| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2020-08-04 | [3.1.x] Fixed #31842 -- Added DEFAULT_HASHING_ALGORITHM transitional setting. | Mariusz Felisiak | |
| It's a transitional setting helpful in migrating multiple instance of the same project to Django 3.1+. Thanks Markus Holtermann for the report and review, Florian Apolloner for the implementation idea and review, and Carlton Gibson for the review. Backport of d907371ef99a1e4ca6bc1660f57d81f265750984 from master. | |||
| 2020-05-14 | [3.1.x] Fixed #31575 -- Added system check for admin sidebar request context ↵ | Jon Dufresne | |
| processor dependency. Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Backport of d522b51c401429c169d88742178a9b3777903d9e from master | |||
| 2020-05-11 | Refs #30116 -- Simplified regex match group access with Match.__getitem__(). | Jon Dufresne | |
| The method has been available since Python 3.6. The shorter syntax is also marginally faster. | |||
| 2020-05-01 | Removed unnecessary inner methods in CreatesuperuserManagementCommandTestCase. | François Freitag | |
| 2020-04-29 | Refs #27468 -- Made user sessions use SHA-256 algorithm. | Mariusz Felisiak | |
| 2020-04-28 | Changed django.forms.ValidationError imports to ↵ | François Freitag | |
| django.core.exceptions.ValidationError. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2020-04-20 | Capitalized Unicode in docs, strings, and comments. | Jon Dufresne | |
| 2020-04-20 | Disabled management commands output with verbosity 0 in various tests. | François Freitag | |
| Instead of capturing the command output and discard it immediately, tell the command not to log. | |||
| 2020-04-20 | Removed unnecessary capturing of stdout/stderr in auth_tests.test_management. | François Freitag | |
| 2020-03-31 | Fixed #31375 -- Made contrib.auth.hashers.make_password() accept only bytes ↵ | Hasan Ramezani | |
| or strings. | |||
| 2020-03-31 | Refs #31375 -- Added test for contrib.auth.hashers.make_password() bytes ↵ | Hasan Ramezani | |
| support. | |||
| 2020-03-16 | Fixed #31361 -- Fixed invalid action="" in admin forms. | Jon Dufresne | |
| The attribute action="" (empty string) on the <form> element is invalid HTML5. The spec (https://html.spec.whatwg.org/#attr-fs-action) says: > The action and formaction content attributes, if specified, must have > a value that is a valid non-empty URL potentially surrounded by > spaces. Emphasis on non-empty. The action attribute is allowed to be omitted, in which case the current URL is used which is the same behavior as now. | |||
| 2020-03-12 | Fixed random auth_tests.test_tokens.TokenGeneratorTest.test_timeout failures. | Mariusz Felisiak | |
| Random failures depended on the current timestamp. Thanks Matthijs Kooijman for the review. | |||
| 2020-02-26 | Fixed #28699 -- Fixed CSRF validation with remote user middleware. | Colton Hicks | |
| Ensured process_view() always accesses the CSRF token from the session or cookie, rather than the request, as rotate_token() may have been called by an authentication middleware during the process_request() phase. | |||
| 2020-02-26 | Fixed #31289 -- Added hint for USERNAME_FIELD/REQUIRED_FIELDS system check. | aryan | |
| 2020-02-18 | Refs #26601 -- Deprecated passing None as get_response arg to middleware ↵ | Claude Paroz | |
| classes. This is the new contract since middleware refactoring in Django 1.10. Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2020-02-12 | Refs #27468 -- Made PasswordResetTokenGenerator use SHA-256 algorithm. | Claude Paroz | |
| 2020-02-12 | Removed unnecessary token regex in auth_tests URLs. | Claude Paroz | |
| All URLs in django.contrib.auth use a "<uidb64>/<token>" pattern. | |||
| 2020-02-07 | Used assertRaisesMessage() in various tests. | Hasan Ramezani | |
| 2020-01-30 | Replaced assertWarns() with SimpleTestCase.assertWarnsMessage() in tests. | Hasan Ramezani | |
| 2020-01-29 | Made token tests in auth_tests use assertIs() rather than assertTrue/False(). | Jon Dufresne | |
| 2020-01-23 | Fixed #31200 -- Added system checks for permissions codenames max length. | Michael Mulholland | |
| 2020-01-20 | Refs #31117 -- Made various tests properly handle unexpected databases aliases. | Matthijs Kooijman | |
| - Used selected "databases" instead of django.db.connections. - Made routers in tests.migrations skip migrations on unexpected databases. - Added DiscoverRunnerGetDatabasesTests.assertSkippedDatabases() hook which properly asserts messages about skipped databases. | |||
