| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2019-12-18 | [3.0.x] Fixed CVE-2019-19844 -- Used verified user email for password reset ↵ | Simon Charette | |
| requests. Backport of 5b1fbcef7a8bec991ebe7b2a18b5d5a95d72cb70 from master. Co-Authored-By: Florian Apolloner <florian@apolloner.eu> | |||
| 2019-12-02 | Fixed CVE-2019-19118 -- Required edit permissions on parent model for ↵ | Carlton Gibson | |
| editable inlines in admin. Thank you to Shen Ying for reporting this issue. | |||
| 2019-11-29 | [3.0.x] Fixed #31021 -- Fixed proxy model permissions data migration crash ↵ | Mariusz Felisiak | |
| with a multiple databases setup. Regression in 98296f86b340c8c9c968375d59f1d3a3479e60c2. Backport of e8fcdaad5c428878d0a5d6ba820d957013f75595 from master | |||
| 2019-09-18 | [3.0.x] Fixed #30776 -- Restored max length validation on ↵ | Sam Reynolds | |
| AuthenticationForm.UsernameField. Regression in 5ceaf14686ce626404afb6a5fbd3d8286410bf13. Thanks gopackgo90 for the report and Mariusz Felisiak for tests. Backport of 6c9778a58e4f680db180d4cc9dc5639d2ec1b40c from master | |||
| 2019-08-29 | Fixed #18763 -- Added ModelBackend/UserManager.with_perm() methods. | Berker Peksag | |
| Co-authored-by: Nick Pope <nick.pope@flightdataservices.com> | |||
| 2019-08-29 | Fixed #30066 -- Enabled super user creation without email and password | daniel a rios | |
| 2019-08-29 | Converted auth test to use subTest(). | Carlton Gibson | |
| 2019-08-26 | Fixed #29019 -- Added ManyToManyField support to REQUIRED_FIELDS. | Hasan Ramezani | |
| 2019-07-02 | Fixed #27801 -- Made createsuperuser fall back to environment variables for ↵ | Hasan Ramezani | |
| password and required fields. | |||
| 2019-06-28 | Fixed #30400 -- Improved typography of user facing strings. | Jon Dufresne | |
| Thanks Claude Paroz for assistance with translations. | |||
| 2019-06-14 | Fixed #12952 -- Adjusted admin log change messages to use form labels ↵ | Sanyam Khurana | |
| instead of field names. | |||
| 2019-06-10 | Fixed #30556 -- Avoided useless query and hasher call in ↵ | Aymeric Augustin | |
| ModelBackend.authenticate() when credentials aren't provided. There's no need to fetch a user instance from the database unless a username and a password are provided as credentials. | |||
| 2019-06-07 | Fixed #29379 -- Added autocomplete attribute to contrib.auth.forms fields. | Hasan Ramezani | |
| Thank you to Nick Pope for review. Co-authored-by: CHI Cheng <cloudream@gmail.com> | |||
| 2019-06-05 | Refs #30226 -- Added User.get_user_permissions() method. | Tobias Bengfort | |
| Added to mirror the existing User.get_group_permissions(). | |||
| 2019-06-05 | Fixed #30226 -- Added BaseBackend for authentication. | Tobias Bengfort | |
| 2019-05-27 | Refs #24944 -- Added test for overriding domain in email context in ↵ | Mattia Procopio | |
| PasswordResetView. | |||
| 2019-05-24 | Fixed #28780 -- Allowed specyfing a token parameter displayed in password ↵ | Rob | |
| reset URLs. Co-authored-by: Tim Givois <tim.givois.mendez@gmail.com> | |||
| 2019-05-15 | Fixed mis-capitalisation in comment. | Ally Weir | |
| 2019-04-27 | Fixed #30351 -- Handled pre-existing permissions in proxy model permissions ↵ | Carlton Gibson | |
| data migration. Regression in 181fb60159e54d442d3610f4afba6f066a6dac05. | |||
| 2019-04-25 | Fixed #30399 -- Changed django.utils.html.escape()/urlize() to use ↵ | Jon Dufresne | |
| html.escape()/unescape(). | |||
| 2019-04-14 | Renamed camelCaseTestMethods to snake_case_test_methods | Markus Holtermann | |
| 2019-03-29 | Fixed #30236 -- Made UsernameField render with autocapitalize="none" HTML ↵ | pmisteli | |
| attribute. This prevents automatic capitalization, which is the default behavior in some browsers. | |||
