f3fa86a89b
Fixed #29449 -- Reverted "Fixed #28757 -- Allowed using contrib.auth forms without installing contrib.auth."
...
This reverts commit 3333d935d2
2018-07-02 18:39:26 -04:00
b37bac39b3
Fixed typo in docs/topics/auth/customizing.txt.
2018-06-05 21:28:26 -04:00
7543ab1f8d
Removed versionadded/changed annotations for 2.0.
2018-05-17 11:00:10 -04:00
825f0beda8
Fixed #8936 -- Added a view permission and a read-only admin.
...
Co-authored-by: Petr Dlouhy <petr.dlouhy@email.cz>
Co-authored-by: Olivier Dalang <olivier.dalang@gmail.com>
2018-05-16 06:44:55 -04:00
acf9d64045
Fixed typos in docs/topics/auth/passwords.txt.
2018-04-23 07:37:26 -04:00
df90e462d9
Fixed #29212 -- Doc'd redirect loop if @permission_required used with redirect_authenticated_user.
2018-04-19 10:21:24 -04:00
64b74804c5
Fixed #29334 -- Updated pypi.python.org URLs to pypi.org.
2018-04-17 20:24:27 -04:00
93331877c8
Fixed #29274 -- Increased the number of common passwords from 1k to 20k.
2018-04-16 11:01:47 -04:00
a4f0e9aec7
Fixed #28718 -- Allowed user to request a password reset if their password doesn't use an enabled hasher.
...
Regression in aeb1389442703c26668292f48680db
2018-03-22 10:03:43 -04:00
5b589a47b9
Fixed #29161 -- Removed BCryptPasswordHasher from PASSWORD_HASHERS.
2018-02-26 09:05:18 -05:00
9b1125bfc7
Fixed #28379 -- Made AccessMixin raise Permissiondenied for authenticated users.
2018-02-16 13:58:55 -05:00
ff05de760c
Fixed #29038 -- Removed closing slash from HTML void tags.
2018-01-21 02:09:10 -05:00
4fcd28d442
Fixed #28881 -- Doc'd that CommonPasswordValidator's password list must be lowercase.
2018-01-15 10:16:27 -05:00
3333d935d2
Fixed #28757 -- Allowed using contrib.auth forms without installing contrib.auth.
...
Also fixed #28608 -- Allowed UserCreationForm and UserChangeForm to
work with custom user models.
Thanks Sagar Chalise and Rômulo Collopy for reports, and Tim Graham
and Tim Martin for reviews.
2018-01-05 14:47:37 -05:00
83a36ac49a
Removed unnecessary trailing commas and spaces in various code.
2017-12-28 21:07:29 +01:00
4114b441ee
Fixed #28886 -- Updated prefix for example django.contrib.auth.urls URLs.
2017-12-06 09:23:42 -05:00
d392fc293c
Fixed #28802 -- Fixed typo in docs/topics/auth/default.txt.
2017-11-16 10:37:50 -05:00
51d7feff87
Fixed #28131 -- Corrected examples of using attribute lookups on the "perms" template variable.
2017-10-28 12:15:07 -04:00
3642c3758b
Suggested LoginView rather than @login_required as an alternative to authenticate().
2017-10-25 11:17:17 -04:00
5446b72003
Removed versionadded/changed annotations for 1.11.
2017-09-22 12:51:18 -04:00
5e31be1b96
Refs #25187 -- Required the authenticate() method of authentication backends to have request as the first positional argument.
...
Per deprecation timeline.
2017-09-22 12:51:18 -04:00
6e40b70bf4
Refs #26929 -- Removed extra_context parameter of contrib.auth.views.logout_then_login().
...
Per deprecation timeline.
2017-09-22 12:51:17 -04:00
4f313e284e
Refs #17209 -- Removed login/logout and password reset/change function-based views.
...
Per deprecation timeline.
2017-09-22 12:51:17 -04:00
df41b5a05d
Fixed #28593 -- Added a simplified URL routing syntax per DEP 0201.
...
Thanks Aymeric Augustin for shepherding the DEP and patch review.
Thanks Marten Kenbeek and Tim Graham for contributing to the code.
Thanks Tom Christie, Shai Berger, and Tim Graham for the docs.
