| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2026-01-31 | Refs #34118 -- Removed asgiref coroutine detection shims. | Jacob Walls | |
| As Python 3.12 is now the floor, we can drop the shims and use the `inspect` module. | |||
| 2025-09-17 | Refs #36390 -- Removed support for RemoteUserMiddleware subclasses missing ↵ | Jacob Walls | |
| aprocess_request(). Per deprecation timeline. | |||
| 2025-09-11 | Fixed #36603 -- Optimized check order in LoginRequiredMiddleware. | Adam Johnson | |
| 2025-07-23 | Removed double spaces after periods and within phrases. | Sarah Boyce | |
| 2025-05-23 | Fixed #36390 -- Deprecated RemoteUserMiddleware subclasses missing ↵ | Sarah Boyce | |
| aprocess_request(). Regression in 50f89ae850f6b4e35819fe725a08c7e579bfd099. Thank you to shamoon for the report and Natalia Bidart for the review. | |||
| 2024-12-18 | Fixed #36002 -- Referred to request.Meta key in ↵ | Anders Einar Hilden | |
| Persistent/RemoteUserMiddleware comments. Changed the docstrings and code comments to better reflect where the default value comes from (an environment variable, not request header). | |||
| 2024-10-07 | Fixed #35303 -- Implemented async auth backends and utils. | Jon Janzen | |
| 2024-05-29 | Fixed 35467 -- Replaced urlparse with urlsplit where appropriate. | Jake Howard | |
| This work should not generate any change of functionality, and `urlsplit` is approximately 6x faster. Most use cases of `urlparse` didn't touch the path, so they can be converted to `urlsplit` without any issue. Most of those which do use `.path`, simply parse the URL, mutate the querystring, then put them back together, which is also fine (so long as urlunsplit is used). | |||
| 2024-05-22 | Fixed #31405 -- Added LoginRequiredMiddleware. | Hisham Mahmood | |
| Co-authored-by: Adam Johnson <me@adamj.eu> Co-authored-by: Mehmet İnce <mehmet@mehmetince.net> Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | |||
| 2023-06-27 | Fixed #34391 -- Added async-compatible interface to auth functions and ↵ | Jon Janzen | |
| related methods test clients. | |||
| 2023-03-07 | Fixed #31920 -- Made AuthenticationMiddleware add request.auser(). | Jon Janzen | |
| 2022-02-07 | Refs #33476 -- Reformatted code with Black. | django-bot | |
| 2021-07-29 | Fixed 32956 -- Lowercased spelling of "web" and "web framework" where ↵ | David Smith | |
| appropriate. | |||
| 2021-03-11 | Refs #32508 -- Raised ImproperlyConfigured instead of using "assert" in ↵ | Hasan Ramezani | |
| middlewares. | |||
| 2019-11-13 | Fixed #30941 -- Reverted "Simplified AuthenticationMiddleware a bit." | Mariusz Felisiak | |
| This reverts commit 2f010795e690550c8c6f56b3924c0f629cacb33b. | |||
| 2019-10-29 | Simplified AuthenticationMiddleware a bit. | Sergey Fedoseev | |
| SimpleLazyObject already caches value in _wrapped. | |||
| 2019-10-23 | Refs #26601 -- Removed obsolete workarounds for MIDDLEWARE_CLASSES setting. | Sergey Fedoseev | |
| 2017-09-07 | Reverted "Fixed #27818 -- Replaced try/except/pass with contextlib.suppress()." | Tim Graham | |
| This reverts commit 550cb3a365dee4edfdd1563224d5304de2a57fda because try/except performs better. | |||
| 2017-06-28 | Fixed #27818 -- Replaced try/except/pass with contextlib.suppress(). | Mads Jensen | |
| 2017-02-04 | Refs #27656 -- Updated django.contrib docstring verb style according to PEP 257. | Anton Samarchyan | |
| 2017-01-17 | Refs #23957 -- Removed the useless SessionAuthenticationMiddleware. | Tim Graham | |
| 2016-09-12 | Fixed #25187 -- Made request available in authentication backends. | Aleksej Manaev | |
| 2016-05-17 | Fixed #26601 -- Improved middleware per DEP 0005. | Florian Apolloner | |
| Thanks Tim Graham for polishing the patch, updating the tests, and writing documentation. Thanks Carl Meyer for shepherding the DEP. | |||
| 2016-04-09 | Fixed #25847 -- Made User.is_(anonymous|authenticated) properties. | Jeremy Lainé | |
| 2015-09-23 | Refs #23957 -- Required session verification per deprecation timeline. | Tim Graham | |
| 2015-07-02 | Fixed #25029 -- Added PersistentRemoteUserMiddleware for login-page-only ↵ | Jan Pazdziora | |
