documented missing short command line options to fix #24134. This bumps
the minimum sphinx version required to build the docs to 1.3.4.

Thanks Simon Charette for review.
2016-01-14 18:21:33 -05:00
Paulo Poiati b643386668 Fixed #24855 -- Allowed using contrib.auth.login() without credentials.
Added an optional `backend` argument to login().
2016-01-07 08:56:07 -05:00
Gavin Wahl ec708803f7 Fixed user_passes_test() signature in docs. 2015-12-08 15:56:10 -05:00
Tim Graham 166e0490d3 Fixed #25895 -- Used a consistent style for UserAdmin overrides.
Thanks Justin Abrahms for the report.
2015-12-08 14:40:55 -05:00
Florian Apolloner 105028eec6 Removed deprecated usage of url tag from auth docs. 2015-12-05 19:21:30 +01:00
Josh Soref 93452a70e8 Fixed many spelling mistakes in code, comments, and docs. 2015-12-03 12:48:24 -05:00
Eliezer Kanal d3b488f5bd Updated link to 1000 common passwords.
xato.net is dead; replaced with link to archive.org.
2015-12-02 12:57:02 -05:00
Agnieszka Lasyk 1f8dad6915 Fixed #25755 -- Unified spelling of "website". 2015-11-16 06:44:14 -05:00
Anderson Resende ce4914eab4 Fixed #25744 -- Corrected reference to User object in auth docs. 2015-11-12 19:22:30 -05:00
Bryan Marty 9788625277 Fixed #25169 -- Documented stacking of permission_required and login_required. 2015-11-12 14:23:59 -05:00
japrogramer a10cbbbc17 Fixed typo in docs/topics/auth/default.txt. 2015-11-03 08:56:23 +00:00
Tim Graham 9c5e272860 Fixed #25550 -- Deprecated direct assignment to the reverse side of a related set. 2015-10-27 07:57:15 -04:00
Tim Graham c14b6b52ff Documented auth's login/logout function parameters. 2015-09-28 14:11:54 -04:00
Tim Graham 54848a96dd Removed versionadded/changed annotations for 1.8. 2015-09-23 19:31:11 -04:00
Tim Graham 849037af36 Refs #23957 -- Required session verification per deprecation timeline. 2015-09-23 19:31:10 -04:00
Tim Graham f1761e3fef Refs #21648 -- Removed is_admin_site option from password_reset() view.
Per deprecation timeline.
2015-09-23 19:31:10 -04:00
Tim Graham cb1e779ceb Refs #24115 -- Added docs for password updates on bcrypt rounds change. 2015-09-22 19:30:31 -04:00
sujayskumar d8d853378b Fixed #24944 -- Added extra_email_context parameter to password_reset() view. 2015-09-18 18:56:04 -04:00
Tim Graham 6c6eb8a691 Refs #24914 -- Added docs for more auth mixin methods. 2015-08-20 17:57:47 -04:00
Claude Paroz 64982cc2fb Updated Wikipedia links to use https 2015-08-08 12:02:32 +02:00
Tim Graham 16a8d01308 Fixed #25229 -- Clarified how an iterable works with @permission_required 2015-08-05 17:13:45 -04:00
Alasdair Nicol 6d7a9d96fe Fixed password_reset signature in docs 2015-08-04 13:54:32 -04:00
Tim Graham 5d0961fdfc Fixed #25202 -- Fixed typo in docs/topics/auth/customizing.txt 2015-07-31 07:33:38 -04:00
Flavio Curella c2e70f0265 Fixed #21127 -- Started deprecation toward requiring on_delete for ForeignKey/OneToOneField 2015-07-27 18:28:13 -04:00
Tim Graham 87d55081ea Fixed #25159 -- Removed brackets from class/function/method signatures in docs.
Thanks hellbeast for the initial patch.
2015-07-27 10:32:47 -04:00
Akis Kesoglou 29465d438e Fixed #25142 -- Added PermissionRequiredMixin.has_permission() to allow customization. 2015-07-27 10:23:56 -04:00
Tim Graham 217f173be0 Fixed #25166 -- Clarified how auth permissions are created.
Thanks Baptiste Mispelon for report and review.
2015-07-25 09:30:54 -04:00
Tim Graham e3d1f2422c Fixed malformed Sphinx directives. 2015-07-25 06:37:51 -04:00
Tim Graham 03aec35a12 Converted tabs to spaces in topics/auth/default.txt 2015-07-24 11:48:57 -04:00
lukasz.wojcik 927b30a6ab Fixed #24126 -- Deprecated current_app parameter to auth views. 2015-07-21 08:26:41 -04:00
Tim Graham 5fd83db255 Normalized indentation and line lengths in docs/topics/auth/default.txt. 2015-07-21 08:11:28 -04:00
Tim Graham f5e9d67907 Refs #16860 -- Moved password_changed() logic to AbstractBaseUser.
Thanks Carl Meyer for review.
2015-07-20 13:44:26 -04:00
Nick Sweeting f0857c09fb Fixed #25083 -- Added SessionAuthenticationMiddleware to auth installation docs 2015-07-10 08:40:57 -04:00
Tim Graham aaacaeb096 Renamed RemovedInDjangoXYWarnings for new roadmap.
Forwardport of ae1d663b79
from stable/1.8.x plus more.
2015-06-24 16:08:20 -04:00
Markus Holtermann e5cb4e1411 Fixed #24914 -- Added authentication mixins for CBVs
Added the mixins LoginRequiredMixin, PermissionRequiredMixin and
UserPassesTestMixin to contrib.auth as counterparts to the respective
view decorators.

