p31829507
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
32,147 Commits 28 Branches 411 Tags 641 MiB
Commit Graph

403 Commits

Author SHA1 Message Date
Florian Apolloner ee49cf4f35 Added test for old Argon2i hashes with version attribute. 2020-06-17 08:10:41 +02:00
Simon Charette 94f63b926f Refs #31395 -- Relied on setUpTestData() test data isolation in various tests. 2020-05-15 20:22:56 +02:00
Jon Dufresne d522b51c40 Fixed #31575 -- Added system check for admin sidebar request context processor dependency. 
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
 2020-05-14 11:00:51 +02:00
François Freitag c8bebbd541
Disabled management commands output with verbosity 0 in various tests. 2020-05-13 09:12:43 +02:00
Mariusz Felisiak f2187a227f Increased the default PBKDF2 iterations for Django 3.2. 2020-05-13 09:07:51 +02:00
Jon Dufresne d6aff369ad Refs #30116 -- Simplified regex match group access with Match.__getitem__(). 
The method has been available since Python 3.6. The shorter syntax is
also marginally faster.
 2020-05-11 12:01:28 +02:00
François Freitag a0df5dea33
Removed unnecessary inner methods in CreatesuperuserManagementCommandTestCase. 2020-05-01 20:51:44 +02:00
Mariusz Felisiak 54646a423b
Refs #27468 -- Made user sessions use SHA-256 algorithm. 2020-04-29 16:45:00 +02:00
François Freitag 9ef4a18dbe Changed django.forms.ValidationError imports to django.core.exceptions.ValidationError. 
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2020-04-28 10:49:00 +02:00
Jon Dufresne 505fec6bad Capitalized Unicode in docs, strings, and comments. 2020-04-20 12:10:33 +02:00
François Freitag c86201b6ed Disabled management commands output with verbosity 0 in various tests. 
Instead of capturing the command output and discard it immediately,
tell the command not to log.
 2020-04-20 09:09:26 +02:00
François Freitag 45e96b4d9d
Removed unnecessary capturing of stdout/stderr in auth_tests.test_management. 2020-04-20 09:08:43 +02:00
Hasan Ramezani 8aa71f4e87 Fixed #31375 -- Made contrib.auth.hashers.make_password() accept only bytes or strings. 2020-03-31 10:52:56 +02:00
Hasan Ramezani b3ab92cc5a Refs #31375 -- Added test for contrib.auth.hashers.make_password() bytes support. 2020-03-31 10:49:39 +02:00
Jon Dufresne 3857a08bdb Fixed #31361 -- Fixed invalid action="" in admin forms. 
The attribute action="" (empty string) on the <form> element is invalid
HTML5. The spec (https://html.spec.whatwg.org/#attr-fs-action) says:

> The action and formaction content attributes, if specified, must have
> a value that is a valid non-empty URL potentially surrounded by
> spaces.

Emphasis on non-empty. The action attribute is allowed to be omitted, in
which case the current URL is used which is the same behavior as now.
 2020-03-16 07:31:19 +01:00
Mariusz Felisiak 8725d04764
Fixed random auth_tests.test_tokens.TokenGeneratorTest.test_timeout failures. 
Random failures depended on the current timestamp.

Thanks Matthijs Kooijman for the review.
 2020-03-12 10:56:38 +01:00
Colton Hicks f283ffaa84 Fixed #28699 -- Fixed CSRF validation with remote user middleware. 
Ensured process_view() always accesses the CSRF token from the session
or cookie, rather than the request, as rotate_token() may have been called
by an authentication middleware during the process_request() phase.
 2020-02-26 17:25:20 +01:00
aryan fba5d3b6e6 Fixed #31289 -- Added hint for USERNAME_FIELD/REQUIRED_FIELDS system check. 2020-02-26 08:40:36 +01:00
Claude Paroz 4d973f5939 Refs #26601 -- Deprecated passing None as get_response arg to middleware classes. 
This is the new contract since middleware refactoring in Django 1.10.

Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2020-02-18 20:03:44 +01:00
Claude Paroz da4923ea87 Refs #27468 -- Made PasswordResetTokenGenerator use SHA-256 algorithm. 2020-02-12 21:46:56 +01:00
Claude Paroz 27f67317da Removed unnecessary token regex in auth_tests URLs. 
All URLs in django.contrib.auth use a "<uidb64>/<token>" pattern.
 2020-02-12 10:45:53 +01:00
Hasan Ramezani fc4f45ebdc Used assertRaisesMessage() in various tests. 2020-02-07 12:46:23 +01:00
Hasan Ramezani 579f33eb79 Replaced assertWarns() with SimpleTestCase.assertWarnsMessage() in tests. 2020-01-30 11:19:50 +01:00
Jon Dufresne f791673537
Made token tests in auth_tests use assertIs() rather than assertTrue/False(). 2020-01-29 09:01:18 +01:00
Michael Mulholland 5a68a223c7 Fixed #31200 -- Added system checks for permissions codenames max length. 2020-01-23 12:22:59 +01:00
Matthijs Kooijman 2a2ea4ee18 Refs #31117 -- Made various tests properly handle unexpected databases aliases. 
- Used selected "databases" instead of django.db.connections.
- Made routers in tests.migrations skip migrations on unexpected
  databases.
- Added DiscoverRunnerGetDatabasesTests.assertSkippedDatabases() hook
  which properly asserts messages about skipped databases.
 2020-01-20 14:39:02 +01:00
Mariusz Felisiak 1960d55f8b
Refs #31040 -- Fixed crypt.crypt() call in test_hashers.py. 
An empty string is invalid salt in Python 3 and raises exception since
Python 3.9, see https://bugs.python.org/issue38402.
 2020-01-03 07:47:04 +01:00
Simon Charette 5b1fbcef7a Fixed CVE-2019-19844 -- Used verified user email for password reset requests. 
Co-Authored-By: Florian Apolloner <florian@apolloner.eu>
 2019-12-18 09:11:39 +01:00
Baptiste Mispelon 3df3c5e670 Fixed #26480 -- Fixed crash of contrib.auth.authenticate() on decorated authenticate() methods of authentication backends. 
The Signature API (PEP 362) has better support for decorated functions
(by default, it follows the __wrapped__ attribute set by
functools.wraps for example).
 2019-12-10 09:36:30 +01:00
Carlton Gibson 11c5e0609b Fixed CVE-2019-19118 -- Required edit permissions on parent model for editable inlines in admin. 
Thank you to Shen Ying for reporting this issue.
 2019-12-02 08:56:08 +01:00
Mariusz Felisiak e8fcdaad5c Fixed #31021 -- Fixed proxy model permissions data migration crash with a multiple databases setup. 
Regression in 98296f86b3.
 2019-11-29 08:23:01 +01:00
Jon Dufresne 7f0946298e Replaced encode() usage with bytes literals. 2019-11-18 15:31:42 +01:00
Mariusz Felisiak ca0d50f34a Fixed random auth_tests.test_tokens.TokenGeneratorTest.test_10265 failures. 
Random failures depended on the current timestamp.
 2019-11-13 14:22:23 +01:00
Mariusz Felisiak 3b4b36fb1d Moved MockedPasswordResetTokenGenerator outside of TokenGeneratorTest.test_timeout(). 2019-11-13 14:22:23 +01:00
Sergey Fedoseev d4e767911f Added tests for middlewares' checks. 2019-10-23 08:18:02 +02:00
Hasan Ramezani 226ebb1729 Fixed #28622 -- Allowed specifying password reset link expiration in seconds and deprecated PASSWORD_RESET_TIMEOUT_DAYS. 2019-09-20 13:52:04 +02:00
Sam Reynolds 6c9778a58e Fixed #30776 -- Restored max length validation on AuthenticationForm.UsernameField. 
Regression in 5ceaf14686.

