summaryrefslogtreecommitdiff
path: root/tests/auth_tests
AgeCommit message (Collapse)Author
2021-10-12[4.0.x] Fixed #33178 -- Made createsuperuser validate required fields passed ↵Christophe Henry
in options in interactive mode. Backport of b1b26b37aff0c80d6abdf15c5ffdf0440a9a1d6a from main.
2021-10-12[4.0.x] Refs #21755 -- Fixed createsuperuser crash for required foreign keys ↵Christophe Henry
passed in options in interactive mode. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> Backport of 4ff500f2948bfc332b3f4159021cad06e91943d3 from main
2021-10-12[4.0.x] Refs #29628, Refs #33178 -- Made createsuperuser validate password ↵Mariusz Felisiak
against required fields passed in options. Backport of da266b3c5ca4bb7581d7a3cc51bc820e78cf64f0 from main
2021-10-07[4.0.x] Fixed #33151 -- Fixed createsuperuser crash for many-to-many ↵Christophe Henry
required fields in non-interactive mode. Backport of df2d2bc95c451c6366fd522a5a1e6ed84f459f31 from main
2021-09-06Refs #32508 -- Raised TypeError/ValueError instead of using "assert" in ↵Mateo Radman
encode() methods of remaining password hashers.
2021-08-11Refs #29898 -- Changed ProjectState.real_apps to set.Mariusz Felisiak
2021-08-02Refs #32956 -- Corrected usage of "insure" and "assure".David Smith
2021-07-22Fixed #32275 -- Added scrypt password hasher.ryowright
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-07-22Refs #32508 -- Raised TypeError/ValueError instead of using "assert" in ↵Mariusz Felisiak
encode() methods of some password hashers.
2021-07-19Fixed wording of AuthViewsTestCase's docstring.Chris Jerdonek
2021-07-07Used more specific unittest assertions in tests.Mads Jensen
2021-06-25Refs #32508 -- Raised ImproperlyConfigured/TypeError instead of using ↵Mateo Radman
"assert" in various code.
2021-05-28Refs #24121 -- Added __repr__() to PermWrapper.abhiabhi94
2021-05-20Renamed "object" argument of ModelAdmin.log_addition(), log_change(), and ↵David Sanders
log_deletion() methods.
2021-05-19Fixed #32765 -- Removed "for" HTML attribute from ReadOnlyPasswordHashWidget.David Sanders
ReadOnlyPasswordHashWidget doesn't have any labelable elements.
2021-04-20Fixed #32664 -- Made PasswordResetTokenGenerator.secret validation lazy.François Freitag
Django apps initialization to run management command triggers the admin autodiscovery. Importing django.contrib.auth.tokens creates an instance of PasswordResetTokenGenerator which required a SECRET_KEY. For several management commands, the token generator is unused. It should only complain about a missing SECRET_KEY when it is used.
2021-04-20Refs #28017 -- Added test for PasswordResetTokenGenerator subclass with a ↵François Freitag
custom secret.
2021-03-11Refs #32508 -- Raised ImproperlyConfigured instead of using "assert" in ↵Hasan Ramezani
middlewares.
2021-02-08Fixed #28216 -- Added next_page/get_default_redirect_url() to LoginView.ThinkChaos
2021-01-14Increased the default PBKDF2 iterations for Django 4.0.Mariusz Felisiak
2021-01-14Refs #31842 -- Removed DEFAULT_HASHING_ALGORITHM transitional setting.Mariusz Felisiak
Per deprecation timeline.
2021-01-14Refs #27468 -- Removed support for the pre-Django 3.1 user sessions.Mariusz Felisiak
Per deprecation timeline.
2021-01-14Refs #27468 -- Removed support for the pre-Django 3.1 password reset tokens.Mariusz Felisiak
Per deprecation timeline.
2021-01-14Refs #28622 -- Removed settings.PASSWORD_RESET_TIMEOUT_DAYS per deprecation ↵Mariusz Felisiak
timeline.
2021-01-14Fixed #31358 -- Increased salt entropy of password hashers.Jon Moroney
Co-authored-by: Florian Apolloner <florian@apolloner.eu>
2021-01-14Refs #31358 -- Added bcrypt password hashers tests for must_update() with ↵Jon Moroney
salt().
