| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2026-04-07 | Fixed #37021 -- Added Permission.user_perm_str property. | mariatta | |
| For use in checking user permissions via has_perm(). Co-authored-by: 사재혁 <jaehyuck.sa.dev@gmail.com> | |||
| 2026-02-27 | Fixed #27489 -- Renamed permissions upon model renaming in migrations. | Artyom Kotovskiy | |
| Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com> | |||
| 2025-10-29 | Fixed #36329 -- Removed non-code custom link text when cross-referencing ↵ | Clifford Gama | |
| Python objects. Thanks Bruno Alla, Sarah Boyce, and Jacob Walls for reviews. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | |||
| 2025-08-25 | Refs #36485 -- Rewrapped docs to 79 columns line length. | David Smith | |
| Lines in the docs files were manually adjusted to conform to the 79 columns limit per line (plus newline), improving readability and consistency across the content. | |||
| 2025-08-25 | Refs #36485 -- Removed double spaces after periods in sentences. | Natalia | |
| 2025-08-25 | Refs #36485 -- Removed unnecessary parentheses in :meth: and :func: roles in ↵ | David Smith | |
| docs. | |||
| 2025-01-15 | Removed versionadded/changed annotations for 5.1. | Sarah Boyce | |
| This also removes remaining versionadded/changed annotations for older versions. | |||
| 2024-09-03 | Fixed CVE-2024-45231 -- Avoided server error on password reset when email ↵ | Natalia | |
| sending fails. On successful submission of a password reset request, an email is sent to the accounts known to the system. If sending this email fails (due to email backend misconfiguration, service provider outage, network issues, etc.), an attacker might exploit this by detecting which password reset requests succeed and which ones generate a 500 error response. Thanks to Thibaut Spriet for the report, and to Mariusz Felisiak, Adam Johnson, and Sarah Boyce for the reviews. | |||
| 2024-08-22 | Sorted alphabetically forms list in docs/topics/auth/default.txt. | nessita | |
| 2024-08-19 | Fixed #35678 -- Removed "usable_password" field from BaseUserCreationForm. | Natalia | |
| Refs #34429: Following the implementation allowing the setting of unusable passwords via the admin site, the `BaseUserCreationForm` and `UserCreationForm` were extended to include a new field for choosing whether password-based authentication for the new user should be enabled or disabled at creation time. Given that these forms are designed to be extended when implementing custom user models, this branch ensures that this new field is moved to a new, admin-dedicated, user creation form `AdminUserCreationForm`. Regression in e626716c28b6286f8cf0f8174077f3d2244f3eb3. Thanks Simon Willison for the report, Fabian Braun and Sarah Boyce for the review. | |||
| 2024-08-08 | Refs #31405 -- Improved LoginRequiredMiddleware documentation. | Adam Johnson | |
| co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | |||
| 2024-05-22 | Removed versionadded/changed annotations for 5.0. | Natalia | |
| This also removes remaining versionadded/changed annotations for older versions. | |||
| 2024-05-22 | Fixed #31405 -- Added LoginRequiredMiddleware. | Hisham Mahmood | |
| Co-authored-by: Adam Johnson <me@adamj.eu> Co-authored-by: Mehmet İnce <mehmet@mehmetince.net> Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | |||
| 2024-03-07 | Fixed #35030 -- Made django.contrib.auth decorators to work with async ↵ | Dingning | |
| functions. | |||
| 2024-02-20 | Fixed #34429 -- Allowed setting unusable passwords for users in the auth forms. | Fabian Braun | |
| Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> | |||
| 2024-01-26 | Applied Black's 2024 stable style. | Mariusz Felisiak | |
| https://github.com/psf/black/releases/tag/24.1.0 | |||
| 2024-01-22 | Fixed typo in docs/topics/auth/default.txt. | Adrienne Franke | |
| 2023-12-15 | Fixed typos in docs. | Mariusz Felisiak | |
| 2023-09-18 | Removed versionadded/changed annotations for 4.2. | Mariusz Felisiak | |
| This also removes remaining versionadded/changed annotations for older versions. | |||
| 2023-09-14 | Refs #15619 -- Removed deprecated annotation about logging out via GET requests. | Mariusz Felisiak | |
| Follow up to 6c57c08ae52f86df843fccb5a3c1c6c45a10a26f. | |||