2017-09-20 18:04:42 -04:00
081e787160
Refs #23919 -- Stopped inheriting from object to define new style classes.
...
Tests and docs complement to cecc079168
2017-06-26 10:30:31 -04:00
5df0ff4155
Fixed #28089 -- Removed requirement to implement get_short_name() and get_full_name() in AbstractBaseUser subclasses.
2017-05-06 17:05:42 -04:00
d510971088
Fixed typo in docs/topics/auth/default.txt.
2017-04-29 06:56:28 -04:00
6684af1e43
Added content_type filtering in Permission querying example.
2017-04-26 13:28:06 -04:00
9269dec05e
Fixed #27911 -- Doc'd how to register custom User with admin.
2017-03-08 12:14:58 -05:00
5db465d5a6
Fixed #27891 -- Added PasswordResetConfirmView.post_reset_login_backend.
2017-03-07 19:52:26 -05:00
c651331b34
Converted usage of ugettext* functions to their gettext* aliases
...
Thanks Tim Graham for the review.
2017-02-07 09:04:04 +01:00
dc165ec8e5
Refs #23919 -- Replaced super(ClassName, self) with super() in docs.
2017-01-25 11:53:05 -05:00
f6acd1d271
Refs #23919 -- Removed Python 2 notes in docs.
2017-01-18 11:51:29 -05:00
e27e4c0339
Removed versionadded/changed annotations for 1.10.
2017-01-17 20:52:05 -05:00
401c5b2e42
Refs #23957 -- Removed the useless SessionAuthenticationMiddleware.
2017-01-17 20:52:05 -05:00
eba093e8b0
Refs #25847 -- Removed support for User.is_(anonymous|authenticated) as methods.
...
Per deprecation timeline.
2017-01-17 20:52:03 -05:00
9f9a3d643e
Refs #24126 -- Removed auth views' current_app parameter per deprecation timeline.
2017-01-17 20:52:00 -05:00
432b25ace0
Removed nonexistent LogoutView context from docs.
2016-12-31 07:57:39 -05:00
d7e6b8febd
Fixed typo in docs/topics/auth/customizing.txt.
2016-11-28 16:39:54 -05:00
cb7bbf97a7
Fixed #25966 -- Made get_user_model() work at import time.
...
This makes it equivalent to: `from django.contrib.auth.models import User`.
Thanks Aymeric Augustin for the initial patch and Tim Graham for the
review.
2016-11-25 14:15:49 +01:00
da4c0e8cc9
Fixed typo in docs/topics/auth/customizing.txt.
2016-11-24 05:41:21 -05:00
93a081946d
Normalized casing of "custom user model".
2016-11-23 15:14:28 -05:00
d02a03d574
Fixed #24370 -- Recommended starting with a custom user model.
2016-11-23 14:43:17 -05:00
0d9ff873d9
Fixed #27467 -- Made UserAttributeSimilarityValidator max_similarity=0/1 work as documented.
...
Thanks goblinJoel for the report and feedback.
2016-11-16 17:40:37 -05:00
f3ea0c4bbd
Reverted "Fixed #26401 -- Added BaseAuthConfig to use auth without migrations."
...
This reverts commit 1ec1633cb2
2016-10-25 17:32:59 -07:00
b5fc192b99
Fixed #27352 -- Doc'd social media fingerprinting consideration with login's redirect_authenticated_user.
2016-10-18 11:37:56 -04:00
e262f00231
Fixed #27292 -- Removed unnecessary password assignment in auth backend example.
2016-10-04 14:02:06 -04:00
1d25eb9688
Fixed #27294 -- Documented UserCreationForm's fields.
2016-09-30 13:56:53 -04:00
617e36dc1e
Fixed #20705 -- Allowed using PasswordResetForm with user models with an email field not named 'email'.
2016-09-27 11:59:00 -04:00
0a6ed6b1d9
Simplified has_perm() example in topics/auth/customizing.txt.
2016-09-23 15:28:32 -04:00
cdde2eac5b
Fixed a typo in docs/topics/auth/default.txt.
2016-09-17 20:09:15 -04:00
4b9330ccc0
Fixed #25187 -- Made request available in authentication backends.