| 2019-03-22 | Fixed #30257 -- Made UsernameValidators prohibit trailing newlines. | Ryan J Schave | |
| 2019-03-15 | Cleaned up exception message checking in some tests. | Jon Dufresne | |
| 2019-02-14 | Refs #15902 -- Deprecated storing user's language in the session. | Claude Paroz | |
| 2019-01-17 | Increased the default PBKDF2 iterations for Django 3.0. | Tim Graham | |
| 2019-01-16 | Fixed #11154, #22270 -- Made proxy model permissions use correct content type. | Arthur Rio | |
| Co-Authored-By: Simon Charette <charette.s@gmail.com> Co-Authored-By: Antoine Catton <acatton@fusionbox.com> | |||
| 2019-01-10 | Refs #28478 -- Deprecated TestCase's allow_database_queries and multi_db in ↵ | Simon Charette | |
| favor of databases. | |||
| 2019-01-09 | Fixed #30037 -- Added request arg to RemoteUserBackend.configure_user(). | Joshua Cannon | |
| 2018-12-31 | Updated test URL patterns to use path() and re_path(). | Tim Graham | |
| 2018-12-21 | Added tests for ContentType/Group/Permission.__str__(). | Tim Graham | |
| 2018-11-27 | Made reused RequestFactory instances class attributes. | Simon Charette | |
| 2018-11-27 | Switched setUp() to setUpTestData() where possible in Django's tests. | Simon Charette | |
| 2018-11-27 | Switched TestCase to SimpleTestCase where possible in Django's tests. | Tim Graham | |
| 2018-11-15 | Fixed #29952 -- Lowercased all passwords in contrib.auth's ↵ | Mathew Payne | |
| auth/common-passwords.txt.gz. | |||
| 2018-10-10 | Refs #27795 -- Removed force_bytes() usage from django/utils/http.py. | Jon Dufresne | |
| django.utils.http.urlsafe_base64_encode() now returns a string, not a bytestring. Since URLs are represented as strings, urlsafe_base64_encode() should return a string. All uses immediately decoded the bytestring to a string anyway. As the inverse operation, urlsafe_base64_decode() accepts a string. | |||
| 2018-10-01 | Fixed #29809 -- Fixed a crash when a "view only" user POSTs to the admin ↵ | Tim Graham | |
| user change form. | |||
| 2018-10-01 | Fixed CVE-2018-16984 -- Fixed password hash disclosure to admin "view only" ↵ | Carlton Gibson | |
| users. Thanks Claude Paroz & Tim Graham for collaborating on the patch. | |||
| 2018-09-26 | Fixed #29782 -- Added better error message when filtering queryset with ↵ | Ramon Saraiva | |
| AnonymousUser. | |||
| 2018-09-26 | Refs #29784 -- Switched to https:// links where available. | Jon Dufresne | |
| 2018-09-25 | Added a test for password_changed() with a custom validator. | Alexey | |
| 2018-08-18 | Simplified how createsuperuser tests generate passwords. | Josh Schneier | |
| 2018-08-17 | Fixed #29686 -- Made UserAdmin.user_change_password() pass user to ↵ | Alexander Todorov | |
| has_change_permission(). | |||
| 2018-08-05 | Fixed #29616 -- Fixed createsuperuser for user models that don't have a ↵ | Josh Schneier | |
| password field. | |||
| 2018-08-04 | Fixed #29628 -- Made createsuperuser validate password against username and ↵ | Josh Schneier | |
| required fields. | |||
| 2018-07-02 | Fixed #29449 -- Reverted "Fixed #28757 -- Allowed using contrib.auth forms ↵ | Tim Graham | |
| without installing contrib.auth." This reverts commit 3333d935d2914cd80cf31f4803821ad5c0e2a51d due to a crash if USERNAME_FIELD isn't a CharField. | |||
| 2018-06-20 | Refs #27398 -- Simplified some tests with assertRedirects(). | Tim Graham | |
| 2018-06-20 | Fixed #27398 -- Added an assertion to compare URLs, ignoring the order of ↵ | Jan Pieter Waagmeester | |
| their query strings. | |||
| 2018-06-07 | Added a missing test for createsuperuser management command. | Hasan Ramezani | |
| 2018-06-03 | Fixed #10827 -- Ensured ContentTypes are created before permission creation. | Claude Paroz | |