The authentication mixins UserPassesTestMixin, LoginRequiredMixin and
PermissionRequiredMixin have been inspired by django-braces
<https://github.com/brack3t/django-braces/>

Thanks Raphael Michel for the initial patch, tests and docs on the PR
and Ana Balica, Kenneth Love, Marc Tamlyn, and Tim Graham for the
review.
2015-06-17 23:19:10 +02:00
Tim Graham 58665dded0 Removed usage of string-based url() in auth docs. 2015-06-17 09:45:03 -04:00
Tim Graham 55b3bd8468 Refs #16860 -- Minor edits and fixes to password validation. 2015-06-10 07:41:01 -04:00
Raphael Michel 39937de7e6 Fixed #24929 -- Allowed permission_required decorator to take any iterable 2015-06-08 13:44:39 -04:00
Erik Romijn 1daae25bdc Fixed #16860 -- Added password validation to django.contrib.auth. 2015-06-07 19:31:20 +02:00
Alasdair Nicol 1ea87c8c79 Fixed #24910 -- Added createsuperuser support for non-unique USERNAME_FIELDs
Clarified docs to say that a non-unique USERNAME_FIELD is permissable
as long as the custom auth backend can support it.
2015-06-06 09:33:02 -04:00
Kevin Marsh 10945ebeb8 Removed unused import in example code in docs/topics/auth/default.txt 2015-05-27 13:26:20 +01:00
Tim Graham 00d763a4fb Fixed typo in docs/topics/auth/default.txt 2015-05-22 06:48:59 -04:00
Laurent Peuch 21efb5eb74 Enhanced registration/login.html example template. 2015-05-21 20:45:51 -04:00
Charles Dee Rice 4f3c444241 Fixed #24789 -- Fixed wrong positional args order in doc example
Arguments shown in example code (signal, sender, instance) appeared to
be the incorrect positional arguments for a post_save signal (which
might start as: sender, instance, created), as documented:
​https://docs.djangoproject.com/en/1.8/ref/signals/#post-save
2015-05-13 10:14:33 +02:00
Tim Graham 8e86d9d3df Fixed #24780 -- Removed outdated discussion of signals and custom users. 2015-05-11 09:10:30 -04:00
Dan Watson fe914341c8 Fixed #24564 -- Moved AbstractBaseUser and BaseUserManager so they can be used without auth in INSTALLED_APPS 2015-05-05 12:03:48 -04:00
Tim Graham 981e3b9394 Fixed #24429 -- Doc'ed that Django 1.8 doesn't require an integer PK for custom user models. 2015-04-07 10:45:31 -04:00
Christopher Luc e37d52bd5e Fixed #22993 -- Deprecated skipIfCustomUser decorator 2015-04-07 09:45:32 -04:00
Thomas Güttler 566c936236 Added admonition about reusable apps and AUTH_USER_PROFILE. 2015-04-06 19:49:46 -04:00
Sam Thursfield 1119063c69 Fixed #24556 -- Added reminder about HTTPS to passwords docs. 2015-04-03 10:55:11 -04:00
Tim Graham 3e132406e3 Fixed syntax highlighting in docs/topics/auth/default.txt 2015-03-28 07:49:03 -04:00
Matt Seymour fca14cd3f2 Fixed #24501 -- Improved auth.decorators.user_passes_test() example. 2015-03-24 10:30:00 -04:00
Andrei Kulakov e8a758e941 Fixed #24253 -- Documented staff_member_required decorator. 2015-03-13 14:46:13 -04:00
Remco Kranenburg f6b09a7f85 Refs #23559 -- warned about consequences of letting users edit User model in admin. 2015-03-13 08:50:48 -04:00
Rik eb9b7abb83 Fixed #21661 -- Expanded authentication views documentation 2015-03-08 20:36:27 +01:00
Marten Kenbeek 8e744fa150 Stressed authentication should be successful before logging in a user. 2015-03-05 12:17:56 -05:00
darkryder 9ec8aa5e5d Fixed #24149 -- Normalized tuple settings to lists. 2015-02-03 14:59:45 -05:00
Tim Graham c79faae761 Removed versionadded/changed notes for 1.7. 2015-02-01 21:02:40 -05:00
Tim Graham a7aaabfaf1 Removed doc note about PasswordResetForm requiring an integer PK.
This limitation was lifted in refs #14881.
2015-01-01 11:38:53 -05:00
Aymeric Augustin 9eb4f28e89 Deprecated TEMPLATE_CONTEXT_PROCESSORS. 2014-12-28 17:02:31 +01:00
Tim Graham b6ea059b4a Fixed #23957 -- Started deprecation toward requiring session verification.
Thanks Carl Meyer for review.
2014-12-05 07:37:34 -05:00
Berker Peksag 87bd13617c Fixed #23847 -- Improved the email_check example in the auth documentation. 2014-11-27 11:52:50 +01:00
Yigit Guler c5132382f0 Fixed #23793 -- Clarified password reset behavior in auth docs 2014-11-15 17:41:01 +01:00
Ilya Baryshev ed7c4df1ee Fixed documentation of make_password kwargs. 2014-10-27 06:36:55 -04:00
Michael Angeletti 21a9e8adf0 Removed sentence from docs about migrate prompting to add a superuser. 2014-08-31 12:30:50 -04:00
Tim Graham e39af5ea59 Fixed #21648 -- Deprecated is_admin_site option to auth.views.password_reset(). 2014-08-23 19:32:58 -04:00
areski 9d6551204e Removed unnecessary code-block directives. 2014-08-19 16:44:25 -04:00
Tim Graham 3569536491 Fixed #23314 -- Tempered recommendation of storing profile data on custom user.
Thanks gavinwahl for the report.
2014-08-19 07:24:36 -04:00
Collin Anderson e5376999fa Refs #23276 -- Added missing url() in some places. 2014-08-13 14:20:15 -04:00
Christoph Heer d47409831f Fixed #23067 -- Updated docs to use django-admin 2014-07-30 14:14:03 -04:00
Tim Graham abb97cffdf Fixed #23132 -- Removed confusing clause in auth docs. 2014-07-30 08:15:13 -04:00
Iain Dawson 8fbf13a6c8 Replaced instances of 'his/her' with 'their'. 2014-07-21 19:49:12 +00:00
Anubhav Joshi 75ff7b8fb8 Fixed #21832 -- Updated prompt, tests, and docs to show that USERNAME_FIELD supports FK after 9bc2d76.
Also added get_input_data() hook in createsuperuser.

