617e36dc1e
Fixed #20705 -- Allowed using PasswordResetForm with user models with an email field not named 'email'.
2016-09-27 11:59:00 -04:00
f7e91cac68
Fixed #27053 -- Documented contrib.auth.get_user().
2016-09-27 10:41:14 -04:00
8119b679eb
Refs #27025 -- Fixed "invalid escape sequence" warnings in Python 3.6.
...
http://bugs.python.org/issue27364
2016-09-17 15:44:06 -04:00
9459ec82aa
Fixed #26170 -- Made ModelAdmin views run transactions on the correct database.
...
Thanks juntatalor for the initial patch.
2016-09-14 16:06:39 -04:00
f0f3de3c96
Fixed #23155 -- Added request argument to user_login_failed signal.
2016-09-12 20:30:34 -04:00
4b9330ccc0
Fixed #25187 -- Made request available in authentication backends.
2016-09-12 20:11:53 -04:00
e07b18252b
Added a blank line per isort.
2016-09-12 20:03:31 -04:00
1ec1633cb2
Fixed #26401 -- Added BaseAuthConfig to use auth without migrations.
2016-09-10 16:38:05 -07:00
0368d63a78
Fixed indentation in previous commit.
2016-09-10 18:39:13 -04:00
536db42cf0
Fixed #26097 -- Added password_validators_help_text_html to UserCreationForm.
2016-09-10 18:23:18 -04:00
66e1ebbffc
Fixed #26956 -- Added success_url_allowed_hosts to LoginView and LogoutView.
...
Allows specifying additional hosts to redirect after login and log out.
2016-09-07 19:56:25 -07:00
488b3d2b38
Fixed typo in auth management test.
2016-08-28 19:20:35 -07:00
3c18f8a3d2
Fixed #27111 -- Fixed KeyError if USERNAME_FIELD isn't in UserCreationForm.fields.
2016-08-24 13:20:12 -04:00
549b90fab3
Refs #26902 -- Protected against insecure redirects in Login/LogoutView.
2016-08-19 19:01:01 -04:00
13857b45ca
Removed unused 'password' parameter in auth_tests.
2016-08-18 19:01:28 -04:00
7549eb0004
Fixed #27009 -- Made update_session_auth_hash() rotate the session key.
2016-08-15 19:29:12 -04:00
4591cf3fd8
Fixed #26909 -- Allowed UserAttributeSimilarityValidator to validate against model properties.
2016-08-10 15:08:06 -04:00
0814566bf1
Fixed #26960 -- Added PasswordResetConfirmView option to automatically log in after a reset.
2016-08-10 10:23:16 -04:00
975a76a964
Fixed #26951 -- Allowed AuthenticationForm to work with a username of 0.
2016-08-10 09:44:48 -04:00
4e64e3bb6e
Fixed #26997 -- Fixed checks crash with empty Meta.default_permissions.
2016-08-03 09:14:01 -04:00
0ba179194b
Fixed #26929 -- Deprecated extra_context parameter of contrib.auth.views.logout_then_login().
2016-07-28 11:57:02 -04:00
412b4126d7
Removed a blank line per isort and a trailing whitespace.
2016-07-28 11:56:25 -04:00
dde6288fbe
Fixed #26882 -- Added tests for auth.views.logout_then_login().
2016-07-22 15:04:13 -04:00
255fb99284
Fixed #17209 -- Added password reset/change class-based views
...
Thanks Tim Graham for the review.
2016-07-16 10:36:12 +02:00
09119dff14
Fixed #26719 -- Normalized email in AbstractUser.clean().
2016-06-24 10:37:38 -04:00
78963495d0
Refs #17209 -- Added LoginView and LogoutView class-based views
...
Thanks Tim Graham for the review.
2016-06-24 10:45:13 +02:00
39805686b3
Refs #21379 , #26719 -- Moved username normalization to AbstractBaseUser.
...
Thanks Huynh Thanh Tam for the initial patch and Claude Paroz for review.
2016-06-21 16:19:37 -04:00
4f336f6652
Fixed #26747 -- Used more specific assertions in the Django test suite.
2016-06-16 14:19:18 -04:00
1915a7e5c5
Increased the default PBKDF2 iterations.
