Commit Graph

181 Commits

Author SHA1 Message Date
Tim Graham eba093e8b0 Refs #25847 -- Removed support for User.is_(anonymous|authenticated) as methods.
Per deprecation timeline.
2017-01-17 20:52:03 -05:00
Romain Garrigues ede59ef6f3 Fixed #27518 -- Prevented possibie password reset token leak via HTTP Referer header.
Thanks Florian Apolloner for contributing to this patch and
Collin Anderson, Markus Holtermann, and Tim Graham for review.
2017-01-13 09:17:54 -05:00
Tim Graham 3226536127 Split AuthTemplateTests into test methods. 2017-01-12 13:18:49 -05:00
Tim Graham b5f0b3478d Fixed #27579 -- Added aliases for Python 3's assertion names in SimpleTestCase. 2016-12-07 17:42:31 -05:00
Tim Graham 93a081946d Normalized casing of "custom user model". 2016-11-23 15:14:28 -05:00
Florian Apolloner 51eaff6d35 Refs #17209 -- Fixed token verification for PasswordResetConfirmView POST requests. 2016-11-21 13:42:25 -05:00
Tim Graham 0d9ff873d9 Fixed #27467 -- Made UserAttributeSimilarityValidator max_similarity=0/1 work as documented.
Thanks goblinJoel for the report and feedback.
2016-11-16 17:40:37 -05:00
Ramin Farajpour Cami 967be82443 Fixed E305 flake8 warnings. 2016-11-14 12:30:46 -05:00
za 321e94fa41 Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings. 2016-11-10 21:30:21 -05:00
Tim Graham 20be1918e7 Simplified some auth_tests with assertRedirects(). 2016-10-28 11:52:52 -04:00
Jon Dufresne f3ea0c4bbd Reverted "Fixed #26401 -- Added BaseAuthConfig to use auth without migrations."
This reverts commit 1ec1633cb2 as it
doesn't handle ContentType's auth.Permission dependency. Thus, it
doesn't allow auth without migrations.
2016-10-25 17:32:59 -07:00
levental 617e36dc1e Fixed #20705 -- Allowed using PasswordResetForm with user models with an email field not named 'email'. 2016-09-27 11:59:00 -04:00
Berker Peksag f7e91cac68 Fixed #27053 -- Documented contrib.auth.get_user(). 2016-09-27 10:41:14 -04:00
Tim Graham 8119b679eb Refs #27025 -- Fixed "invalid escape sequence" warnings in Python 3.6.
http://bugs.python.org/issue27364
2016-09-17 15:44:06 -04:00
Jibodeah 9459ec82aa Fixed #26170 -- Made ModelAdmin views run transactions on the correct database.
Thanks juntatalor for the initial patch.
2016-09-14 16:06:39 -04:00
Gavin Wahl f0f3de3c96 Fixed #23155 -- Added request argument to user_login_failed signal. 2016-09-12 20:30:34 -04:00
Aleksej Manaev 4b9330ccc0 Fixed #25187 -- Made request available in authentication backends. 2016-09-12 20:11:53 -04:00
Tim Graham e07b18252b Added a blank line per isort. 2016-09-12 20:03:31 -04:00
Jon Dufresne 1ec1633cb2 Fixed #26401 -- Added BaseAuthConfig to use auth without migrations. 2016-09-10 16:38:05 -07:00
Tim Graham 0368d63a78 Fixed indentation in previous commit. 2016-09-10 18:39:13 -04:00
Alexander Gaevsky 536db42cf0 Fixed #26097 -- Added password_validators_help_text_html to UserCreationForm. 2016-09-10 18:23:18 -04:00
Jon Dufresne 66e1ebbffc Fixed #26956 -- Added success_url_allowed_hosts to LoginView and LogoutView.
Allows specifying additional hosts to redirect after login and log out.
