| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2021-09-06 | Refs #32508 -- Raised TypeError/ValueError instead of using "assert" in ↵ | Mateo Radman | |
| encode() methods of remaining password hashers. | |||
| 2021-08-11 | Refs #29898 -- Changed ProjectState.real_apps to set. | Mariusz Felisiak | |
| 2021-08-02 | Refs #32956 -- Corrected usage of "insure" and "assure". | David Smith | |
| 2021-07-22 | Fixed #32275 -- Added scrypt password hasher. | ryowright | |
| Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2021-07-22 | Refs #32508 -- Raised TypeError/ValueError instead of using "assert" in ↵ | Mariusz Felisiak | |
| encode() methods of some password hashers. | |||
| 2021-07-19 | Fixed wording of AuthViewsTestCase's docstring. | Chris Jerdonek | |
| 2021-07-07 | Used more specific unittest assertions in tests. | Mads Jensen | |
| 2021-06-25 | Refs #32508 -- Raised ImproperlyConfigured/TypeError instead of using ↵ | Mateo Radman | |
| "assert" in various code. | |||
| 2021-05-28 | Refs #24121 -- Added __repr__() to PermWrapper. | abhiabhi94 | |
| 2021-05-20 | Renamed "object" argument of ModelAdmin.log_addition(), log_change(), and ↵ | David Sanders | |
| log_deletion() methods. | |||
| 2021-05-19 | Fixed #32765 -- Removed "for" HTML attribute from ReadOnlyPasswordHashWidget. | David Sanders | |
| ReadOnlyPasswordHashWidget doesn't have any labelable elements. | |||
| 2021-04-20 | Fixed #32664 -- Made PasswordResetTokenGenerator.secret validation lazy. | François Freitag | |
| Django apps initialization to run management command triggers the admin autodiscovery. Importing django.contrib.auth.tokens creates an instance of PasswordResetTokenGenerator which required a SECRET_KEY. For several management commands, the token generator is unused. It should only complain about a missing SECRET_KEY when it is used. | |||
| 2021-04-20 | Refs #28017 -- Added test for PasswordResetTokenGenerator subclass with a ↵ | François Freitag | |
| custom secret. | |||
| 2021-03-11 | Refs #32508 -- Raised ImproperlyConfigured instead of using "assert" in ↵ | Hasan Ramezani | |
| middlewares. | |||
| 2021-02-08 | Fixed #28216 -- Added next_page/get_default_redirect_url() to LoginView. | ThinkChaos | |
| 2021-01-14 | Increased the default PBKDF2 iterations for Django 4.0. | Mariusz Felisiak | |
| 2021-01-14 | Refs #31842 -- Removed DEFAULT_HASHING_ALGORITHM transitional setting. | Mariusz Felisiak | |
| Per deprecation timeline. | |||
| 2021-01-14 | Refs #27468 -- Removed support for the pre-Django 3.1 user sessions. | Mariusz Felisiak | |
| Per deprecation timeline. | |||
| 2021-01-14 | Refs #27468 -- Removed support for the pre-Django 3.1 password reset tokens. | Mariusz Felisiak | |
| Per deprecation timeline. | |||
| 2021-01-14 | Refs #28622 -- Removed settings.PASSWORD_RESET_TIMEOUT_DAYS per deprecation ↵ | Mariusz Felisiak | |
| timeline. | |||
| 2021-01-14 | Fixed #31358 -- Increased salt entropy of password hashers. | Jon Moroney | |
| Co-authored-by: Florian Apolloner <florian@apolloner.eu> | |||
| 2021-01-14 | Refs #31358 -- Added bcrypt password hashers tests for must_update() with ↵ | Jon Moroney | |
| salt(). | |||
| 2020-12-28 | Refs #31358 -- Fixed decoding salt in Argon2PasswordHasher. | Florian Apolloner | |
| Argon2 encodes the salt as base64 for representation in the final hash output. To be able to accurately return the used salt from decode(), add padding, b64decode, and decode from latin1 (for the remote possibility that someone supplied a custom hash consisting solely of bytes -- this would require a manual construction of the hash though, Django's interface does not allow for that). | |||
| 2020-12-03 | Fixed #32235 -- Made ReadOnlyPasswordHashField disabled by default. | Timo Ludwig | |
| 2020-11-30 | Refs #31978 -- Fixed hint in admin's password reset confirmation form for ↵ | Mariusz Felisiak | |
| custom username fields. Thanks Jaap Roes for the report. | |||
