Commit Graph

229 Commits

Author SHA1 Message Date
Nick Sweeting f0857c09fb Fixed #25083 -- Added SessionAuthenticationMiddleware to auth installation docs 2015-07-10 08:40:57 -04:00
Tim Graham aaacaeb096 Renamed RemovedInDjangoXYWarnings for new roadmap.
Forwardport of ae1d663b79
from stable/1.8.x plus more.
2015-06-24 16:08:20 -04:00
Markus Holtermann e5cb4e1411 Fixed #24914 -- Added authentication mixins for CBVs
Added the mixins LoginRequiredMixin, PermissionRequiredMixin and
UserPassesTestMixin to contrib.auth as counterparts to the respective
view decorators.

The authentication mixins UserPassesTestMixin, LoginRequiredMixin and
PermissionRequiredMixin have been inspired by django-braces
<https://github.com/brack3t/django-braces/>

Thanks Raphael Michel for the initial patch, tests and docs on the PR
and Ana Balica, Kenneth Love, Marc Tamlyn, and Tim Graham for the
review.
2015-06-17 23:19:10 +02:00
Tim Graham 58665dded0 Removed usage of string-based url() in auth docs. 2015-06-17 09:45:03 -04:00
Tim Graham 55b3bd8468 Refs #16860 -- Minor edits and fixes to password validation. 2015-06-10 07:41:01 -04:00
Raphael Michel 39937de7e6 Fixed #24929 -- Allowed permission_required decorator to take any iterable 2015-06-08 13:44:39 -04:00
Erik Romijn 1daae25bdc Fixed #16860 -- Added password validation to django.contrib.auth. 2015-06-07 19:31:20 +02:00
Alasdair Nicol 1ea87c8c79 Fixed #24910 -- Added createsuperuser support for non-unique USERNAME_FIELDs
Clarified docs to say that a non-unique USERNAME_FIELD is permissable
as long as the custom auth backend can support it.
2015-06-06 09:33:02 -04:00
Kevin Marsh 10945ebeb8 Removed unused import in example code in docs/topics/auth/default.txt 2015-05-27 13:26:20 +01:00
Tim Graham 00d763a4fb Fixed typo in docs/topics/auth/default.txt 2015-05-22 06:48:59 -04:00
Laurent Peuch 21efb5eb74 Enhanced registration/login.html example template. 2015-05-21 20:45:51 -04:00
Charles Dee Rice 4f3c444241 Fixed #24789 -- Fixed wrong positional args order in doc example
Arguments shown in example code (signal, sender, instance) appeared to
be the incorrect positional arguments for a post_save signal (which
might start as: sender, instance, created), as documented:
​https://docs.djangoproject.com/en/1.8/ref/signals/#post-save
2015-05-13 10:14:33 +02:00
Tim Graham 8e86d9d3df Fixed #24780 -- Removed outdated discussion of signals and custom users. 2015-05-11 09:10:30 -04:00
Dan Watson fe914341c8 Fixed #24564 -- Moved AbstractBaseUser and BaseUserManager so they can be used without auth in INSTALLED_APPS 2015-05-05 12:03:48 -04:00
Tim Graham 981e3b9394 Fixed #24429 -- Doc'ed that Django 1.8 doesn't require an integer PK for custom user models. 2015-04-07 10:45:31 -04:00
Christopher Luc e37d52bd5e Fixed #22993 -- Deprecated skipIfCustomUser decorator 2015-04-07 09:45:32 -04:00
Thomas Güttler 566c936236 Added admonition about reusable apps and AUTH_USER_PROFILE. 2015-04-06 19:49:46 -04:00