2016-05-20 09:19:19 -04:00
7694e196ce
Moved the AUTH_USER_MODEL setting changed receiver.
...
Test suites besides Django's may need the same behavior.
2016-05-18 09:56:29 -04:00
4ff1e6ef58
Fixed running auth_tests in isolation after 3a47d42fa3.
2016-05-18 06:38:42 -04:00
ece4d24f8e
Refs #26601 -- Deprecated old-style middleware.
2016-05-17 07:22:26 -04:00
9baf692a58
Fixed #26601 -- Improved middleware per DEP 0005.
...
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-05-17 07:22:22 -04:00
3a47d42fa3
Fixed #20932 , #25897 -- Streamlined manager inheritance.
2016-05-17 02:29:22 +07:00
9935f97cd2
Refs #21379 -- Normalized unicode username inputs
2016-05-16 19:38:02 +02:00
526575c641
Fixed #21379 -- Created auth-specific username validators
...
Thanks Tim Graham for the review.
2016-05-16 19:37:57 +02:00
61a16e0270
Fixed #24075 -- Used post-migration models in contrib apps receivers.
...
Thanks Markus and Tim for the review.
2016-05-15 19:51:16 -04:00
b26fedacef
Fixed #26544 -- Delayed translations of SetPasswordForm help_texts
...
Thanks Michael Bitzi for the reporti and Tim Graham for the review.
2016-05-07 10:17:49 +02:00
03efa304bc
Refs #25847 -- Added system check for UserModel.is_anonymous/is_authenticated methods.
2016-05-06 08:56:06 -04:00
f945fb24a3
Fixed #26554 -- Updated docs URLs to readthedocs.io
2016-04-28 10:09:57 -04:00
a5033dbc58
Refs #26033 -- Added password hasher support for Argon2 v1.3.
...
The previous version of Argon2 uses encoded hashes of the form:
$argon2d$m=8,t=1,p=1$<salt>$<data>
The new version of Argon2 adds its version into the hash:
$argon2d$v=19$m=8,t=1,p=1$<salt>$<data>
This lets Django handle both version properly.
2016-04-25 21:17:53 -04:00
c1aec0feda
Fixed #25847 -- Made User.is_(anonymous|authenticated) properties.
2016-04-09 14:54:18 -04:00
92053acbb9
Fixed E128 flake8 warnings in tests/.
2016-04-08 10:12:33 -04:00
a872194802
Fixed #26470 -- Converted auth permission validation to system checks.
...
Thanks Tim for the review.
2016-04-06 22:40:43 -04:00
fc34be896d
Extracted auth checks tests into their own module.
2016-04-06 22:40:43 -04:00
e0a3d93730
Fixed #25232 -- Made ModelBackend/RemoteUserBackend reject inactive users.
2016-03-23 09:01:48 -04:00
1243fdf5cb
Fixed #26395 -- Skipped the CryptPasswordHasher tests on platforms with a dummy crypt module.
2016-03-22 11:22:21 -04:00
efa9539787
Fixed #26381 -- Made UserCreationForm reusable with custom user models that define USERNAME_FIELD.
2016-03-21 12:32:42 -04:00
d0fe6c9156
Fixed #26334 -- Removed whitespace stripping from contrib.auth password fields.
2016-03-14 20:20:24 -04:00
ab8af342b1
Fixed #26343 -- Sent user_login_failed signal if an auth backend raises PermissionDenied.
2016-03-12 16:44:39 -05:00
5ca045cd25
Moved createsuperuser test app into auth_tests.
2016-03-08 13:06:58 -05:00
b4250ea04a
Fixed #26033 -- Added Argon2 password hasher.
2016-03-08 11:22:18 -05:00
4115288b4f
Fixed #26315 -- Allowed call_command() to accept a Command object as the first argument.
2016-03-05 13:05:10 -05:00
8d3fcfa39e
Cleaned up tests to use call_command() instead of Command.execute().
2016-03-05 12:59:30 -05:00
8c42cf0cbd
Fixed #26303 -- Updated links to mod_wsgi docs.
2016-03-01 19:22:32 -05:00
67b46ba701
Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login.
...
This is a security fix.