Thanks gopackgo90 for the report and Mariusz Felisiak for tests.
 2019-09-18 11:37:38 +02:00
Carlton Gibson b5db65c4fb Increased the default PBKDF2 iterations for Django 3.1. 2019-09-12 17:24:01 +02:00
Mariusz Felisiak d17be88afd Refs #30037 -- Required the RemoteUserBackend.configure_user() to have request as the first positional argument. 
Per deprecation timeline.
 2019-09-10 12:01:00 +02:00
Berker Peksag 400ec5125e Fixed #18763 -- Added ModelBackend/UserManager.with_perm() methods. 
Co-authored-by: Nick Pope <nick.pope@flightdataservices.com>
 2019-08-29 19:32:12 +02:00
daniel a rios b5a5c92c72 Fixed #30066 -- Enabled super user creation without email and password 2019-08-29 12:49:16 +02:00
Carlton Gibson 57b9604451 Converted auth test to use subTest(). 2019-08-29 12:49:16 +02:00
Hasan Ramezani 03dbdfd9bb Fixed #29019 -- Added ManyToManyField support to REQUIRED_FIELDS. 2019-08-26 14:48:40 +02:00
Hasan Ramezani a5308514fb Fixed #27801 -- Made createsuperuser fall back to environment variables for password and required fields. 2019-07-02 12:55:09 +02:00
Jon Dufresne 42b9a23267 Fixed #30400 -- Improved typography of user facing strings. 
Thanks Claude Paroz for assistance with translations.
 2019-06-28 16:46:18 +02:00
Sanyam Khurana 87f5d07eed Fixed #12952 -- Adjusted admin log change messages to use form labels instead of field names. 2019-06-14 18:20:29 +02:00
Aymeric Augustin 3ee0834a46 Fixed #30556 -- Avoided useless query and hasher call in ModelBackend.authenticate() when credentials aren't provided. 
There's no need to fetch a user instance from the database unless
a username and a password are provided as credentials.
 2019-06-10 11:12:31 +02:00
Hasan Ramezani dcb8f00d06 Fixed #29379 -- Added autocomplete attribute to contrib.auth.forms fields. 
Thank you to Nick Pope for review.

Co-authored-by: CHI Cheng <cloudream@gmail.com>
 2019-06-07 12:44:39 +02:00
Tobias Bengfort 581a0f4545 Refs #30226 -- Added User.get_user_permissions() method. 
Added to mirror the existing User.get_group_permissions().
 2019-06-05 13:56:37 +02:00
Tobias Bengfort 75337a6050 Fixed #30226 -- Added BaseBackend for authentication. 2019-06-05 13:39:46 +02:00
Mattia Procopio aff61790a3 Refs #24944 -- Added test for overriding domain in email context in PasswordResetView. 2019-05-27 11:50:30 +02:00
Rob 58df8aa40f Fixed #28780 -- Allowed specyfing a token parameter displayed in password reset URLs. 
Co-authored-by: Tim Givois <tim.givois.mendez@gmail.com>
 2019-05-24 08:40:25 +02:00
Ally Weir bd228cb599 Fixed mis-capitalisation in comment. 2019-05-15 12:14:59 +02:00
Carlton Gibson 98296f86b3