Sam Thursfield 1119063c69 Fixed #24556 -- Added reminder about HTTPS to passwords docs. 2015-04-03 10:55:11 -04:00
Tim Graham 3e132406e3 Fixed syntax highlighting in docs/topics/auth/default.txt 2015-03-28 07:49:03 -04:00
Matt Seymour fca14cd3f2 Fixed #24501 -- Improved auth.decorators.user_passes_test() example. 2015-03-24 10:30:00 -04:00
Andrei Kulakov e8a758e941 Fixed #24253 -- Documented staff_member_required decorator. 2015-03-13 14:46:13 -04:00
Remco Kranenburg f6b09a7f85 Refs #23559 -- warned about consequences of letting users edit User model in admin. 2015-03-13 08:50:48 -04:00
Rik eb9b7abb83 Fixed #21661 -- Expanded authentication views documentation 2015-03-08 20:36:27 +01:00
Marten Kenbeek 8e744fa150 Stressed authentication should be successful before logging in a user. 2015-03-05 12:17:56 -05:00
darkryder 9ec8aa5e5d Fixed #24149 -- Normalized tuple settings to lists. 2015-02-03 14:59:45 -05:00
Tim Graham c79faae761 Removed versionadded/changed notes for 1.7. 2015-02-01 21:02:40 -05:00
Tim Graham a7aaabfaf1 Removed doc note about PasswordResetForm requiring an integer PK.
This limitation was lifted in refs #14881.
2015-01-01 11:38:53 -05:00
Aymeric Augustin 9eb4f28e89 Deprecated TEMPLATE_CONTEXT_PROCESSORS. 2014-12-28 17:02:31 +01:00
Tim Graham b6ea059b4a Fixed #23957 -- Started deprecation toward requiring session verification.
Thanks Carl Meyer for review.
2014-12-05 07:37:34 -05:00
Berker Peksag 87bd13617c Fixed #23847 -- Improved the email_check example in the auth documentation. 2014-11-27 11:52:50 +01:00
Yigit Guler c5132382f0 Fixed #23793 -- Clarified password reset behavior in auth docs 2014-11-15 17:41:01 +01:00
Ilya Baryshev ed7c4df1ee Fixed documentation of make_password kwargs. 2014-10-27 06:36:55 -04:00
Michael Angeletti 21a9e8adf0 Removed sentence from docs about migrate prompting to add a superuser. 2014-08-31 12:30:50 -04:00
Tim Graham e39af5ea59 Fixed #21648 -- Deprecated is_admin_site option to auth.views.password_reset(). 2014-08-23 19:32:58 -04:00
areski 9d6551204e Removed unnecessary code-block directives. 2014-08-19 16:44:25 -04:00
Tim Graham 3569536491 Fixed #23314 -- Tempered recommendation of storing profile data on custom user.
Thanks gavinwahl for the report.
2014-08-19 07:24:36 -04:00
Collin Anderson e5376999fa Refs #23276 -- Added missing url() in some places. 2014-08-13 14:20:15 -04:00
Christoph Heer d47409831f Fixed #23067 -- Updated docs to use django-admin 2014-07-30 14:14:03 -04:00
Tim Graham abb97cffdf Fixed #23132 -- Removed confusing clause in auth docs. 2014-07-30 08:15:13 -04:00
Iain Dawson 8fbf13a6c8 Replaced instances of 'his/her' with 'their'. 2014-07-21 19:49:12 +00:00
Anubhav Joshi 75ff7b8fb8 Fixed #21832 -- Updated prompt, tests, and docs to show that USERNAME_FIELD supports FK after 9bc2d76.
Also added get_input_data() hook in createsuperuser.

