summaryrefslogtreecommitdiff
path: root/django/contrib/auth/tokens.py
AgeCommit message (Expand)Author
2025-08-27Fixed #36572 -- Revert "Fixed #36546 -- Deprecated django.utils.crypto.consta...Sarah Boyce
2025-08-25Fixed #36546 -- Deprecated django.utils.crypto.constant_time_compare() in fav...SaJH
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2022-02-01Fixed #30360 -- Added support for secret key rotation.tschilling
2021-04-20Fixed #32664 -- Made PasswordResetTokenGenerator.secret validation lazy.François Freitag
2021-01-14Refs #31842 -- Removed DEFAULT_HASHING_ALGORITHM transitional setting.Mariusz Felisiak
2021-01-14Refs #27468 -- Removed support for the pre-Django 3.1 password reset tokens.Mariusz Felisiak
2020-10-22Fixed #32130 -- Fixed pre-Django 3.1 password reset tokens validation.Mariusz Felisiak
2020-10-21Fixed #26615 -- Made password reset token invalidate when changing email.Jacob Walls
2020-08-27Refs #31913 -- Corrected comment in PasswordResetTokenGenerator.Phil Gyford
2020-08-04Fixed #31842 -- Added DEFAULT_HASHING_ALGORITHM transitional setting.Mariusz Felisiak
2020-07-29Fixed #29324 -- Made SECRET_KEY validation lazy (on first access).Florian Apolloner
2020-02-12Refs #27468 -- Made PasswordResetTokenGenerator use SHA-256 algorithm.Claude Paroz
2019-09-20Fixed #28622 -- Allowed specifying password reset link expiration in seconds ...Hasan Ramezani
2018-09-13Removed shadowing of built-in hash() function.Andrey Kostakov
2018-04-06Fixed #29289 -- Clarified PasswordResetTokenGenerator comment regarding the d...Tim Graham
2017-10-12Refs #28248 -- Clarified the precision of PASSWORD_RESET_TIMEOUT_DAYS.Tim Graham
2017-09-25Reverted "Fixed #28248 -- Fixed password reset tokens being valid for 1 day l...Tim Graham
2017-05-29Fixed #28248 -- Fixed password reset tokens being valid for 1 day longer than...Nick Zaccardi
2017-05-26Fixed #28017 -- Allowed customizing PasswordResetTokenGenerator's secret.jannh
2017-02-04Refs #27656 -- Updated django.contrib docstring verb style according to PEP 257.Anton Samarchyan
2017-01-19Refs #23919 -- Stopped inheriting from object to define new style classes.Simon Charette
2017-01-18Refs #23919 -- Removed six.<various>_types usageClaude Paroz
2017-01-13Fixed #27518 -- Prevented possibie password reset token leak via HTTP Referer...Romain Garrigues
2016-11-14Fixed E305 flake8 warnings.Ramin Farajpour Cami
2015-04-20Refactored PasswordResetTokenGenerator to be a bit more extensible.Matt Robenolt
2015-02-06Sorted imports with isort; refs #23860.Tim Graham
2014-08-01Fixed #7220 -- Allowed AbstractBaseUser.last_login to be null.Tim Graham
2012-11-29Fixed #19354 -- Do not assume usermodel.pk == usermodel.idClaude Paroz
2012-09-26Fixed #3011 -- Added swappable auth.User models.Russell Keith-Magee
2012-07-22[py3] Replaced unicode/str by six.text_type/bytes.Aymeric Augustin
2011-10-16Fixed a test that was broken at r16978. Refs #17055.Aymeric Augustin
2011-10-13Fixed #16906 -- Format datetimes with str/unicode instead of strftime where p...Aymeric Augustin
2011-03-30Removed Django 1.2 compatibility fallback for password reset hashLuke Plant
2011-03-28Removed a bunch of Python 2.4 workarounds now that we don't support it. Refs ...Adrian Holovaty
2010-10-14Fixed #14445 - Use HMAC and constant-time comparison functions where needed.Luke Plant
2009-04-01Fixed #10265: fixed a bug when generating a password reset token for a user c...Jacob Kaplan-Moss
2009-02-22Fixed #10025 -- Corrected two minor typos in source documentation. Thanks to ...Russell Keith-Magee
2008-08-02Fixed #7919 -- md5 and sha modules are deprecated since Python 2.5, use hashl...Gary Wilson Jr
2008-07-31Fixed #7723 - implemented a secure password reset form that uses a token and ...Luke Plant