2016-09-07 19:56:25 -07:00
Jon Dufresne 488b3d2b38 Fixed typo in auth management test. 2016-08-28 19:20:35 -07:00
Berker Peksag 3c18f8a3d2 Fixed #27111 -- Fixed KeyError if USERNAME_FIELD isn't in UserCreationForm.fields. 2016-08-24 13:20:12 -04:00
Przemysław Suliga 549b90fab3 Refs #26902 -- Protected against insecure redirects in Login/LogoutView. 2016-08-19 19:01:01 -04:00
Tim Graham 13857b45ca Removed unused 'password' parameter in auth_tests. 2016-08-18 19:01:28 -04:00
Tim Graham 7549eb0004 Fixed #27009 -- Made update_session_auth_hash() rotate the session key. 2016-08-15 19:29:12 -04:00
Andrew Nester 4591cf3fd8 Fixed #26909 -- Allowed UserAttributeSimilarityValidator to validate against model properties. 2016-08-10 15:08:06 -04:00
jordij 0814566bf1 Fixed #26960 -- Added PasswordResetConfirmView option to automatically log in after a reset. 2016-08-10 10:23:16 -04:00
Olexander Yermakov 975a76a964 Fixed #26951 -- Allowed AuthenticationForm to work with a username of 0. 2016-08-10 09:44:48 -04:00
Sergey Yurchenko 4e64e3bb6e Fixed #26997 -- Fixed checks crash with empty Meta.default_permissions. 2016-08-03 09:14:01 -04:00
Andrew Nester 0ba179194b Fixed #26929 -- Deprecated extra_context parameter of contrib.auth.views.logout_then_login(). 2016-07-28 11:57:02 -04:00
Tim Graham 412b4126d7 Removed a blank line per isort and a trailing whitespace. 2016-07-28 11:56:25 -04:00
Andrew Nester dde6288fbe Fixed #26882 -- Added tests for auth.views.logout_then_login(). 2016-07-22 15:04:13 -04:00
Claude Paroz 255fb99284 Fixed #17209 -- Added password reset/change class-based views
Thanks Tim Graham for the review.
2016-07-16 10:36:12 +02:00
Bang Dao + Tam Huynh 09119dff14 Fixed #26719 -- Normalized email in AbstractUser.clean(). 2016-06-24 10:37:38 -04:00
Claude Paroz 78963495d0 Refs #17209 -- Added LoginView and LogoutView class-based views
Thanks Tim Graham for the review.
2016-06-24 10:45:13 +02:00
Tim Graham 39805686b3 Refs #21379, #26719 -- Moved username normalization to AbstractBaseUser.
Thanks Huynh Thanh Tam for the initial patch and Claude Paroz for review.
2016-06-21 16:19:37 -04:00
Jon Dufresne 4f336f6652 Fixed #26747 -- Used more specific assertions in the Django test suite. 2016-06-16 14:19:18 -04:00
Tim Graham 1915a7e5c5 Increased the default PBKDF2 iterations. 2016-05-20 09:19:19 -04:00
Simon Charette 7694e196ce
Moved the AUTH_USER_MODEL setting changed receiver.
Test suites besides Django's may need the same behavior.
2016-05-18 09:56:29 -04:00
Loïc Bistuer 4ff1e6ef58 Fixed running auth_tests in isolation after 3a47d42fa3. 2016-05-18 06:38:42 -04:00
Tim Graham ece4d24f8e Refs #26601 -- Deprecated old-style middleware. 2016-05-17 07:22:26 -04:00
Florian Apolloner 9baf692a58 Fixed #26601 -- Improved middleware per DEP 0005.
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-05-17 07:22:22 -04:00
Loïc Bistuer 3a47d42fa3 Fixed #20932, #25897 -- Streamlined manager inheritance. 2016-05-17 02:29:22 +07:00
Claude Paroz 9935f97cd2 Refs #21379 -- Normalized unicode username inputs 2016-05-16 19:38:02 +02:00
Claude Paroz 526575c641 Fixed #21379 -- Created auth-specific username validators
Thanks Tim Graham for the review.
2016-05-16 19:37:57 +02:00
Simon Charette 61a16e0270 Fixed #24075 -- Used post-migration models in contrib apps receivers.
Thanks Markus and Tim for the review.
2016-05-15 19:51:16 -04:00
Claude Paroz b26fedacef Fixed #26544 -- Delayed translations of SetPasswordForm help_texts
Thanks Michael Bitzi for the reporti and Tim Graham for the review.
2016-05-07 10:17:49 +02:00
Tim Graham 03efa304bc Refs #25847 -- Added system check for UserModel.is_anonymous/is_authenticated methods. 2016-05-06 08:56:06 -04:00
Tim Graham f945fb24a3 Fixed #26554 -- Updated docs URLs to readthedocs.io 2016-04-28 10:09:57 -04:00
Bas Westerbaan a5033dbc58 Refs #26033 -- Added password hasher support for Argon2 v1.3.