Thanks Chris Jerdonek and Tim Graham for review.
2014-07-08 08:21:41 -04:00
Anubhav Joshi 9bc2d766a0 Fixed #21755 -- Added ForeignKey support to REQUIRED_FIELDS.
This allows specifying ForeignKeys in REQUIRED_FIELDS when using a
custom User model.

Thanks cjerdonek and bmispelon for suggestion and timgraham for review.
2014-07-03 07:42:52 -04:00
Andrew Godwin e9249bc20b Fixed #22932: Documented circular dependency issues with swappable user 2014-07-01 20:54:46 -07:00
Andrew Godwin 08221d1b5c Fixed #22874: Document that AUTH_USER_MODEL must be in first migration 2014-06-19 23:48:29 -07:00
Andrew Godwin 8d2ac948a9 Fixed #22853: Swapped models are now ignored for migration operations. 2014-06-17 17:45:38 -07:00
Tim Graham 93d05536fd Fixed #22770 -- Removed create_superuser from post_migrate signals.
Moved logic to syncdb command for backwards compatibility.
2014-06-10 14:37:37 -04:00
Jorge C. Leitão a00b78b1e2 Fixed #17431 -- Added send_mail() method to PasswordResetForm.
Credits for the initial patch go to ejucovy;
big thanks to Tim Graham for the review.
2014-06-10 14:00:52 -04:00
Tim Graham 34f4fd7024 Corrected some indentation in docs/topics/auth/default.txt. 2014-06-10 09:18:58 -04:00
Víðir Valberg Guðmundsson 268670a3a4 Fixed #22647 -- Documented redirect_field_name keyword argument for user_passes_test. 2014-05-17 09:45:15 -04:00
Jorge C. Leitão 2e364a0aac Fixed #15716 - Authentication backends can short-circuit authorization.
Authorization backends can now raise PermissionDenied in "has_perm"
and "has_module_perms" to short-circuit authorization process.
2014-05-16 12:57:38 -04:00
Ray Ashman 9853779805 Updated grammar in description of django.contrib.auth. 2014-04-22 18:28:47 -04:00
Alex Gaynor 0e27882b3a Stray paren 2014-04-17 11:29:07 -07:00
Alex Gaynor 464b98b1fe Include an 'extra_requires' for bcrypt 2014-04-17 11:28:09 -07:00
Tim Graham ae5b662796 Added a note regarding django.contrib.auth.authenticate.
Thanks Josh Brown for the suggestion.
2014-04-16 07:47:56 -04:00