| 2020-11-30 | Refs #22909 -- Removed camelCasing in auth_tests.test_templates tests. | Mariusz Felisiak | |
| 2020-11-10 | Avoided direct styles in admin templates. | Claude Paroz | |
| Direct styles might be forbidden by Content Security Policies. | |||
| 2020-10-28 | Refs #28215 -- Marked auth credentials as sensitive variables. | Hasan Ramezani | |
| Co-authored-by: Collin Anderson <collin@onetencommunications.com> | |||
| 2020-10-22 | Fixed #32130 -- Fixed pre-Django 3.1 password reset tokens validation. | Mariusz Felisiak | |
| Thanks Gordon Wrigley for the report and implementation idea. Regression in 226ebb17290b604ef29e82fb5c1fbac3594ac163. | |||
| 2020-10-21 | Fixed #26615 -- Made password reset token invalidate when changing email. | Jacob Walls | |
| Co-Authored-By: Silas Barta <sbarta@gmail.com> | |||
| 2020-10-20 | Fixed #32121 -- Fixed detecting uniqueness of USERNAME_FIELD when using ↵ | Hannes Ljungberg | |
| Meta.constraints. Co-authored-by: Simon Charette <charettes@users.noreply.github.com> | |||
| 2020-09-14 | Fixed #32003 -- Added obj argument to has_perm() methods in tests. | Alexander Todorov | |
| 2020-09-14 | Fixed #31789 -- Added a new headers interface to HttpResponse. | Tom Carrick | |
| 2020-09-10 | Fixed #31992 -- Made admin password reset templates use title/content_title ↵ | Jon Dufresne | |
| blocks from the base template. | |||
| 2020-09-03 | Fixed #31978 -- Added username hint to admin's password reset confirmation form. | Collin Anderson | |
| 2020-08-14 | Fixed #31878 -- Made createsuperuser respect --database option in default ↵ | Yan Mitrofanov | |
| usernames. | |||
| 2020-08-14 | Fixed typo in tests/auth_tests/test_management.py docstring. | Yan Mitrofanov | |
| 2020-08-05 | Fixed #26977 -- Made abstract models raise TypeError when instantiating. | Jacob Walls | |
| 2020-08-04 | Fixed #31842 -- Added DEFAULT_HASHING_ALGORITHM transitional setting. | Mariusz Felisiak | |
| It's a transitional setting helpful in migrating multiple instance of the same project to Django 3.1+. Thanks Markus Holtermann for the report and review, Florian Apolloner for the implementation idea and review, and Carlton Gibson for the review. | |||
| 2020-07-09 | Used urllib.parse.urljoin() in auth_tests to join URLs. | Jon Dufresne | |
| As the strings represent URLs and not paths, should use urllib to manipulate them. | |||
| 2020-07-06 | Refs #26445 -- Allowed using UserManager.create_user()/create_superuser() in ↵ | Hasan Ramezani | |
| migrations. Used app config to lookup user model in _create_user(). Thanks Markus Holtermann for the review and initial patch. Thanks Simon Charette for the implementation idea. | |||
| 2020-06-23 | Fixed #31443 -- Fixed login redirection in auth mixins when LOGIN_URL is ↵ | Frantisek Holop | |
| off-site URL. | |||
| 2020-06-23 | Refs #31358 -- Added decode() to password hashers. | Jon Moroney | |
| By convention a hasher which does not use a salt should populate the decode dict with `None` rather than omit the dict key. Co-Authored-By: Florian Apolloner <apollo13@users.noreply.github.com> | |||
| 2020-06-17 | Fixed #30472 -- Made Argon2PasswordHasher use Argon2id. | Florian Apolloner | |
| 2020-06-17 | Added test for old Argon2i hashes with version attribute. | Florian Apolloner | |
| 2020-05-15 | Refs #31395 -- Relied on setUpTestData() test data isolation in various tests. | Simon Charette | |
| 2020-05-14 | Fixed #31575 -- Added system check for admin sidebar request context ↵ | Jon Dufresne | |
| processor dependency. Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> | |||
| 2020-05-13 | Disabled management commands output with verbosity 0 in various tests. | François Freitag | |
| 2020-05-13 | Increased the default PBKDF2 iterations for Django 3.2. | Mariusz Felisiak | |
| 2020-05-11 | Refs #30116 -- Simplified regex match group access with Match.__getitem__(). | Jon Dufresne | |
| The method has been available since Python 3.6. The shorter syntax is also marginally faster. | |||
