django.git/django/contrib/auth/__init__.py, branch main django http://cgit.adnoto.dev/django.git/atom?h=main 2026-04-27T14:22:04Z Fixed #36901 -- Centralized auth timing attack mitigations. 2026-04-27T14:22:04Z afenoum anja1catus@gmail.com 2026-04-20T10:44:42Z urn:sha1:c63591d4da533944af31ccb46a77eb221dbdba0a Thank you Mar Bartolome and Tim Schilling for reviews. Fixed #37017 -- Fixed setting or clearing of request.user after alogin/alogout(). 2026-04-02T13:00:55Z Jacob Walls jacobtylerwalls@gmail.com 2026-04-01T13:36:16Z urn:sha1:a32c7075cf634aee1f4f3deecd27f194097ec0c2 Regression in 31a43c571f4d036827d4fd7a5f615591637dc1be. Fixed #36903 -- Fixed further NameErrors when inspecting functions with deferred annotations. 2026-02-10T21:51:55Z 93578237 43147888+93578237@users.noreply.github.com 2026-02-09T21:06:50Z urn:sha1:56ed37e17e5b1a509aa68a0c797dcff34fcc1366 Provide a wrapper for safe introspection of user functions on Python 3.14+. Follow-up to 601914722956cc41f1f2c53972d669ddee6ffc04. Refs #35530 -- Removed request.user or auser() fallback in auth.login and auth.alogin. 2025-09-17T18:17:05Z Jacob Walls jacobtylerwalls@gmail.com 2025-09-05T18:06:36Z urn:sha1:32e266dc5b756b52e6db4f4f453f51274aa9234e Per deprecation timeline. Fixed #36572 -- Revert "Fixed #36546 -- Deprecated django.utils.crypto.constant_time_compare() in favor of hmac.compare_digest()." 2025-08-27T08:50:50Z Sarah Boyce 42296566+sarahboyce@users.noreply.github.com 2025-08-26T11:37:34Z urn:sha1:d0e4dd5cdd743a5c43c4ccc2c8fa29d3982eaa71 This reverts commit 0246f478882c26bc1fe293224653074cd46a90d0. Fixed #36546 -- Deprecated django.utils.crypto.constant_time_compare() in favor of hmac.compare_digest(). 2025-08-25T12:45:16Z SaJH wogur981208@gmail.com 2025-08-22T13:32:09Z urn:sha1:0246f478882c26bc1fe293224653074cd46a90d0 Signed-off-by: SaJH <wogur981208@gmail.com> Refs #35530 -- Corrected deprecation message in auth.alogin(). 2025-08-22T14:14:09Z Mariusz Felisiak felisiak.mariusz@gmail.com 2025-08-19T18:57:32Z urn:sha1:b3166e1e15824aedb7a609dfda18ef36ea023d06 Follow up to ceecd518b19044181a3598c55ebed7c2545963cc. Refs #35303 -- Made small optimizations in alogout() and aget_user(). 2025-08-20T08:29:07Z Mariusz Felisiak felisiak.mariusz@gmail.com 2025-08-20T08:29:07Z urn:sha1:7063d31cc37028e0f945faa43030ce23dc1a5c23 In alogout(), there is no need to check the is_authenticated attribute when user is None. In aget_user(), there is no need to call get_session_auth_hash() twice. Follow up to 50f89ae850f6b4e35819fe725a08c7e579bfd099. Fixed #36561 -- Used request.auser() in contrib.auth.aupdate_session_auth_hash(). 2025-08-20T07:14:50Z Xinyi Rong Lizard.rar@gmail.com 2025-08-19T09:13:19Z urn:sha1:cd7554e5517992d5ca2594ffc936cb193daab26c Fixed #36540 -- Updated request.auser() in contrib.auth.alogin() and contrib.auth.alogout(). 2025-08-08T07:51:03Z Xinyi Rong Lizard.rar@gmail.com 2025-08-06T17:17:10Z urn:sha1:31a43c571f4d036827d4fd7a5f615591637dc1be