summaryrefslogtreecommitdiff
path: root/tests/auth_tests
AgeCommit message (Collapse)Author
2021-09-06Refs #32508 -- Raised TypeError/ValueError instead of using "assert" in ↵Mateo Radman
encode() methods of remaining password hashers.
2021-08-11Refs #29898 -- Changed ProjectState.real_apps to set.Mariusz Felisiak
2021-08-02Refs #32956 -- Corrected usage of "insure" and "assure".David Smith
2021-07-22Fixed #32275 -- Added scrypt password hasher.ryowright
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-07-22Refs #32508 -- Raised TypeError/ValueError instead of using "assert" in ↵Mariusz Felisiak
encode() methods of some password hashers.
2021-07-19Fixed wording of AuthViewsTestCase's docstring.Chris Jerdonek
2021-07-07Used more specific unittest assertions in tests.Mads Jensen
2021-06-25Refs #32508 -- Raised ImproperlyConfigured/TypeError instead of using ↵Mateo Radman
"assert" in various code.
2021-05-28Refs #24121 -- Added __repr__() to PermWrapper.abhiabhi94
2021-05-20Renamed "object" argument of ModelAdmin.log_addition(), log_change(), and ↵David Sanders
log_deletion() methods.
2021-05-19Fixed #32765 -- Removed "for" HTML attribute from ReadOnlyPasswordHashWidget.David Sanders
ReadOnlyPasswordHashWidget doesn't have any labelable elements.
2021-04-20Fixed #32664 -- Made PasswordResetTokenGenerator.secret validation lazy.François Freitag
Django apps initialization to run management command triggers the admin autodiscovery. Importing django.contrib.auth.tokens creates an instance of PasswordResetTokenGenerator which required a SECRET_KEY. For several management commands, the token generator is unused. It should only complain about a missing SECRET_KEY when it is used.
2021-04-20Refs #28017 -- Added test for PasswordResetTokenGenerator subclass with a ↵François Freitag
custom secret.
2021-03-11Refs #32508 -- Raised ImproperlyConfigured instead of using "assert" in ↵Hasan Ramezani
middlewares.
2021-02-08Fixed #28216 -- Added next_page/get_default_redirect_url() to LoginView.ThinkChaos
2021-01-14Increased the default PBKDF2 iterations for Django 4.0.Mariusz Felisiak
2021-01-14Refs #31842 -- Removed DEFAULT_HASHING_ALGORITHM transitional setting.Mariusz Felisiak
Per deprecation timeline.
2021-01-14Refs #27468 -- Removed support for the pre-Django 3.1 user sessions.Mariusz Felisiak
Per deprecation timeline.
2021-01-14Refs #27468 -- Removed support for the pre-Django 3.1 password reset tokens.Mariusz Felisiak
Per deprecation timeline.
2021-01-14Refs #28622 -- Removed settings.PASSWORD_RESET_TIMEOUT_DAYS per deprecation ↵Mariusz Felisiak
timeline.
2021-01-14Fixed #31358 -- Increased salt entropy of password hashers.Jon Moroney
Co-authored-by: Florian Apolloner <florian@apolloner.eu>
2021-01-14Refs #31358 -- Added bcrypt password hashers tests for must_update() with ↵Jon Moroney
salt().
2020-12-28Refs #31358 -- Fixed decoding salt in Argon2PasswordHasher.Florian Apolloner
Argon2 encodes the salt as base64 for representation in the final hash output. To be able to accurately return the used salt from decode(), add padding, b64decode, and decode from latin1 (for the remote possibility that someone supplied a custom hash consisting solely of bytes -- this would require a manual construction of the hash though, Django's interface does not allow for that).
2020-12-03Fixed #32235 -- Made ReadOnlyPasswordHashField disabled by default.Timo Ludwig
2020-11-30Refs #31978 -- Fixed hint in admin's password reset confirmation form for ↵Mariusz Felisiak
custom username fields. Thanks Jaap Roes for the report.
