| Age | Commit message (Collapse) | Author |
|
Added missing test to verify Django's test runner swaps in the locmem
EmailBackend during tests.
Extracted reusable mock_test_state() helper from
SetupTestEnvironmentTests.test_allowed_hosts().
|
|
Replaced TypeError in `os.path.abspath(None)` with ImproperlyConfigured
error when settings.EMAIL_FILE_PATH is required but missing.
|
|
Added tests for:
* BaseEmailBackend class.
* EmailBackend support for fail_silently arg and unknown kwargs.
* File backend support for EMAIL_FILE_PATH setting.
* File backend configuration error reporting (where possible).
* SMTP backend support for EMAIL_HOST and EMAIL_PORT settings.
* SMTP backend use of ssl_certfile, ssl_keyfile, timeout options.
* send_mail() return value.
* send_mass_mail() basic behavior.
* send_mail() and send_mass_mail() support for auth_user, auth_password,
and fail_silently args.
* get_connection() support for EMAIL_BACKEND setting and backend-specfic
kwargs.
|
|
* Removed unnecessary empty username/password args and unnecessary test
email content.
* Replaced monkeypatching with mock.patch. Minimized scope of patches.
* Added missing assertions in some tests.
* Cleaned up uses of assertTrue() and assertFalse().
* Removed implicit assumption in LocmemBackendTests that mail is always
sent by the locmem backend during tests.
* Made FileBackendTests tmp_dir cleanup more robust, and added helpers
to simplify test cases.
* Split FileBackendTests.test_sessions() into three distinct cases (and
removed unrelated, duplicative verification of message content).
* Used mock to simplify and improve accuracy of SMTP AUTH test.
* Replaced `get_connection("mail.custombackend.EmailBackend")` with
direct `custombackend.EmailBackend()` construction to avoid soon-to-
be-deprecated usage of `get_connection(backend_path)` in cases that
aren't trying to test creating a connection from an import path.
|
|
* Renamed shared backend test case class to SharedEmailBackendTests,
to avoid confusion with tests for the BaseEmailBackend.
* Used consistent module references to mail functions (removed `mail.`
from most uses; kept it for `mail.get_connection()`).
* Used consistent `backend` variable name for EmailBackend instances in
backend tests (matching most SMTP tests, replacing `connection` and
`conn` in other tests).
* Renamed some test cases for clarity.
* Removed some unnecessary docstrings from test cases.
* Reformatted some docstrings with nearby edits.
|
|
New default tag `{% csp_nonce_attr %}` was added for explicit CSP nonce
inclusion into `<script>` and `<link>` elements.
`{% csp_nonce_attr %}` renders `nonce="<value>"` when `csp_nonce` is
present in the template context, and renders nothing otherwise.
`{% csp_nonce_attr media %}` renders a `Media` object's assets with the
nonce attr applied to each tag.
Thanks Jacob Walls for the accurate and spot on review comments.
Co-authored-by: Johannes Maron <johannes@maron.family>
|
|
Before c507aaf9abeff4b93b7f9bdbc55801f2ccfc2d01, this workflow
used to run on SQLite.
|
|
Since the existing user path eventually calls sync_to_async() in acheck_password,
aim for parity with the nonexistent/inactive user branch by adding sync_to_async().
Follow-up to 748ca0a146175c4868ece87f5e845a75416c30e3.
|
|
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
Co-authored-by: Jake Howard <git@theorangeone.net>
|
|
corresponds to request.META under ASGI.
Because these tests always passed both WSGI environ values and HTTP
headers via `**extra`, this masked a behavior difference between WSGI
and ASGI.
What should happen: everything should be passed via `headers` but for
the default REMOTE_USER case on WSGI, which should be passed via
`**extra`.
Since that was not done, a regression made it into Django 5.2
(50f89ae850f6b4e35819fe725a08c7e579bfd099) where `.header` no longer
corresponded to the request.META key under ASGI. To cope, an ASGI user
would have started(*) sending HTTP headers that match the `.header`
attribute, which may or may not have been edited to remove the HTTP_
prefix. (Note: the default `REMOTE_USER` case did not work under ASGI,
so the change in Django 5.2 had the effect of fixing the default case
but changing the semantic of the custom case.)
(*): Unless they were getting the sync execution path, which didn't have
this bug. See the fix in 0f4fff79d33b7cc84822e66bd1fc16caf8222e3a.