Thanks Chris Jerdonek and Tim Graham for review.
2014-07-08 08:21:41 -04:00
Anubhav Joshi 9bc2d766a0 Fixed #21755 -- Added ForeignKey support to REQUIRED_FIELDS.
This allows specifying ForeignKeys in REQUIRED_FIELDS when using a
custom User model.

Thanks cjerdonek and bmispelon for suggestion and timgraham for review.
2014-07-03 07:42:52 -04:00
Andrew Godwin e9249bc20b Fixed #22932: Documented circular dependency issues with swappable user 2014-07-01 20:54:46 -07:00
Andrew Godwin 08221d1b5c Fixed #22874: Document that AUTH_USER_MODEL must be in first migration 2014-06-19 23:48:29 -07:00
Andrew Godwin 8d2ac948a9 Fixed #22853: Swapped models are now ignored for migration operations. 2014-06-17 17:45:38 -07:00
Tim Graham 93d05536fd Fixed #22770 -- Removed create_superuser from post_migrate signals.
Moved logic to syncdb command for backwards compatibility.
2014-06-10 14:37:37 -04:00
Jorge C. Leitão a00b78b1e2 Fixed #17431 -- Added send_mail() method to PasswordResetForm.
Credits for the initial patch go to ejucovy;
big thanks to Tim Graham for the review.
2014-06-10 14:00:52 -04:00
Tim Graham 34f4fd7024 Corrected some indentation in docs/topics/auth/default.txt. 2014-06-10 09:18:58 -04:00
Víðir Valberg Guðmundsson 268670a3a4 Fixed #22647 -- Documented redirect_field_name keyword argument for user_passes_test. 2014-05-17 09:45:15 -04:00
Jorge C. Leitão 2e364a0aac Fixed #15716 - Authentication backends can short-circuit authorization.
Authorization backends can now raise PermissionDenied in "has_perm"
and "has_module_perms" to short-circuit authorization process.
2014-05-16 12:57:38 -04:00
Ray Ashman 9853779805 Updated grammar in description of django.contrib.auth. 2014-04-22 18:28:47 -04:00
Alex Gaynor 0e27882b3a Stray paren 2014-04-17 11:29:07 -07:00
Alex Gaynor 464b98b1fe Include an 'extra_requires' for bcrypt 2014-04-17 11:28:09 -07:00
Tim Graham ae5b662796 Added a note regarding django.contrib.auth.authenticate.
Thanks Josh Brown for the suggestion.
2014-04-16 07:47:56 -04:00
Tim Graham fd23c06023 Fixed #21649 -- Added optional invalidation of sessions when user password changes.
Thanks Paul McMillan, Aymeric Augustin, and Erik Romijn for reviews.
2014-04-05 12:50:51 -04:00
Tim Graham 51c8045145 Removed versionadded/changed annotations for 1.6. 2014-03-24 11:42:56 -04:00
Tim Graham 5840445664 Fixed #22006 -- Documented how to write a login_required mixin for CBVs.
Thanks django at patjack.co.uk for the suggestion and mockforest
for the draft patch.
2014-03-17 06:49:59 -04:00
Aymeric Augustin 1be31c320c Fixed #21875 -- Clarified that get_user_model() only works at run time.
Thanks Benjamin White for the report.
2014-03-10 21:11:23 +01:00
Baptiste Mispelon ea4da8e63c Fixed some typos in the documentation.
Thanks to Rodolfo Carvalho and Piotr Kasprzyk
for the patch.
2014-03-02 17:05:57 +01:00
Tim Graham 7f2505ad9e Fixed doc typos. 2014-02-28 11:44:03 -05:00
Szczepan Cieślik e816198034 Fixed docs typos. 2014-02-25 10:28:32 -05:00
Tim Graham 821fc925f0 Fixed #22093 -- Made Form.Meta.fields examples consistent.
Thanks david-schultz at gmx.net for the suggestion.
2014-02-19 12:29:47 -05:00
Alasdair Nicol 8aa1efff6d Fixed #21951 -- Updated docs to use __str__ for Python 3
Thanks Tim Graham for the report and recommendations
2014-02-13 07:12:40 -05:00
Aymeric Augustin 9ffab9cee1 Moved RequestSite and get_current_site.
Following the app-loading refactor, these objects must live outside of
django.contrib.sites.models because they must be available without
importing the django.contrib.sites.models module when
django.contrib.sites isn't installed.

