| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2023-03-08 | [4.2.x] Fixed #34384 -- Fixed session validation when rotation secret keys. | David Wobrock | |
| Bug in 0dcd549bbe36c060f536ec270d34d9e7d4b8e6c7. Thanks Eric Zarowny for the report. Backport of 2396933ca99c6bfb53bda9e53968760316646e01 from main | |||
| 2023-03-01 | [4.2.x] Fixed #34140 -- Reformatted code blocks in docs with blacken-docs. | django-bot | |
| 2023-02-28 | [4.2.x] Refs #34140 -- Corrected rst code-block and various formatting ↵ | Joseph Victor Zammit | |
| issues in docs. Backport of ba755ca13123d2691a0926ddb64e5d0a2906a880 from main | |||
| 2023-02-10 | [4.2.x] Refs #34140 -- Applied rst code-block to non-Python examples. | Carlton Gibson | |
| Thanks to J.V. Zammit, Paolo Melchiorre, and Mariusz Felisiak for reviews. Backport of 534ac4829764f317cf2fbc4a18354fcc998c1425 from main. | |||
| 2023-01-30 | [4.2.x] Fixed typo in docs/topics/auth/passwords.txt. | fschwebel | |
| Wrapped hashing is only possible if the inner wrapped function is the same as the previous hasher. Backport of 0265b1b49ba10f957abfd1311d0bae0ecefc3111 from main | |||
| 2022-12-29 | Fixed #25617 -- Added case-insensitive unique username validation in ↵ | Paul Schilling | |
| UserCreationForm. Co-Authored-By: Neven Mundar <nmundar@gmail.com> | |||
| 2022-11-29 | Fixed #34187 -- Made UserCreationForm save many-to-many fields. | sdolemelipone | |
| 2022-11-28 | Doc's check_password()'s setter and preferred arguments. | Mariusz Felisiak | |
| Follow up to 90e05aaeac612a4251640564aa65f103ac635e12. | |||
| 2022-11-14 | Fixed #34154 -- Made mixin headers consistent in auth docs. | Tony Lechner | |
| 2022-11-10 | Improved readability of string interpolation in frequently used examples in ↵ | Trey Hunner | |
| docs. | |||
| 2022-09-28 | Fixed #34056 -- Updated the list of common passwords for ↵ | Paolo Melchiorre | |
| CommonPasswordValidator. | |||
| 2022-09-17 | Fixed #34017 -- Doc'd that Argon2id variant is used by Argon2PasswordHasher. | Ritik Soni | |
| 2022-09-17 | Fixed #34019 -- Removed obsolete references to "model design considerations" ↵ | DevilsAutumn | |
| note. | |||
| 2022-08-30 | Refs #30947 -- Changed tuples to lists where appropriate. | Alex Morega | |
| 2022-07-23 | Refs #33691 -- Deprecated insecure password hashers. | Claude Paroz | |
| SHA1PasswordHasher, UnsaltedSHA1PasswordHasher, and UnsaltedMD5PasswordHasher are now deprecated. | |||
| 2022-06-03 | Fixed #33764 -- Deprecated BaseUserManager.make_random_password(). | Ciaran McCormick | |
| 2022-05-31 | Fixed docs build with sphinxcontrib-spelling 7.5.0+. | Mariusz Felisiak | |
| sphinxcontrib-spelling 7.5.0+ includes captions of figures in the set of nodes for which the text is checked. | |||
| 2022-05-17 | Removed versionadded/changed annotations for 4.0. | Carlton Gibson | |
| 2022-05-11 | Fixed #33691 -- Deprecated django.contrib.auth.hashers.CryptPasswordHasher. | Mariusz Felisiak | |
| 2022-04-28 | Removed hyphen from pre-/re- prefixes. | David | |
| "prepopulate", "preload", and "preprocessing" are already in the spelling_wordlist. This also removes hyphen from double "e" combinations with "pre" and "re", e.g. preexisting, preempt, reestablish, or reenter. See also: - https://ahdictionary.com/word/search.html?q=rerun - https://ahdictionary.com/word/search.html?q=recreate - https://ahdictionary.com/word/search.html?q=predetermined - https://ahdictionary.com/word/search.html?q=reuse - https://ahdictionary.com/word/search.html?q=reopening | |||
