summaryrefslogtreecommitdiff
path: root/tests/auth_tests
AgeCommit message (Collapse)Author
2022-05-11Fixed #33691 -- Deprecated django.contrib.auth.hashers.CryptPasswordHasher.Mariusz Felisiak
2022-04-20Refactored out RedirectURLMixin.get_success_url().Aymeric Augustin
This also adds a default implementation of get_default_redirect_url().
2022-04-20Simplified LogoutView.get_success_url().Aymeric Augustin
This preserves the behavior of redirecting to the logout URL without query string parameters when an insecure ?next=... parameter is given. It changes the behavior of a POST to the logout URL, as shown by the test that is changed. Currently, this results in a GET to the logout URL. However, such GET requests are deprecated. This change would be necessary in Django 5.0 anyway. This commit merely anticipates it.
2022-04-18Fixed #33648 -- Prevented extra redirect in LogoutView on invalid next page ↵Aymeric Augustin
when LOGOUT_REDIRECT_URL is set.
2022-04-18Fixed various tests on MySQL with MyISAM storage engine.Mariusz Felisiak
2022-04-01Fixed #33613 -- Made createsuperuser detect uniqueness of USERNAME_FIELD ↵Lucidiot
when using Meta.constraints.
2022-03-29Fixed #15619 -- Deprecated log out via GET requests.René Fleschenberg
Thanks Florian Apolloner for the implementation idea. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-03-24Refs #15619 -- Logged out with POST requests in admin.Mariusz Felisiak
2022-03-24Refs #32365 -- Removed internal uses of utils.timezone.utc alias.Carlton Gibson
Remaining test case ensures that uses of the alias are mapped canonically by the migration writer.
2022-03-10Fixed #33561 -- Allowed synchronization of user attributes in RemoteUserBackend.Adrian Torres
2022-02-22Removed redundant QuerySet.all() calls in docs and tests.Nick Pope
Most QuerySet methods are mapped onto the Manager and, in general, it isn't necessary to call .all() on the manager.
2022-02-07Refs #33476 -- Refactored code to strictly match 88 characters line length.Mariusz Felisiak
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2022-02-01Fixed #30360 -- Added support for secret key rotation.tschilling
Thanks Florian Apolloner for the implementation idea. Co-authored-by: Andreas Pelme <andreas@pelme.se> Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com>
2022-01-04Fixed CVE-2021-45115 -- Prevented DoS vector in ↵Florian Apolloner
UserAttributeSimilarityValidator. Thanks Chris Bailey for the report. Co-authored-by: Adam Johnson <me@adamj.eu>
2021-11-11Fixed #33269 -- Made AnonymousUser/PermissionsMixin.has_perms() raise ↵Lie Ryan
ValueError on string or non-iterable perm_list.
2021-10-12Fixed #33178 -- Made createsuperuser validate required fields passed in ↵Christophe Henry
options in interactive mode.
2021-10-12Refs #33178 -- Added createsuperuser tests for validation of foreign keys.Christophe Henry
2021-10-12Refs #21755 -- Fixed createsuperuser crash for required foreign keys passed ↵Christophe Henry
in options in interactive mode. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-10-12Refs #29628, Refs #33178 -- Made createsuperuser validate password against ↵Mariusz Felisiak
required fields passed in options.
2021-10-07Fixed #33151 -- Fixed createsuperuser crash for many-to-many required fields ↵Christophe Henry
in non-interactive mode.
2021-09-20Increased the default PBKDF2 iterations for Django 4.1.Mariusz Felisiak
2021-09-06Refs #32508 -- Raised TypeError/ValueError instead of using "assert" in ↵Mateo Radman
encode() methods of remaining password hashers.
