summaryrefslogtreecommitdiff
path: root/tests/auth_tests/test_forms.py
AgeCommit message (Collapse)Author
2024-09-03[4.2.x] Fixed CVE-2024-45231 -- Avoided server error on password reset when ↵Natalia
email sending fails. On successful submission of a password reset request, an email is sent to the accounts known to the system. If sending this email fails (due to email backend misconfiguration, service provider outage, network issues, etc.), an attacker might exploit this by detecting which password reset requests succeed and which ones generate a 500 error response. Thanks to Thibaut Spriet for the report, and to Mariusz Felisiak, Adam Johnson, and Sarah Boyce for the reviews.
2023-11-01[4.2.x] Fixed CVE-2023-46695 -- Fixed potential DoS in UsernameField on Windows.Mariusz Felisiak
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
2023-03-28[4.2.x] Fixed #34438 -- Reallowed extending UserCreationForm.Gary Jarrel
Regression in 298d02a77a69321af8c0023df3250663e9d1362d. Backport of fcc7dc5781667932bf0bf8bec76df458836e5e95 from main
2022-12-29Fixed #25617 -- Added case-insensitive unique username validation in ↵Paul Schilling
UserCreationForm. Co-Authored-By: Neven Mundar <nmundar@gmail.com>
2022-11-29Fixed #34187 -- Made UserCreationForm save many-to-many fields.sdolemelipone
2022-10-27Fixed #34066 -- Fixed link to password reset view in ↵Simon Kern
UserChangeForm.password's help text when using to_field. Co-Authored-By: David Sanders <shang.xiao.sanders@gmail.com> Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-10-26Completed test coverage for contrib.auth.forms.Marcelo Galigniana
2022-09-01Fixed ReadOnlyPasswordHashWidget's template for RTL languages.Shai Berger
2022-02-07Refs #33476 -- Refactored code to strictly match 88 characters line length.Mariusz Felisiak
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2021-07-07Used more specific unittest assertions in tests.Mads Jensen
2021-05-19Fixed #32765 -- Removed "for" HTML attribute from ReadOnlyPasswordHashWidget.David Sanders
ReadOnlyPasswordHashWidget doesn't have any labelable elements.
2020-12-03Fixed #32235 -- Made ReadOnlyPasswordHashField disabled by default.Timo Ludwig
2020-04-28Changed django.forms.ValidationError imports to ↵François Freitag
django.core.exceptions.ValidationError. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2019-12-18Fixed CVE-2019-19844 -- Used verified user email for password reset requests.Simon Charette
Co-Authored-By: Florian Apolloner <florian@apolloner.eu>
2019-09-18Fixed #30776 -- Restored max length validation on ↵Sam Reynolds
AuthenticationForm.UsernameField. Regression in 5ceaf14686ce626404afb6a5fbd3d8286410bf13. Thanks gopackgo90 for the report and Mariusz Felisiak for tests.
2019-06-28Fixed #30400 -- Improved typography of user facing strings.Jon Dufresne
Thanks Claude Paroz for assistance with translations.
2019-06-07Fixed #29379 -- Added autocomplete attribute to contrib.auth.forms fields.Hasan Ramezani
Thank you to Nick Pope for review. Co-authored-by: CHI Cheng <cloudream@gmail.com>
2019-05-15Fixed mis-capitalisation in comment.Ally Weir
2019-04-25Fixed #30399 -- Changed django.utils.html.escape()/urlize() to use ↵Jon Dufresne
html.escape()/unescape().
2019-03-29Fixed #30236 -- Made UsernameField render with autocapitalize="none" HTML ↵pmisteli
attribute. This prevents automatic capitalization, which is the default behavior in some browsers.
2018-07-02Fixed #29449 -- Reverted "Fixed #28757 -- Allowed using contrib.auth forms ↵Tim Graham
without installing contrib.auth." This reverts commit 3333d935d2914cd80cf31f4803821ad5c0e2a51d due to a crash if USERNAME_FIELD isn't a CharField.