| 2023-06-27 | Fixed #34391 -- Added async-compatible interface to auth functions and ↵ | Jon Janzen | |
| related methods test clients. | |||
| 2023-04-17 | Used extlinks for PyPI links. | Tim Graham | |
| Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2023-03-07 | Fixed #31920 -- Made AuthenticationMiddleware add request.auser(). | Jon Janzen | |
| 2023-03-01 | Fixed #34140 -- Reformatted code blocks in docs with blacken-docs. | django-bot | |
| 2023-02-28 | Refs #34140 -- Corrected rst code-block and various formatting issues in docs. | Joseph Victor Zammit | |
| 2023-02-10 | Refs #34140 -- Applied rst code-block to non-Python examples. | Carlton Gibson | |
| Thanks to J.V. Zammit, Paolo Melchiorre, and Mariusz Felisiak for reviews. | |||
| 2023-01-17 | Refs #15619 -- Removed support for logging out via GET requests. | Mariusz Felisiak | |
| Per deprecation timeline. | |||
| 2022-12-29 | Fixed #25617 -- Added case-insensitive unique username validation in ↵ | Paul Schilling | |
| UserCreationForm. Co-Authored-By: Neven Mundar <nmundar@gmail.com> | |||
| 2022-11-29 | Fixed #34187 -- Made UserCreationForm save many-to-many fields. | sdolemelipone | |
| 2022-11-14 | Fixed #34154 -- Made mixin headers consistent in auth docs. | Tony Lechner | |
| 2022-11-10 | Improved readability of string interpolation in frequently used examples in ↵ | Trey Hunner | |
| docs. | |||
| 2022-08-30 | Refs #30947 -- Changed tuples to lists where appropriate. | Alex Morega | |
| 2022-05-17 | Removed versionadded/changed annotations for 4.0. | Carlton Gibson | |
| 2022-03-29 | Fixed #15619 -- Deprecated log out via GET requests. | René Fleschenberg | |
| Thanks Florian Apolloner for the implementation idea. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2022-02-01 | Fixed #30360 -- Added support for secret key rotation. | tschilling | |
| Thanks Florian Apolloner for the implementation idea. Co-authored-by: Andreas Pelme <andreas@pelme.se> Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com> | |||
| 2022-01-17 | Fixed #33443 -- Clarified when PasswordResetView sends an email. | Brad Solomon | |
| 2022-01-05 | Fixed malformed attribute directives in docs. | David | |
| 2021-08-17 | Fixed #32964 -- Corrected 'setup'/'set up' usage in docs. | Andrew Northall | |
| 2021-07-29 | Fixed 32956 -- Lowercased spelling of "web" and "web framework" where ↵ | David Smith | |
| appropriate. | |||
| 2021-02-08 | Fixed #28216 -- Added next_page/get_default_redirect_url() to LoginView. | ThinkChaos | |
| 2021-02-08 | Used .. attribute:: directive in authentication views docs. | Mariusz Felisiak | |
| 2020-05-13 | Used :mimetype: role in various docs. | Nick Pope | |
| 2020-05-13 | Removed versionadded/changed annotations for 3.0. | Mariusz Felisiak | |
| 2020-04-28 | Changed django.forms.ValidationError imports to ↵ | François Freitag | |
| django.core.exceptions.ValidationError. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2020-04-27 | Fixed #31505 -- Doc'd possible email addresses enumeration in PasswordResetView. | Mariusz Felisiak | |
| 2020-04-24 | Doc'd PasswordChangeView/PasswordResetView.success_url defaults. | Tanmay Vijay | |
| 2020-02-19 | Fixed #30040 -- Used default permission name in docs examples to avoid ↵ | Hasan Ramezani | |
| confusion. | |||
| 2019-09-10 | Removed versionadded/changed annotations for 2.2. | Mariusz Felisiak | |
| 2019-09-06 | Fixed #30573 -- Rephrased documentation to avoid words that minimise the ↵ | Tobias Kunze | |
| involved difficulty. This patch does not remove all occurrences of the words in question. Rather, I went through all of the occurrences of the words listed below, and judged if they a) suggested the reader had some kind of knowledge/experience, and b) if they added anything of value (including tone of voice, etc). I left most of the words alone. I looked at the following words: - simply/simple - easy/easier/easiest - obvious - just - merely - straightforward - ridiculous Thanks to Carlton Gibson for guidance on how to approach this issue, and to Tim Bell for providing the idea. But the enormous lion's share of thanks go to Adam Johnson for his patient and helpful review. | |||
| 2019-06-20 | Removed unnecessary backslashes from docs. | Mariusz Felisiak | |
