summaryrefslogtreecommitdiff
path: root/tests/auth_tests/test_tokens.py
AgeCommit message (Collapse)Author
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2022-02-01Fixed #30360 -- Added support for secret key rotation.tschilling
Thanks Florian Apolloner for the implementation idea. Co-authored-by: Andreas Pelme <andreas@pelme.se> Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com>
2021-04-20Fixed #32664 -- Made PasswordResetTokenGenerator.secret validation lazy.François Freitag
Django apps initialization to run management command triggers the admin autodiscovery. Importing django.contrib.auth.tokens creates an instance of PasswordResetTokenGenerator which required a SECRET_KEY. For several management commands, the token generator is unused. It should only complain about a missing SECRET_KEY when it is used.
2021-04-20Refs #28017 -- Added test for PasswordResetTokenGenerator subclass with a ↵François Freitag
custom secret.
2021-01-14Refs #31842 -- Removed DEFAULT_HASHING_ALGORITHM transitional setting.Mariusz Felisiak
Per deprecation timeline.
2021-01-14Refs #27468 -- Removed support for the pre-Django 3.1 password reset tokens.Mariusz Felisiak
Per deprecation timeline.
2020-10-22Fixed #32130 -- Fixed pre-Django 3.1 password reset tokens validation.Mariusz Felisiak
Thanks Gordon Wrigley for the report and implementation idea. Regression in 226ebb17290b604ef29e82fb5c1fbac3594ac163.
2020-10-21Fixed #26615 -- Made password reset token invalidate when changing email.Jacob Walls
Co-Authored-By: Silas Barta <sbarta@gmail.com>
2020-08-04Fixed #31842 -- Added DEFAULT_HASHING_ALGORITHM transitional setting.Mariusz Felisiak
It's a transitional setting helpful in migrating multiple instance of the same project to Django 3.1+. Thanks Markus Holtermann for the report and review, Florian Apolloner for the implementation idea and review, and Carlton Gibson for the review.
2020-03-12Fixed random auth_tests.test_tokens.TokenGeneratorTest.test_timeout failures.Mariusz Felisiak
Random failures depended on the current timestamp. Thanks Matthijs Kooijman for the review.
2020-02-12Refs #27468 -- Made PasswordResetTokenGenerator use SHA-256 algorithm.Claude Paroz
2020-01-29Made token tests in auth_tests use assertIs() rather than assertTrue/False().Jon Dufresne
2019-11-13Fixed random auth_tests.test_tokens.TokenGeneratorTest.test_10265 failures.Mariusz Felisiak
Random failures depended on the current timestamp.
2019-11-13Moved MockedPasswordResetTokenGenerator outside of ↵Mariusz Felisiak
TokenGeneratorTest.test_timeout().
2019-09-20Fixed #28622 -- Allowed specifying password reset link expiration in seconds ↵Hasan Ramezani
and deprecated PASSWORD_RESET_TIMEOUT_DAYS.
2017-09-25Reverted "Fixed #28248 -- Fixed password reset tokens being valid for 1 day ↵Tim Graham
longer than PASSWORD_RESET_TIMEOUT_DAYS." This reverts commit 95993a89ce6ca5f5e26b1c22b65c57dcb8c005e9.
2017-05-29Fixed #28248 -- Fixed password reset tokens being valid for 1 day longer ↵Nick Zaccardi
than PASSWORD_RESET_TIMEOUT_DAYS.
2017-05-26Fixed #28017 -- Allowed customizing PasswordResetTokenGenerator's secret.jannh
2017-01-18Refs #23919 -- Removed six.PY2/PY3 usageClaude Paroz
Thanks Tim Graham for the review.
2017-01-13Fixed #27518 -- Prevented possibie password reset token leak via HTTP ↵Romain Garrigues
Referer header. Thanks Florian Apolloner for contributing to this patch and Collin Anderson, Markus Holtermann, and Tim Graham for review.
2016-11-10Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings.za
2016-01-29Refs #26022 -- Used context manager version of assertRaises in tests.Hasan
2015-04-09Use mock.patch in migrations testsCurtis Maloney
Currently some of the migrations tests rely on the fact 'input' is aliased because of six, instead of using mock.patch. Replace this code with proper use of mock.patch. Also, replace one case of excessively specific python version check with testing six.PY3
2015-02-11Moved contrib.auth tests out of contrib.Tim Graham