Refs #21680. Thanks Carl and Loic for reporting this issue.
2014-01-26 08:50:47 +01:00
Aymeric Augustin 2ff93e027c Fixed #21829 -- Added default AppConfigs.
Thanks Russell for the report, Marc for the initial patch, Carl for the
final review, and everyone who contributed to the design discussion.
2014-01-25 10:41:56 +01:00
Tim Graham 5f9790072d Fixed #20834 -- Described how caching of user permissions works.
Thanks Giggaflop and Jennifer Casavantes.
2014-01-22 13:08:51 -05:00
Tim Graham 6f06c749b7 Fixed #21726 -- Clarified that password should not be included in REQUIRED_FIELDS.
Thanks russellm for the report.
2014-01-22 10:17:44 -05:00
Tim Graham b87c59b04b Removed some unnecessary __exact operators in filters. 2014-01-17 18:12:45 -05:00
Tim Graham d35f2bfd5b Fixed #21727 -- Added some links to help clarify topics/auth/default.txt
Thanks daGrevis for the suggestion.
2014-01-16 07:16:09 -05:00
Claude Paroz c717ebbfec Fixed #21730 -- Removed superfluous db_index in custom auth docs
Thanks rafalp for the report.
2014-01-04 16:11:21 +01:00
Simon Charette eb38257e51 Fixed #21391 -- Allow model signals to lazily reference their senders. 2013-11-24 17:51:22 -05:00
Sylvain Bellemare 3935b0f263 Removed no longer relevant word 2013-11-07 09:31:44 -05:00
Sylvain Bellemare c7dabe49dd Fixed typo -- "a" user, not "an" user 2013-11-01 15:15:36 +01:00
Tim Graham 51e6575472 Fixed #21294 -- Clarified the logout next_page argument.
Thanks wim at go2people.nl for the report.
2013-10-30 09:25:21 -04:00
Tim Graham cc2049cdd7 Fixed #21325 -- Added missing argument to permission_required decorator. 2013-10-25 17:36:07 -04:00
Tim Graham 28b70425af Added docs for the hasher's iteration count changes. 2013-10-21 20:32:02 +02:00
Claude Paroz 1b9c72fc4f Fixed grammar/typos in auth customization docs 2013-10-09 16:21:19 +02:00
Russell Keith-Magee ddb53856b6 Fixed #21164 -- Added documentation for issue with test users.
The package renaming restores the older package names (which were also the
documented package names). This doesn't affect test discovery because the
module in question doesn't contain any tests.

Thanks to Carl for the design discussion.
2013-10-08 10:32:56 +08:00
Tim Graham d1c9802811 Fixed #21116 -- Made usage of manage.py in docs more consistent.
Thanks daniel.quattro at gmail.com for the report.
2013-09-18 10:35:41 -04:00
Kevin Christopher Henry 9d700322b3 Fixed #19885 -- cleaned up the django.test namespace
* override_settings may now be imported from django.test
* removed Approximate from django.test
* updated documentation for things importable from django.test

Thanks akaariai for the suggestion.
2013-09-09 16:03:13 -04:00
Tim Graham db3de52807 Fixed #20646 -- Clarified the use of AbstractBaseUser.REQUIRED_FIELDS
Thanks craigbruce.
2013-09-06 16:01:29 -04:00
Andrew Godwin b6a957f0ba Merge remote-tracking branch 'core/master' into schema-alteration
Conflicts:
	docs/ref/django-admin.txt
2013-08-19 18:30:48 +01:00
Tim Graham 7b69c3e775 Removed versionadded/changed annotations for 1.5 2013-08-19 09:09:41 -04:00
Tim Graham 29255fcb4f Fixed some ReST errors regarding backticks 2013-08-15 07:14:10 -04:00
ersran9 00d23a13eb Fixed #20828 -- Allowed @permission_required to take a list of permissions
Thanks Giggaflop for the suggestion.
2013-08-10 10:10:18 -04:00
Andrew Godwin de64c4d6e9 Merge remote-tracking branch 'core/master' into schema-alteration
Conflicts:
	django/core/management/commands/flush.py
	django/core/management/commands/syncdb.py
	django/db/models/loading.py
	docs/internals/deprecation.txt
	docs/ref/django-admin.txt
	docs/releases/1.7.txt
2013-08-09 14:17:30 +01:00
Justin Michalicek 6d88d47be6 Fixed #20832 -- Enabled HTML password reset email
Added optional html_email_template_name parameter to password_reset view
and PasswordResetForm.
2013-08-05 09:47:28 -04:00
Justin Michalicek 61ecb5f48a Fixed #20855 -- Added documentation of current_app and extra_context params to django.contrib.auth views
refs #5298 and refs #8342
2013-08-04 08:04:12 -04:00
Tim Graham a1889397a9 Fixed #12103 -- Added AuthenticationForm.confirm_login_allowed to allow customizing the logic policy.
Thanks ejucovy and lasko for work on the patch.
2013-07-31 13:54:05 -04:00
Andrew Godwin f8297f6323 More migration docs, and conversion of all easy syncdb references 2013-07-25 16:19:36 +01:00
Tim Graham dce8945ea6 Fixed #20762 -- Clarified that add_fieldsets is not a standard ModelAdmin attribute. 2013-07-18 12:41:01 -04:00
David Binetti 51b50c47c7 Fixes grammatical error in auth docs
Changes "An error will be raise if you try..." to "An error will be raised if you try..."
2013-07-13 20:28:04 -07:00
Tim Graham 684a606a4e Fixed #20730 -- Fixed "Programmatically creating permissions" error.
Thanks glarrain for the report.
2013-07-11 11:06:34 -04:00
Claude Paroz 7442eb1a24 Fixed #20224 -- Update docs examples which mention __unicode__
Thanks Marc Tamlyn and Tim Graham for the review.
2013-07-05 19:27:07 +02:00
Tim Graham da5069f68f Fixed #20134 -- Correct list of fields that UserManager requires.
Thanks semenov and pegler.
2013-07-04 10:19:00 -04:00
Ramiro Morales c196564132 Removed custom profile model functionality as per deprecation TL. 2013-06-28 21:48:16 -03:00
Tim Graham 1184d07789 Fixed #14881 -- Modified password reset to work with a non-integer UserModel.pk.
uid is now base64 encoded in password reset URLs/views. A backwards compatible
password_reset_confirm view/URL will allow password reset links generated before
this change to continue to work. This view will be removed in Django 1.7.

