| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2024-07-09 | [5.1.x] Fixed CVE-2024-39329 -- Standarized timing of verify_password() when ↵ | Michael Manfre | |
| checking unusuable passwords. Refs #20760. Thanks Michael Manfre for the fix and to Adam Johnson for the review. | |||
| 2024-05-30 | [5.1.x] Fixed #35477 -- Corrected 'required' errors in auth password ↵ | Fabian Braun | |
| set/change forms. The auth forms using SetPasswordMixin were incorrectly including the 'This field is required.' error when additional validations (e.g., overriding `clean_password1`) were performed and failed. This fix ensures accurate error reporting for password fields. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> Backport of 339977d4441fd353e20950b98bad3d42afb1f126 from main. | |||
| 2024-05-22 | Fixed #31405 -- Added LoginRequiredMiddleware. | Hisham Mahmood | |
| Co-authored-by: Adam Johnson <me@adamj.eu> Co-authored-by: Mehmet İnce <mehmet@mehmetince.net> Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | |||
| 2024-05-17 | Fixed #35428 -- Increased parallelism of the ScryptPasswordHasher. | SaJH | |
| 2024-05-13 | Fixed #35408 -- Optimized post-migrate permission creation. | Adam Johnson | |
| co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2024-03-27 | Fixed #34977 -- Improved accessibility in the UserChangeForm by replacing ↵ | Fabian Braun | |
| the reset password link with a button. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> | |||
| 2024-03-07 | Fixed #35030 -- Made django.contrib.auth decorators to work with async ↵ | Dingning | |
| functions. | |||
| 2024-03-06 | Refs #35030 -- Added more tests for @user_passes_test decorator. | Mariusz Felisiak | |
| 2024-02-20 | Fixed #34429 -- Allowed setting unusable passwords for users in the auth forms. | Fabian Braun | |
| Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> | |||
| 2024-02-20 | Refs #34429 -- Defined test user with unusable password for auth forms tests. | Natalia | |
| 2024-01-26 | Applied Black's 2024 stable style. | Mariusz Felisiak | |
| https://github.com/psf/black/releases/tag/24.1.0 | |||
| 2024-01-12 | Added test ensuring that validate_password is used in AdminPasswordChangeForm. | nessita | |
| Co-authored-by: Fabian Braun <fsbraun@gmx.de> | |||
| 2024-01-04 | Used enterClassContext() where appropriate. | Mariusz Felisiak | |
| 2023-12-31 | Used addCleanup() in tests where appropriate. | Mariusz Felisiak | |
| 2023-11-01 | Fixed CVE-2023-46695 -- Fixed potential DoS in UsernameField on Windows. | Mariusz Felisiak | |
| Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report. | |||
| 2023-09-20 | Defined PASSWORD_HASHERS for auth_tests.test_views.ChangelistTests. | Lily Foote | |
| auth_tests.test_views.ChangelistTests.test_view_user_password_is_readonly depends on the password hasher having the three components algorithm, salt and hash. The default password hasher (PBKDF2PasswordHasher) has an extra iterations component, breaking the test. | |||
| 2023-09-18 | Increased the default PBKDF2 iterations for Django 5.1. | Mariusz Felisiak | |
| 2023-09-18 | Refs #33691 -- Removed insecure password hashers per deprecation timeline. | Mariusz Felisiak | |
| 2023-09-18 | Refs #33764 -- Removed BaseUserManager.make_random_password() per ↵ | Mariusz Felisiak | |
| deprecation timeline. | |||
| 2023-08-22 | Removed unnecessary trailing commas in tests. | konsti | |
| 2023-08-08 | Fixed #34542 -- Made createsuperuser handle required blank fields in ↵ | Mateusz Więckowski | |
| non-interactive mode. | |||
| 2023-06-27 | Fixed #34391 -- Added async-compatible interface to auth functions and ↵ | Jon Janzen | |
| related methods test clients. | |||
| 2023-05-18 | Fixed #34565 -- Added support for async checking of user passwords. | HappyDingning | |
| 2023-03-28 | Fixed #34438 -- Reallowed extending UserCreationForm. | Gary Jarrel | |
| Regression in 298d02a77a69321af8c0023df3250663e9d1362d. | |||
| 2023-03-20 | Fixed some typos in comments, docstrings, and tests. | Liyang Zhang | |
