13a9cde133
Fixed #33613 -- Made createsuperuser detect uniqueness of USERNAME_FIELD when using Meta.constraints.
2022-04-01 11:39:41 +02:00
eb07b5be0c
Fixed #15619 -- Deprecated log out via GET requests.
...
Thanks Florian Apolloner for the implementation idea.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-03-29 06:42:14 +02:00
94d8ed55fa
Refs #15619 -- Logged out with POST requests in admin.
2022-03-24 17:41:53 +01:00
bb61f0186d
Refs #32365 -- Removed internal uses of utils.timezone.utc alias.
...
Remaining test case ensures that uses of the alias are mapped
canonically by the migration writer.
2022-03-24 06:29:50 +01:00
d90e34c61b
Fixed #33561 -- Allowed synchronization of user attributes in RemoteUserBackend.
2022-03-10 12:57:19 +01:00
847f46e9bf
Removed redundant QuerySet.all() calls in docs and tests.
...
Most QuerySet methods are mapped onto the Manager and, in general,
it isn't necessary to call .all() on the manager.
2022-02-22 10:29:38 +01:00
7119f40c98
Refs #33476 -- Refactored code to strictly match 88 characters line length.
2022-02-07 20:37:05 +01:00
9c19aff7c7
Refs #33476 -- Reformatted code with Black.
2022-02-07 20:37:05 +01:00
0dcd549bbe
Fixed #30360 -- Added support for secret key rotation.
...
Thanks Florian Apolloner for the implementation idea.
Co-authored-by: Andreas Pelme <andreas@pelme.se>
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com>
2022-02-01 11:12:24 +01:00
968a3d01fa
Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator.
...
Thanks Chris Bailey for the report.
Co-authored-by: Adam Johnson <me@adamj.eu>
2022-01-04 10:02:05 +01:00
05cde4764d
Fixed #33269 -- Made AnonymousUser/PermissionsMixin.has_perms() raise ValueError on string or non-iterable perm_list.
2021-11-11 20:26:29 +01:00
b1b26b37af
Fixed #33178 -- Made createsuperuser validate required fields passed in options in interactive mode.
2021-10-12 08:08:05 +02:00
57273e1569
Refs #33178 -- Added createsuperuser tests for validation of foreign keys.
2021-10-12 07:54:50 +02:00
4ff500f294
Refs #21755 -- Fixed createsuperuser crash for required foreign keys passed in options in interactive mode.
...
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-10-12 06:59:46 +02:00
da266b3c5c
Refs #29628 , Refs #33178 -- Made createsuperuser validate password against required fields passed in options.
2021-10-12 06:21:14 +02:00
df2d2bc95c
Fixed #33151 -- Fixed createsuperuser crash for many-to-many required fields in non-interactive mode.
2021-10-07 12:37:16 +02:00
32b7ffc2bb
Increased the default PBKDF2 iterations for Django 4.1.
2021-09-20 21:23:01 +02:00
a7f27fca52
Refs #32508 -- Raised TypeError/ValueError instead of using "assert" in encode() methods of remaining password hashers.
2021-09-06 07:47:53 +02:00
54a30a7a00
Refs #29898 -- Changed ProjectState.real_apps to set.
2021-08-11 09:01:14 +02:00
6802ac4415
Refs #32956 -- Corrected usage of "insure" and "assure".
2021-08-02 07:45:26 +02:00
1783b3cb24
Fixed #32275 -- Added scrypt password hasher.
...
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-07-22 12:40:33 +02:00
83022d279c
Refs #32508 -- Raised TypeError/ValueError instead of using "assert" in encode() methods of some password hashers.
2021-07-22 09:42:07 +02:00
f3825ee050
Fixed wording of AuthViewsTestCase's docstring.
2021-07-19 06:36:20 +02:00
c51bf80d56
Used more specific unittest assertions in tests.
2021-07-07 10:51:38 +02:00
8a7ac78b70
Refs #32508 -- Raised ImproperlyConfigured/TypeError instead of using "assert" in various code.
2021-06-25 06:55:47 +02:00
22da686ca9
Refs #24121 -- Added __repr__() to PermWrapper.
2021-05-28 08:03:23 +02:00
736bb9868a
Renamed "object" argument of ModelAdmin.log_addition(), log_change(), and log_deletion() methods.
2021-05-20 07:29:16 +02:00
536c155e67
Fixed #32765 -- Removed "for" HTML attribute from ReadOnlyPasswordHashWidget.
...
ReadOnlyPasswordHashWidget doesn't have any labelable elements.
2021-05-19 20:34:57 +02:00
6b0b3eafd6
Fixed #32664 -- Made PasswordResetTokenGenerator.secret validation lazy.
...
