| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2022-02-07 | Refs #33476 -- Reformatted code with Black. | django-bot | |
| 2022-02-01 | Fixed #30360 -- Added support for secret key rotation. | tschilling | |
| Thanks Florian Apolloner for the implementation idea. Co-authored-by: Andreas Pelme <andreas@pelme.se> Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com> | |||
| 2021-04-20 | Fixed #32664 -- Made PasswordResetTokenGenerator.secret validation lazy. | François Freitag | |
| Django apps initialization to run management command triggers the admin autodiscovery. Importing django.contrib.auth.tokens creates an instance of PasswordResetTokenGenerator which required a SECRET_KEY. For several management commands, the token generator is unused. It should only complain about a missing SECRET_KEY when it is used. | |||
| 2021-04-20 | Refs #28017 -- Added test for PasswordResetTokenGenerator subclass with a ↵ | François Freitag | |
| custom secret. | |||
| 2021-01-14 | Refs #31842 -- Removed DEFAULT_HASHING_ALGORITHM transitional setting. | Mariusz Felisiak | |
| Per deprecation timeline. | |||
| 2021-01-14 | Refs #27468 -- Removed support for the pre-Django 3.1 password reset tokens. | Mariusz Felisiak | |
| Per deprecation timeline. | |||
| 2020-10-22 | Fixed #32130 -- Fixed pre-Django 3.1 password reset tokens validation. | Mariusz Felisiak | |
| Thanks Gordon Wrigley for the report and implementation idea. Regression in 226ebb17290b604ef29e82fb5c1fbac3594ac163. | |||
| 2020-10-21 | Fixed #26615 -- Made password reset token invalidate when changing email. | Jacob Walls | |
| Co-Authored-By: Silas Barta <sbarta@gmail.com> | |||
| 2020-08-04 | Fixed #31842 -- Added DEFAULT_HASHING_ALGORITHM transitional setting. | Mariusz Felisiak | |
| It's a transitional setting helpful in migrating multiple instance of the same project to Django 3.1+. Thanks Markus Holtermann for the report and review, Florian Apolloner for the implementation idea and review, and Carlton Gibson for the review. | |||
| 2020-03-12 | Fixed random auth_tests.test_tokens.TokenGeneratorTest.test_timeout failures. | Mariusz Felisiak | |
| Random failures depended on the current timestamp. Thanks Matthijs Kooijman for the review. | |||
| 2020-02-12 | Refs #27468 -- Made PasswordResetTokenGenerator use SHA-256 algorithm. | Claude Paroz | |
| 2020-01-29 | Made token tests in auth_tests use assertIs() rather than assertTrue/False(). | Jon Dufresne | |
| 2019-11-13 | Fixed random auth_tests.test_tokens.TokenGeneratorTest.test_10265 failures. | Mariusz Felisiak | |
| Random failures depended on the current timestamp. | |||
| 2019-11-13 | Moved MockedPasswordResetTokenGenerator outside of ↵ | Mariusz Felisiak | |
| TokenGeneratorTest.test_timeout(). | |||
| 2019-09-20 | Fixed #28622 -- Allowed specifying password reset link expiration in seconds ↵ | Hasan Ramezani | |
| and deprecated PASSWORD_RESET_TIMEOUT_DAYS. | |||
| 2017-09-25 | Reverted "Fixed #28248 -- Fixed password reset tokens being valid for 1 day ↵ | Tim Graham | |
| longer than PASSWORD_RESET_TIMEOUT_DAYS." This reverts commit 95993a89ce6ca5f5e26b1c22b65c57dcb8c005e9. | |||
| 2017-05-29 | Fixed #28248 -- Fixed password reset tokens being valid for 1 day longer ↵ | Nick Zaccardi | |
| than PASSWORD_RESET_TIMEOUT_DAYS. | |||
| 2017-05-26 | Fixed #28017 -- Allowed customizing PasswordResetTokenGenerator's secret. | jannh | |
| 2017-01-18 | Refs #23919 -- Removed six.PY2/PY3 usage | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
| 2017-01-13 | Fixed #27518 -- Prevented possibie password reset token leak via HTTP ↵ | Romain Garrigues | |
| Referer header. Thanks Florian Apolloner for contributing to this patch and Collin Anderson, Markus Holtermann, and Tim Graham for review. | |||
| 2016-11-10 | Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings. | za | |
| 2016-01-29 | Refs #26022 -- Used context manager version of assertRaises in tests. | Hasan | |
| 2015-04-09 | Use mock.patch in migrations tests | Curtis Maloney | |
| Currently some of the migrations tests rely on the fact 'input' is aliased because of six, instead of using mock.patch. Replace this code with proper use of mock.patch. Also, replace one case of excessively specific python version check with testing six.PY3 | |||
| 2015-02-11 | Moved contrib.auth tests out of contrib. | Tim Graham | |
