| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2024-11-14 | Fixed #17430 -- Documented access to the Django admin when using a custom ↵ | Maria Hynes | |
| auth backend. | |||
| 2024-10-15 | Fixed #35782 -- Allowed overriding password validation error messages. | Ben Cail | |
| 2024-10-15 | Refs #35782 -- Documented the get_help_text methods in password validators. | Ben Cail | |
| 2024-10-07 | Fixed #35303 -- Implemented async auth backends and utils. | Jon Janzen | |
| 2024-09-16 | Fixed #35767 -- Adjusted customizing User model docs. | Carlton Gibson | |
| 2024-09-03 | Fixed CVE-2024-45231 -- Avoided server error on password reset when email ↵ | Natalia | |
| sending fails. On successful submission of a password reset request, an email is sent to the accounts known to the system. If sending this email fails (due to email backend misconfiguration, service provider outage, network issues, etc.), an attacker might exploit this by detecting which password reset requests succeed and which ones generate a 500 error response. Thanks to Thibaut Spriet for the report, and to Mariusz Felisiak, Adam Johnson, and Sarah Boyce for the reviews. | |||
| 2024-08-22 | Sorted alphabetically forms list in docs/topics/auth/default.txt. | nessita | |
| 2024-08-19 | Fixed #35678 -- Removed "usable_password" field from BaseUserCreationForm. | Natalia | |
| Refs #34429: Following the implementation allowing the setting of unusable passwords via the admin site, the `BaseUserCreationForm` and `UserCreationForm` were extended to include a new field for choosing whether password-based authentication for the new user should be enabled or disabled at creation time. Given that these forms are designed to be extended when implementing custom user models, this branch ensures that this new field is moved to a new, admin-dedicated, user creation form `AdminUserCreationForm`. Regression in e626716c28b6286f8cf0f8174077f3d2244f3eb3. Thanks Simon Willison for the report, Fabian Braun and Sarah Boyce for the review. | |||
| 2024-08-08 | Refs #31405 -- Improved LoginRequiredMiddleware documentation. | Adam Johnson | |
| co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | |||
| 2024-06-24 | Migrated setuptools configuration to pyproject.toml. | Claude Paroz | |
| This branch migrates setuptools configuration from setup.py/setup.cfg to pyproject.toml. In order to ensure that the generated binary files have consistent casing (both the tarball and the wheel), setuptools version is limited to ">=61.0.0,<69.3.0". Configuration for flake8 was moved to a dedicated .flake8 file since it cannot be configured via pyproject.toml. Also, __pycache__ exclusion was removed from MANIFEST and the extras/Makefile was replaced with a simpler build command. Co-authored-by: Nick Pope <nick@nickpope.me.uk> | |||
| 2024-05-22 | Removed versionadded/changed annotations for 5.0. | Natalia | |
| This also removes remaining versionadded/changed annotations for older versions. | |||
| 2024-05-22 | Fixed #31405 -- Added LoginRequiredMiddleware. | Hisham Mahmood | |
| Co-authored-by: Adam Johnson <me@adamj.eu> Co-authored-by: Mehmet İnce <mehmet@mehmetince.net> Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | |||
| 2024-03-07 | Fixed #35030 -- Made django.contrib.auth decorators to work with async ↵ | Dingning | |
| functions. | |||
| 2024-02-20 | Fixed #34429 -- Allowed setting unusable passwords for users in the auth forms. | Fabian Braun | |
| Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> | |||
| 2024-01-26 | Applied Black's 2024 stable style. | Mariusz Felisiak | |
| https://github.com/psf/black/releases/tag/24.1.0 | |||
| 2024-01-22 | Fixed typo in docs/topics/auth/default.txt. | Adrienne Franke | |
| 2023-12-15 | Fixed typos in docs. | Mariusz Felisiak | |
| 2023-11-15 | Fixed #34970 -- Clarified Password Validation docs regarding the ↵ | Markus Amalthea Magnuson | |
| password_changed callback. | |||
| 2023-09-18 | Refs #33764 -- Removed BaseUserManager.make_random_password() per ↵ | Mariusz Felisiak | |
| deprecation timeline. | |||
| 2023-09-18 | Removed versionadded/changed annotations for 4.2. | Mariusz Felisiak | |
| This also removes remaining versionadded/changed annotations for older versions. | |||
| 2023-09-14 | Refs #15619 -- Removed deprecated annotation about logging out via GET requests. | Mariusz Felisiak | |
| Follow up to 6c57c08ae52f86df843fccb5a3c1c6c45a10a26f. | |||
