summaryrefslogtreecommitdiff
path: root/tests/auth_tests
AgeCommit message (Collapse)Author
2023-03-28[4.2.x] Fixed #34438 -- Reallowed extending UserCreationForm.Gary Jarrel
Regression in 298d02a77a69321af8c0023df3250663e9d1362d. Backport of fcc7dc5781667932bf0bf8bec76df458836e5e95 from main
2023-03-08[4.2.x] Fixed #34384 -- Fixed session validation when rotation secret keys.David Wobrock
Bug in 0dcd549bbe36c060f536ec270d34d9e7d4b8e6c7. Thanks Eric Zarowny for the report. Backport of 2396933ca99c6bfb53bda9e53968760316646e01 from main
2023-02-04[4.2.x] Increased the default PBKDF2 iterations for Django 4.2.Mariusz Felisiak
See https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2. Thanks Markus Holtermann for the report.
2023-02-01[4.2.x] Refs #33476 -- Applied Black's 2023 stable style.David Smith
Black 23.1.0 is released which, as the first release of the year, introduces the 2023 stable style. This incorporates most of last year's preview style. https://github.com/psf/black/releases/tag/23.1.0 Backport of 097e3a70c1481ee7b042b2edd91b2be86fb7b5b6 from main
2023-01-04Refs #34074 -- Used headers argument for RequestFactory and Client in docs ↵David Wobrock
and tests.
2022-12-29Fixed #25617 -- Added case-insensitive unique username validation in ↵Paul Schilling
UserCreationForm. Co-Authored-By: Neven Mundar <nmundar@gmail.com>
2022-12-24Fixed #34165 -- Made permissions creation respect the "using" parameter.David Wobrock
2022-11-29Fixed #34187 -- Made UserCreationForm save many-to-many fields.sdolemelipone
2022-11-10Updated documentation and comments for RFC updates.Nick Pope
- Updated references to RFC 1123 to RFC 5322 - Only partial as RFC 5322 sort of sub-references RFC 1123. - Updated references to RFC 2388 to RFC 7578 - Except RFC 2388 Section 5.3 which has no equivalent. - Updated references to RFC 2396 to RFC 3986 - Updated references to RFC 2616 to RFC 9110 - Updated references to RFC 3066 to RFC 5646 - Updated references to RFC 7230 to RFC 9112 - Updated references to RFC 7231 to RFC 9110 - Updated references to RFC 7232 to RFC 9110 - Updated references to RFC 7234 to RFC 9111 - Tidied up style of text when referring to RFC documents
2022-10-27Fixed #34066 -- Fixed link to password reset view in ↵Simon Kern
UserChangeForm.password's help text when using to_field. Co-Authored-By: David Sanders <shang.xiao.sanders@gmail.com> Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-10-26Completed test coverage for contrib.auth.forms.Marcelo Galigniana
2022-10-20Skipped scrypt tests when OpenSSL 1.1+ is not installed.HieuPham9720
2022-09-27Completed test coverage for createsuperuser command.Marcelo Galigniana
2022-09-01Fixed ReadOnlyPasswordHashWidget's template for RTL languages.Shai Berger
2022-07-23Refs #33691 -- Deprecated insecure password hashers.Claude Paroz
SHA1PasswordHasher, UnsaltedSHA1PasswordHasher, and UnsaltedMD5PasswordHasher are now deprecated.
2022-06-03Fixed #33764 -- Deprecated BaseUserManager.make_random_password().Ciaran McCormick
2022-05-25Renamed wrapped functions to wrapper.Aymeric Augustin
All these functions are wrapping another function. They're the wrapper, while the function they're wrapping is the wrapped.
2022-05-17Increased the default PBKDF2 iterations for Django 4.2.Carlton Gibson
2022-05-11Fixed #33691 -- Deprecated django.contrib.auth.hashers.CryptPasswordHasher.Mariusz Felisiak
2022-04-20Refactored out RedirectURLMixin.get_success_url().Aymeric Augustin
This also adds a default implementation of get_default_redirect_url().