Thanks jonash for the initial patch and claudep for the review.
2013-06-26 13:11:47 -04:00
Baptiste Mispelon b0b506b933 Fixed broken reference in documentation. 2013-06-19 10:37:24 +02:00
Erik Romijn 2c4fe761a0 Fixed #20593 -- Allow blank passwords in check_password() and set_password() 2013-06-18 13:32:54 -04:00
Gavin Wahl 01ae881bb4 Don't hard-code class names when calling static methods
normalize_email should be called on the instance, not the class. This
has the same effect normally but is more helpful to subclassers. When
methods are called directly on the class, subclasses can't override
them.
2013-05-29 16:11:26 -06:00
Tim Graham cc62cbed76 Fixed some line wrapping, refs #20233 2013-05-19 06:51:55 -04:00
postrational 0b3a6ead88 refs #20233 - Full custom user model example isn't really full
Addition and fix for custom user model example documentation.

https://code.djangoproject.com/ticket/20233
2013-05-19 10:48:30 +02:00
Florian Apolloner 10e397e263 Fixed #20426 -- Added some extra info to the auth forms.
Thanks to Joel Hansson for the suggestion and Curtis Maloney for the initial
patch.
2013-05-17 16:14:23 +02:00
Donald Stufft 8f0a4665d6 Recommend using the bcrypt library instead of py-bcrypt
* py-bcrypt has not been updated in some time
* py-bcrypt does not support Python3
* py3k-bcrypt, a port of py-bcrypt to python3 is not compatible
  with Django
* bcrypt is supported on all versions of Python that Django
  supports
2013-05-13 23:49:00 -04:00
zhongqi 1172bef998 Update customizing.txt
The origin statement "which could be ... or whatever" **misguides** many newbies like me.

In fact, the ``login`` function in ``contrib.auth`` stores ``user.pk`` in session, then ``get_user`` function in ``contrib.auth`` gets ``user.pk`` in session and then passes it to your custom ``get_user`` as ``user_id``.