2020-12-28Refs #31358 -- Fixed decoding salt in Argon2PasswordHasher.Florian Apolloner
Argon2 encodes the salt as base64 for representation in the final hash output. To be able to accurately return the used salt from decode(), add padding, b64decode, and decode from latin1 (for the remote possibility that someone supplied a custom hash consisting solely of bytes -- this would require a manual construction of the hash though, Django's interface does not allow for that).
2020-12-03Fixed #32235 -- Made ReadOnlyPasswordHashField disabled by default.Timo Ludwig
2020-11-30Refs #31978 -- Fixed hint in admin's password reset confirmation form for ↵Mariusz Felisiak
custom username fields. Thanks Jaap Roes for the report.
2020-11-30Refs #22909 -- Removed camelCasing in auth_tests.test_templates tests.Mariusz Felisiak
2020-11-10Avoided direct styles in admin templates.Claude Paroz
Direct styles might be forbidden by Content Security Policies.
2020-10-28Refs #28215 -- Marked auth credentials as sensitive variables.Hasan Ramezani
Co-authored-by: Collin Anderson <collin@onetencommunications.com>
2020-10-22Fixed #32130 -- Fixed pre-Django 3.1 password reset tokens validation.Mariusz Felisiak
Thanks Gordon Wrigley for the report and implementation idea. Regression in 226ebb17290b604ef29e82fb5c1fbac3594ac163.
2020-10-21Fixed #26615 -- Made password reset token invalidate when changing email.Jacob Walls
Co-Authored-By: Silas Barta <sbarta@gmail.com>
2020-10-20Fixed #32121 -- Fixed detecting uniqueness of USERNAME_FIELD when using ↵Hannes Ljungberg
Meta.constraints. Co-authored-by: Simon Charette <charettes@users.noreply.github.com>
2020-09-14Fixed #32003 -- Added obj argument to has_perm() methods in tests.Alexander Todorov
2020-09-14Fixed #31789 -- Added a new headers interface to HttpResponse.Tom Carrick
2020-09-10Fixed #31992 -- Made admin password reset templates use title/content_title ↵Jon Dufresne
blocks from the base template.
2020-09-03Fixed #31978 -- Added username hint to admin's password reset confirmation form.Collin Anderson
2020-08-14Fixed #31878 -- Made createsuperuser respect --database option in default ↵Yan Mitrofanov
usernames.
2020-08-14Fixed typo in tests/auth_tests/test_management.py docstring.Yan Mitrofanov
2020-08-05Fixed #26977 -- Made abstract models raise TypeError when instantiating.Jacob Walls
2020-08-04Fixed #31842 -- Added DEFAULT_HASHING_ALGORITHM transitional setting.Mariusz Felisiak
It's a transitional setting helpful in migrating multiple instance of the same project to Django 3.1+. Thanks Markus Holtermann for the report and review, Florian Apolloner for the implementation idea and review, and Carlton Gibson for the review.
2020-07-09Used urllib.parse.urljoin() in auth_tests to join URLs.Jon Dufresne
As the strings represent URLs and not paths, should use urllib to manipulate them.
2020-07-06Refs #26445 -- Allowed using UserManager.create_user()/create_superuser() in ↵Hasan Ramezani
migrations. Used app config to lookup user model in _create_user(). Thanks Markus Holtermann for the review and initial patch. Thanks Simon Charette for the implementation idea.
2020-06-23Fixed #31443 -- Fixed login redirection in auth mixins when LOGIN_URL is ↵Frantisek Holop
off-site URL.
2020-06-23Refs #31358 -- Added decode() to password hashers.Jon Moroney
By convention a hasher which does not use a salt should populate the decode dict with `None` rather than omit the dict key. Co-Authored-By: Florian Apolloner <apollo13@users.noreply.github.com>
2020-06-17Fixed #30472 -- Made Argon2PasswordHasher use Argon2id.Florian Apolloner
2020-06-17Added test for old Argon2i hashes with version attribute.Florian Apolloner
2020-05-15Refs #31395 -- Relied on setUpTestData() test data isolation in various tests.Simon Charette