| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2021-10-12 | [4.0.x] Fixed #33178 -- Made createsuperuser validate required fields passed ↵ | Christophe Henry | |
| in options in interactive mode. Backport of b1b26b37aff0c80d6abdf15c5ffdf0440a9a1d6a from main. | |||
| 2021-10-12 | [4.0.x] Refs #21755 -- Fixed createsuperuser crash for required foreign keys ↵ | Christophe Henry | |
| passed in options in interactive mode. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> Backport of 4ff500f2948bfc332b3f4159021cad06e91943d3 from main | |||
| 2021-10-12 | [4.0.x] Refs #29628, Refs #33178 -- Made createsuperuser validate password ↵ | Mariusz Felisiak | |
| against required fields passed in options. Backport of da266b3c5ca4bb7581d7a3cc51bc820e78cf64f0 from main | |||
| 2021-10-07 | [4.0.x] Fixed #33151 -- Fixed createsuperuser crash for many-to-many ↵ | Christophe Henry | |
| required fields in non-interactive mode. Backport of df2d2bc95c451c6366fd522a5a1e6ed84f459f31 from main | |||
| 2021-09-06 | Refs #32508 -- Raised TypeError/ValueError instead of using "assert" in ↵ | Mateo Radman | |
| encode() methods of remaining password hashers. | |||
| 2021-08-11 | Refs #29898 -- Changed ProjectState.real_apps to set. | Mariusz Felisiak | |
| 2021-08-02 | Refs #32956 -- Corrected usage of "insure" and "assure". | David Smith | |
| 2021-07-22 | Fixed #32275 -- Added scrypt password hasher. | ryowright | |
| Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2021-07-22 | Refs #32508 -- Raised TypeError/ValueError instead of using "assert" in ↵ | Mariusz Felisiak | |
| encode() methods of some password hashers. | |||
| 2021-07-19 | Fixed wording of AuthViewsTestCase's docstring. | Chris Jerdonek | |
| 2021-07-07 | Used more specific unittest assertions in tests. | Mads Jensen | |
| 2021-06-25 | Refs #32508 -- Raised ImproperlyConfigured/TypeError instead of using ↵ | Mateo Radman | |
| "assert" in various code. | |||
| 2021-05-28 | Refs #24121 -- Added __repr__() to PermWrapper. | abhiabhi94 | |
| 2021-05-20 | Renamed "object" argument of ModelAdmin.log_addition(), log_change(), and ↵ | David Sanders | |
| log_deletion() methods. | |||
| 2021-05-19 | Fixed #32765 -- Removed "for" HTML attribute from ReadOnlyPasswordHashWidget. | David Sanders | |
| ReadOnlyPasswordHashWidget doesn't have any labelable elements. | |||
| 2021-04-20 | Fixed #32664 -- Made PasswordResetTokenGenerator.secret validation lazy. | François Freitag | |
| Django apps initialization to run management command triggers the admin autodiscovery. Importing django.contrib.auth.tokens creates an instance of PasswordResetTokenGenerator which required a SECRET_KEY. For several management commands, the token generator is unused. It should only complain about a missing SECRET_KEY when it is used. | |||
| 2021-04-20 | Refs #28017 -- Added test for PasswordResetTokenGenerator subclass with a ↵ | François Freitag | |
| custom secret. | |||
| 2021-03-11 | Refs #32508 -- Raised ImproperlyConfigured instead of using "assert" in ↵ | Hasan Ramezani | |
| middlewares. | |||
| 2021-02-08 | Fixed #28216 -- Added next_page/get_default_redirect_url() to LoginView. | ThinkChaos | |
| 2021-01-14 | Increased the default PBKDF2 iterations for Django 4.0. | Mariusz Felisiak | |
| 2021-01-14 | Refs #31842 -- Removed DEFAULT_HASHING_ALGORITHM transitional setting. | Mariusz Felisiak | |
| Per deprecation timeline. | |||
| 2021-01-14 | Refs #27468 -- Removed support for the pre-Django 3.1 user sessions. | Mariusz Felisiak | |
| Per deprecation timeline. | |||
| 2021-01-14 | Refs #27468 -- Removed support for the pre-Django 3.1 password reset tokens. | Mariusz Felisiak | |
| Per deprecation timeline. | |||
| 2021-01-14 | Refs #28622 -- Removed settings.PASSWORD_RESET_TIMEOUT_DAYS per deprecation ↵ | Mariusz Felisiak | |
| timeline. | |||
| 2021-01-14 | Fixed #31358 -- Increased salt entropy of password hashers. | Jon Moroney | |
| Co-authored-by: Florian Apolloner <florian@apolloner.eu> | |||
| 2021-01-14 | Refs #31358 -- Added bcrypt password hashers tests for must_update() with ↵ | Jon Moroney | |
| salt(). | |||
