summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/releases/5.1.1.txt6
-rw-r--r--docs/releases/5.1.txt10
-rw-r--r--docs/topics/auth/default.txt32
3 files changed, 31 insertions, 17 deletions
diff --git a/docs/releases/5.1.1.txt b/docs/releases/5.1.1.txt
index 25c0b4c297..417584b58e 100644
--- a/docs/releases/5.1.1.txt
+++ b/docs/releases/5.1.1.txt
@@ -12,3 +12,9 @@ Bugfixes
* Fixed a regression in Django 5.1 that caused a crash of ``Window()`` when
passing an empty sequence to the ``order_by`` parameter, and a crash of
``Prefetch()`` for a sliced queryset without ordering (:ticket:`35665`).
+
+* Fixed a regression in Django 5.1 where a new ``usable_password`` field was
+ included in :class:`~django.contrib.auth.forms.BaseUserCreationForm` (and
+ children). A new :class:`~django.contrib.auth.forms.AdminUserCreationForm`
+ including this field was added, isolating the feature to the admin where it
+ was intended (:ticket:`35678`).
diff --git a/docs/releases/5.1.txt b/docs/releases/5.1.txt
index f47fa8bd3f..bc868fddda 100644
--- a/docs/releases/5.1.txt
+++ b/docs/releases/5.1.txt
@@ -118,11 +118,11 @@ Minor features
* The default ``parallelism`` of the ``ScryptPasswordHasher`` is
increased from 1 to 5, to follow OWASP recommendations.
-* :class:`~django.contrib.auth.forms.BaseUserCreationForm` and
- :class:`~django.contrib.auth.forms.AdminPasswordChangeForm` now support
- disabling password-based authentication by setting an unusable password on
- form save. This is now available in the admin when visiting the user creation
- and password change pages.
+* The new :class:`~django.contrib.auth.forms.AdminUserCreationForm` and
+ the existing :class:`~django.contrib.auth.forms.AdminPasswordChangeForm` now
+ support disabling password-based authentication by setting an unusable
+ password on form save. This is now available in the admin when visiting the
+ user creation and password change pages.
* :func:`~.django.contrib.auth.decorators.login_required`,
:func:`~.django.contrib.auth.decorators.permission_required`, and
diff --git a/docs/topics/auth/default.txt b/docs/topics/auth/default.txt
index b0599e4be2..a81de8f2cc 100644
--- a/docs/topics/auth/default.txt
+++ b/docs/topics/auth/default.txt
@@ -1645,6 +1645,23 @@ provides several built-in forms located in :mod:`django.contrib.auth.forms`:
Option to disable (or reenable) password-based authentication was
added.
+.. class:: AdminUserCreationForm
+
+ .. versionadded:: 5.1.1
+
+ A form used in the admin interface to create a new user. Inherits from
+ :class:`UserCreationForm`.
+
+ It includes an additional ``usable_password`` field, enabled by default. If
+ ``usable_password`` is enabled, it verifies that ``password1`` and
+ ``password2`` are non empty and match, validates the password using
+ :func:`~django.contrib.auth.password_validation.validate_password`, and
+ sets the user's password using
+ :meth:`~django.contrib.auth.models.User.set_password()`.
+ If ``usable_password`` is disabled, no password validation is done, and
+ password-based authentication is disabled for the user by calling
+ :meth:`~django.contrib.auth.models.User.set_unusable_password()`.
+
.. class:: AuthenticationForm
A form for logging a user in.
@@ -1735,21 +1752,12 @@ provides several built-in forms located in :mod:`django.contrib.auth.forms`:
A :class:`~django.forms.ModelForm` for creating a new user. This is the
recommended base class if you need to customize the user creation form.
- It has four fields: ``username`` (from the user model), ``password1``,
- ``password2``, and ``usable_password`` (the latter is enabled by default).
- If ``usable_password`` is enabled, it verifies that ``password1`` and
- ``password2`` are non empty and match, validates the password using
+ It has three fields: ``username`` (from the user model), ``password1``,
+ and ``password2``. It verifies that ``password1`` and ``password2`` match,
+ validates the password using
:func:`~django.contrib.auth.password_validation.validate_password`, and
sets the user's password using
:meth:`~django.contrib.auth.models.User.set_password()`.
- If ``usable_password`` is disabled, no password validation is done, and
- password-based authentication is disabled for the user by calling
- :meth:`~django.contrib.auth.models.User.set_unusable_password()`.
-
- .. versionchanged:: 5.1
-
- Option to create users with disabled password-based authentication was
- added.
.. class:: UserCreationForm