| 2020-01-03 | Refs #31040 -- Fixed crypt.crypt() call in test_hashers.py. | Mariusz Felisiak | |
| An empty string is invalid salt in Python 3 and raises exception since Python 3.9, see https://bugs.python.org/issue38402. | |||
| 2019-12-18 | Fixed CVE-2019-19844 -- Used verified user email for password reset requests. | Simon Charette | |
| Co-Authored-By: Florian Apolloner <florian@apolloner.eu> | |||
| 2019-12-10 | Fixed #26480 -- Fixed crash of contrib.auth.authenticate() on decorated ↵ | Baptiste Mispelon | |
| authenticate() methods of authentication backends. The Signature API (PEP 362) has better support for decorated functions (by default, it follows the __wrapped__ attribute set by functools.wraps for example). | |||
| 2019-12-02 | Fixed CVE-2019-19118 -- Required edit permissions on parent model for ↵ | Carlton Gibson | |
| editable inlines in admin. Thank you to Shen Ying for reporting this issue. | |||
| 2019-11-29 | Fixed #31021 -- Fixed proxy model permissions data migration crash with a ↵ | Mariusz Felisiak | |
| multiple databases setup. Regression in 98296f86b340c8c9c968375d59f1d3a3479e60c2. | |||
| 2019-11-18 | Replaced encode() usage with bytes literals. | Jon Dufresne | |
| 2019-11-13 | Fixed random auth_tests.test_tokens.TokenGeneratorTest.test_10265 failures. | Mariusz Felisiak | |
| Random failures depended on the current timestamp. | |||
| 2019-11-13 | Moved MockedPasswordResetTokenGenerator outside of ↵ | Mariusz Felisiak | |
| TokenGeneratorTest.test_timeout(). | |||
| 2019-10-23 | Added tests for middlewares' checks. | Sergey Fedoseev | |
| 2019-09-20 | Fixed #28622 -- Allowed specifying password reset link expiration in seconds ↵ | Hasan Ramezani | |
| and deprecated PASSWORD_RESET_TIMEOUT_DAYS. | |||
| 2019-09-18 | Fixed #30776 -- Restored max length validation on ↵ | Sam Reynolds | |
| AuthenticationForm.UsernameField. Regression in 5ceaf14686ce626404afb6a5fbd3d8286410bf13. Thanks gopackgo90 for the report and Mariusz Felisiak for tests. | |||
| 2019-09-12 | Increased the default PBKDF2 iterations for Django 3.1. | Carlton Gibson | |
| 2019-09-10 | Refs #30037 -- Required the RemoteUserBackend.configure_user() to have ↵ | Mariusz Felisiak | |
| request as the first positional argument. Per deprecation timeline. | |||
| 2019-08-29 | Fixed #18763 -- Added ModelBackend/UserManager.with_perm() methods. | Berker Peksag | |
| Co-authored-by: Nick Pope <nick.pope@flightdataservices.com> | |||
| 2019-08-29 | Fixed #30066 -- Enabled super user creation without email and password | daniel a rios | |
| 2019-08-29 | Converted auth test to use subTest(). | Carlton Gibson | |
| 2019-08-26 | Fixed #29019 -- Added ManyToManyField support to REQUIRED_FIELDS. | Hasan Ramezani | |
| 2019-07-02 | Fixed #27801 -- Made createsuperuser fall back to environment variables for ↵ | Hasan Ramezani | |
| password and required fields. | |||
| 2019-06-28 | Fixed #30400 -- Improved typography of user facing strings. | Jon Dufresne | |
| Thanks Claude Paroz for assistance with translations. | |||
| 2019-06-14 | Fixed #12952 -- Adjusted admin log change messages to use form labels ↵ | Sanyam Khurana | |
| instead of field names. | |||
| 2019-06-10 | Fixed #30556 -- Avoided useless query and hasher call in ↵ | Aymeric Augustin | |
| ModelBackend.authenticate() when credentials aren't provided. There's no need to fetch a user instance from the database unless a username and a password are provided as credentials. | |||
| 2019-06-07 | Fixed #29379 -- Added autocomplete attribute to contrib.auth.forms fields. | Hasan Ramezani | |
| Thank you to Nick Pope for review. Co-authored-by: CHI Cheng <cloudream@gmail.com> | |||
| 2019-06-05 | Refs #30226 -- Added User.get_user_permissions() method. | Tobias Bengfort | |
| Added to mirror the existing User.get_group_permissions(). | |||
| 2019-06-05 | Fixed #30226 -- Added BaseBackend for authentication. | Tobias Bengfort | |
| 2019-05-27 | Refs #24944 -- Added test for overriding domain in email context in ↵ | Mattia Procopio | |
| PasswordResetView. | |||
| 2019-05-24 | Fixed #28780 -- Allowed specyfing a token parameter displayed in password ↵ | Rob | |
| reset URLs. Co-authored-by: Tim Givois <tim.givois.mendez@gmail.com> | |||
| 2019-05-15 | Fixed mis-capitalisation in comment. | Ally Weir | |