| 2020-12-28 | Refs #31358 -- Fixed decoding salt in Argon2PasswordHasher. | Florian Apolloner | |
| Argon2 encodes the salt as base64 for representation in the final hash output. To be able to accurately return the used salt from decode(), add padding, b64decode, and decode from latin1 (for the remote possibility that someone supplied a custom hash consisting solely of bytes -- this would require a manual construction of the hash though, Django's interface does not allow for that). | |||
| 2020-12-03 | Fixed #32235 -- Made ReadOnlyPasswordHashField disabled by default. | Timo Ludwig | |
| 2020-11-30 | Refs #31978 -- Fixed hint in admin's password reset confirmation form for ↵ | Mariusz Felisiak | |
| custom username fields. Thanks Jaap Roes for the report. | |||
| 2020-11-30 | Refs #22909 -- Removed camelCasing in auth_tests.test_templates tests. | Mariusz Felisiak | |
| 2020-11-10 | Avoided direct styles in admin templates. | Claude Paroz | |
| Direct styles might be forbidden by Content Security Policies. | |||
| 2020-10-28 | Refs #28215 -- Marked auth credentials as sensitive variables. | Hasan Ramezani | |
| Co-authored-by: Collin Anderson <collin@onetencommunications.com> | |||
| 2020-10-22 | Fixed #32130 -- Fixed pre-Django 3.1 password reset tokens validation. | Mariusz Felisiak | |
| Thanks Gordon Wrigley for the report and implementation idea. Regression in 226ebb17290b604ef29e82fb5c1fbac3594ac163. | |||
| 2020-10-21 | Fixed #26615 -- Made password reset token invalidate when changing email. | Jacob Walls | |
| Co-Authored-By: Silas Barta <sbarta@gmail.com> | |||
| 2020-10-20 | Fixed #32121 -- Fixed detecting uniqueness of USERNAME_FIELD when using ↵ | Hannes Ljungberg | |
| Meta.constraints. Co-authored-by: Simon Charette <charettes@users.noreply.github.com> | |||
| 2020-09-14 | Fixed #32003 -- Added obj argument to has_perm() methods in tests. | Alexander Todorov | |
| 2020-09-14 | Fixed #31789 -- Added a new headers interface to HttpResponse. | Tom Carrick | |
| 2020-09-10 | Fixed #31992 -- Made admin password reset templates use title/content_title ↵ | Jon Dufresne | |
| blocks from the base template. | |||
| 2020-09-03 | Fixed #31978 -- Added username hint to admin's password reset confirmation form. | Collin Anderson | |
| 2020-08-14 | Fixed #31878 -- Made createsuperuser respect --database option in default ↵ | Yan Mitrofanov | |
| usernames. | |||
| 2020-08-14 | Fixed typo in tests/auth_tests/test_management.py docstring. | Yan Mitrofanov | |
| 2020-08-05 | Fixed #26977 -- Made abstract models raise TypeError when instantiating. | Jacob Walls | |
| 2020-08-04 | Fixed #31842 -- Added DEFAULT_HASHING_ALGORITHM transitional setting. | Mariusz Felisiak | |
| It's a transitional setting helpful in migrating multiple instance of the same project to Django 3.1+. Thanks Markus Holtermann for the report and review, Florian Apolloner for the implementation idea and review, and Carlton Gibson for the review. | |||
| 2020-07-09 | Used urllib.parse.urljoin() in auth_tests to join URLs. | Jon Dufresne | |
| As the strings represent URLs and not paths, should use urllib to manipulate them. | |||
| 2020-07-06 | Refs #26445 -- Allowed using UserManager.create_user()/create_superuser() in ↵ | Hasan Ramezani | |
| migrations. Used app config to lookup user model in _create_user(). Thanks Markus Holtermann for the review and initial patch. Thanks Simon Charette for the implementation idea. | |||
| 2020-06-23 | Fixed #31443 -- Fixed login redirection in auth mixins when LOGIN_URL is ↵ | Frantisek Holop | |
| off-site URL. | |||
| 2020-06-23 | Refs #31358 -- Added decode() to password hashers. | Jon Moroney | |
| By convention a hasher which does not use a salt should populate the decode dict with `None` rather than omit the dict key. Co-Authored-By: Florian Apolloner <apollo13@users.noreply.github.com> | |||
| 2020-06-17 | Fixed #30472 -- Made Argon2PasswordHasher use Argon2id. | Florian Apolloner | |
| 2020-06-17 | Added test for old Argon2i hashes with version attribute. | Florian Apolloner | |
| 2020-05-15 | Refs #31395 -- Relied on setUpTestData() test data isolation in various tests. | Simon Charette | |
