| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2018-11-15 | [2.1.x] Fixed #29952 -- Lowercased all passwords in contrib.auth's ↵ | Mathew Payne | |
| auth/common-passwords.txt.gz. Backport of 26bb2611a567d43bc258aa7806eef766b7adcfe5 from master. | |||
| 2018-10-09 | [2.1.x] Refs #29784 -- Switched to https:// links where available. | Jon Dufresne | |
| Backport of 82f286cf6f198d37850d3c5df637b5665566a66b from master. | |||
| 2018-10-01 | [2.1.x] Fixed #29809 -- Fixed a crash when a "view only" user POSTs to the ↵ | Tim Graham | |
| admin user change form. Backport of a7284cc0c3620030b43034cdf41216c0941bf411 from master | |||
| 2018-10-01 | Fixed CVE-2018-16984 -- Fixed password hash disclosure to admin "view only" ↵ | Carlton Gibson | |
| users. Thanks Claude Paroz & Tim Graham for collaborating on the patch. # Conflicts: # tests/auth_tests/test_views.py | |||
| 2018-07-02 | [2.1.x] Fixed #29449 -- Reverted "Fixed #28757 -- Allowed using contrib.auth ↵ | Tim Graham | |
| forms without installing contrib.auth." This reverts commit 3333d935d2914cd80cf31f4803821ad5c0e2a51d due to a crash if USERNAME_FIELD isn't a CharField. Backport of f3fa86a89b3b85242f49b2b9acf58b5ea35acc1f from master | |||
| 2018-05-16 | Fixed #8936 -- Added a view permission and a read-only admin. | olivierdalang | |
| Co-authored-by: Petr Dlouhy <petr.dlouhy@email.cz> Co-authored-by: Olivier Dalang <olivier.dalang@gmail.com> | |||
| 2018-05-13 | Increased the default PBKDF2 iterations for Django 2.1. | Tim Graham | |
| 2018-05-07 | Replaced django.test.utils.patch_logger() with assertLogs(). | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
| 2018-04-19 | Fixed #29212 -- Doc'd redirect loop if @permission_required used with ↵ | Nick Pope | |
| redirect_authenticated_user. | |||
| 2018-04-04 | Added additional AdminPasswordChangeForm tests. | Mads Jensen | |
| 2018-03-29 | Fixed #29270 -- Fixed UserChangeForm crash if password field is excluded. | Malte Gerth | |
| 2018-03-28 | Fixed #29258 -- Added type checking for login()'s backend argument. | Abeer Upadhyay | |
| 2018-03-22 | Fixed #28718 -- Allowed user to request a password reset if their password ↵ | Tim Graham | |
| doesn't use an enabled hasher. Regression in aeb1389442d0f9669edf6660b747fd10693b63a7. Reverted changes to is_password_usable() from 703c266682be39f7153498ad0d8031231f12ee79 and documentation changes from 92f48680dbd2e02f2b33f6ad0e35b7d337889fb2. | |||
| 2018-03-16 | Fixed hanging indentation in various code. | Mariusz Felisiak | |
| 2018-03-15 | Fixed #29206 -- Fixed PasswordResetConfirmView crash when the URL contains a ↵ | Mattia Procopio | |
| non-UUID where one is expected. | |||
| 2018-03-02 | Fixed #29176 -- Fixed AbstractBaseUser.normalize_username() crash if ↵ | Christophe Mehay | |
| username isn't a string. | |||
| 2018-02-26 | Fixed #29161 -- Removed BCryptPasswordHasher from PASSWORD_HASHERS. | Tim Graham | |
| 2018-02-21 | Fixed #29132 -- Avoided connecting update_last_login() handler if ↵ | Mikhail Porokhovnichenko | |
| User.last_login isn't a field. | |||
| 2018-02-16 | Fixed #28379 -- Made AccessMixin raise Permissiondenied for authenticated users. | Dylan Verheul | |
| 2018-02-07 | Refs #27795 -- Removed force_bytes/text() usage in tests. | Tim Graham | |
| 2018-02-01 | Fixed CVE-2018-6188 -- Fixed information leakage in AuthenticationForm. | Tim Graham | |
| Reverted 359370a8b8ca0efe99b1d4630b291ec060b69225 (refs #28645). This is a security fix. | |||
| 2018-01-05 | Fixed #28757 -- Allowed using contrib.auth forms without installing ↵ | shanghui | |
| contrib.auth. Also fixed #28608 -- Allowed UserCreationForm and UserChangeForm to work with custom user models. Thanks Sagar Chalise and Rômulo Collopy for reports, and Tim Graham and Tim Martin for reviews. | |||