2018-04-04Added additional AdminPasswordChangeForm tests.Mads Jensen
2018-03-29Fixed #29270 -- Fixed UserChangeForm crash if password field is excluded.Malte Gerth
2018-02-01Fixed CVE-2018-6188 -- Fixed information leakage in AuthenticationForm.Tim Graham
Reverted 359370a8b8ca0efe99b1d4630b291ec060b69225 (refs #28645). This is a security fix.
2018-01-05Fixed #28757 -- Allowed using contrib.auth forms without installing ↵shanghui
contrib.auth. Also fixed #28608 -- Allowed UserCreationForm and UserChangeForm to work with custom user models. Thanks Sagar Chalise and Rômulo Collopy for reports, and Tim Graham and Tim Martin for reviews.
2017-11-08Fixed #28645 -- Reallowed AuthenticationForm to raise the inactive user ↵shanghui
error when using ModelBackend. Regression in e0a3d937309a82b8beea8f41b17d8b6298da2a86. Thanks Guilherme Junqueira for the report and Tim Graham for the review.
2017-10-23Fixed #28706 -- Moved AuthenticationFormn invalid login ValidationError to a ↵Jon Dufresne
method for reuse.
2017-10-20Fixed #27515 -- Made AuthenticationForm's username field use the max_length ↵Lucas Connors
from the model field. Thanks Ramin Farajpour Cami for the report.
2017-10-20Refs #19130 -- Added a test for AuthenticationForm.username max_length.Lucas Connors
This will be a more useful regression test after refs #27515.
2017-06-21Fixed #28127 -- Allowed UserCreationForm's password validation to check all ↵Andrew Pinkham
user fields.
2017-04-19Fixed #28097 -- Fixed layout of ReadOnlyPasswordHashWidget.Tim Graham
2017-02-07Converted usage of ugettext* functions to their gettext* aliasesClaude Paroz
Thanks Tim Graham for the review.
2017-01-25Refs #23919 -- Replaced super(ClassName, self) with super().chillaranand
2017-01-24Removed unneeded force_text calls in the test suiteClaude Paroz
2017-01-20Refs #23919 -- Removed django.test.mock Python 2 compatibility shim.Tim Graham
2017-01-19Refs #23919 -- Stopped inheriting from object to define new style classes.Simon Charette
2017-01-18Refs #23919 -- Removed six.PY2/PY3 usageClaude Paroz
Thanks Tim Graham for the review.
2017-01-18Refs #23919 -- Removed encoding preambles and future importsClaude Paroz
2016-11-10Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings.za
2016-09-27Fixed #20705 -- Allowed using PasswordResetForm with user models with an ↵levental
email field not named 'email'.
2016-09-12Fixed #23155 -- Added request argument to user_login_failed signal.Gavin Wahl
2016-09-10Fixed indentation in previous commit.Tim Graham
2016-09-10Fixed #26097 -- Added password_validators_help_text_html to UserCreationForm.Alexander Gaevsky
2016-08-24Fixed #27111 -- Fixed KeyError if USERNAME_FIELD isn't in ↵Berker Peksag
UserCreationForm.fields.
2016-08-10Fixed #26951 -- Allowed AuthenticationForm to work with a username of 0.Olexander Yermakov
2016-06-21Refs #21379, #26719 -- Moved username normalization to AbstractBaseUser.Tim Graham
Thanks Huynh Thanh Tam for the initial patch and Claude Paroz for review.
2016-05-16Refs #21379 -- Normalized unicode username inputsClaude Paroz
2016-05-16Fixed #21379 -- Created auth-specific username validatorsClaude Paroz
Thanks Tim Graham for the review.
2016-05-07Fixed #26544 -- Delayed translations of SetPasswordForm help_textsClaude Paroz
Thanks Michael Bitzi for the reporti and Tim Graham for the review.