django http://cgit.adnoto.dev/django.git/atom?h=main 2026-02-27T12:43:45Z 2026-02-27T12:43:45Z antoliny0919 antoliny0919@gmail.com 2025-08-07T13:17:50Z urn:sha1:187a789f99ecbc708de517c6b54d480b68ba59fe Thanks Sarah Boyce and Jacob Walls for reviews. Co-authored-by: Hrushikesh Vaidya <hrushikeshrv@gmail.com> 2025-10-14T12:13:52Z Thibaut Decombe thibaut.decombe@gmail.com 2025-07-13T18:01:02Z urn:sha1:d0c8f89c942d1379724bdd37127076d13452f71d 2025-04-17T15:00:20Z Sarah Boyce 42296566+sarahboyce@users.noreply.github.com 2025-01-17T16:44:25Z urn:sha1:d755a98b8438c10f3cff61303ceb1fe16d414e9b This change ensures that the "Reset password" button in the admin is shown only when the user has the necessary permission to perform a password change operation. It reuses the password hashing rendering logic in `display_for_field` to show the appropriate read-only widget for users with view-only access. 2025-04-17T15:00:20Z Sarah Boyce 42296566+sarahboyce@users.noreply.github.com 2025-04-16T18:44:00Z urn:sha1:8a0ad1ebe313a4f4fca6e9068c06ee400d15b8a4 2025-02-02T01:49:07Z nessita 124304+nessita@users.noreply.github.com 2025-02-02T01:49:07Z urn:sha1:d15454a6e84a595ffc8dc1b926282f484f782a8f Regression in e626716c28b6286f8cf0f8174077f3d2244f3eb3. Thanks buffgecko12 for the report and Sarah Boyce for the review. 2025-01-13T14:51:21Z Sarah Boyce 42296566+sarahboyce@users.noreply.github.com 2025-01-13T11:01:49Z urn:sha1:23c6effac0c39669e17904165c9762f24b010cc5 2024-11-15T12:53:13Z GappleBee irrationalmathematicspro7@gmail.com 2024-10-07T14:09:21Z urn:sha1:037e740ec56674e69e564b97e1151950757c410d 2024-09-03T12:22:32Z Natalia 124304+nessita@users.noreply.github.com 2024-08-19T17:47:38Z urn:sha1:8c35a0a903fd979e3262fe300ca084ffbfb300d6 On successful submission of a password reset request, an email is sent to the accounts known to the system. If sending this email fails (due to email backend misconfiguration, service provider outage, network issues, etc.), an attacker might exploit this by detecting which password reset requests succeed and which ones generate a 500 error response. Thanks to Thibaut Spriet for the report, and to Mariusz Felisiak, Adam Johnson, and Sarah Boyce for the reviews. 2024-08-19T15:39:57Z Natalia 124304+nessita@users.noreply.github.com 2024-08-15T13:27:24Z urn:sha1:0ebed5fa95f53b87383901bbd9341ef3c974344f Refs #34429: Following the implementation allowing the setting of unusable passwords via the admin site, the `BaseUserCreationForm` and `UserCreationForm` were extended to include a new field for choosing whether password-based authentication for the new user should be enabled or disabled at creation time. Given that these forms are designed to be extended when implementing custom user models, this branch ensures that this new field is moved to a new, admin-dedicated, user creation form `AdminUserCreationForm`. Regression in e626716c28b6286f8cf0f8174077f3d2244f3eb3. Thanks Simon Willison for the report, Fabian Braun and Sarah Boyce for the review. 2024-05-30T19:31:01Z Fabian Braun fsbraun@gmx.de 2024-05-28T06:15:12Z urn:sha1:339977d4441fd353e20950b98bad3d42afb1f126 The auth forms using SetPasswordMixin were incorrectly including the 'This field is required.' error when additional validations (e.g., overriding `clean_password1`) were performed and failed. This fix ensures accurate error reporting for password fields. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>