| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2023-03-28 | [4.2.x] Fixed #34438 -- Reallowed extending UserCreationForm. | Gary Jarrel | |
| Regression in 298d02a77a69321af8c0023df3250663e9d1362d. Backport of fcc7dc5781667932bf0bf8bec76df458836e5e95 from main | |||
| 2023-03-08 | [4.2.x] Fixed #34384 -- Fixed session validation when rotation secret keys. | David Wobrock | |
| Bug in 0dcd549bbe36c060f536ec270d34d9e7d4b8e6c7. Thanks Eric Zarowny for the report. Backport of 2396933ca99c6bfb53bda9e53968760316646e01 from main | |||
| 2023-02-04 | [4.2.x] Increased the default PBKDF2 iterations for Django 4.2. | Mariusz Felisiak | |
| See https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2. Thanks Markus Holtermann for the report. | |||
| 2023-02-01 | [4.2.x] Refs #33476 -- Applied Black's 2023 stable style. | David Smith | |
| Black 23.1.0 is released which, as the first release of the year, introduces the 2023 stable style. This incorporates most of last year's preview style. https://github.com/psf/black/releases/tag/23.1.0 Backport of 097e3a70c1481ee7b042b2edd91b2be86fb7b5b6 from main | |||
| 2023-01-04 | Refs #34074 -- Used headers argument for RequestFactory and Client in docs ↵ | David Wobrock | |
| and tests. | |||
| 2022-12-29 | Fixed #25617 -- Added case-insensitive unique username validation in ↵ | Paul Schilling | |
| UserCreationForm. Co-Authored-By: Neven Mundar <nmundar@gmail.com> | |||
| 2022-12-24 | Fixed #34165 -- Made permissions creation respect the "using" parameter. | David Wobrock | |
| 2022-11-29 | Fixed #34187 -- Made UserCreationForm save many-to-many fields. | sdolemelipone | |
| 2022-11-10 | Updated documentation and comments for RFC updates. | Nick Pope | |
| - Updated references to RFC 1123 to RFC 5322 - Only partial as RFC 5322 sort of sub-references RFC 1123. - Updated references to RFC 2388 to RFC 7578 - Except RFC 2388 Section 5.3 which has no equivalent. - Updated references to RFC 2396 to RFC 3986 - Updated references to RFC 2616 to RFC 9110 - Updated references to RFC 3066 to RFC 5646 - Updated references to RFC 7230 to RFC 9112 - Updated references to RFC 7231 to RFC 9110 - Updated references to RFC 7232 to RFC 9110 - Updated references to RFC 7234 to RFC 9111 - Tidied up style of text when referring to RFC documents | |||
| 2022-10-27 | Fixed #34066 -- Fixed link to password reset view in ↵ | Simon Kern | |
| UserChangeForm.password's help text when using to_field. Co-Authored-By: David Sanders <shang.xiao.sanders@gmail.com> Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2022-10-26 | Completed test coverage for contrib.auth.forms. | Marcelo Galigniana | |
| 2022-10-20 | Skipped scrypt tests when OpenSSL 1.1+ is not installed. | HieuPham9720 | |
| 2022-09-27 | Completed test coverage for createsuperuser command. | Marcelo Galigniana | |
| 2022-09-01 | Fixed ReadOnlyPasswordHashWidget's template for RTL languages. | Shai Berger | |
| 2022-07-23 | Refs #33691 -- Deprecated insecure password hashers. | Claude Paroz | |
| SHA1PasswordHasher, UnsaltedSHA1PasswordHasher, and UnsaltedMD5PasswordHasher are now deprecated. | |||
| 2022-06-03 | Fixed #33764 -- Deprecated BaseUserManager.make_random_password(). | Ciaran McCormick | |
| 2022-05-25 | Renamed wrapped functions to wrapper. | Aymeric Augustin | |
| All these functions are wrapping another function. They're the wrapper, while the function they're wrapping is the wrapped. | |||
| 2022-05-17 | Increased the default PBKDF2 iterations for Django 4.2. | Carlton Gibson | |
| 2022-05-11 | Fixed #33691 -- Deprecated django.contrib.auth.hashers.CryptPasswordHasher. | Mariusz Felisiak | |
| 2022-04-20 | Refactored out RedirectURLMixin.get_success_url(). | Aymeric Augustin | |
| This also adds a default implementation of get_default_redirect_url(). | |||
| 2022-04-20 | Simplified LogoutView.get_success_url(). | Aymeric Augustin | |
| This preserves the behavior of redirecting to the logout URL without query string parameters when an insecure ?next=... parameter is given. It changes the behavior of a POST to the logout URL, as shown by the test that is changed. Currently, this results in a GET to the logout URL. However, such GET requests are deprecated. This change would be necessary in Django 5.0 anyway. This commit merely anticipates it. | |||