| 2023-06-27 | Fixed #34391 -- Added async-compatible interface to auth functions and ↵ | Jon Janzen | |
| related methods test clients. | |||
| 2023-05-18 | Fixed #34565 -- Added support for async checking of user passwords. | HappyDingning | |
| 2023-04-17 | Used extlinks for PyPI links. | Tim Graham | |
| Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2023-03-08 | Fixed #34384 -- Fixed session validation when rotation secret keys. | David Wobrock | |
| Bug in 0dcd549bbe36c060f536ec270d34d9e7d4b8e6c7. Thanks Eric Zarowny for the report. | |||
| 2023-03-07 | Fixed #31920 -- Made AuthenticationMiddleware add request.auser(). | Jon Janzen | |
| 2023-03-01 | Fixed #34140 -- Reformatted code blocks in docs with blacken-docs. | django-bot | |
| 2023-02-28 | Refs #34140 -- Corrected rst code-block and various formatting issues in docs. | Joseph Victor Zammit | |
| 2023-02-10 | Refs #34140 -- Applied rst code-block to non-Python examples. | Carlton Gibson | |
| Thanks to J.V. Zammit, Paolo Melchiorre, and Mariusz Felisiak for reviews. | |||
| 2023-01-30 | Fixed typo in docs/topics/auth/passwords.txt. | fschwebel | |
| Wrapped hashing is only possible if the inner wrapped function is the same as the previous hasher. | |||
| 2023-01-17 | Refs #15619 -- Removed support for logging out via GET requests. | Mariusz Felisiak | |
| Per deprecation timeline. | |||
| 2022-12-29 | Fixed #25617 -- Added case-insensitive unique username validation in ↵ | Paul Schilling | |
| UserCreationForm. Co-Authored-By: Neven Mundar <nmundar@gmail.com> | |||
| 2022-11-29 | Fixed #34187 -- Made UserCreationForm save many-to-many fields. | sdolemelipone | |
| 2022-11-28 | Doc's check_password()'s setter and preferred arguments. | Mariusz Felisiak | |
| Follow up to 90e05aaeac612a4251640564aa65f103ac635e12. | |||
| 2022-11-14 | Fixed #34154 -- Made mixin headers consistent in auth docs. | Tony Lechner | |
| 2022-11-10 | Improved readability of string interpolation in frequently used examples in ↵ | Trey Hunner | |
| docs. | |||
| 2022-09-28 | Fixed #34056 -- Updated the list of common passwords for ↵ | Paolo Melchiorre | |
| CommonPasswordValidator. | |||
| 2022-09-17 | Fixed #34017 -- Doc'd that Argon2id variant is used by Argon2PasswordHasher. | Ritik Soni | |
| 2022-09-17 | Fixed #34019 -- Removed obsolete references to "model design considerations" ↵ | DevilsAutumn | |
| note. | |||
| 2022-08-30 | Refs #30947 -- Changed tuples to lists where appropriate. | Alex Morega | |
| 2022-07-23 | Refs #33691 -- Deprecated insecure password hashers. | Claude Paroz | |
| SHA1PasswordHasher, UnsaltedSHA1PasswordHasher, and UnsaltedMD5PasswordHasher are now deprecated. | |||
| 2022-06-03 | Fixed #33764 -- Deprecated BaseUserManager.make_random_password(). | Ciaran McCormick | |
| 2022-05-31 | Fixed docs build with sphinxcontrib-spelling 7.5.0+. | Mariusz Felisiak | |
| sphinxcontrib-spelling 7.5.0+ includes captions of figures in the set of nodes for which the text is checked. | |||
| 2022-05-17 | Removed versionadded/changed annotations for 4.0. | Carlton Gibson | |
| 2022-05-11 | Fixed #33691 -- Deprecated django.contrib.auth.hashers.CryptPasswordHasher. | Mariusz Felisiak | |
| 2022-04-28 | Removed hyphen from pre-/re- prefixes. | David | |
| "prepopulate", "preload", and "preprocessing" are already in the spelling_wordlist. This also removes hyphen from double "e" combinations with "pre" and "re", e.g. preexisting, preempt, reestablish, or reenter. See also: - https://ahdictionary.com/word/search.html?q=rerun - https://ahdictionary.com/word/search.html?q=recreate - https://ahdictionary.com/word/search.html?q=predetermined - https://ahdictionary.com/word/search.html?q=reuse - https://ahdictionary.com/word/search.html?q=reopening | |||
| 2022-04-01 | Fixed #33613 -- Made createsuperuser detect uniqueness of USERNAME_FIELD ↵ | Lucidiot | |
| when using Meta.constraints. | |||
| 2022-03-29 | Fixed #15619 -- Deprecated log out via GET requests. | René Fleschenberg | |
| Thanks Florian Apolloner for the implementation idea. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2022-02-01 | Fixed #30360 -- Added support for secret key rotation. | tschilling | |
| Thanks Florian Apolloner for the implementation idea. Co-authored-by: Andreas Pelme <andreas@pelme.se> Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com> | |||
| 2022-01-17 | Fixed #33443 -- Clarified when PasswordResetView sends an email. | Brad Solomon | |
