summaryrefslogtreecommitdiff
path: root/tests/auth_tests/test_views.py
AgeCommit message (Collapse)Author
2021-01-14Fixed #31358 -- Increased salt entropy of password hashers.Jon Moroney
Co-authored-by: Florian Apolloner <florian@apolloner.eu>
2020-09-14Fixed #31789 -- Added a new headers interface to HttpResponse.Tom Carrick
2020-07-09Used urllib.parse.urljoin() in auth_tests to join URLs.Jon Dufresne
As the strings represent URLs and not paths, should use urllib to manipulate them.
2020-05-11Refs #30116 -- Simplified regex match group access with Match.__getitem__().Jon Dufresne
The method has been available since Python 3.6. The shorter syntax is also marginally faster.
2020-04-29Refs #27468 -- Made user sessions use SHA-256 algorithm.Mariusz Felisiak
2020-03-16Fixed #31361 -- Fixed invalid action="" in admin forms.Jon Dufresne
The attribute action="" (empty string) on the <form> element is invalid HTML5. The spec (https://html.spec.whatwg.org/#attr-fs-action) says: > The action and formaction content attributes, if specified, must have > a value that is a valid non-empty URL potentially surrounded by > spaces. Emphasis on non-empty. The action attribute is allowed to be omitted, in which case the current URL is used which is the same behavior as now.
2020-02-18Refs #26601 -- Deprecated passing None as get_response arg to middleware ↵Claude Paroz
classes. This is the new contract since middleware refactoring in Django 1.10. Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2019-12-02Fixed CVE-2019-19118 -- Required edit permissions on parent model for ↵Carlton Gibson
editable inlines in admin. Thank you to Shen Ying for reporting this issue.
2019-11-18Replaced encode() usage with bytes literals.Jon Dufresne
2019-06-14Fixed #12952 -- Adjusted admin log change messages to use form labels ↵Sanyam Khurana
instead of field names.
2019-05-27Refs #24944 -- Added test for overriding domain in email context in ↵Mattia Procopio
PasswordResetView.
2019-05-24Fixed #28780 -- Allowed specyfing a token parameter displayed in password ↵Rob
reset URLs. Co-authored-by: Tim Givois <tim.givois.mendez@gmail.com>
2019-03-15Cleaned up exception message checking in some tests.Jon Dufresne
2019-02-14Refs #15902 -- Deprecated storing user's language in the session.Claude Paroz
2018-12-31Updated test URL patterns to use path() and re_path().Tim Graham
2018-11-27Switched setUp() to setUpTestData() where possible in Django's tests.Simon Charette
2018-10-10Refs #27795 -- Removed force_bytes() usage from django/utils/http.py.Jon Dufresne
django.utils.http.urlsafe_base64_encode() now returns a string, not a bytestring. Since URLs are represented as strings, urlsafe_base64_encode() should return a string. All uses immediately decoded the bytestring to a string anyway. As the inverse operation, urlsafe_base64_decode() accepts a string.
2018-10-01Fixed #29809 -- Fixed a crash when a "view only" user POSTs to the admin ↵Tim Graham
user change form.
2018-10-01Fixed CVE-2018-16984 -- Fixed password hash disclosure to admin "view only" ↵Carlton Gibson
users. Thanks Claude Paroz & Tim Graham for collaborating on the patch.
2018-08-17Fixed #29686 -- Made UserAdmin.user_change_password() pass user to ↵Alexander Todorov
has_change_permission().
2018-06-20Refs #27398 -- Simplified some tests with assertRedirects().Tim Graham
2018-06-20Fixed #27398 -- Added an assertion to compare URLs, ignoring the order of ↵Jan Pieter Waagmeester
their query strings.
2018-05-07Replaced django.test.utils.patch_logger() with assertLogs().Claude Paroz
Thanks Tim Graham for the review.
2018-04-19Fixed #29212 -- Doc'd redirect loop if @permission_required used with ↵Nick Pope
redirect_authenticated_user.
2018-03-15Fixed #29206 -- Fixed PasswordResetConfirmView crash when the URL contains a ↵Mattia Procopio
non-UUID where one is expected.
2018-02-07Refs #27795 -- Removed force_bytes/text() usage in tests.Tim Graham
2017-09-22Refs #26929 -- Removed extra_context parameter of ↵Tim Graham
contrib.auth.views.logout_then_login(). Per deprecation timeline.
2017-09-09Fixed some comments referring to a nonexistent TestClient class.Luoxzhg
2017-08-24Fixed #28513 -- Added POST request support to LogoutView.hui shang
2017-06-13Fixed #28229 -- Fixed the value of LoginView's "next" template variable.Mikhail Golubev
2017-05-24Refs #27804 -- Used subTest() in several tests.Bruno Alla
2017-03-07Fixed #27891 -- Added PasswordResetConfirmView.post_reset_login_backend.Camilo Nova
2017-02-15Fixed #27840 -- Fixed KeyError in PasswordResetConfirmView.form_valid().Markus Holtermann
When a user is already logged in when submitting the password and password confirmation to reset a password, a KeyError occurred while removing the reset session token from the session. Refs #17209 Thanks Quentin Marlats for the report and Florian Apolloner and Tim Graham for the review.
2017-02-07Fixed #27815 -- Made LoginView pass the request kwarg to AuthenticationForm.Zoltan Gyarmati
2017-02-03Fixed spelling of "nonexistent".Tim Graham
2017-01-26Refs #23919 -- Replaced usage of django.utils.http utilities with Python ↵Claude Paroz
equivalents Thanks Tim Graham for the review.
2017-01-25Refs #23919 -- Replaced super(ClassName, self) with super().chillaranand
2017-01-24Removed unneeded force_text calls in the test suiteClaude Paroz
2017-01-18Refs #23919 -- Removed most of remaining six usageClaude Paroz
Thanks Tim Graham for the review.
2017-01-18Refs #23919 -- Removed encoding preambles and future importsClaude Paroz
2017-01-13Fixed #27518 -- Prevented possibie password reset token leak via HTTP ↵Romain Garrigues
Referer header. Thanks Florian Apolloner for contributing to this patch and Collin Anderson, Markus Holtermann, and Tim Graham for review.
2016-11-21Refs #17209 -- Fixed token verification for PasswordResetConfirmView POST ↵Florian Apolloner
requests.
2016-11-10Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings.za
2016-10-28Simplified some auth_tests with assertRedirects().Tim Graham
2016-09-07Fixed #26956 -- Added success_url_allowed_hosts to LoginView and LogoutView.Jon Dufresne
Allows specifying additional hosts to redirect after login and log out.
2016-08-19Refs #26902 -- Protected against insecure redirects in Login/LogoutView.Przemysław Suliga
2016-08-18Removed unused 'password' parameter in auth_tests.Tim Graham
2016-08-15Fixed #27009 -- Made update_session_auth_hash() rotate the session key.Tim Graham
2016-08-10Fixed #26960 -- Added PasswordResetConfirmView option to automatically log ↵jordij
in after a reset.
2016-07-28Fixed #26929 -- Deprecated extra_context parameter of ↵Andrew Nester
contrib.auth.views.logout_then_login().