summaryrefslogtreecommitdiff
path: root/tests/auth_tests
AgeCommit message (Collapse)Author
2019-12-02Fixed CVE-2019-19118 -- Required edit permissions on parent model for ↵Carlton Gibson
editable inlines in admin. Thank you to Shen Ying for reporting this issue.
2019-11-29[3.0.x] Fixed #31021 -- Fixed proxy model permissions data migration crash ↵Mariusz Felisiak
with a multiple databases setup. Regression in 98296f86b340c8c9c968375d59f1d3a3479e60c2. Backport of e8fcdaad5c428878d0a5d6ba820d957013f75595 from master
2019-09-18[3.0.x] Fixed #30776 -- Restored max length validation on ↵Sam Reynolds
AuthenticationForm.UsernameField. Regression in 5ceaf14686ce626404afb6a5fbd3d8286410bf13. Thanks gopackgo90 for the report and Mariusz Felisiak for tests. Backport of 6c9778a58e4f680db180d4cc9dc5639d2ec1b40c from master
2019-08-29Fixed #18763 -- Added ModelBackend/UserManager.with_perm() methods.Berker Peksag
Co-authored-by: Nick Pope <nick.pope@flightdataservices.com>
2019-08-29Fixed #30066 -- Enabled super user creation without email and passworddaniel a rios
2019-08-29Converted auth test to use subTest().Carlton Gibson
2019-08-26Fixed #29019 -- Added ManyToManyField support to REQUIRED_FIELDS.Hasan Ramezani
2019-07-02Fixed #27801 -- Made createsuperuser fall back to environment variables for ↵Hasan Ramezani
password and required fields.
2019-06-28Fixed #30400 -- Improved typography of user facing strings.Jon Dufresne
Thanks Claude Paroz for assistance with translations.
2019-06-14Fixed #12952 -- Adjusted admin log change messages to use form labels ↵Sanyam Khurana
instead of field names.
2019-06-10Fixed #30556 -- Avoided useless query and hasher call in ↵Aymeric Augustin
ModelBackend.authenticate() when credentials aren't provided. There's no need to fetch a user instance from the database unless a username and a password are provided as credentials.
2019-06-07Fixed #29379 -- Added autocomplete attribute to contrib.auth.forms fields.Hasan Ramezani
Thank you to Nick Pope for review. Co-authored-by: CHI Cheng <cloudream@gmail.com>
2019-06-05Refs #30226 -- Added User.get_user_permissions() method.Tobias Bengfort
Added to mirror the existing User.get_group_permissions().
2019-06-05Fixed #30226 -- Added BaseBackend for authentication.Tobias Bengfort
2019-05-27Refs #24944 -- Added test for overriding domain in email context in ↵Mattia Procopio
PasswordResetView.
2019-05-24Fixed #28780 -- Allowed specyfing a token parameter displayed in password ↵Rob
reset URLs. Co-authored-by: Tim Givois <tim.givois.mendez@gmail.com>
2019-05-15Fixed mis-capitalisation in comment.Ally Weir
2019-04-27Fixed #30351 -- Handled pre-existing permissions in proxy model permissions ↵Carlton Gibson
data migration. Regression in 181fb60159e54d442d3610f4afba6f066a6dac05.
2019-04-25Fixed #30399 -- Changed django.utils.html.escape()/urlize() to use ↵Jon Dufresne
html.escape()/unescape().
2019-04-14Renamed camelCaseTestMethods to snake_case_test_methodsMarkus Holtermann
2019-03-29Fixed #30236 -- Made UsernameField render with autocapitalize="none" HTML ↵pmisteli
attribute. This prevents automatic capitalization, which is the default behavior in some browsers.
2019-03-22Fixed #30257 -- Made UsernameValidators prohibit trailing newlines.Ryan J Schave
2019-03-15Cleaned up exception message checking in some tests.Jon Dufresne
2019-02-14Refs #15902 -- Deprecated storing user's language in the session.Claude Paroz
2019-01-17Increased the default PBKDF2 iterations for Django 3.0.Tim Graham
2019-01-16Fixed #11154, #22270 -- Made proxy model permissions use correct content type.Arthur Rio
Co-Authored-By: Simon Charette <charette.s@gmail.com> Co-Authored-By: Antoine Catton <acatton@fusionbox.com>
2019-01-10Refs #28478 -- Deprecated TestCase's allow_database_queries and multi_db in ↵Simon Charette
favor of databases.
2019-01-09Fixed #30037 -- Added request arg to RemoteUserBackend.configure_user().Joshua Cannon
2018-12-31Updated test URL patterns to use path() and re_path().Tim Graham
2018-12-21Added tests for ContentType/Group/Permission.__str__().Tim Graham
2018-11-27Made reused RequestFactory instances class attributes.Simon Charette
2018-11-27Switched setUp() to setUpTestData() where possible in Django's tests.Simon Charette
2018-11-27Switched TestCase to SimpleTestCase where possible in Django's tests.Tim Graham
2018-11-15Fixed #29952 -- Lowercased all passwords in contrib.auth's ↵Mathew Payne
auth/common-passwords.txt.gz.
2018-10-10Refs #27795 -- Removed force_bytes() usage from django/utils/http.py.Jon Dufresne
django.utils.http.urlsafe_base64_encode() now returns a string, not a bytestring. Since URLs are represented as strings, urlsafe_base64_encode() should return a string. All uses immediately decoded the bytestring to a string anyway. As the inverse operation, urlsafe_base64_decode() accepts a string.
2018-10-01Fixed #29809 -- Fixed a crash when a "view only" user POSTs to the admin ↵Tim Graham
user change form.
2018-10-01Fixed CVE-2018-16984 -- Fixed password hash disclosure to admin "view only" ↵Carlton Gibson
users. Thanks Claude Paroz & Tim Graham for collaborating on the patch.
2018-09-26Fixed #29782 -- Added better error message when filtering queryset with ↵Ramon Saraiva
AnonymousUser.
2018-09-26Refs #29784 -- Switched to https:// links where available.Jon Dufresne
2018-09-25Added a test for password_changed() with a custom validator.Alexey
2018-08-18Simplified how createsuperuser tests generate passwords.Josh Schneier
2018-08-17Fixed #29686 -- Made UserAdmin.user_change_password() pass user to ↵Alexander Todorov
has_change_permission().
2018-08-05Fixed #29616 -- Fixed createsuperuser for user models that don't have a ↵Josh Schneier
password field.
2018-08-04Fixed #29628 -- Made createsuperuser validate password against username and ↵Josh Schneier
required fields.
2018-07-02Fixed #29449 -- Reverted "Fixed #28757 -- Allowed using contrib.auth forms ↵Tim Graham
without installing contrib.auth." This reverts commit 3333d935d2914cd80cf31f4803821ad5c0e2a51d due to a crash if USERNAME_FIELD isn't a CharField.
2018-06-20Refs #27398 -- Simplified some tests with assertRedirects().Tim Graham
2018-06-20Fixed #27398 -- Added an assertion to compare URLs, ignoring the order of ↵Jan Pieter Waagmeester
their query strings.
2018-06-07Added a missing test for createsuperuser management command.Hasan Ramezani
2018-06-03Fixed #10827 -- Ensured ContentTypes are created before permission creation.Claude Paroz
2018-05-29Fixed #28044 -- Unified the logic for createsuperuser's interactive and ↵Dohyeon Kim
--noinput modes.