summaryrefslogtreecommitdiff
path: root/tests/auth_tests
AgeCommit message (Collapse)Author
2022-10-20Skipped scrypt tests when OpenSSL 1.1+ is not installed.HieuPham9720
2022-09-27Completed test coverage for createsuperuser command.Marcelo Galigniana
2022-09-01Fixed ReadOnlyPasswordHashWidget's template for RTL languages.Shai Berger
2022-07-23Refs #33691 -- Deprecated insecure password hashers.Claude Paroz
SHA1PasswordHasher, UnsaltedSHA1PasswordHasher, and UnsaltedMD5PasswordHasher are now deprecated.
2022-06-03Fixed #33764 -- Deprecated BaseUserManager.make_random_password().Ciaran McCormick
2022-05-25Renamed wrapped functions to wrapper.Aymeric Augustin
All these functions are wrapping another function. They're the wrapper, while the function they're wrapping is the wrapped.
2022-05-17Increased the default PBKDF2 iterations for Django 4.2.Carlton Gibson
2022-05-11Fixed #33691 -- Deprecated django.contrib.auth.hashers.CryptPasswordHasher.Mariusz Felisiak
2022-04-20Refactored out RedirectURLMixin.get_success_url().Aymeric Augustin
This also adds a default implementation of get_default_redirect_url().
2022-04-20Simplified LogoutView.get_success_url().Aymeric Augustin
This preserves the behavior of redirecting to the logout URL without query string parameters when an insecure ?next=... parameter is given. It changes the behavior of a POST to the logout URL, as shown by the test that is changed. Currently, this results in a GET to the logout URL. However, such GET requests are deprecated. This change would be necessary in Django 5.0 anyway. This commit merely anticipates it.
2022-04-18Fixed #33648 -- Prevented extra redirect in LogoutView on invalid next page ↵Aymeric Augustin
when LOGOUT_REDIRECT_URL is set.
2022-04-18Fixed various tests on MySQL with MyISAM storage engine.Mariusz Felisiak
2022-04-01Fixed #33613 -- Made createsuperuser detect uniqueness of USERNAME_FIELD ↵Lucidiot
when using Meta.constraints.
2022-03-29Fixed #15619 -- Deprecated log out via GET requests.René Fleschenberg
Thanks Florian Apolloner for the implementation idea. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-03-24Refs #15619 -- Logged out with POST requests in admin.Mariusz Felisiak
2022-03-24Refs #32365 -- Removed internal uses of utils.timezone.utc alias.Carlton Gibson
Remaining test case ensures that uses of the alias are mapped canonically by the migration writer.
2022-03-10Fixed #33561 -- Allowed synchronization of user attributes in RemoteUserBackend.Adrian Torres
2022-02-22Removed redundant QuerySet.all() calls in docs and tests.Nick Pope
Most QuerySet methods are mapped onto the Manager and, in general, it isn't necessary to call .all() on the manager.
2022-02-07Refs #33476 -- Refactored code to strictly match 88 characters line length.Mariusz Felisiak
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2022-02-01Fixed #30360 -- Added support for secret key rotation.tschilling
Thanks Florian Apolloner for the implementation idea. Co-authored-by: Andreas Pelme <andreas@pelme.se> Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com>
2022-01-04Fixed CVE-2021-45115 -- Prevented DoS vector in ↵Florian Apolloner
UserAttributeSimilarityValidator. Thanks Chris Bailey for the report. Co-authored-by: Adam Johnson <me@adamj.eu>
2021-11-11Fixed #33269 -- Made AnonymousUser/PermissionsMixin.has_perms() raise ↵Lie Ryan
ValueError on string or non-iterable perm_list.
2021-10-12Fixed #33178 -- Made createsuperuser validate required fields passed in ↵Christophe Henry
options in interactive mode.
2021-10-12Refs #33178 -- Added createsuperuser tests for validation of foreign keys.Christophe Henry
2021-10-12Refs #21755 -- Fixed createsuperuser crash for required foreign keys passed ↵Christophe Henry
in options in interactive mode. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-10-12Refs #29628, Refs #33178 -- Made createsuperuser validate password against ↵Mariusz Felisiak
required fields passed in options.
2021-10-07Fixed #33151 -- Fixed createsuperuser crash for many-to-many required fields ↵Christophe Henry
in non-interactive mode.
2021-09-20Increased the default PBKDF2 iterations for Django 4.1.Mariusz Felisiak
2021-09-06Refs #32508 -- Raised TypeError/ValueError instead of using "assert" in ↵Mateo Radman
encode() methods of remaining password hashers.
2021-08-11Refs #29898 -- Changed ProjectState.real_apps to set.Mariusz Felisiak
2021-08-02Refs #32956 -- Corrected usage of "insure" and "assure".David Smith
2021-07-22Fixed #32275 -- Added scrypt password hasher.ryowright
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-07-22Refs #32508 -- Raised TypeError/ValueError instead of using "assert" in ↵Mariusz Felisiak
encode() methods of some password hashers.
2021-07-19Fixed wording of AuthViewsTestCase's docstring.Chris Jerdonek
2021-07-07Used more specific unittest assertions in tests.Mads Jensen
2021-06-25Refs #32508 -- Raised ImproperlyConfigured/TypeError instead of using ↵Mateo Radman
"assert" in various code.
2021-05-28Refs #24121 -- Added __repr__() to PermWrapper.abhiabhi94
2021-05-20Renamed "object" argument of ModelAdmin.log_addition(), log_change(), and ↵David Sanders
log_deletion() methods.
2021-05-19Fixed #32765 -- Removed "for" HTML attribute from ReadOnlyPasswordHashWidget.David Sanders
ReadOnlyPasswordHashWidget doesn't have any labelable elements.
2021-04-20Fixed #32664 -- Made PasswordResetTokenGenerator.secret validation lazy.François Freitag
Django apps initialization to run management command triggers the admin autodiscovery. Importing django.contrib.auth.tokens creates an instance of PasswordResetTokenGenerator which required a SECRET_KEY. For several management commands, the token generator is unused. It should only complain about a missing SECRET_KEY when it is used.
2021-04-20Refs #28017 -- Added test for PasswordResetTokenGenerator subclass with a ↵François Freitag
custom secret.
2021-03-11Refs #32508 -- Raised ImproperlyConfigured instead of using "assert" in ↵Hasan Ramezani
middlewares.
2021-02-08Fixed #28216 -- Added next_page/get_default_redirect_url() to LoginView.ThinkChaos
2021-01-14Increased the default PBKDF2 iterations for Django 4.0.Mariusz Felisiak
2021-01-14Refs #31842 -- Removed DEFAULT_HASHING_ALGORITHM transitional setting.Mariusz Felisiak
Per deprecation timeline.
2021-01-14Refs #27468 -- Removed support for the pre-Django 3.1 user sessions.Mariusz Felisiak
Per deprecation timeline.
2021-01-14Refs #27468 -- Removed support for the pre-Django 3.1 password reset tokens.Mariusz Felisiak
Per deprecation timeline.
2021-01-14Refs #28622 -- Removed settings.PASSWORD_RESET_TIMEOUT_DAYS per deprecation ↵Mariusz Felisiak
timeline.
2021-01-14Fixed #31358 -- Increased salt entropy of password hashers.Jon Moroney
Co-authored-by: Florian Apolloner <florian@apolloner.eu>