2016-03-01 11:25:28 -05:00
eac1423f9e
Removed obsolete test CreatesuperuserManagementCommandTestCase.test_nolocale.
...
Test was added in 4c934f3921
2016-02-29 08:46:37 -05:00
10781b4c6f
Fixed #12233 -- Allowed redirecting authenticated users away from the login view.
...
contrib.auth.views.login() has a new parameter `redirect_authenticated_user`
to automatically redirect authenticated users visiting the login page.
Thanks to dmathieu and Alex Buchanan for the original code and to Carl Meyer
for the help and review.
2016-02-25 07:18:33 -05:00
c62807968d
Fixed a stray __unicode__() method in auth_tests.
2016-02-23 13:20:50 -05:00
47b5a6a43c
Fixed #26187 -- Removed weak password hashers from PASSWORD_HASHERS.
2016-02-22 18:59:23 -05:00
f0425c7260
Refs #19353 -- Added tests for using custom user models with built-in auth forms.
...
Also updated topics/auth/customizing.txt to reflect that subclasses of
UserCreationForm and UserChangeForm can be used with custom user models.
Thanks Baptiste Mispelon for the initial documentation.
2016-02-17 10:26:07 -05:00
fcd08c1757
Fixed #11665 -- Made TestCase check deferrable constraints after each test.
2016-02-13 06:53:39 -05:00
004ba0f99e
Removed unneeded hint=None/obj=None in system check messages.
2016-02-12 13:01:25 -05:00
015fad9060
Fixed #26175 -- Removed SHA1 password hashes in tests.
2016-02-06 08:47:21 -05:00
6eb3ce11e4
Fixed #26089 -- Removed custom user test models from public API.
...
Thanks to Tim Graham for the review.
2016-02-04 12:30:34 -05:00
dcee1dfc79
Fixed #12405 -- Added LOGOUT_REDIRECT_URL setting.
...
After a user logs out via auth.views.logout(), they're redirected
to LOGOUT_REDIRECT_URL if no `next_page` argument is provided.
2016-02-04 10:35:37 -05:00
26ad01719d
Refs #26022 -- Replaced six.assertRaisesRegex with assertRaisesMessage as appropriate.
2016-01-29 13:37:33 -05:00
253adc2b8a
Refs #26022 -- Used context manager version of assertRaisesMessage in tests.
2016-01-29 13:03:39 -05:00
3d0dcd7f5a
Refs #26022 -- Used context manager version of assertRaises in tests.
2016-01-29 12:32:18 -05:00
cf7894be88
Fixed #21113 -- Made LogEntry.change_message language independent
...
Thanks Tim Graham for the review.
2016-01-08 20:34:59 +01:00
b643386668
Fixed #24855 -- Allowed using contrib.auth.login() without credentials.
...
Added an optional `backend` argument to login().
2016-01-07 08:56:07 -05:00
a08fda2111
Fixed #25746 -- Isolated inlined test models registration.
...
Thanks to Tim for the review.
2016-01-06 20:00:07 -05:00
3096f4b082
Imported required models directly in auth management tests.
2016-01-06 20:00:07 -05:00
16411b8400
Fixed #26013 -- Moved django.core.urlresolvers to django.urls.
...
Thanks to Tim Graham for the review.
2015-12-31 14:21:29 -05:00
93452a70e8
Fixed many spelling mistakes in code, comments, and docs.
2015-12-03 12:48:24 -05:00
9350616211
Removed explicit User ids in tests.
2015-11-24 09:59:20 -05:00
590b8c1c57
Removed unnecessary app_label='auth' on auth_tests models.
...
This is a relic of when the tests were stored in contrib.auth.tests.
2015-10-27 08:19:45 -04:00
5acf203db2
Fixed #25596 -- Fixed regression in password change view with custom user model.
...
The reverse() added in 50aa1a790c
2015-10-27 08:18:22 -04:00
adcf823359
Fixed #25490 -- Made the logout() view send "no-cache" headers.
2015-10-02 12:29:54 -04:00
53ccffdb8c
Refs #16860 -- Fixed password help text when there aren't any validators.
...
This avoids creating an empty list which is invalid HTML 4.