| 2018-01-03 | Fixed #28982 -- Simplified code with and/or. | Дилян Палаузов | |
| 2018-01-03 | Fixed #28984 -- Made assorted code simplifications. | Tim Graham | |
| 2018-01-02 | Fixed #28902 -- Fixed password_validators_help_text_html() double escaping. | Alvin Lindstam | |
| 2017-11-08 | Fixed #28645 -- Reallowed AuthenticationForm to raise the inactive user ↵ | shanghui | |
| error when using ModelBackend. Regression in e0a3d937309a82b8beea8f41b17d8b6298da2a86. Thanks Guilherme Junqueira for the report and Tim Graham for the review. | |||
| 2017-11-06 | Fixed #28776 -- Fixed a/an/and typos in docs and comments. | Дилян Палаузов | |
| 2017-11-03 | Fixed #28571 -- Added a prompt to bypass password validation in createsuperuser. | Tom | |
| 2017-11-03 | Improved technique for matching input prompts in contrib.auth management tests. | Tim Graham | |
| 2017-10-23 | Fixed #28706 -- Moved AuthenticationFormn invalid login ValidationError to a ↵ | Jon Dufresne | |
| method for reuse. | |||
| 2017-10-20 | Fixed #27515 -- Made AuthenticationForm's username field use the max_length ↵ | Lucas Connors | |
| from the model field. Thanks Ramin Farajpour Cami for the report. | |||
| 2017-10-20 | Refs #19130 -- Added a test for AuthenticationForm.username max_length. | Lucas Connors | |
| This will be a more useful regression test after refs #27515. | |||
| 2017-10-14 | Fixed #28713 -- Prevented ModelBackend.get_all_permissions() from mutating ↵ | Yuri Kaszubowski Lopes | |
| get_user_permissions(). | |||
| 2017-10-09 | Fixed #28591 -- Added an error message for createsuperuser --username= (blank). | Hasan Ramezani | |
| 2017-09-29 | Completed test coverage for BasePasswordHasher. | Mads Jensen | |
| 2017-09-29 | Moved BasePasswordHasher tests to its own test case. | Mads Jensen | |
| 2017-09-28 | Completed test coverage for AnonymousUser. | Mads Jensen | |
| 2017-09-28 | Moved AnonymousUser tests to its own test case. | Mads Jensen | |
| 2017-09-26 | Added a test for PermWrapper.__iter__(). | Mads Jensen | |
| 2017-09-25 | Reverted "Fixed #28248 -- Fixed password reset tokens being valid for 1 day ↵ | Tim Graham | |
| longer than PASSWORD_RESET_TIMEOUT_DAYS." This reverts commit 95993a89ce6ca5f5e26b1c22b65c57dcb8c005e9. | |||
| 2017-09-22 | Refs #25187 -- Required the authenticate() method of authentication backends ↵ | Tim Graham | |
| to have request as the first positional argument. Per deprecation timeline. | |||
| 2017-09-22 | Refs #26929 -- Removed extra_context parameter of ↵ | Tim Graham | |
| contrib.auth.views.logout_then_login(). Per deprecation timeline. | |||
| 2017-09-22 | Refs #17209 -- Removed login/logout and password reset/change function-based ↵ | Tim Graham | |
| views. Per deprecation timeline. | |||
| 2017-09-09 | Fixed some comments referring to a nonexistent TestClient class. | Luoxzhg | |
| 2017-09-03 | Fixed #28550 -- Restored contrib.auth's login() and logout() views' respect ↵ | ZachLiuGIS | |
| of positional arguments. Regression in 78963495d0caadb77eb97ccf319ef0ba3b204fb5. Forwardport of f8e0557b01ebbb11478cfb012c4cafc67f1213c1 from stable/1.11.x | |||
| 2017-09-01 | Fixed test in auth_tests modifying data from setUpTestData(). | François Freitag | |
| 2017-08-24 | Fixed #28513 -- Added POST request support to LogoutView. | hui shang | |
| 2017-07-29 | Used assertRaisesMessage() to test Django's error messages. | Mads Jensen | |
| 2017-06-21 | Fixed #28127 -- Allowed UserCreationForm's password validation to check all ↵ | Andrew Pinkham | |
| user fields. | |||
| 2017-06-16 | Fixed #27787 -- Made call_command() validate the options it receives. | Chandrakant Kumar | |