Which means, ``user_id`` prarameter in your custom ``get_user`` has to be the primary key of ``User`` object, too.
2013-05-11 15:53:54 +08:00
Luke Plant f026a519ae Fixed #19733 - deprecated ModelForms without 'fields' or 'exclude', and added '__all__' shortcut
This also updates all dependent functionality, including modelform_factory
 and modelformset_factory, and the generic views `ModelFormMixin`,
 `CreateView` and `UpdateView` which gain a new `fields` attribute.
2013-05-09 16:44:36 +01:00
Juan Catalano 78c842a323 Adapted uses of versionchanged/versionadded to the new form.
Refs #20104.
2013-04-20 17:18:35 +02:00
Donald Stufft f2a0be6151 Fix a missing " character in the password documentation 2013-03-26 15:26:20 -04:00
Donald Stufft 25f2acfed0 Fixed #20138 -- Added BCryptSHA256PasswordHasher
BCryptSHA256PasswordHasher pre-hashes the users password using
SHA256 to prevent the 72 byte truncation inherient in the BCrypt
algorithm.
2013-03-26 13:26:57 -04:00
Claude Paroz f670cce9f5 Fixed #20119 -- Fixed typo in auth docs
Thanks vinyll for the report.
2013-03-23 20:00:18 +01:00
Tim Graham 93cffc3b37 Added missing markup to docs. 2013-03-22 13:50:07 -04:00
Ben Konrath d546259647 Fixed #19394 --Added note about auth forms and custom user models. 2013-02-24 07:55:38 -08:00
Tim Graham 24a2bcbcdd Fixed #19402 - Clarified purpose of CustomUser.REQUIRED_FIELDS
Thanks pydanny for the report and ptone for the patch.
2013-02-23 15:42:56 -05:00
Horst Gutmann 2f4a4703e1 Fixed #19758 -- Avoided leaking email existence through the password reset form. 2013-02-23 14:31:21 +01:00
Preston Holmes 649118961c Fixed #19868 -- Clarified purpose of custom user example 2013-02-20 15:32:35 -08:00
Tim Graham 00031b73bd Updated a couple admonitions to use the warning directive. 2013-02-19 11:31:41 -05:00
Russell Keith-Magee 91c26eadc9 Refs #14881 -- Document that User models need to have an integer primary key.
Thanks to Kaloian Minkov for the reminder about this undocumented requirement.
2013-02-16 10:21:05 +08:00
Russell Keith-Magee f5e4a699ca Fixed #19822 -- Added validation for uniqueness on USERNAME_FIELD on custom User models.
Thanks to Claude Peroz for the draft patch.
2013-02-15 09:00:55 +08:00
Tim Graham afa3e16334 Fixed #19743 - Documented some limitations of contrib.auth.
Thanks Aymeric for the suggestion.
2013-02-06 08:24:38 -05:00
Tim Graham 2c173ff3b4 Fixed a typo in docs/topics/auth/customizing.txt 2013-02-03 13:23:16 -05:00
Tim Graham ee26797cff Fixed typos in docs and comments 2013-01-29 10:55:55 -07:00
Tim Graham 0375244eae Fixed #19628 - Noted that app for custom user model must be in INSTALLED_APPS
Thanks dpravdin and Jordan Messina.
2013-01-18 18:38:12 -05:00
Aymeric Augustin 1dd7492843 Fixed #19632 -- Bug in code sample.
Thanks grossmanandy at bfusa com and Simon Charette.
2013-01-18 20:52:04 +01:00
Aymeric Augustin 74d72e21b4 Fixed #19614 -- Missing request argument in render call.
Thanks Dima Pravdin for the report.
2013-01-15 14:36:47 +01:00
Preston Holmes c8eff0dbcb Fixed #19562 -- cleaned up password storage docs 2013-01-04 18:02:10 -08:00
Tim Graham 9b5f64cc6e Fixed #19516 - Fixed remaining broken links.
Added -n to sphinx builds to catch issues going forward.
2013-01-02 18:32:57 -05:00
Tim Graham 695b2089e7 Fixed #19549 - Typo in docs/topics/auth/default.txt 2013-01-02 15:33:18 -05:00
Aymeric Augustin 7ee7599ab3 Removed versionadded/changed annotations dating back to 1.4. 2012-12-29 21:59:08 +01:00
Preston Holmes 11ded967c4 Fixed #19498 -- refactored auth documentation
The auth doc was a single page which had grown unwieldy.
This refactor split and grouped the content into sub-topics.
Additional corrections and cleanups were made along the way.
2012-12-28 11:06:12 -08:00