| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2023-11-01 | [5.0.x] Fixed CVE-2023-46695 -- Fixed potential DoS in UsernameField on Windows. | Mariusz Felisiak | |
| Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report. | |||
| 2023-08-22 | Removed unnecessary trailing commas in tests. | konsti | |
| 2023-08-08 | Fixed #34542 -- Made createsuperuser handle required blank fields in ↵ | Mateusz Więckowski | |
| non-interactive mode. | |||
| 2023-06-27 | Fixed #34391 -- Added async-compatible interface to auth functions and ↵ | Jon Janzen | |
| related methods test clients. | |||
| 2023-05-18 | Fixed #34565 -- Added support for async checking of user passwords. | HappyDingning | |
| 2023-03-28 | Fixed #34438 -- Reallowed extending UserCreationForm. | Gary Jarrel | |
| Regression in 298d02a77a69321af8c0023df3250663e9d1362d. | |||
| 2023-03-20 | Fixed some typos in comments, docstrings, and tests. | Liyang Zhang | |
| 2023-03-09 | Fixed #33985 -- Used app_config.verbose_name in ContentType.__str__(). | Hrushikesh Vaidya | |
| 2023-03-08 | Fixed #34384 -- Fixed session validation when rotation secret keys. | David Wobrock | |
| Bug in 0dcd549bbe36c060f536ec270d34d9e7d4b8e6c7. Thanks Eric Zarowny for the report. | |||
| 2023-03-07 | Fixed #31920 -- Made AuthenticationMiddleware add request.auser(). | Jon Janzen | |
| 2023-02-04 | Increased the default PBKDF2 iterations for Django 5.0. | Mariusz Felisiak | |
| Follow up to 9a1848f48c1f7f627a52b2063a8a8428e77765d6. | |||
| 2023-02-01 | Refs #33476 -- Applied Black's 2023 stable style. | David Smith | |
| Black 23.1.0 is released which, as the first release of the year, introduces the 2023 stable style. This incorporates most of last year's preview style. https://github.com/psf/black/releases/tag/23.1.0 | |||
| 2023-01-17 | Increased the default PBKDF2 iterations for Django 5.0. | Mariusz Felisiak | |
| 2023-01-17 | Refs #33691 -- Removed django.contrib.auth.hashers.CryptPasswordHasher per ↵ | Mariusz Felisiak | |
| deprecation timeline. | |||
| 2023-01-17 | Refs #15619 -- Removed support for logging out via GET requests. | Mariusz Felisiak | |
| Per deprecation timeline. | |||
| 2023-01-17 | Refs #33561 -- Made created=True required in signature of ↵ | Mariusz Felisiak | |
| RemoteUserBackend.configure_user() subclasses. Per deprecation timeline. | |||
| 2023-01-04 | Refs #34074 -- Used headers argument for RequestFactory and Client in docs ↵ | David Wobrock | |
| and tests. | |||
| 2022-12-29 | Fixed #25617 -- Added case-insensitive unique username validation in ↵ | Paul Schilling | |
| UserCreationForm. Co-Authored-By: Neven Mundar <nmundar@gmail.com> | |||
| 2022-12-24 | Fixed #34165 -- Made permissions creation respect the "using" parameter. | David Wobrock | |
| 2022-11-29 | Fixed #34187 -- Made UserCreationForm save many-to-many fields. | sdolemelipone | |
| 2022-11-10 | Updated documentation and comments for RFC updates. | Nick Pope | |
| - Updated references to RFC 1123 to RFC 5322 - Only partial as RFC 5322 sort of sub-references RFC 1123. - Updated references to RFC 2388 to RFC 7578 - Except RFC 2388 Section 5.3 which has no equivalent. - Updated references to RFC 2396 to RFC 3986 - Updated references to RFC 2616 to RFC 9110 - Updated references to RFC 3066 to RFC 5646 - Updated references to RFC 7230 to RFC 9112 - Updated references to RFC 7231 to RFC 9110 - Updated references to RFC 7232 to RFC 9110 - Updated references to RFC 7234 to RFC 9111 - Tidied up style of text when referring to RFC documents | |||
| 2022-10-27 | Fixed #34066 -- Fixed link to password reset view in ↵ | Simon Kern | |
| UserChangeForm.password's help text when using to_field. Co-Authored-By: David Sanders <shang.xiao.sanders@gmail.com> Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2022-10-26 | Completed test coverage for contrib.auth.forms. | Marcelo Galigniana | |
| 2022-10-20 | Skipped scrypt tests when OpenSSL 1.1+ is not installed. | HieuPham9720 | |
| 2022-09-27 | Completed test coverage for createsuperuser command. | Marcelo Galigniana | |
