| Age | Commit message (Collapse) | Author |
|
See DEP 0018.
Added:
* MAILERS setting.
* django.core.mail.mailers dict-like EmailBackend factory.
* `using` argument to mail sending APIs.
* `sent_using` attribute to mail.outbox messages in locmem backend.
* MAILERS in startproject settings template, set to console backend.
* AdminLogHandler.using argument.
* BrokenLinkEmailsMiddleware.send_mail() method.
Updated:
* BaseEmailBackend to track the MAILERS alias used to construct it, and
to report errors for unknown kwargs (OPTIONS).
* EmailBackend implementations to initialize from kwargs (OPTIONS) only
when MAILERS is being used.
* smtp.EmailBackend to require `host` option and to default `port`
option based on SSL/TLS options.
* SimpleTestCase setup to substitute the locmem backend for all defined
MAILERS configurations.
* Django's tests that send mail to define MAILERS.
Deprecated:
* EMAIL_BACKEND and other backend-related EMAIL_* settings.
* mail.get_connection().
* The `connection`, `fail_silently`, `auth_user`, and `auth_password`
arguments to mail functions.
* The EmailMessage.connection attribute.
* BaseEmailBackend support for `fail_silently`. Backends that support
fail_silently (SMTP, console, file) now implement it directly.
* AdminEmailHandler.email_backend argument.
Removed undocumented features without deprecation:
* EmailMessage.get_connection() method. (send() now raises an error if a
subclass has attempted to override it.)
* EmailMessage.send() no longer sets self.connection to the connection
used for sending. (It still _uses_ a pre-existing self.connection.)
* AdminEmailHandler.connection() method. (Init now raises an error if a
subclass has attempted to override it.)
Thanks to Natalia Bidart for shepherding DEP 0018 and for extensive
reviews and suggestions on the implementation.
Thanks to Jacob Rief for the initial implementation and multiple
iterations while refining the design.
Co-authored-by: Jacob Rief <jacob.rief@gmail.com>
|
|
Simplified and removed use of soon-to-be-deprecated or removed features
from tests for AdminEmailHandler and BrokenLinkEmailsMiddleware. Added
or updated cases to ensure `fail_silently` usage remains consistent
during the transition to email providers.
Changed custom FailingEmailBackend to respect fail_silently and record
its use in a class-level property.
In AdminEmailHandlerTest:
* Added make_log_record() helper to reduce duplicated code.
* Changed test_fail_silently() to send through the FailingEmailBackend,
which will fail if not initialized with fail_silently=True. (Rather
than inspecting attributes of a soon-to-be-deprecated connection.)
* Simplified test_uses_custom_email_backend() by replacing monkeypatches
with inspectable custom backend.
* In test_customize_send_mail_method(), removed use of the undocumented
self.connection() method and the soon-to-be-deprecated `connection`
arg to mail_managers(). This test verifies a subclass can customize
sending by mailing the managers rather than the admins. Involving a
email backend connection was irrelevant.
In BrokenLinkEmailsMiddlewareTest, added a case with FailingEmailBackend
to verify send uses fail_silently=True.
|
|
https://github.com/psf/black/releases/tag/26.1.0
|
|
|
|
- Changed EmailMessage.message() to construct a "modern email API"
email.message.EmailMessage and added policy keyword arg.
- Added support for modern MIMEPart objects in EmailMessage.attach()
(and EmailMessage constructor, EmailMessage.attachments list).
- Updated SMTP EmailBackend to use modern email.policy.SMTP.
Deprecated:
- Attaching MIMEBase objects (replace with MIMEPart)
- BadHeaderError (modern email uses ValueError)
- SafeMIMEText, SafeMIMEMultipart (unnecessary for modern email)
- django.core.mail.forbid_multi_line_headers()
(undocumented, but exposed via `__all__` and in wide use)
- django.core.mail.message.sanitize_address()
(undocumented, but in wide use)
Removed without deprecation (all undocumented):
- EmailMessage.mixed_subtype
- EmailMultiAlternatives.alternative_subtype
- Support for setting (undocumented) EmailMessage.encoding property
to a legacy email.charset.Charset object
Related changes:
- Dropped tests for incorrect RFC 2047 encoding of non-ASCII email
address localparts. This is specifically prohibited by RFC 2047, and
not supported by any known MTA or email client. (Python still
mis-applies encoded-word to non-ASCII localparts, but it is a bug that
may be fixed in the future.)
