diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/releases/5.1.1.txt | 6 | ||||
| -rw-r--r-- | docs/releases/5.1.txt | 10 | ||||
| -rw-r--r-- | docs/topics/auth/default.txt | 32 |
3 files changed, 31 insertions, 17 deletions
diff --git a/docs/releases/5.1.1.txt b/docs/releases/5.1.1.txt index 25c0b4c297..417584b58e 100644 --- a/docs/releases/5.1.1.txt +++ b/docs/releases/5.1.1.txt @@ -12,3 +12,9 @@ Bugfixes * Fixed a regression in Django 5.1 that caused a crash of ``Window()`` when passing an empty sequence to the ``order_by`` parameter, and a crash of ``Prefetch()`` for a sliced queryset without ordering (:ticket:`35665`). + +* Fixed a regression in Django 5.1 where a new ``usable_password`` field was + included in :class:`~django.contrib.auth.forms.BaseUserCreationForm` (and + children). A new :class:`~django.contrib.auth.forms.AdminUserCreationForm` + including this field was added, isolating the feature to the admin where it + was intended (:ticket:`35678`). diff --git a/docs/releases/5.1.txt b/docs/releases/5.1.txt index f47fa8bd3f..bc868fddda 100644 --- a/docs/releases/5.1.txt +++ b/docs/releases/5.1.txt @@ -118,11 +118,11 @@ Minor features * The default ``parallelism`` of the ``ScryptPasswordHasher`` is increased from 1 to 5, to follow OWASP recommendations. -* :class:`~django.contrib.auth.forms.BaseUserCreationForm` and - :class:`~django.contrib.auth.forms.AdminPasswordChangeForm` now support - disabling password-based authentication by setting an unusable password on - form save. This is now available in the admin when visiting the user creation - and password change pages. +* The new :class:`~django.contrib.auth.forms.AdminUserCreationForm` and + the existing :class:`~django.contrib.auth.forms.AdminPasswordChangeForm` now + support disabling password-based authentication by setting an unusable + password on form save. This is now available in the admin when visiting the + user creation and password change pages. * :func:`~.django.contrib.auth.decorators.login_required`, :func:`~.django.contrib.auth.decorators.permission_required`, and diff --git a/docs/topics/auth/default.txt b/docs/topics/auth/default.txt index b0599e4be2..a81de8f2cc 100644 --- a/docs/topics/auth/default.txt +++ b/docs/topics/auth/default.txt @@ -1645,6 +1645,23 @@ provides several built-in forms located in :mod:`django.contrib.auth.forms`: Option to disable (or reenable) password-based authentication was added. +.. class:: AdminUserCreationForm + + .. versionadded:: 5.1.1 + + A form used in the admin interface to create a new user. Inherits from + :class:`UserCreationForm`. + + It includes an additional ``usable_password`` field, enabled by default. If + ``usable_password`` is enabled, it verifies that ``password1`` and + ``password2`` are non empty and match, validates the password using + :func:`~django.contrib.auth.password_validation.validate_password`, and + sets the user's password using + :meth:`~django.contrib.auth.models.User.set_password()`. + If ``usable_password`` is disabled, no password validation is done, and + password-based authentication is disabled for the user by calling + :meth:`~django.contrib.auth.models.User.set_unusable_password()`. + .. class:: AuthenticationForm A form for logging a user in. @@ -1735,21 +1752,12 @@ provides several built-in forms located in :mod:`django.contrib.auth.forms`: A :class:`~django.forms.ModelForm` for creating a new user. This is the recommended base class if you need to customize the user creation form. - It has four fields: ``username`` (from the user model), ``password1``, - ``password2``, and ``usable_password`` (the latter is enabled by default). - If ``usable_password`` is enabled, it verifies that ``password1`` and - ``password2`` are non empty and match, validates the password using + It has three fields: ``username`` (from the user model), ``password1``, + and ``password2``. It verifies that ``password1`` and ``password2`` match, + validates the password using :func:`~django.contrib.auth.password_validation.validate_password`, and sets the user's password using :meth:`~django.contrib.auth.models.User.set_password()`. - If ``usable_password`` is disabled, no password validation is done, and - password-based authentication is disabled for the user by calling - :meth:`~django.contrib.auth.models.User.set_unusable_password()`. - - .. versionchanged:: 5.1 - - Option to create users with disabled password-based authentication was - added. .. class:: UserCreationForm |