| 2022-09-01 | Fixed ReadOnlyPasswordHashWidget's template for RTL languages. | Shai Berger | |
| 2022-07-23 | Refs #33691 -- Deprecated insecure password hashers. | Claude Paroz | |
| SHA1PasswordHasher, UnsaltedSHA1PasswordHasher, and UnsaltedMD5PasswordHasher are now deprecated. | |||
| 2022-06-03 | Fixed #33764 -- Deprecated BaseUserManager.make_random_password(). | Ciaran McCormick | |
| 2022-05-25 | Renamed wrapped functions to wrapper. | Aymeric Augustin | |
| All these functions are wrapping another function. They're the wrapper, while the function they're wrapping is the wrapped. | |||
| 2022-05-17 | Increased the default PBKDF2 iterations for Django 4.2. | Carlton Gibson | |
| 2022-05-11 | Fixed #33691 -- Deprecated django.contrib.auth.hashers.CryptPasswordHasher. | Mariusz Felisiak | |
| 2022-04-20 | Refactored out RedirectURLMixin.get_success_url(). | Aymeric Augustin | |
| This also adds a default implementation of get_default_redirect_url(). | |||
| 2022-04-20 | Simplified LogoutView.get_success_url(). | Aymeric Augustin | |
| This preserves the behavior of redirecting to the logout URL without query string parameters when an insecure ?next=... parameter is given. It changes the behavior of a POST to the logout URL, as shown by the test that is changed. Currently, this results in a GET to the logout URL. However, such GET requests are deprecated. This change would be necessary in Django 5.0 anyway. This commit merely anticipates it. | |||
| 2022-04-18 | Fixed #33648 -- Prevented extra redirect in LogoutView on invalid next page ↵ | Aymeric Augustin | |
| when LOGOUT_REDIRECT_URL is set. | |||
| 2022-04-18 | Fixed various tests on MySQL with MyISAM storage engine. | Mariusz Felisiak | |
| 2022-04-01 | Fixed #33613 -- Made createsuperuser detect uniqueness of USERNAME_FIELD ↵ | Lucidiot | |
| when using Meta.constraints. | |||
| 2022-03-29 | Fixed #15619 -- Deprecated log out via GET requests. | René Fleschenberg | |
| Thanks Florian Apolloner for the implementation idea. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2022-03-24 | Refs #15619 -- Logged out with POST requests in admin. | Mariusz Felisiak | |
| 2022-03-24 | Refs #32365 -- Removed internal uses of utils.timezone.utc alias. | Carlton Gibson | |
| Remaining test case ensures that uses of the alias are mapped canonically by the migration writer. | |||
| 2022-03-10 | Fixed #33561 -- Allowed synchronization of user attributes in RemoteUserBackend. | Adrian Torres | |
| 2022-02-22 | Removed redundant QuerySet.all() calls in docs and tests. | Nick Pope | |
| Most QuerySet methods are mapped onto the Manager and, in general, it isn't necessary to call .all() on the manager. | |||
| 2022-02-07 | Refs #33476 -- Refactored code to strictly match 88 characters line length. | Mariusz Felisiak | |
| 2022-02-07 | Refs #33476 -- Reformatted code with Black. | django-bot | |
| 2022-02-01 | Fixed #30360 -- Added support for secret key rotation. | tschilling | |
| Thanks Florian Apolloner for the implementation idea. Co-authored-by: Andreas Pelme <andreas@pelme.se> Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com> | |||
| 2022-01-04 | Fixed CVE-2021-45115 -- Prevented DoS vector in ↵ | Florian Apolloner | |
| UserAttributeSimilarityValidator. Thanks Chris Bailey for the report. Co-authored-by: Adam Johnson <me@adamj.eu> | |||
| 2021-11-11 | Fixed #33269 -- Made AnonymousUser/PermissionsMixin.has_perms() raise ↵ | Lie Ryan | |
| ValueError on string or non-iterable perm_list. | |||
| 2021-10-12 | Fixed #33178 -- Made createsuperuser validate required fields passed in ↵ | Christophe Henry | |
| options in interactive mode. | |||
| 2021-10-12 | Refs #33178 -- Added createsuperuser tests for validation of foreign keys. | Christophe Henry | |
| 2021-10-12 | Refs #21755 -- Fixed createsuperuser crash for required foreign keys passed ↵ | Christophe Henry | |
| in options in interactive mode. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2021-10-12 | Refs #29628, Refs #33178 -- Made createsuperuser validate password against ↵ | Mariusz Felisiak | |
| required fields passed in options. | |||
