| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2025-11-12 | Fixed #36717 -- Redirect authenticated users on admin login view to next URL. | Benedict Etzel | |
| Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> | |||
| 2025-07-22 | Standardized how method_decorator is used in contrib.auth views and admin. | Claude Paroz | |
| Updated django.contrib.auth's views and admin modules to apply decorators consistently. | |||
| 2025-01-13 | Fixed #36087 -- Supported password reset on a custom user model with a ↵ | Sarah Boyce | |
| composite primary key. | |||
| 2024-05-29 | Fixed 35467 -- Replaced urlparse with urlsplit where appropriate. | Jake Howard | |
| This work should not generate any change of functionality, and `urlsplit` is approximately 6x faster. Most use cases of `urlparse` didn't touch the path, so they can be converted to `urlsplit` without any issue. Most of those which do use `.path`, simply parse the URL, mutate the querystring, then put them back together, which is also fine (so long as urlunsplit is used). | |||
| 2024-05-22 | Fixed #31405 -- Added LoginRequiredMiddleware. | Hisham Mahmood | |
| Co-authored-by: Adam Johnson <me@adamj.eu> Co-authored-by: Mehmet İnce <mehmet@mehmetince.net> Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | |||
| 2023-01-17 | Refs #15619 -- Removed support for logging out via GET requests. | Mariusz Felisiak | |
| Per deprecation timeline. | |||
| 2022-04-20 | Refactored out RedirectURLMixin.get_success_url(). | Aymeric Augustin | |
| This also adds a default implementation of get_default_redirect_url(). | |||
| 2022-04-20 | Simplified LogoutView.get_success_url(). | Aymeric Augustin | |
| This preserves the behavior of redirecting to the logout URL without query string parameters when an insecure ?next=... parameter is given. It changes the behavior of a POST to the logout URL, as shown by the test that is changed. Currently, this results in a GET to the logout URL. However, such GET requests are deprecated. This change would be necessary in Django 5.0 anyway. This commit merely anticipates it. | |||
| 2022-04-20 | Unified LoginView/LogoutView.get_default_redirect_url() methods. | Aymeric Augustin | |
| This might change the behavior when self.next_page == "". However, resolve_url(self.next_page) would almost certainly fail in that case. It is technically possible to define a logout URLpattern whose name is "": path('logout/', LogoutView.as_view(), name=''), and then to refer to this pattern with next_page = "". However this feels like a pathological case, so we decided not to handle it. Most checks on next_page, LOGIN_REDIRECT_URL, and LOGOUT_REDIRECT_URL are performed with boolean evaluation rather than comparison with None. That's why we standardizing that way. | |||
| 2022-04-20 | Renamed LogoutView.get_next_page() to get_success_url(). | Aymeric Augustin | |
| This aligns it with LoginView. Also, it removes confusion with the get_next_page() method of paginators. get_next_page() was a private API, therefore this refactoring is allowed. | |||
| 2022-04-20 | Refactored out RedirectURLMixin.get_redirect_url(). | Aymeric Augustin | |
| This also renames SuccessURLAllowedHostsMixin to RedirectURLMixin. This doesn't change the behavior of LogoutView.get_next_page() because next_page == "" implies url_is_safe == False before the refactoring. | |||
| 2022-04-19 | Removed unnecessary default argument from GET.get() call in ↵ | Aymeric Augustin | |
| LoginView.get_redirect_url(). The default argument is unnecessary because url_has_allowed_host_and_scheme() returns False when its first argument is "" or None, so get_redirect_url() still returns "". This also aligns LoginView.get_redirect_url() and LogoutView.get_next_page(). | |||
| 2022-04-18 | Fixed #33648 -- Prevented extra redirect in LogoutView on invalid next page ↵ | Aymeric Augustin | |
| when LOGOUT_REDIRECT_URL is set. | |||
| 2022-03-29 | Fixed #15619 -- Deprecated log out via GET requests. | René Fleschenberg | |
| Thanks Florian Apolloner for the implementation idea. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2022-02-07 | Refs #33476 -- Reformatted code with Black. | django-bot | |
| 2022-01-13 | Refs #32681 -- Fixed VariableDoesNotExist when rendering some admin template. | Mariusz Felisiak | |
| Regression in 84609b3205905097d7d3038d32e6101f012c0619. Follow up to 4e5bbb6ef2287126badd32842b239f4a8a7394ca. Thanks Sourav Kumar for the report. | |||
| 2021-06-25 | Refs #32508 -- Raised ImproperlyConfigured/TypeError instead of using ↵ | Mateo Radman | |
| "assert" in various code. | |||