Thanks Mykhailo Havelia and Sarah Boyce for reviews.
|
|
|
|
|
|
|
|
|
|
contains an asterisk.
Thank you Ahmad Sadeddin for the report and Jacob Walls for the review.
|
|
cookie with SESSION_SAVE_EVERY_REQUEST=True.
Thank you Jacob Walls and Natalia Bidart for reviews.
|
|
MemoryFileUploadHandler on ASGI.
In ASGI deployments, Content-Length is not guaranteed to reflect the
actual request body size, so relying on it to gate memory allocation
allowed the limit to be bypassed. The handler now enforces
DATA_UPLOAD_MAX_MEMORY_SIZE regardless of the declared header value.
Thanks to Kyle Agronick for the report. Refs #35289.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
HttpResponseRedirect.
|
|
|
|
This alleviates sync/async duplication.
|
|
We need to switch on whether the request is a WSGI or ASGI request to
know whether to prepend `HTTP_`: we cannot assume sync exceution means
we are running under WSGI, as there could be other sync middleware
forcing sync execution under ASGI.
Thanks Mykhailo Havelia for the report.
|
|
|
|
algorithm.
Deprecated the default value of the algorithm argument in
django.utils.crypto.salted_hmac() and django.core.signing.base64_hmac(),
which will change from 'sha1' to 'sha256' in Django 7.0.
|
|
|
|
Thanks Eliana Rosselli for the review.
|
|
The test was incompatible with MongoDB's bson.ObjectId.
|
|
Co-authored-by: Arfey <Arfey17.mg@gmail.com>
|
|
RemoteUserBackend.
|
|
request.user/auser as handled by login().
Co-authored-by: Arfey <Arfey17.mg@gmail.com>
|
|
handle subclasses.
Co-authored-by: Arfey <Arfey17.mg@gmail.com>
|
|
Setting "check" in OPTIONS["pool"] previously raised TypeError because the
PostgreSQL backend always passed check= to ConnectionPool() and unpacked
**pool_options on top, regardless of CONN_HEALTH_CHECKS. The user's callable
now takes precedence via setdefault(); pool_options is copied first to avoid
mutating the user's settings dict.
|
|
|
|
|
|
|
|
|
|
Ensure skip_file_prefixes does not match sibling packages like django*.
Bug in f42b89f1bf49a5b89ed852b60f79342320a81c5e
and 34bd3ed944bf38792c631b55e581963d44d52284.
|
|
The existing note that is shown to the users when entering a time value
from a different timezone than the server's timezone was not descriptive
enough and led to confusion. This commit updates the note to explicitly
state that the user should enter times in the server's timezone.
|
|
|
|
non-editable instances.
Added formset that excludes objects for which
user has no permission for POST formset as well.
Fixed regression test: the test was not simulating
real behaviour properly. By providing full form
data for the post request we skipped the part
where the user was actually limited in permissions
and only modified some of the rows.
Improved tests by getting rid of obj.id % 2
approach for granting permissions per object
for users, since it is not the safest.
Instead granting permissions simply by 'alive'
parameter, which is simpler and more stable.
Bug in 84db026228413dda4cd195464554d51c0b208e32.
|
|
|
|
|
|
|
|
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
|
|
Implemented a new `warn_about_external_use()` helper to conditionally
issue warnings depending on whether a deprecated feature is used from
within Django.
Fixed `LazySettings._show_deprecation_warning()` (Refs #26029) to work
correctly when called from anywhere in `LazySettings`. Previously, it
assumed a specific code path through `LazyObject.__getattribute__()` and
an `@property` getter on `LazySettings`.
|
|
This allows backends that don't support extra() to skip it.
|
|
Thank you Mar Bartolome and Tim Schilling for reviews.
|
|
Avoid drift against the following in biome.json:
"$schema": "https://biomejs.dev/schemas/2.4.12/schema.json"
|
|
Thanks Olivier Dalang, Tim McCurrach, Sarah Boyce, and Mar Bartolome for reviews.
|
|
Bad conflict resolution in 63c56cda133a85a158502891c40465bc0331d3d9
reverted bits of d007fcf7291cc3c24d4545e23c759bde22b6a8a6.
|
|
Where the docs used `:pep:` links for established Python language
features, replaced them with direct references to the Python docs
(usually glossary terms).
|