| 2022-04-01 | Fixed #33613 -- Made createsuperuser detect uniqueness of USERNAME_FIELD ↵ | Lucidiot | |
| when using Meta.constraints. | |||
| 2022-03-29 | Fixed #15619 -- Deprecated log out via GET requests. | René Fleschenberg | |
| Thanks Florian Apolloner for the implementation idea. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2022-02-01 | Fixed #30360 -- Added support for secret key rotation. | tschilling | |
| Thanks Florian Apolloner for the implementation idea. Co-authored-by: Andreas Pelme <andreas@pelme.se> Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com> | |||
| 2022-01-17 | Fixed #33443 -- Clarified when PasswordResetView sends an email. | Brad Solomon | |
| 2022-01-13 | Clarified how contrib.auth picks a password hasher for verification. | Adam Johnson | |
| 2022-01-05 | Fixed malformed attribute directives in docs. | David | |
| 2022-01-04 | Fixed CVE-2021-45115 -- Prevented DoS vector in ↵ | Florian Apolloner | |
| UserAttributeSimilarityValidator. Thanks Chris Bailey for the report. Co-authored-by: Adam Johnson <me@adamj.eu> | |||
| 2021-12-28 | Avoided counting attributes and methods in docs. | Mariusz Felisiak | |
| 2021-12-17 | Changed signatures of setting_changed signal receivers. | Adam Johnson | |
| 2021-12-13 | Improved wording in password validators docs and docstrings. | Adam Johnson | |
| 2021-10-19 | Refs #33207 -- Clarified that AUTH_USER_MODEL expects an app label. | Mariusz Felisiak | |
| 2021-09-20 | Removed versionadded/changed annotations for 3.2. | Mariusz Felisiak | |
| 2021-08-17 | Fixed #32964 -- Corrected 'setup'/'set up' usage in docs. | Andrew Northall | |
| 2021-07-29 | Fixed 32956 -- Lowercased spelling of "web" and "web framework" where ↵ | David Smith | |
| appropriate. | |||
| 2021-07-22 | Fixed #32275 -- Added scrypt password hasher. | ryowright | |
| Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2021-05-20 | Clarified docs about increasing the work factor for bcrypt hasher. | yyyyyyyan | |
| 2021-05-17 | Refs #32720 -- Updated various links in docs to avoid redirects and use HTTPS. | Nick Pope | |
| 2021-02-08 | Fixed #28216 -- Added next_page/get_default_redirect_url() to LoginView. | ThinkChaos | |
| 2021-02-08 | Used .. attribute:: directive in authentication views docs. | Mariusz Felisiak | |
| 2021-01-14 | Removed versionadded/changed annotations for 3.1. | Mariusz Felisiak | |
| 2021-01-14 | Fixed #31358 -- Increased salt entropy of password hashers. | Jon Moroney | |
| Co-authored-by: Florian Apolloner <florian@apolloner.eu> | |||
| 2020-12-03 | Fixed #32235 -- Made ReadOnlyPasswordHashField disabled by default. | Timo Ludwig | |
| 2020-08-11 | Added note about password updates on argon2 attributes change. | Roy Zheng | |
| 2020-05-13 | Used :mimetype: role in various docs. | Nick Pope | |
| 2020-05-13 | Removed versionadded/changed annotations for 3.0. | Mariusz Felisiak | |
| 2020-04-29 | Refs #27468 -- Made user sessions use SHA-256 algorithm. | Mariusz Felisiak | |
| 2020-04-28 | Changed django.forms.ValidationError imports to ↵ | François Freitag | |
| django.core.exceptions.ValidationError. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2020-04-27 | Fixed #31505 -- Doc'd possible email addresses enumeration in PasswordResetView. | Mariusz Felisiak | |
| 2020-04-24 | Doc'd PasswordChangeView/PasswordResetView.success_url defaults. | Tanmay Vijay | |
| 2020-04-07 | Fixed Sphinx warnings on duplicate object descriptions. | Mariusz Felisiak | |