Fixed #30351 -- Handled pre-existing permissions in proxy model permissions data migration. 
Regression in 181fb60159.
 2019-04-27 20:18:22 +02:00
Jon Dufresne 8d76443aba Fixed #30399 -- Changed django.utils.html.escape()/urlize() to use html.escape()/unescape(). 2019-04-25 15:09:07 +02:00
Markus Holtermann da0b2554ec Renamed camelCaseTestMethods to snake_case_test_methods 2019-04-14 16:14:14 +02:00
pmisteli 9410db9683 Fixed #30236 -- Made UsernameField render with autocapitalize="none" HTML attribute. 
This prevents automatic capitalization, which is the default behavior in
some browsers.
 2019-03-29 15:24:44 +01:00
Ryan J Schave cbf7e71558 Fixed #30257 -- Made UsernameValidators prohibit trailing newlines. 2019-03-22 13:16:25 -04:00
Jon Dufresne 95b7699ffc Cleaned up exception message checking in some tests. 2019-03-15 19:27:57 -04:00
Claude Paroz a8e2a9bac6 Refs #15902 -- Deprecated storing user's language in the session. 2019-02-14 10:23:02 -05:00
Tim Graham 06670015f7 Increased the default PBKDF2 iterations for Django 3.0. 2019-01-17 11:15:27 -05:00
Arthur Rio 181fb60159 Fixed #11154, #22270 -- Made proxy model permissions use correct content type. 
Co-Authored-By: Simon Charette <charette.s@gmail.com>
Co-Authored-By: Antoine Catton <acatton@fusionbox.com>
 2019-01-16 10:07:28 -05:00
Simon Charette 8c775391b7 Refs #28478 -- Deprecated TestCase's allow_database_queries and multi_db in favor of databases. 2019-01-10 19:11:21 -05:00
Joshua Cannon db1b10ef0d Fixed #30037 -- Added request arg to RemoteUserBackend.configure_user(). 2019-01-09 20:01:04 -05:00
Tim Graham 043bd70942 Updated test URL patterns to use path() and re_path(). 2018-12-31 10:47:32 -05:00
Tim Graham 194a4b526c Added tests for ContentType/Group/Permission.__str__(). 2018-12-21 12:45:02 -05:00
Simon Charette 0f212db29d Made reused RequestFactory instances class attributes. 2018-11-27 09:49:02 -05:00
Simon Charette 84e7a9f4a7 Switched setUp() to setUpTestData() where possible in Django's tests. 2018-11-27 09:35:17 -05:00
Tim Graham 193c109327 Switched TestCase to SimpleTestCase where possible in Django's tests. 2018-11-27 08:58:44 -05:00
Mathew Payne 26bb2611a5 Fixed #29952 -- Lowercased all passwords in contrib.auth's auth/common-passwords.txt.gz. 2018-11-15 14:11:03 -05:00
Jon Dufresne c82893cb8c Refs #27795 -- Removed force_bytes() usage from django/utils/http.py. 
django.utils.http.urlsafe_base64_encode() now returns a string, not a
bytestring. Since URLs are represented as strings,
urlsafe_base64_encode() should return a string. All uses immediately
decoded the bytestring to a string anyway.