| 2021-02-08 | Fixed #28216 -- Added next_page/get_default_redirect_url() to LoginView. | ThinkChaos | |
| 2019-09-02 | Fixed #30747 -- Renamed is_safe_url() to url_has_allowed_host_and_scheme(). | Carlton Gibson | |
| 2019-05-24 | Fixed #28780 -- Allowed specyfing a token parameter displayed in password ↵ | Rob | |
| reset URLs. Co-authored-by: Tim Givois <tim.givois.mendez@gmail.com> | |||
| 2018-03-15 | Fixed #29206 -- Fixed PasswordResetConfirmView crash when the URL contains a ↵ | Mattia Procopio | |
| non-UUID where one is expected. | |||
| 2018-01-03 | Fixed #28982 -- Simplified code with and/or. | Дилян Палаузов | |
| 2017-12-11 | Fixed #28909 -- Simplified code using tuple/list/set/dict unpacking. | Nick Pope | |
| 2017-09-22 | Refs #26929 -- Removed extra_context parameter of ↵ | Tim Graham | |
| contrib.auth.views.logout_then_login(). Per deprecation timeline. | |||
| 2017-09-22 | Refs #17209 -- Removed login/logout and password reset/change function-based ↵ | Tim Graham | |
| views. Per deprecation timeline. | |||
| 2017-09-03 | Fixed #28550 -- Restored contrib.auth's login() and logout() views' respect ↵ | ZachLiuGIS | |
| of positional arguments. Regression in 78963495d0caadb77eb97ccf319ef0ba3b204fb5. Forwardport of f8e0557b01ebbb11478cfb012c4cafc67f1213c1 from stable/1.11.x | |||
| 2017-08-24 | Fixed #28513 -- Added POST request support to LogoutView. | hui shang | |
| 2017-06-13 | Fixed #28229 -- Fixed the value of LoginView's "next" template variable. | Mikhail Golubev | |
| 2017-03-07 | Fixed #27891 -- Added PasswordResetConfirmView.post_reset_login_backend. | Camilo Nova | |
| 2017-03-04 | Refs #27795 -- Removed unneeded force_text calls | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
| 2017-02-15 | Fixed #27840 -- Fixed KeyError in PasswordResetConfirmView.form_valid(). | Markus Holtermann | |
| When a user is already logged in when submitting the password and password confirmation to reset a password, a KeyError occurred while removing the reset session token from the session. Refs #17209 Thanks Quentin Marlats for the report and Florian Apolloner and Tim Graham for the review. | |||
| 2017-02-07 | Refs #27815 -- Reordered LoginView.get_form_kwargs(). | Tim Graham | |
| 2017-02-07 | Fixed #27815 -- Made LoginView pass the request kwarg to AuthenticationForm. | Zoltan Gyarmati | |
| 2017-02-07 | Converted usage of ugettext* functions to their gettext* aliases | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
| 2017-02-04 | Refs #27656 -- Updated django.contrib docstring verb style according to PEP 257. | Anton Samarchyan | |
| 2017-01-25 | Refs #23919 -- Removed misc Python 2/3 references. | Tim Graham | |
| 2017-01-25 | Refs #23919 -- Replaced super(ClassName, self) with super(). | chillaranand | |
| 2017-01-19 | Refs #23919 -- Stopped inheriting from object to define new style classes. | Simon Charette | |
| 2017-01-18 | Refs #23919 -- Removed most of remaining six usage | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
| 2017-01-17 | Refs #24126 -- Removed auth views' current_app parameter per deprecation ↵ | Tim Graham | |
| timeline. | |||
| 2017-01-13 | Fixed #27518 -- Prevented possibie password reset token leak via HTTP ↵ | Romain Garrigues | |
| Referer header. Thanks Florian Apolloner for contributing to this patch and Collin Anderson, Markus Holtermann, and Tim Graham for review. | |||
| 2016-11-25 | Fixed #25966 -- Made get_user_model() work at import time. | Aymeric Augustin | |
| This makes it equivalent to: `from django.contrib.auth.models import User`. Thanks Aymeric Augustin for the initial patch and Tim Graham for the review. | |||
| 2016-11-21 | Refs #17209 -- Fixed token verification for PasswordResetConfirmView POST ↵ | Florian Apolloner | |
| requests. | |||
| 2016-09-07 | Fixed #26956 -- Added success_url_allowed_hosts to LoginView and LogoutView. | Jon Dufresne | |
| Allows specifying additional hosts to redirect after login and log out. | |||
| 2016-09-07 | Refs #26956 -- Allowed is_safe_url() to validate against multiple hosts | Jon Dufresne | |
| 2016-08-19 | Refs #26902 -- Protected against insecure redirects in Login/LogoutView. | Przemysław Suliga | |
| 2016-08-10 | Fixed #26960 -- Added PasswordResetConfirmView option to automatically log ↵ | jordij | |
| in after a reset. | |||
| 2016-07-28 | Fixed #26929 -- Deprecated extra_context parameter of ↵ | Andrew Nester | |
| contrib.auth.views.logout_then_login(). | |||
| 2016-07-22 | Fixed #26882 -- Added tests for auth.views.logout_then_login(). | Andrew Nester | |
| 2016-07-16 | Fixed #17209 -- Added password reset/change class-based views | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