The previous version of Argon2 uses encoded hashes of the form:
   $argon2d$m=8,t=1,p=1$<salt>$<data>

The new version of Argon2 adds its version into the hash:
   $argon2d$v=19$m=8,t=1,p=1$<salt>$<data>

This lets Django handle both version properly.
2016-04-25 21:17:53 -04:00
Jeremy Lainé c1aec0feda Fixed #25847 -- Made User.is_(anonymous|authenticated) properties. 2016-04-09 14:54:18 -04:00
Tim Graham 92053acbb9 Fixed E128 flake8 warnings in tests/. 2016-04-08 10:12:33 -04:00
Simon Charette a872194802 Fixed #26470 -- Converted auth permission validation to system checks.
Thanks Tim for the review.
2016-04-06 22:40:43 -04:00
Simon Charette fc34be896d Extracted auth checks tests into their own module. 2016-04-06 22:40:43 -04:00
Alexander Gaevsky e0a3d93730 Fixed #25232 -- Made ModelBackend/RemoteUserBackend reject inactive users. 2016-03-23 09:01:48 -04:00
Tim Graham 1243fdf5cb Fixed #26395 -- Skipped the CryptPasswordHasher tests on platforms with a dummy crypt module. 2016-03-22 11:22:21 -04:00
Berker Peksag efa9539787 Fixed #26381 -- Made UserCreationForm reusable with custom user models that define USERNAME_FIELD. 2016-03-21 12:32:42 -04:00
Vincenzo Pandolfo d0fe6c9156 Fixed #26334 -- Removed whitespace stripping from contrib.auth password fields. 2016-03-14 20:20:24 -04:00
ieatkittens ab8af342b1 Fixed #26343 -- Sent user_login_failed signal if an auth backend raises PermissionDenied. 2016-03-12 16:44:39 -05:00
Tim Graham 5ca045cd25 Moved createsuperuser test app into auth_tests. 2016-03-08 13:06:58 -05:00
Bas Westerbaan b4250ea04a Fixed #26033 -- Added Argon2 password hasher. 2016-03-08 11:22:18 -05:00
Jon Dufresne 4115288b4f Fixed #26315 -- Allowed call_command() to accept a Command object as the first argument. 2016-03-05 13:05:10 -05:00
Jon Dufresne 8d3fcfa39e Cleaned up tests to use call_command() instead of Command.execute(). 2016-03-05 12:59:30 -05:00
Alasdair Nicol 8c42cf0cbd Fixed #26303 -- Updated links to mod_wsgi docs. 2016-03-01 19:22:32 -05:00
Florian Apolloner 67b46ba701 Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login.
This is a security fix.
2016-03-01 11:25:28 -05:00
Jon Dufresne eac1423f9e Removed obsolete test CreatesuperuserManagementCommandTestCase.test_nolocale.
Test was added in 4c934f3921 to verify that
the commend works when locale.getdefaultlocale() doesn't return a locale.
getdefaultlocale() no longer runs at runtime, so the test isn't needed.
2016-02-29 08:46:37 -05:00
Olivier Le Thanh Duong 10781b4c6f Fixed #12233 -- Allowed redirecting authenticated users away from the login view.
contrib.auth.views.login() has a new parameter `redirect_authenticated_user`
to automatically redirect authenticated users visiting the login page.

Thanks to dmathieu and Alex Buchanan for the original code and to Carl Meyer
for the help and review.
2016-02-25 07:18:33 -05:00
Tim Graham c62807968d Fixed a stray __unicode__() method in auth_tests. 2016-02-23 13:20:50 -05:00
Tim Graham 47b5a6a43c Fixed #26187 -- Removed weak password hashers from PASSWORD_HASHERS. 2016-02-22 18:59:23 -05:00
Berker Peksag f0425c7260 Refs #19353 -- Added tests for using custom user models with built-in auth forms.
Also updated topics/auth/customizing.txt to reflect that subclasses of
UserCreationForm and UserChangeForm can be used with custom user models.

Thanks Baptiste Mispelon for the initial documentation.
2016-02-17 10:26:07 -05:00
Jon Dufresne fcd08c1757 Fixed #11665 -- Made TestCase check deferrable constraints after each test. 2016-02-13 06:53:39 -05:00
Tim Graham 004ba0f99e Removed unneeded hint=None/obj=None in system check messages. 2016-02-12 13:01:25 -05:00
Tim Graham 015fad9060 Fixed #26175 -- Removed SHA1 password hashes in tests. 2016-02-06 08:47:21 -05:00
Simon Charette 6eb3ce11e4 Fixed #26089 -- Removed custom user test models from public API.