As the inverse operation, urlsafe_base64_decode() accepts a string.
 2018-10-10 14:38:22 -04:00
Tim Graham a7284cc0c3 Fixed #29809 -- Fixed a crash when a "view only" user POSTs to the admin user change form. 2018-10-01 10:09:50 +02:00
Carlton Gibson bf39978a53 Fixed CVE-2018-16984 -- Fixed password hash disclosure to admin "view only" users. 
Thanks Claude Paroz & Tim Graham for collaborating on the patch.
 2018-10-01 10:05:01 +02:00
Ramon Saraiva 2349cbd909 Fixed #29782 -- Added better error message when filtering queryset with AnonymousUser. 2018-09-26 15:36:19 -04:00
Jon Dufresne 82f286cf6f Refs #29784 -- Switched to https:// links where available. 2018-09-26 08:48:47 +02:00
Alexey 8624459586 Added a test for password_changed() with a custom validator. 2018-09-25 11:58:05 -04:00
Josh Schneier 3daac76cfb Simplified how createsuperuser tests generate passwords. 2018-08-18 16:26:13 -04:00
Alexander Todorov 53ebd4cb13 Fixed #29686 -- Made UserAdmin.user_change_password() pass user to has_change_permission(). 2018-08-17 17:43:00 -04:00
Josh Schneier 8b43e9b1af Fixed #29616 -- Fixed createsuperuser for user models that don't have a password field. 2018-08-05 14:26:03 -04:00
Josh Schneier 793e9bb35a Fixed #29628 -- Made createsuperuser validate password against username and required fields. 2018-08-04 08:44:25 -04:00
Tim Graham f3fa86a89b Fixed #29449 -- Reverted "Fixed #28757 -- Allowed using contrib.auth forms without installing contrib.auth." 
This reverts commit 3333d935d2 due to
a crash if USERNAME_FIELD isn't a CharField.
 2018-07-02 18:39:26 -04:00
Tim Graham 5d98d53fab Refs #27398 -- Simplified some tests with assertRedirects(). 2018-06-20 14:08:56 -04:00
Jan Pieter Waagmeester 24959e48d9 Fixed #27398 -- Added an assertion to compare URLs, ignoring the order of their query strings. 2018-06-20 13:26:12 -04:00
Hasan Ramezani 6df3d36801 Added a missing test for createsuperuser management command. 2018-06-07 19:49:25 -04:00
Claude Paroz bec651a427 Fixed #10827 -- Ensured ContentTypes are created before permission creation. 2018-06-03 22:19:04 -04:00
Dohyeon Kim f1f4aeb22e Fixed #28044 -- Unified the logic for createsuperuser's interactive and --noinput modes. 2018-05-29 08:41:32 -04:00
Hasan Ramezani e0ff88be4f Added test for createsuperuser's handling of KeyboardInterrupt. 2018-05-27 19:24:07 -04:00
Tim Graham 9792af3648 Increased the default PBKDF2 iterations for Django 2.2. 2018-05-17 11:05:45 -04:00
olivierdalang 825f0beda8 Fixed #8936 -- Added a view permission and a read-only admin. 
Co-authored-by: Petr Dlouhy <petr.dlouhy@email.cz>
Co-authored-by: Olivier Dalang <olivier.dalang@gmail.com>
 2018-05-16 06:44:55 -04:00
Tim Graham cae0107287 Increased the default PBKDF2 iterations for Django 2.1. 2018-05-13 20:06:20 -04:00
Claude Paroz 607970f31c Replaced django.test.utils.patch_logger() with assertLogs(). 
Thanks Tim Graham for the review.
 2018-05-07 09:34:00 -04:00
Nick Pope df90e462d9 Fixed #29212 -- Doc'd redirect loop if @permission_required used with redirect_authenticated_user. 2018-04-19 10:21:24 -04:00
Mads Jensen 9c651641f1 Added additional AdminPasswordChangeForm tests. 2018-04-04 11:25:28 -04:00
Malte Gerth 874977d388 Fixed #29270 -- Fixed UserChangeForm crash if password field is excluded. 2018-03-29 15:25:54 -04:00
Abeer Upadhyay 1bf4646f91 Fixed #29258 -- Added type checking for login()'s backend argument. 2018-03-28 10:10:18 -04:00
Tim Graham a4f0e9aec7 Fixed #28718 -- Allowed user to request a password reset if their password doesn't use an enabled hasher. 
Regression in aeb1389442.
Reverted changes to is_password_usable() from
703c266682 and documentation changes from
92f48680db.
 2018-03-22 10:03:43 -04:00
Mariusz Felisiak 362813d628
Fixed hanging indentation in various code. 2018-03-16 10:54:34 +01:00
Mattia Procopio aeb8c38178 Fixed #29206 -- Fixed PasswordResetConfirmView crash when the URL contains a non-UUID where one is expected. 2018-03-15 21:33:15 -04:00
Christophe Mehay 40bac28faa Fixed #29176 -- Fixed AbstractBaseUser.normalize_username() crash if username isn't a string. 2018-03-02 11:32:53 -05:00
Tim Graham 5b589a47b9
Fixed #29161 -- Removed BCryptPasswordHasher from PASSWORD_HASHERS. 2018-02-26 09:05:18 -05:00
Mikhail Porokhovnichenko 14e34dcf8c Fixed #29132 -- Avoided connecting update_last_login() handler if User.last_login isn't a field. 2018-02-21 10:36:31 -05:00
Dylan Verheul 9b1125bfc7 Fixed #28379 -- Made AccessMixin raise Permissiondenied for authenticated users. 2018-02-16 13:58:55 -05:00
Tim Graham fa75b2cb51
Refs #27795 -- Removed force_bytes/text() usage in tests. 2018-02-07 14:20:04 -05:00
Tim Graham af33fb250e Fixed CVE-2018-6188 -- Fixed information leakage in AuthenticationForm. 
Reverted 359370a8b8 (refs #28645).