| 2022-04-18 | Fixed #33648 -- Prevented extra redirect in LogoutView on invalid next page ↵ | Aymeric Augustin | |
| when LOGOUT_REDIRECT_URL is set. | |||
| 2022-04-18 | Fixed various tests on MySQL with MyISAM storage engine. | Mariusz Felisiak | |
| 2022-04-01 | Fixed #33613 -- Made createsuperuser detect uniqueness of USERNAME_FIELD ↵ | Lucidiot | |
| when using Meta.constraints. | |||
| 2022-03-29 | Fixed #15619 -- Deprecated log out via GET requests. | René Fleschenberg | |
| Thanks Florian Apolloner for the implementation idea. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2022-03-24 | Refs #15619 -- Logged out with POST requests in admin. | Mariusz Felisiak | |
| 2022-03-24 | Refs #32365 -- Removed internal uses of utils.timezone.utc alias. | Carlton Gibson | |
| Remaining test case ensures that uses of the alias are mapped canonically by the migration writer. | |||
| 2022-03-10 | Fixed #33561 -- Allowed synchronization of user attributes in RemoteUserBackend. | Adrian Torres | |
| 2022-02-22 | Removed redundant QuerySet.all() calls in docs and tests. | Nick Pope | |
| Most QuerySet methods are mapped onto the Manager and, in general, it isn't necessary to call .all() on the manager. | |||
| 2022-02-07 | Refs #33476 -- Refactored code to strictly match 88 characters line length. | Mariusz Felisiak | |
| 2022-02-07 | Refs #33476 -- Reformatted code with Black. | django-bot | |
| 2022-02-01 | Fixed #30360 -- Added support for secret key rotation. | tschilling | |
| Thanks Florian Apolloner for the implementation idea. Co-authored-by: Andreas Pelme <andreas@pelme.se> Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com> | |||
| 2022-01-04 | Fixed CVE-2021-45115 -- Prevented DoS vector in ↵ | Florian Apolloner | |
| UserAttributeSimilarityValidator. Thanks Chris Bailey for the report. Co-authored-by: Adam Johnson <me@adamj.eu> | |||
| 2021-11-11 | Fixed #33269 -- Made AnonymousUser/PermissionsMixin.has_perms() raise ↵ | Lie Ryan | |
| ValueError on string or non-iterable perm_list. | |||
| 2021-10-12 | Fixed #33178 -- Made createsuperuser validate required fields passed in ↵ | Christophe Henry | |
| options in interactive mode. | |||
| 2021-10-12 | Refs #33178 -- Added createsuperuser tests for validation of foreign keys. | Christophe Henry | |
| 2021-10-12 | Refs #21755 -- Fixed createsuperuser crash for required foreign keys passed ↵ | Christophe Henry | |
| in options in interactive mode. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2021-10-12 | Refs #29628, Refs #33178 -- Made createsuperuser validate password against ↵ | Mariusz Felisiak | |
| required fields passed in options. | |||
| 2021-10-07 | Fixed #33151 -- Fixed createsuperuser crash for many-to-many required fields ↵ | Christophe Henry | |
| in non-interactive mode. | |||
| 2021-09-20 | Increased the default PBKDF2 iterations for Django 4.1. | Mariusz Felisiak | |
| 2021-09-06 | Refs #32508 -- Raised TypeError/ValueError instead of using "assert" in ↵ | Mateo Radman | |
| encode() methods of remaining password hashers. | |||
| 2021-08-11 | Refs #29898 -- Changed ProjectState.real_apps to set. | Mariusz Felisiak | |
| 2021-08-02 | Refs #32956 -- Corrected usage of "insure" and "assure". | David Smith | |
| 2021-07-22 | Fixed #32275 -- Added scrypt password hasher. | ryowright | |
| Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2021-07-22 | Refs #32508 -- Raised TypeError/ValueError instead of using "assert" in ↵ | Mariusz Felisiak | |
| encode() methods of some password hashers. | |||
| 2021-07-19 | Fixed wording of AuthViewsTestCase's docstring. | Chris Jerdonek | |
| 2021-07-07 | Used more specific unittest assertions in tests. | Mads Jensen | |
| 2021-06-25 | Refs #32508 -- Raised ImproperlyConfigured/TypeError instead of using ↵ | Mateo Radman | |
| "assert" in various code. | |||
| 2021-05-28 | Refs #24121 -- Added __repr__() to PermWrapper. | abhiabhi94 | |
| 2021-05-20 | Renamed "object" argument of ModelAdmin.log_addition(), log_change(), and ↵ | David Sanders | |
| log_deletion() methods. | |||