| 2023-03-09 | Fixed #33985 -- Used app_config.verbose_name in ContentType.__str__(). | Hrushikesh Vaidya | |
| 2023-03-08 | Fixed #34384 -- Fixed session validation when rotation secret keys. | David Wobrock | |
| Bug in 0dcd549bbe36c060f536ec270d34d9e7d4b8e6c7. Thanks Eric Zarowny for the report. | |||
| 2023-03-07 | Fixed #31920 -- Made AuthenticationMiddleware add request.auser(). | Jon Janzen | |
| 2023-02-04 | Increased the default PBKDF2 iterations for Django 5.0. | Mariusz Felisiak | |
| Follow up to 9a1848f48c1f7f627a52b2063a8a8428e77765d6. | |||
| 2023-02-01 | Refs #33476 -- Applied Black's 2023 stable style. | David Smith | |
| Black 23.1.0 is released which, as the first release of the year, introduces the 2023 stable style. This incorporates most of last year's preview style. https://github.com/psf/black/releases/tag/23.1.0 | |||
| 2023-01-17 | Increased the default PBKDF2 iterations for Django 5.0. | Mariusz Felisiak | |
| 2023-01-17 | Refs #33691 -- Removed django.contrib.auth.hashers.CryptPasswordHasher per ↵ | Mariusz Felisiak | |
| deprecation timeline. | |||
| 2023-01-17 | Refs #15619 -- Removed support for logging out via GET requests. | Mariusz Felisiak | |
| Per deprecation timeline. | |||
| 2023-01-17 | Refs #33561 -- Made created=True required in signature of ↵ | Mariusz Felisiak | |
| RemoteUserBackend.configure_user() subclasses. Per deprecation timeline. | |||
| 2023-01-04 | Refs #34074 -- Used headers argument for RequestFactory and Client in docs ↵ | David Wobrock | |
| and tests. | |||
| 2022-12-29 | Fixed #25617 -- Added case-insensitive unique username validation in ↵ | Paul Schilling | |
| UserCreationForm. Co-Authored-By: Neven Mundar <nmundar@gmail.com> | |||
| 2022-12-24 | Fixed #34165 -- Made permissions creation respect the "using" parameter. | David Wobrock | |
| 2022-11-29 | Fixed #34187 -- Made UserCreationForm save many-to-many fields. | sdolemelipone | |
| 2022-11-10 | Updated documentation and comments for RFC updates. | Nick Pope | |
| - Updated references to RFC 1123 to RFC 5322 - Only partial as RFC 5322 sort of sub-references RFC 1123. - Updated references to RFC 2388 to RFC 7578 - Except RFC 2388 Section 5.3 which has no equivalent. - Updated references to RFC 2396 to RFC 3986 - Updated references to RFC 2616 to RFC 9110 - Updated references to RFC 3066 to RFC 5646 - Updated references to RFC 7230 to RFC 9112 - Updated references to RFC 7231 to RFC 9110 - Updated references to RFC 7232 to RFC 9110 - Updated references to RFC 7234 to RFC 9111 - Tidied up style of text when referring to RFC documents | |||
| 2022-10-27 | Fixed #34066 -- Fixed link to password reset view in ↵ | Simon Kern | |
| UserChangeForm.password's help text when using to_field. Co-Authored-By: David Sanders <shang.xiao.sanders@gmail.com> Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2022-10-26 | Completed test coverage for contrib.auth.forms. | Marcelo Galigniana | |
| 2022-10-20 | Skipped scrypt tests when OpenSSL 1.1+ is not installed. | HieuPham9720 | |
| 2022-09-27 | Completed test coverage for createsuperuser command. | Marcelo Galigniana | |
| 2022-09-01 | Fixed ReadOnlyPasswordHashWidget's template for RTL languages. | Shai Berger | |
| 2022-07-23 | Refs #33691 -- Deprecated insecure password hashers. | Claude Paroz | |
| SHA1PasswordHasher, UnsaltedSHA1PasswordHasher, and UnsaltedMD5PasswordHasher are now deprecated. | |||
| 2022-06-03 | Fixed #33764 -- Deprecated BaseUserManager.make_random_password(). | Ciaran McCormick | |
| 2022-05-25 | Renamed wrapped functions to wrapper. | Aymeric Augustin | |
| All these functions are wrapping another function. They're the wrapper, while the function they're wrapping is the wrapped. | |||
| 2022-05-17 | Increased the default PBKDF2 iterations for Django 4.2. | Carlton Gibson | |
| 2022-05-11 | Fixed #33691 -- Deprecated django.contrib.auth.hashers.CryptPasswordHasher. | Mariusz Felisiak | |
| 2022-04-20 | Refactored out RedirectURLMixin.get_success_url(). | Aymeric Augustin | |
| This also adds a default implementation of get_default_redirect_url(). | |||