2021-08-11Refs #29898 -- Changed ProjectState.real_apps to set.Mariusz Felisiak
2021-08-02Refs #32956 -- Corrected usage of "insure" and "assure".David Smith
2021-07-22Fixed #32275 -- Added scrypt password hasher.ryowright
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-07-22Refs #32508 -- Raised TypeError/ValueError instead of using "assert" in ↵Mariusz Felisiak
encode() methods of some password hashers.
2021-07-19Fixed wording of AuthViewsTestCase's docstring.Chris Jerdonek
2021-07-07Used more specific unittest assertions in tests.Mads Jensen
2021-06-25Refs #32508 -- Raised ImproperlyConfigured/TypeError instead of using ↵Mateo Radman
"assert" in various code.
2021-05-28Refs #24121 -- Added __repr__() to PermWrapper.abhiabhi94
2021-05-20Renamed "object" argument of ModelAdmin.log_addition(), log_change(), and ↵David Sanders
log_deletion() methods.
2021-05-19Fixed #32765 -- Removed "for" HTML attribute from ReadOnlyPasswordHashWidget.David Sanders
ReadOnlyPasswordHashWidget doesn't have any labelable elements.
2021-04-20Fixed #32664 -- Made PasswordResetTokenGenerator.secret validation lazy.François Freitag
Django apps initialization to run management command triggers the admin autodiscovery. Importing django.contrib.auth.tokens creates an instance of PasswordResetTokenGenerator which required a SECRET_KEY. For several management commands, the token generator is unused. It should only complain about a missing SECRET_KEY when it is used.
2021-04-20Refs #28017 -- Added test for PasswordResetTokenGenerator subclass with a ↵François Freitag
custom secret.
2021-03-11Refs #32508 -- Raised ImproperlyConfigured instead of using "assert" in ↵Hasan Ramezani
middlewares.
2021-02-08Fixed #28216 -- Added next_page/get_default_redirect_url() to LoginView.ThinkChaos
2021-01-14Increased the default PBKDF2 iterations for Django 4.0.Mariusz Felisiak
2021-01-14Refs #31842 -- Removed DEFAULT_HASHING_ALGORITHM transitional setting.Mariusz Felisiak
Per deprecation timeline.
2021-01-14Refs #27468 -- Removed support for the pre-Django 3.1 user sessions.Mariusz Felisiak
Per deprecation timeline.
2021-01-14Refs #27468 -- Removed support for the pre-Django 3.1 password reset tokens.Mariusz Felisiak
Per deprecation timeline.
2021-01-14Refs #28622 -- Removed settings.PASSWORD_RESET_TIMEOUT_DAYS per deprecation ↵Mariusz Felisiak
timeline.
2021-01-14Fixed #31358 -- Increased salt entropy of password hashers.Jon Moroney
Co-authored-by: Florian Apolloner <florian@apolloner.eu>
2021-01-14Refs #31358 -- Added bcrypt password hashers tests for must_update() with ↵Jon Moroney
salt().
2020-12-28Refs #31358 -- Fixed decoding salt in Argon2PasswordHasher.Florian Apolloner
Argon2 encodes the salt as base64 for representation in the final hash output. To be able to accurately return the used salt from decode(), add padding, b64decode, and decode from latin1 (for the remote possibility that someone supplied a custom hash consisting solely of bytes -- this would require a manual construction of the hash though, Django's interface does not allow for that).
2020-12-03Fixed #32235 -- Made ReadOnlyPasswordHashField disabled by default.Timo Ludwig
2020-11-30Refs #31978 -- Fixed hint in admin's password reset confirmation form for ↵Mariusz Felisiak
custom username fields. Thanks Jaap Roes for the report.
2020-11-30Refs #22909 -- Removed camelCasing in auth_tests.test_templates tests.Mariusz Felisiak
2020-11-10Avoided direct styles in admin templates.Claude Paroz
Direct styles might be forbidden by Content Security Policies.
2020-10-28Refs #28215 -- Marked auth credentials as sensitive variables.Hasan Ramezani
Co-authored-by: Collin Anderson <collin@onetencommunications.com>