| external authentication. | |||
| 2014-12-03 | Fixed #23939 -- Moved session verification out of ↵ | Tim Graham | |
| SessionAuthenticationMiddleware. Thanks andrewbadr for the report and Carl Meyer for the review. | |||
| 2014-08-20 | Fixed #23066 -- Modified RemoteUserMiddleware to logout on REMOTE_USER change. | Preston Holmes | |
| This is a security fix. Disclosure following shortly. | |||
| 2014-04-05 | Fixed #21649 -- Added optional invalidation of sessions when user password ↵ | Tim Graham | |
| changes. Thanks Paul McMillan, Aymeric Augustin, and Erik Romijn for reviews. | |||
| 2014-03-31 | Fixed #22362 -- Improved AuthenticationMiddleware assertion message. | Tim Graham | |
| Thanks Keryn Knight. | |||
| 2014-02-08 | Fixed #21674 -- Deprecated the import_by_path() function in favor of ↵ | Berker Peksag | |
| import_string(). Thanks Aymeric Augustin for the suggestion and review. | |||
| 2013-09-06 | Fixed a number of flake8 errors -- particularly around unused imports and ↵ | Alex Gaynor | |
| local variables | |||
| 2012-10-29 | Fixed #17869 - force logout when REMOTE_USER header disappears | Preston Holmes | |
| If the current sessions user was logged in via a remote user backend log out the user if REMOTE_USER header not available - otherwise leave it to other auth middleware to install the AnonymousUser. Thanks to Sylvain Bouchard for the initial patch and ticket maintenance. | |||
| 2012-10-13 | Fixed #19077, #19079 -- Made USERNAME_FIELD a required field, and modified ↵ | Russell Keith-Magee | |
| UserAdmin to match. | |||
| 2011-06-06 | Removed an unnecessary import | Luke Plant | |
| git-svn-id: http://code.djangoproject.com/svn/django/trunk@16332 bcc190cf-cafb-0310-a4f2-bffc1f526a37 | |||
| 2011-05-31 | Cleaned up how ``request.user`` is set, this is a follow up to [16297]. ↵ | Alex Gaynor | |
| Thanks for the review Luke. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16305 bcc190cf-cafb-0310-a4f2-bffc1f526a37 | |||
| 2011-05-30 | Fixed #15929 - test.client.RequestFactory keeps state/AuthMiddleware does ↵ | Luke Plant | |
| monkey patching Thanks to m.vantellingen for the report and tests, and to aaugustin for work on the tests. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16297 bcc190cf-cafb-0310-a4f2-bffc1f526a37 | |||
| 2010-10-09 | Fixed #11509 -- Modified usage of "Web" to match our style guide in various ↵ | Russell Keith-Magee | |
| documentation, comments and code. Thanks to timo and Simon Meers for the work on the patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@14069 bcc190cf-cafb-0310-a4f2-bffc1f526a37 | |||
| 2009-03-15 | Fixed #689 -- Added a middleware and authentication backend to contrib.auth ↵ | Gary Wilson Jr | |
| for supporting external authentication solutions. Thanks to all who contributed to this patch, including Ian Holsman, garthk, Koen Biermans, Marc Fargas, ekarulf, and Ramiro Morales. git-svn-id: http://code.djangoproject.com/svn/django/trunk@10063 bcc190cf-cafb-0310-a4f2-bffc1f526a37 | |||
| 2006-09-12 | Fixed #2702 -- Fixed LazyUser to store cache as attribute of request, not ↵ | Adrian Holovaty | |
| class. Thanks for the patch, jkocherhans git-svn-id: http://code.djangoproject.com/svn/django/trunk@3754 bcc190cf-cafb-0310-a4f2-bffc1f526a37 | |||
| 2006-06-28 | Merged multi-auth branch to trunk. See the authentication docs for the ↵ | Jacob Kaplan-Moss | |
| ramifications of this change. Many, many thanks to Joseph Kocherhans for the hard work! git-svn-id: http://code.djangoproject.com/svn/django/trunk@3226 bcc190cf-cafb-0310-a4f2-bffc1f526a37 | |||
| 2006-06-08 | Fixed #2109 -- Convert old-style classes to new-style classes throughout ↵ | Adrian Holovaty | |
| Django. Thanks, Nicola Larosa git-svn-id: http://code.djangoproject.com/svn/django/trunk@3113 bcc190cf-cafb-0310-a4f2-bffc1f526a37 | |||
| 2006-05-02 | MERGED MAGIC-REMOVAL BRANCH TO TRUNK. This change is highly ↵ | Adrian Holovaty | |
| backwards-incompatible. Please read http://code.djangoproject.com/wiki/RemovingTheMagic for upgrade instructions. git-svn-id: http://code.djangoproject.com/svn/django/trunk@2809 bcc190cf-cafb-0310-a4f2-bffc1f526a37 | |||