2022-04-20Simplified LogoutView.get_success_url().Aymeric Augustin
This preserves the behavior of redirecting to the logout URL without query string parameters when an insecure ?next=... parameter is given. It changes the behavior of a POST to the logout URL, as shown by the test that is changed. Currently, this results in a GET to the logout URL. However, such GET requests are deprecated. This change would be necessary in Django 5.0 anyway. This commit merely anticipates it.
2022-04-18Fixed #33648 -- Prevented extra redirect in LogoutView on invalid next page ↵Aymeric Augustin
when LOGOUT_REDIRECT_URL is set.
2022-04-18Fixed various tests on MySQL with MyISAM storage engine.Mariusz Felisiak
2022-04-01Fixed #33613 -- Made createsuperuser detect uniqueness of USERNAME_FIELD ↵Lucidiot
when using Meta.constraints.
2022-03-29Fixed #15619 -- Deprecated log out via GET requests.René Fleschenberg
Thanks Florian Apolloner for the implementation idea. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-03-24Refs #15619 -- Logged out with POST requests in admin.Mariusz Felisiak
2022-03-24Refs #32365 -- Removed internal uses of utils.timezone.utc alias.Carlton Gibson
Remaining test case ensures that uses of the alias are mapped canonically by the migration writer.
2022-03-10Fixed #33561 -- Allowed synchronization of user attributes in RemoteUserBackend.Adrian Torres
2022-02-22Removed redundant QuerySet.all() calls in docs and tests.Nick Pope
Most QuerySet methods are mapped onto the Manager and, in general, it isn't necessary to call .all() on the manager.
2022-02-07Refs #33476 -- Refactored code to strictly match 88 characters line length.Mariusz Felisiak
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2022-02-01Fixed #30360 -- Added support for secret key rotation.tschilling
Thanks Florian Apolloner for the implementation idea. Co-authored-by: Andreas Pelme <andreas@pelme.se> Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com>
2022-01-04Fixed CVE-2021-45115 -- Prevented DoS vector in ↵Florian Apolloner
UserAttributeSimilarityValidator. Thanks Chris Bailey for the report. Co-authored-by: Adam Johnson <me@adamj.eu>
2021-11-11Fixed #33269 -- Made AnonymousUser/PermissionsMixin.has_perms() raise ↵Lie Ryan
ValueError on string or non-iterable perm_list.
2021-10-12Fixed #33178 -- Made createsuperuser validate required fields passed in ↵Christophe Henry
options in interactive mode.
2021-10-12Refs #33178 -- Added createsuperuser tests for validation of foreign keys.Christophe Henry
2021-10-12Refs #21755 -- Fixed createsuperuser crash for required foreign keys passed ↵Christophe Henry
in options in interactive mode. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-10-12Refs #29628, Refs #33178 -- Made createsuperuser validate password against ↵Mariusz Felisiak
required fields passed in options.
2021-10-07Fixed #33151 -- Fixed createsuperuser crash for many-to-many required fields ↵Christophe Henry
in non-interactive mode.
2021-09-20Increased the default PBKDF2 iterations for Django 4.1.Mariusz Felisiak
2021-09-06Refs #32508 -- Raised TypeError/ValueError instead of using "assert" in ↵Mateo Radman
encode() methods of remaining password hashers.
2021-08-11Refs #29898 -- Changed ProjectState.real_apps to set.Mariusz Felisiak
2021-08-02Refs #32956 -- Corrected usage of "insure" and "assure".David Smith
2021-07-22Fixed #32275 -- Added scrypt password hasher.ryowright
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-07-22Refs #32508 -- Raised TypeError/ValueError instead of using "assert" in ↵Mariusz Felisiak
encode() methods of some password hashers.
2021-07-19Fixed wording of AuthViewsTestCase's docstring.Chris Jerdonek
2021-07-07Used more specific unittest assertions in tests.Mads Jensen
2021-06-25Refs #32508 -- Raised ImproperlyConfigured/TypeError instead of using ↵Mateo Radman
"assert" in various code.
2021-05-28Refs #24121 -- Added __repr__() to PermWrapper.abhiabhi94
2021-05-20Renamed "object" argument of ModelAdmin.log_addition(), log_change(), and ↵David Sanders
log_deletion() methods.