2020-11-30Refs #22909 -- Removed camelCasing in auth_tests.test_templates tests.Mariusz Felisiak
2020-11-10Avoided direct styles in admin templates.Claude Paroz
Direct styles might be forbidden by Content Security Policies.
2020-10-28Refs #28215 -- Marked auth credentials as sensitive variables.Hasan Ramezani
Co-authored-by: Collin Anderson <collin@onetencommunications.com>
2020-10-22Fixed #32130 -- Fixed pre-Django 3.1 password reset tokens validation.Mariusz Felisiak
Thanks Gordon Wrigley for the report and implementation idea. Regression in 226ebb17290b604ef29e82fb5c1fbac3594ac163.
2020-10-21Fixed #26615 -- Made password reset token invalidate when changing email.Jacob Walls
Co-Authored-By: Silas Barta <sbarta@gmail.com>
2020-10-20Fixed #32121 -- Fixed detecting uniqueness of USERNAME_FIELD when using ↵Hannes Ljungberg
Meta.constraints. Co-authored-by: Simon Charette <charettes@users.noreply.github.com>
2020-09-14Fixed #32003 -- Added obj argument to has_perm() methods in tests.Alexander Todorov
2020-09-14Fixed #31789 -- Added a new headers interface to HttpResponse.Tom Carrick
2020-09-10Fixed #31992 -- Made admin password reset templates use title/content_title ↵Jon Dufresne
blocks from the base template.
2020-09-03Fixed #31978 -- Added username hint to admin's password reset confirmation form.Collin Anderson
2020-08-14Fixed #31878 -- Made createsuperuser respect --database option in default ↵Yan Mitrofanov
usernames.
2020-08-14Fixed typo in tests/auth_tests/test_management.py docstring.Yan Mitrofanov
2020-08-05Fixed #26977 -- Made abstract models raise TypeError when instantiating.Jacob Walls
2020-08-04Fixed #31842 -- Added DEFAULT_HASHING_ALGORITHM transitional setting.Mariusz Felisiak
It's a transitional setting helpful in migrating multiple instance of the same project to Django 3.1+. Thanks Markus Holtermann for the report and review, Florian Apolloner for the implementation idea and review, and Carlton Gibson for the review.
2020-07-09Used urllib.parse.urljoin() in auth_tests to join URLs.Jon Dufresne
As the strings represent URLs and not paths, should use urllib to manipulate them.
2020-07-06Refs #26445 -- Allowed using UserManager.create_user()/create_superuser() in ↵Hasan Ramezani
migrations. Used app config to lookup user model in _create_user(). Thanks Markus Holtermann for the review and initial patch. Thanks Simon Charette for the implementation idea.
2020-06-23Fixed #31443 -- Fixed login redirection in auth mixins when LOGIN_URL is ↵Frantisek Holop
off-site URL.
2020-06-23Refs #31358 -- Added decode() to password hashers.Jon Moroney
By convention a hasher which does not use a salt should populate the decode dict with `None` rather than omit the dict key. Co-Authored-By: Florian Apolloner <apollo13@users.noreply.github.com>
2020-06-17Fixed #30472 -- Made Argon2PasswordHasher use Argon2id.Florian Apolloner
2020-06-17Added test for old Argon2i hashes with version attribute.Florian Apolloner
2020-05-15Refs #31395 -- Relied on setUpTestData() test data isolation in various tests.Simon Charette
2020-05-14Fixed #31575 -- Added system check for admin sidebar request context ↵Jon Dufresne
processor dependency. Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
2020-05-13Disabled management commands output with verbosity 0 in various tests.François Freitag
2020-05-13Increased the default PBKDF2 iterations for Django 3.2.Mariusz Felisiak
2020-05-11Refs #30116 -- Simplified regex match group access with Match.__getitem__().Jon Dufresne
The method has been available since Python 3.6. The shorter syntax is also marginally faster.