2016-09-12 20:11:53 -04:00
1ec1633cb2
Fixed #26401 -- Added BaseAuthConfig to use auth without migrations.
2016-09-10 16:38:05 -07:00
66e1ebbffc
Fixed #26956 -- Added success_url_allowed_hosts to LoginView and LogoutView.
...
Allows specifying additional hosts to redirect after login and log out.
2016-09-07 19:56:25 -07:00
9f27735612
Fixed #27013 -- Clarified commands to install argon2/bcrypt packages.
2016-08-19 19:23:12 -04:00
7549eb0004
Fixed #27009 -- Made update_session_auth_hash() rotate the session key.
2016-08-15 19:29:12 -04:00
4c2a6fe75b
Clarified session verification with respect to the current session.
2016-08-11 12:08:50 -04:00
c412aaca73
Fixed #26957 -- Corrected authenticate() docs regarding User.is_active.
2016-08-10 19:52:01 -04:00
796cc62026
Fixed #27045 -- Documented that AUTH_PASSWORD_VALIDATORS aren't applied at the model level.
2016-08-10 15:52:16 -04:00
0814566bf1
Fixed #26960 -- Added PasswordResetConfirmView option to automatically log in after a reset.
2016-08-10 10:23:16 -04:00
0ba179194b
Fixed #26929 -- Deprecated extra_context parameter of contrib.auth.views.logout_then_login().
2016-07-28 11:57:02 -04:00
412b4126d7
Removed a blank line per isort and a trailing whitespace.
2016-07-28 11:56:25 -04:00
255fb99284
Fixed #17209 -- Added password reset/change class-based views
...
Thanks Tim Graham for the review.
2016-07-16 10:36:12 +02:00
6d61ec0e1a
Fixed a typo in auth docs.
2016-07-04 11:02:11 -04:00
c962b9104a
Added missing trailing '$' to url() patterns in docs.
2016-06-27 09:18:44 -04:00
09119dff14
Fixed #26719 -- Normalized email in AbstractUser.clean().
2016-06-24 10:37:38 -04:00
78963495d0
Refs #17209 -- Added LoginView and LogoutView class-based views
...
Thanks Tim Graham for the review.
2016-06-24 10:45:13 +02:00
39805686b3
Refs #21379 , #26719 -- Moved username normalization to AbstractBaseUser.
...
Thanks Huynh Thanh Tam for the initial patch and Claude Paroz for review.
2016-06-21 16:19:37 -04:00
96f97691ad
Fixed broken links in docs and comments.
2016-06-15 21:20:23 -04:00
4a4d7f980e
Fixed #26021 -- Applied hanging indentation to docs.
2016-06-03 11:44:34 -04:00
9407cc966b
Fixed #26635 -- Clarified Argon2PasswordHasher's memory_cost differs from command line utility.
2016-05-27 18:37:12 -04:00
46a38307c2
Removed versionadded/changed annotations for 1.9.
2016-05-20 11:44:29 -04:00
9baf692a58
Fixed #26601 -- Improved middleware per DEP 0005.
...
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-05-17 07:22:22 -04:00
9935f97cd2
Refs #21379 -- Normalized unicode username inputs
2016-05-16 19:38:02 +02:00
5238af3257
Used 'classmethod' annotation in docs/topics/auth/customizing.txt
2016-05-14 18:58:09 -04:00
2c4c67af94
Fixed #26514 -- Documented that User.refresh_from_db() doesn't clear the permission cache.
2016-04-18 09:02:56 -04:00
c1aec0feda
Fixed #25847 -- Made User.is_(anonymous|authenticated) properties.
2016-04-09 14:54:18 -04:00
e0a3d93730
Fixed #25232 -- Made ModelBackend/RemoteUserBackend reject inactive users.
2016-03-23 09:01:48 -04:00
c41737dc00
Fixed #26392 -- Corrected login_required/permission_required stacking example.
2016-03-21 19:56:15 -04:00
b4250ea04a
Fixed #26033 -- Added Argon2 password hasher.
2016-03-08 11:22:18 -05:00
67b46ba701
Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login.
...
This is a security fix.
2016-03-01 11:25:28 -05:00
10781b4c6f
Fixed #12233 -- Allowed redirecting authenticated users away from the login view.