This is a security fix.
 2018-02-01 09:05:14 -05:00
shanghui 3333d935d2 Fixed #28757 -- Allowed using contrib.auth forms without installing contrib.auth. 
Also fixed #28608 -- Allowed UserCreationForm and UserChangeForm to
work with custom user models.

Thanks Sagar Chalise and Rômulo Collopy for reports, and Tim Graham
and Tim Martin for reviews.
 2018-01-05 14:47:37 -05:00
Дилян Палаузов d7b2aa24f7 Fixed #28982 -- Simplified code with and/or. 2018-01-03 20:12:23 -05:00
Tim Graham acc8dd4142
Fixed #28984 -- Made assorted code simplifications. 2018-01-03 13:24:02 -05:00
Alvin Lindstam 2cb6b7732d Fixed #28902 -- Fixed password_validators_help_text_html() double escaping. 2018-01-02 19:51:06 -05:00
shanghui 359370a8b8 Fixed #28645 -- Reallowed AuthenticationForm to raise the inactive user error when using ModelBackend. 
Regression in e0a3d93730.

Thanks Guilherme Junqueira for the report and Tim Graham for the review.
 2017-11-08 09:39:12 -05:00
Дилян Палаузов 6c0042430e Fixed #28776 -- Fixed a/an/and typos in docs and comments. 2017-11-06 22:41:03 -05:00
Tom b81905bfd4 Fixed #28571 -- Added a prompt to bypass password validation in createsuperuser. 2017-11-03 20:00:08 -04:00
Tim Graham 872be5976d Improved technique for matching input prompts in contrib.auth management tests. 2017-11-03 20:00:08 -04:00
Jon Dufresne 6ed347d851 Fixed #28706 -- Moved AuthenticationFormn invalid login ValidationError to a method for reuse. 2017-10-23 09:10:45 -04:00
Lucas Connors 5ceaf14686 Fixed #27515 -- Made AuthenticationForm's username field use the max_length from the model field. 
Thanks Ramin Farajpour Cami for the report.
 2017-10-20 11:13:26 -04:00
Lucas Connors d233391208 Refs #19130 -- Added a test for AuthenticationForm.username max_length. 
This will be a more useful regression test after refs #27515.
 2017-10-20 11:10:32 -04:00
Yuri Kaszubowski Lopes d98210c255 Fixed #28713 -- Prevented ModelBackend.get_all_permissions() from mutating get_user_permissions(). 2017-10-14 20:47:49 -04:00
Hasan Ramezani 6aec130a4c Fixed #28591 -- Added an error message for createsuperuser --username= (blank). 2017-10-09 21:49:35 -04:00
Mads Jensen 3e72f4b7b6 Completed test coverage for BasePasswordHasher. 2017-09-29 09:28:25 -04:00
Mads Jensen 776f6902d9 Moved BasePasswordHasher tests to its own test case. 2017-09-29 09:28:24 -04:00
Mads Jensen d917c17a3b Completed test coverage for AnonymousUser. 2017-09-28 13:11:23 -04:00
Mads Jensen 7fce4dc5ff Moved AnonymousUser tests to its own test case. 2017-09-28 13:11:07 -04:00
Mads Jensen 4803834aaa Added a test for PermWrapper.__iter__(). 2017-09-26 19:42:50 -04:00
Tim Graham 67a6ba391b Reverted "Fixed #28248 -- Fixed password reset tokens being valid for 1 day longer than PASSWORD_RESET_TIMEOUT_DAYS." 
This reverts commit 95993a89ce.
 2017-09-25 09:05:00 -04:00
Tim Graham 5e31be1b96 Refs #25187 -- Required the authenticate() method of authentication backends to have request as the first positional argument. 
Per deprecation timeline.
 2017-09-22 12:51:18 -04:00
Tim Graham 6e40b70bf4 Refs #26929 -- Removed extra_context parameter of contrib.auth.views.logout_then_login(). 
Per deprecation timeline.
 2017-09-22 12:51:17 -04:00
Tim Graham 4f313e284e Refs #17209 -- Removed login/logout and password reset/change function-based views. 
Per deprecation timeline.
 2017-09-22 12:51:17 -04:00
Luoxzhg ffbee67f8e Fixed some comments referring to a nonexistent TestClient class. 2017-09-09 11:21:15 -04:00
ZachLiuGIS 2dacc2ccd9 Fixed #28550 -- Restored contrib.auth's login() and logout() views' respect of positional arguments. 
Regression in 78963495d0.