Thanks to Tim Graham for the review.
2016-02-04 12:30:34 -05:00
Hugo Osvaldo Barrera dcee1dfc79 Fixed #12405 -- Added LOGOUT_REDIRECT_URL setting.
After a user logs out via auth.views.logout(), they're redirected
to LOGOUT_REDIRECT_URL if no `next_page` argument is provided.
2016-02-04 10:35:37 -05:00
Hasan 26ad01719d Refs #26022 -- Replaced six.assertRaisesRegex with assertRaisesMessage as appropriate. 2016-01-29 13:37:33 -05:00
Hasan 253adc2b8a Refs #26022 -- Used context manager version of assertRaisesMessage in tests. 2016-01-29 13:03:39 -05:00
Hasan 3d0dcd7f5a Refs #26022 -- Used context manager version of assertRaises in tests. 2016-01-29 12:32:18 -05:00
Claude Paroz cf7894be88 Fixed #21113 -- Made LogEntry.change_message language independent
Thanks Tim Graham for the review.
2016-01-08 20:34:59 +01:00
Paulo Poiati b643386668 Fixed #24855 -- Allowed using contrib.auth.login() without credentials.
Added an optional `backend` argument to login().
2016-01-07 08:56:07 -05:00
Simon Charette a08fda2111 Fixed #25746 -- Isolated inlined test models registration.
Thanks to Tim for the review.
2016-01-06 20:00:07 -05:00
Simon Charette 3096f4b082 Imported required models directly in auth management tests. 2016-01-06 20:00:07 -05:00
Marten Kenbeek 16411b8400 Fixed #26013 -- Moved django.core.urlresolvers to django.urls.
Thanks to Tim Graham for the review.
2015-12-31 14:21:29 -05:00
Josh Soref 93452a70e8 Fixed many spelling mistakes in code, comments, and docs. 2015-12-03 12:48:24 -05:00
Tim Graham 9350616211 Removed explicit User ids in tests. 2015-11-24 09:59:20 -05:00
Tim Graham 590b8c1c57 Removed unnecessary app_label='auth' on auth_tests models.
This is a relic of when the tests were stored in contrib.auth.tests.
2015-10-27 08:19:45 -04:00
Tim Graham 5acf203db2 Fixed #25596 -- Fixed regression in password change view with custom user model.
The reverse() added in 50aa1a790c
crashed on a custom user model.
2015-10-27 08:18:22 -04:00
Kaleb Elwert adcf823359 Fixed #25490 -- Made the logout() view send "no-cache" headers. 2015-10-02 12:29:54 -04:00
Antoine Catton 53ccffdb8c Refs #16860 -- Fixed password help text when there aren't any validators.
This avoids creating an empty list which is invalid HTML 4.
2015-09-28 15:30:16 -04:00
Tzu-ping Chung 7372cdebed Fixed #25457 -- Improved formatting of password validation errors in management command output. 2015-09-24 19:45:19 -04:00
Tim Graham 593c9eb660 Increased the default PBKDF2 iterations for the 1.10 release cycle. 2015-09-23 19:31:11 -04:00
Tim Graham 849037af36 Refs #23957 -- Required session verification per deprecation timeline. 2015-09-23 19:31:10 -04:00
Tim Graham f1761e3fef Refs #21648 -- Removed is_admin_site option from password_reset() view.
Per deprecation timeline.
2015-09-23 19:31:10 -04:00
Claude Paroz 8dc3ba5ceb Removed obsolete supports_* auth backend attributes in tests 2015-09-20 12:16:28 +02:00
Tim Graham c21410aeeb Fixed typo in "pbkdf2" test names. 2015-09-19 20:44:37 -04:00
sujayskumar d8d853378b Fixed #24944 -- Added extra_email_context parameter to password_reset() view. 2015-09-18 18:56:04 -04:00
Dražen Odobašić b1e33ceced Fixed #23395 -- Limited line lengths to 119 characters. 2015-09-12 11:40:50 -04:00
David Gibbons 39b55537ec Added two more tests for user-entered passwords when creating a superuser. 2015-08-18 16:22:14 -04:00