| Age | Commit message (Collapse) | Author |
|
Thanks Sarah Boyce and Jacob Walls for reviews.
Co-authored-by: Hrushikesh Vaidya <hrushikeshrv@gmail.com>
|
|
|
|
sufficient permissions.
This change ensures that the "Reset password" button in the admin is
shown only when the user has the necessary permission to perform a
password change operation. It reuses the password hashing rendering
logic in `display_for_field` to show the appropriate read-only widget
for users with view-only access.
|
|
rendering.
|
|
fields.
Regression in e626716c28b6286f8cf0f8174077f3d2244f3eb3.
Thanks buffgecko12 for the report and Sarah Boyce for the review.
|
|
composite primary key.
|
|
|
|
sending fails.
On successful submission of a password reset request, an email is sent
to the accounts known to the system. If sending this email fails (due to
email backend misconfiguration, service provider outage, network issues,
etc.), an attacker might exploit this by detecting which password reset
requests succeed and which ones generate a 500 error response.
Thanks to Thibaut Spriet for the report, and to Mariusz Felisiak, Adam
Johnson, and Sarah Boyce for the reviews.
|
|
Refs #34429: Following the implementation allowing the setting of
unusable passwords via the admin site, the `BaseUserCreationForm` and
`UserCreationForm` were extended to include a new field for choosing
whether password-based authentication for the new user should be enabled
or disabled at creation time.
Given that these forms are designed to be extended when implementing
custom user models, this branch ensures that this new field is moved to
a new, admin-dedicated, user creation form `AdminUserCreationForm`.
Regression in e626716c28b6286f8cf0f8174077f3d2244f3eb3.
Thanks Simon Willison for the report, Fabian Braun and Sarah Boyce for
the review.
|
|
The auth forms using SetPasswordMixin were incorrectly including the
'This field is required.' error when additional validations (e.g.,
overriding `clean_password1`) were performed and failed.
This fix ensures accurate error reporting for password fields.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
the reset password link with a button.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
in auth forms.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
|
|
Regression in 298d02a77a69321af8c0023df3250663e9d1362d.
|
|
UserCreationForm.
Co-Authored-By: Neven Mundar <nmundar@gmail.com>
|
|
|
|
|
|
UserChangeForm.password's help text when using to_field.
Co-Authored-By: David Sanders <shang.xiao.sanders@gmail.com>
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
|
|
|
|
|
|
ReadOnlyPasswordHashWidget doesn't have any labelable elements.
|
|
|
|
|
|
django.core.exceptions.ValidationError.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
|
|
Co-Authored-By: Florian Apolloner <florian@apolloner.eu>
|
|
Moved site variables assignment outside of the loop.
|
|
AuthenticationForm.UsernameField.
Regression in 5ceaf14686ce626404afb6a5fbd3d8286410bf13.
Thanks gopackgo90 for the report and Mariusz Felisiak for tests.
|
|
Moving the autocomplete attribute into UsernameField allows this to work
for custom forms making use of UsernameField, removes some duplication
in the code, and keeps consistency with the autocapitalize attribute
that is already defined on UsernameField.
|
|
Thanks Claude Paroz for assistance with translations.
|
|
Thank you to Nick Pope for review.
Co-authored-by: CHI Cheng <cloudream@gmail.com>
|
|
attribute.
This prevents automatic capitalization, which is the default behavior in
some browsers.
|
|
django.utils.http.urlsafe_base64_encode() now returns a string, not a
bytestring. Since URLs are represented as strings,
urlsafe_base64_encode() should return a string. All uses immediately
decoded the bytestring to a string anyway.
As the inverse operation, urlsafe_base64_decode() accepts a string.
|
|
user change form.
|
|
users.
Thanks Claude Paroz & Tim Graham for collaborating on the patch.
|
|
without installing contrib.auth."
This reverts commit 3333d935d2914cd80cf31f4803821ad5c0e2a51d due to
a crash if USERNAME_FIELD isn't a CharField.
|
|
|
|
Unused since aab3a418ac9293bb4abd7670f65d930cb0426d58.
|
|
Reverted 359370a8b8ca0efe99b1d4630b291ec060b69225 (refs #28645).
This is a security fix.
|
|
contrib.auth.
Also fixed #28608 -- Allowed UserCreationForm and UserChangeForm to
work with custom user models.
Thanks Sagar Chalise and Rômulo Collopy for reports, and Tim Graham
and Tim Martin for reviews.
|
|
|
|
error when using ModelBackend.
Regression in e0a3d937309a82b8beea8f41b17d8b6298da2a86.
Thanks Guilherme Junqueira for the report and Tim Graham for the review.
|
|
method for reuse.
|
|
from the model field.
Thanks Ramin Farajpour Cami for the report.
|
|
user fields.
|
|
iter(dict) is equivalent to iter(dict.keys()).
|
|
|
|
Thanks Tim Graham for the review.
|
|
Thanks Tim Graham for the review.
|
|
|