...
contrib.auth.views.login() has a new parameter `redirect_authenticated_user`
to automatically redirect authenticated users visiting the login page.
Thanks to dmathieu and Alex Buchanan for the original code and to Carl Meyer
for the help and review.
2016-02-25 07:18:33 -05:00
441c537b66
Fixed a function signature in docs/topics/auth/default.txt.
2016-02-24 16:24:33 -05:00
47b5a6a43c
Fixed #26187 -- Removed weak password hashers from PASSWORD_HASHERS.
2016-02-22 18:59:23 -05:00
b14470c7b7
Fixed spelling error
2016-02-23 10:24:38 +11:00
5a541e2e6c
Fixed #26188 -- Documented how to wrap password hashers.
2016-02-22 17:21:45 -05:00
de7edc005f
Fixed import location of check_password() in docs.
2016-02-22 12:42:47 -05:00
f0425c7260
Refs #19353 -- Added tests for using custom user models with built-in auth forms.
...
Also updated topics/auth/customizing.txt to reflect that subclasses of
UserCreationForm and UserChangeForm can be used with custom user models.
Thanks Baptiste Mispelon for the initial documentation.
2016-02-17 10:26:07 -05:00
dcee1dfc79
Fixed #12405 -- Added LOGOUT_REDIRECT_URL setting.
...
After a user logs out via auth.views.logout(), they're redirected
to LOGOUT_REDIRECT_URL if no `next_page` argument is provided.
2016-02-04 10:35:37 -05:00
1e9150443e
Refs #26089 -- Removed obsolete docs about custom user model testing.
2016-02-02 08:12:08 -05:00
8ce8beb3f2
Unified some doc links to OneToOneField and ManyToManyField.
2016-02-01 11:02:26 -05:00
a6ef025dfb
Fixed #26124 -- Added missing code formatting to docs headers.
2016-02-01 10:42:05 -05:00
e519aab43a
Fixed #23868 -- Added support for non-unique django-admin-options in docs.
...
Also documented missing short command line options to fix #24134 . This bumps
the minimum sphinx version required to build the docs to 1.3.4.
Thanks Simon Charette for review.
2016-01-14 18:21:33 -05:00
b643386668
Fixed #24855 -- Allowed using contrib.auth.login() without credentials.
...
Added an optional `backend` argument to login().
2016-01-07 08:56:07 -05:00
ec708803f7
Fixed user_passes_test() signature in docs.
2015-12-08 15:56:10 -05:00
166e0490d3
Fixed #25895 -- Used a consistent style for UserAdmin overrides.
...
Thanks Justin Abrahms for the report.
2015-12-08 14:40:55 -05:00
105028eec6
Removed deprecated usage of url tag from auth docs.
2015-12-05 19:21:30 +01:00
93452a70e8
Fixed many spelling mistakes in code, comments, and docs.
2015-12-03 12:48:24 -05:00
d3b488f5bd
Updated link to 1000 common passwords.
...
xato.net is dead; replaced with link to archive.org.
2015-12-02 12:57:02 -05:00
1f8dad6915
Fixed #25755 -- Unified spelling of "website".
2015-11-16 06:44:14 -05:00
Tim Graham
Michael Kiros
olivierdalang
adamth
Nick Pope
Brett Cannon
GS-14
Dylan Verheul
Jon Dufresne
Karmen
shanghui
Mariusz Felisiak
Botond Beres
Sjoerd Job Postmus
Josh Schneier
shinriyo
Nauman Tariq
David D Lowe
Camilo Nova
Claude Paroz
chillaranand
Aymeric Augustin
Alex Scott
Krzysztof Gogolewski
Markus Holtermann
Lewis Cowles
levental
Berker Peksag
aruseni
Aleksej Manaev
an0o0nym
jordij
Andrew Nester
Jiang Haiyun
Ramiro Morales
Bang Dao + Tam Huynh
Ville Skyttä
Ed Henderson
Bas Westerbaan
Florian Apolloner
Jeremy Lainé
Alexander Gaevsky
Olivier Le Thanh Duong
Daniel Quinn
Hugo Osvaldo Barrera
rowanv
Paulo Poiati
Gavin Wahl
Florian Apolloner
Josh Soref
Eliezer Kanal
Agnieszka Lasyk