Django apps initialization to run management command triggers the admin
autodiscovery. Importing django.contrib.auth.tokens creates an instance
of PasswordResetTokenGenerator which required a SECRET_KEY.
For several management commands, the token generator is unused. It
should only complain about a missing SECRET_KEY when it is used.
2021-04-20 07:34:53 +02:00
b13af4752f
Refs #28017 -- Added test for PasswordResetTokenGenerator subclass with a custom secret.
2021-04-20 07:28:06 +02:00
a2d5ea626e
Refs #32508 -- Raised ImproperlyConfigured instead of using "assert" in middlewares.
2021-03-11 08:34:28 +01:00
b99d6c9cbc
Fixed #28216 -- Added next_page/get_default_redirect_url() to LoginView.
2021-02-08 21:08:05 +01:00
a948d9df39
Increased the default PBKDF2 iterations for Django 4.0.
2021-01-14 17:50:04 +01:00
0aa6a602b2
Refs #31842 -- Removed DEFAULT_HASHING_ALGORITHM transitional setting.
...
Per deprecation timeline.
2021-01-14 17:50:04 +01:00
6b4941dd57
Refs #27468 -- Removed support for the pre-Django 3.1 user sessions.
...
Per deprecation timeline.
2021-01-14 17:50:04 +01:00
66b4046d68
Refs #27468 -- Removed support for the pre-Django 3.1 password reset tokens.
...
Per deprecation timeline.
2021-01-14 17:50:04 +01:00
12ac4916af
Refs #28622 -- Removed settings.PASSWORD_RESET_TIMEOUT_DAYS per deprecation timeline.
2021-01-14 17:50:04 +01:00
76ae6ccf85
Fixed #31358 -- Increased salt entropy of password hashers.
...
Co-authored-by: Florian Apolloner <florian@apolloner.eu>
2021-01-14 11:20:28 +01:00
6bd206e1ff
Refs #31358 -- Added bcrypt password hashers tests for must_update() with salt().
2021-01-14 11:20:28 +01:00
c76d51b3ad
Refs #31358 -- Fixed decoding salt in Argon2PasswordHasher.
...
Argon2 encodes the salt as base64 for representation in the final hash
output. To be able to accurately return the used salt from decode(),
add padding, b64decode, and decode from latin1 (for the remote
possibility that someone supplied a custom hash consisting solely of
bytes -- this would require a manual construction of the hash though,
Django's interface does not allow for that).
2020-12-28 11:02:08 +01:00
d8dfff2ab0
Fixed #32235 -- Made ReadOnlyPasswordHashField disabled by default.
2020-12-03 09:32:08 +01:00
3828427f63
Refs #31978 -- Fixed hint in admin's password reset confirmation form for custom username fields.
...
Thanks Jaap Roes for the report.
2020-11-30 06:34:22 +01:00
58740c0d7f
Refs #22909 -- Removed camelCasing in auth_tests.test_templates tests.
2020-11-30 06:34:22 +01:00
187482d743
Avoided direct styles in admin templates.
...
Direct styles might be forbidden by Content Security Policies.
2020-11-10 21:32:15 +01:00
4eb756793b
Refs #28215 -- Marked auth credentials as sensitive variables.
...
Co-authored-by: Collin Anderson <collin@onetencommunications.com>
2020-10-28 14:21:53 +01:00
3418092238
Fixed #32130 -- Fixed pre-Django 3.1 password reset tokens validation.
...
Thanks Gordon Wrigley for the report and implementation idea.
Regression in 226ebb1729
2020-10-22 13:21:14 +02:00
0362b0e986
Fixed #26615 -- Made password reset token invalidate when changing email.
...
Co-Authored-By: Silas Barta <sbarta@gmail.com>
2020-10-21 09:29:53 +02:00
f7963615eb
Fixed #32121 -- Fixed detecting uniqueness of USERNAME_FIELD when using Meta.constraints.
...
Co-authored-by: Simon Charette <charettes@users.noreply.github.com>
2020-10-20 07:23:51 +02:00
5fab16392f
Fixed #32003 -- Added obj argument to has_perm() methods in tests.
2020-09-14 12:28:17 +02:00
bcc2befd0e
Fixed #31789 -- Added a new headers interface to HttpResponse.
2020-09-14 08:41:59 +02:00
Lucidiot
René Fleschenberg
Mariusz Felisiak
Carlton Gibson
Adrian Torres
Nick Pope
django-bot
tschilling
Florian Apolloner
Lie Ryan
Christophe Henry
Mateo Radman
David Smith
ryowright
Chris Jerdonek
Mads Jensen
abhiabhi94
David Sanders
François Freitag
Hasan Ramezani
ThinkChaos
Jon Moroney
Timo Ludwig
Claude Paroz
Jacob Walls
Hannes Ljungberg
Alexander Todorov
Tom Carrick