2015-09-28 15:30:16 -04:00
7372cdebed
Fixed #25457 -- Improved formatting of password validation errors in management command output.
2015-09-24 19:45:19 -04:00
593c9eb660
Increased the default PBKDF2 iterations for the 1.10 release cycle.
2015-09-23 19:31:11 -04:00
849037af36
Refs #23957 -- Required session verification per deprecation timeline.
2015-09-23 19:31:10 -04:00
f1761e3fef
Refs #21648 -- Removed is_admin_site option from password_reset() view.
...
Per deprecation timeline.
2015-09-23 19:31:10 -04:00
8dc3ba5ceb
Removed obsolete supports_* auth backend attributes in tests
2015-09-20 12:16:28 +02:00
c21410aeeb
Fixed typo in "pbkdf2" test names.
2015-09-19 20:44:37 -04:00
d8d853378b
Fixed #24944 -- Added extra_email_context parameter to password_reset() view.
2015-09-18 18:56:04 -04:00
b1e33ceced
Fixed #23395 -- Limited line lengths to 119 characters.
2015-09-12 11:40:50 -04:00
39b55537ec
Added two more tests for user-entered passwords when creating a superuser.
2015-08-18 16:22:14 -04:00
fa14fb9771
Fixed flake8 warning.
2015-08-02 21:30:13 -04:00
53d28f8339
Fixed #25089 -- Added password validation to createsuperuser/changepassword.
2015-08-01 20:18:26 -04:00
c2e70f0265
Fixed #21127 -- Started deprecation toward requiring on_delete for ForeignKey/OneToOneField
2015-07-27 18:28:13 -04:00
774c16d16e
Fixed #25052 ; refs #16860 -- Added password validation to UserCreationForm.
2015-07-20 13:44:34 -04:00
f5e9d67907
Refs #16860 -- Moved password_changed() logic to AbstractBaseUser.
...
Thanks Carl Meyer for review.
2015-07-20 13:44:26 -04:00
a570701e02
Fixed #25029 -- Added PersistentRemoteUserMiddleware for login-page-only external authentication.
2015-07-02 17:38:10 -04:00
7da3923ba0
Sorted imports in __init__.py files.
2015-06-27 11:53:33 -04:00
aaacaeb096
Renamed RemovedInDjangoXYWarnings for new roadmap.
...
Forwardport of ae1d663b79
2015-06-24 16:08:20 -04:00
e75b614640
Fixed #25009 -- Allowed User.objects.create_user(...,is_staff=True) to work.
2015-06-22 11:34:26 -04:00
7f1168e387
Removed support for Python 3.3.
2015-06-18 08:36:50 -04:00
e5cb4e1411
Fixed #24914 -- Added authentication mixins for CBVs
...
Added the mixins LoginRequiredMixin, PermissionRequiredMixin and
UserPassesTestMixin to contrib.auth as counterparts to the respective
view decorators.
The authentication mixins UserPassesTestMixin, LoginRequiredMixin and
PermissionRequiredMixin have been inspired by django-braces
<https://github.com/brack3t/django-braces/ >
Thanks Raphael Michel for the initial patch, tests and docs on the PR
and Ana Balica, Kenneth Love, Marc Tamlyn, and Tim Graham for the
review.
2015-06-17 23:19:10 +02:00
levental
Berker Peksag
Tim Graham
Jibodeah
Gavin Wahl
Aleksej Manaev
Jon Dufresne
Alexander Gaevsky
Przemysław Suliga
Andrew Nester
jordij
Olexander Yermakov
Sergey Yurchenko
Claude Paroz
Bang Dao + Tam Huynh
Simon Charette
Loïc Bistuer
Florian Apolloner
Bas Westerbaan
Jeremy Lainé
Vincenzo Pandolfo
ieatkittens
Alasdair Nicol
Olivier Le Thanh Duong
Hugo Osvaldo Barrera
Hasan
Paulo Poiati
Marten Kenbeek
Josh Soref
Kaleb Elwert
Antoine Catton
Tzu-ping Chung
sujayskumar
Dražen Odobašić
David Gibbons
Alex Becker
Flavio Curella
Jan Pazdziora
Francisco Albarran
Markus Holtermann