| Age | Commit message (Collapse) | Author |
|
https://github.com/psf/black/releases/tag/26.1.0
Backport of 6cff02078799b7c683a0d39630d49ab4fe532e7c from main.
|
|
with deferred annotations.
Provide a wrapper for safe introspection of user functions on Python 3.14+.
Follow-up to 601914722956cc41f1f2c53972d669ddee6ffc04.
Backport of 56ed37e17e5b1a509aa68a0c797dcff34fcc1366 from main.
|
|
mod_wsgi auth handler.
Refs CVE-2024-39329, #20760.
Thanks Stackered for the report, and Jacob Walls and Markus Holtermann
for the reviews.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
Backport of 3eb814e02a4c336866d4189fa0c24fd1875863ed from main.
|
|
aprocess_request().
Regression in 50f89ae850f6b4e35819fe725a08c7e579bfd099.
Thank you to shamoon for the report and Natalia Bidart for the review.
Backport of 1704c49a9b149b66b6a0e67abc8c95293bc35649 from main.
|
|
Regression in ec7d69035a408b357f1803ca05a7c991cc358cfa.
Thank you Gabriel Trouvé for the report and Claude Paroz for the review.
Backport of d469db978ea6a705549b9519313d9adc198e4232 from main.
|
|
https://github.com/psf/black/releases/tag/25.1.0
Backport of ff3aaf036f0cb66cd8f404cd51c603e68aaa7676 from main
|
|
auth/common-passwords.txt.gz.
Backport of 727731d76d9dfd5304d536478d862778f6dd6d9b from main.
|
|
password fields.
Regression in e626716c28b6286f8cf0f8174077f3d2244f3eb3.
Thanks buffgecko12 for the report and Sarah Boyce for the review.
Backport of d15454a6e84a595ffc8dc1b926282f484f782a8f from main.
|
|
composite primary key.
|
|
|
|
|
|
unavailable.
Thanks Mariusz Felisiak and Jacob Tyler Walls for reviews.
|
|
|
|
asyncio.iscoroutinefunction().
Fixes DeprecationWarning:
'asyncio.iscoroutinefunction' is deprecated and slated for removal in
Python 3.16; use inspect.iscoroutinefunction() instead.
|
|
HttpResponse.text property.
Signed-off-by: SaJH <wogur981208@gmail.com>
|
|
|
|
|
|
sending fails.
On successful submission of a password reset request, an email is sent
to the accounts known to the system. If sending this email fails (due to
email backend misconfiguration, service provider outage, network issues,
etc.), an attacker might exploit this by detecting which password reset
requests succeed and which ones generate a 500 error response.
Thanks to Thibaut Spriet for the report, and to Mariusz Felisiak, Adam
Johnson, and Sarah Boyce for the reviews.
|
|
This improves the screen reader experience.
|
|
|
|
Refs #34429: Following the implementation allowing the setting of
unusable passwords via the admin site, the `BaseUserCreationForm` and
`UserCreationForm` were extended to include a new field for choosing
whether password-based authentication for the new user should be enabled
or disabled at creation time.
Given that these forms are designed to be extended when implementing
custom user models, this branch ensures that this new field is moved to
a new, admin-dedicated, user creation form `AdminUserCreationForm`.
Regression in e626716c28b6286f8cf0f8174077f3d2244f3eb3.
Thanks Simon Willison for the report, Fabian Braun and Sarah Boyce for
the review.
|
|
model.
This work also allows to subclass BaseUserCreationFormTest to reuse the
tests and assertions for testing forms that extend BaseUserCreationForm,
which is now used for UserCreationFormTest, increasing its coverage.
|
|
|
|
unusable passwords.
This is a follow up for the fix of CVE-2024-39329
(5d8645857936c142a3973694799c52165e2bdcdb) where the timing of
verify_password() was standardized when checking unusable passwords.
|
|
checking unusuable passwords.
Refs #20760.
Thanks Michael Manfre for the fix and to Adam Johnson for the review.
|
|
|
|
|
|
The auth forms using SetPasswordMixin were incorrectly including the
'This field is required.' error when additional validations (e.g.,
overriding `clean_password1`) were performed and failed.
This fix ensures accurate error reporting for password fields.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
|
|
Co-authored-by: Adam Johnson <me@adamj.eu>
Co-authored-by: Mehmet İnce <mehmet@mehmetince.net>
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
|
|
|
|
co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
|
|
the reset password link with a button.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
functions.
|
|
|
|
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
|
|
https://github.com/psf/black/releases/tag/24.1.0
|
|
Co-authored-by: Fabian Braun <fsbraun@gmx.de>
|
|
|
|
|
|
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
|
|
auth_tests.test_views.ChangelistTests.test_view_user_password_is_readonly
depends on the password hasher having the three components algorithm,
salt and hash.
The default password hasher (PBKDF2PasswordHasher) has an extra
iterations component, breaking the test.
|
|
|
|
|
|
deprecation timeline.
|
|
|
|
non-interactive mode.
|
|
related methods test clients.
|
|
|