- Added tests that try to discourage using Python's legacy email APIs
in future updates to django.core.mail.
|
|
Rewrapped long docstrings and block comments to 79 characters + newline
using script from https://github.com/medmunds/autofix-w505.
|
|
In public mail APIs, changed less frequently used parameters from
keyword-or-positional to keyword-only, emitting a warning during the
required deprecation period.
|
|
rendering.
|
|
|
|
fields.
Regression in e626716c28b6286f8cf0f8174077f3d2244f3eb3.
Thanks buffgecko12 for the report and Sarah Boyce for the review.
|
|
sending fails.
On successful submission of a password reset request, an email is sent
to the accounts known to the system. If sending this email fails (due to
email backend misconfiguration, service provider outage, network issues,
etc.), an attacker might exploit this by detecting which password reset
requests succeed and which ones generate a 500 error response.
Thanks to Thibaut Spriet for the report, and to Mariusz Felisiak, Adam
Johnson, and Sarah Boyce for the reviews.
|
|
|
|
Refs #34429: Following the implementation allowing the setting of
unusable passwords via the admin site, the `BaseUserCreationForm` and
`UserCreationForm` were extended to include a new field for choosing
whether password-based authentication for the new user should be enabled
or disabled at creation time.
Given that these forms are designed to be extended when implementing
custom user models, this branch ensures that this new field is moved to
a new, admin-dedicated, user creation form `AdminUserCreationForm`.
Regression in e626716c28b6286f8cf0f8174077f3d2244f3eb3.
Thanks Simon Willison for the report, Fabian Braun and Sarah Boyce for
the review.
|
|
model.
This work also allows to subclass BaseUserCreationFormTest to reuse the
tests and assertions for testing forms that extend BaseUserCreationForm,
which is now used for UserCreationFormTest, increasing its coverage.
|
|
The auth forms using SetPasswordMixin were incorrectly including the
'This field is required.' error when additional validations (e.g.,
overriding `clean_password1`) were performed and failed.
This fix ensures accurate error reporting for password fields.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
the reset password link with a button.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
|
|
https://github.com/psf/black/releases/tag/24.1.0
|
|
Co-authored-by: Fabian Braun <fsbraun@gmx.de>
|
|
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
|
|
Regression in 298d02a77a69321af8c0023df3250663e9d1362d.
|
|
UserCreationForm.
Co-Authored-By: Neven Mundar <nmundar@gmail.com>
|
|
|
|
UserChangeForm.password's help text when using to_field.
Co-Authored-By: David Sanders <shang.xiao.sanders@gmail.com>
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
ReadOnlyPasswordHashWidget doesn't have any labelable elements.
|
|
|
|
django.core.exceptions.ValidationError.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
|
|
Co-Authored-By: Florian Apolloner <florian@apolloner.eu>
|
|
AuthenticationForm.UsernameField.
Regression in 5ceaf14686ce626404afb6a5fbd3d8286410bf13.
Thanks gopackgo90 for the report and Mariusz Felisiak for tests.
|
|
Thanks Claude Paroz for assistance with translations.
|
|
Thank you to Nick Pope for review.
Co-authored-by: CHI Cheng <cloudream@gmail.com>
|
|
|
|
html.escape()/unescape().
|
|
attribute.
This prevents automatic capitalization, which is the default behavior in
some browsers.
|
|
without installing contrib.auth."
This reverts commit 3333d935d2914cd80cf31f4803821ad5c0e2a51d due to
a crash if USERNAME_FIELD isn't a CharField.
|
|
|
|
|
|
Reverted 359370a8b8ca0efe99b1d4630b291ec060b69225 (refs #28645).
This is a security fix.
|
|
contrib.auth.
Also fixed #28608 -- Allowed UserCreationForm and UserChangeForm to
work with custom user models.
Thanks Sagar Chalise and Rômulo Collopy for reports, and Tim Graham
and Tim Martin for reviews.
|
|
error when using ModelBackend.
Regression in e0a3d937309a82b8beea8f41b17d8b6298da2a86.
Thanks Guilherme Junqueira for the report and Tim Graham for the review.
|
|
method for reuse.
|
|
from the model field.
Thanks Ramin Farajpour Cami for the report.
|
|
This will be a more useful regression test after refs #27515.
|
|
user fields.
|