Forwardport of f8e0557b01 from stable/1.11.x
 2017-09-03 12:06:44 -04:00
François Freitag 18dd9ba481 Fixed test in auth_tests modifying data from setUpTestData(). 2017-09-01 21:43:41 -04:00
hui shang c0f4c60edd Fixed #28513 -- Added POST request support to LogoutView. 2017-08-24 09:11:16 -04:00
Mads Jensen a51c4de194 Used assertRaisesMessage() to test Django's error messages. 2017-07-29 19:07:23 -04:00
Andrew Pinkham a96b981d84 Fixed #28127 -- Allowed UserCreationForm's password validation to check all user fields. 2017-06-21 09:22:15 -04:00
Chandrakant Kumar 2b09e4c88e Fixed #27787 -- Made call_command() validate the options it receives. 2017-06-16 21:28:38 -04:00
Mikhail Golubev e7dc39fb65 Fixed #28229 -- Fixed the value of LoginView's "next" template variable. 2017-06-13 09:13:22 -04:00
Jon Dufresne 2c69824e5a Refs #23968 -- Removed unnecessary lists, generators, and tuple calls. 2017-06-01 19:08:59 -04:00
Linus Lewandowski eedc88bd4a Fixed #26823 -- Prevented update_last_login signal receiver from crashing if User model doesn't have last_login field. 2017-05-29 17:31:18 -04:00
Nick Zaccardi 95993a89ce Fixed #28248 -- Fixed password reset tokens being valid for 1 day longer than PASSWORD_RESET_TIMEOUT_DAYS. 2017-05-29 09:22:22 -04:00
jannh c930c241f8 Fixed #28017 -- Allowed customizing PasswordResetTokenGenerator's secret. 2017-05-26 07:37:36 -04:00
Bruno Alla 6092ea8fa6 Refs #27804 -- Used subTest() in several tests. 2017-05-24 08:36:34 -04:00
Daniel Hahler a3ba2662cd Refs #28207 -- Fixed contrib.auth.authenticate() if 'backend' is in the credentials. 
Regression in 3008f30f19.
 2017-05-22 12:24:38 -04:00
Tamas Szabo 3008f30f19 Fixed #28207 -- Fixed contrib.auth.authenticate() if multiple auth backends don't accept a request. 2017-05-15 07:48:15 -04:00
Sławek Ehlert faaf62f616 Improved test coverage for createsuperuser command. 2017-05-12 10:29:56 -04:00
Josh Schneier 5df0ff4155 Fixed #28089 -- Removed requirement to implement get_short_name() and get_full_name() in AbstractBaseUser subclasses. 2017-05-06 17:05:42 -04:00
Tim Graham dff559ff83 Fixed #28097 -- Fixed layout of ReadOnlyPasswordHashWidget. 2017-04-19 12:59:30 -04:00
Tim Graham d4d79d0f20 Refs #27025 -- Fixed "invalid escape sequence" warning in auth_tests on Python 3.6. 2017-04-02 20:02:55 -04:00
Camilo Nova 5db465d5a6 Fixed #27891 -- Added PasswordResetConfirmView.post_reset_login_backend. 2017-03-07 19:52:26 -05:00
Tim Graham 72ff9d53e6 Factored out uid/user tokens in auth_tests urlpatterns. 2017-03-07 18:56:10 -05:00
Anton Samarchyan 7588d7e439 Improved test coverage for django.contrib.auth. 2017-03-01 17:29:50 -05:00
Tim Graham c31e7ab5a4 Refs #25187 -- Fixed AuthBackend.authenticate() compatibility for signatures that accept a request kwarg. 2017-02-24 10:15:41 -05:00
Markus Holtermann b9b35f9efa
Fixed #27840 -- Fixed KeyError in PasswordResetConfirmView.form_valid(). 
When a user is already logged in when submitting the password and
password confirmation to reset a password, a KeyError occurred while
removing the reset session token from the session.

Refs #17209

Thanks Quentin Marlats for the report and Florian Apolloner and Tim
Graham for the review.
 2017-02-15 00:35:04 +01:00