| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2019-12-18 | Fixed CVE-2019-19844 -- Used verified user email for password reset requests. | Simon Charette | |
| Co-Authored-By: Florian Apolloner <florian@apolloner.eu> | |||
| 2019-12-10 | Fixed #26480 -- Fixed crash of contrib.auth.authenticate() on decorated ↵ | Baptiste Mispelon | |
| authenticate() methods of authentication backends. The Signature API (PEP 362) has better support for decorated functions (by default, it follows the __wrapped__ attribute set by functools.wraps for example). | |||
| 2019-12-02 | Fixed CVE-2019-19118 -- Required edit permissions on parent model for ↵ | Carlton Gibson | |
| editable inlines in admin. Thank you to Shen Ying for reporting this issue. | |||
| 2019-11-29 | Fixed #31021 -- Fixed proxy model permissions data migration crash with a ↵ | Mariusz Felisiak | |
| multiple databases setup. Regression in 98296f86b340c8c9c968375d59f1d3a3479e60c2. | |||
| 2019-11-18 | Replaced encode() usage with bytes literals. | Jon Dufresne | |
| 2019-11-13 | Fixed random auth_tests.test_tokens.TokenGeneratorTest.test_10265 failures. | Mariusz Felisiak | |
| Random failures depended on the current timestamp. | |||
| 2019-11-13 | Moved MockedPasswordResetTokenGenerator outside of ↵ | Mariusz Felisiak | |
| TokenGeneratorTest.test_timeout(). | |||
| 2019-10-23 | Added tests for middlewares' checks. | Sergey Fedoseev | |
| 2019-09-20 | Fixed #28622 -- Allowed specifying password reset link expiration in seconds ↵ | Hasan Ramezani | |
| and deprecated PASSWORD_RESET_TIMEOUT_DAYS. | |||
| 2019-09-18 | Fixed #30776 -- Restored max length validation on ↵ | Sam Reynolds | |
| AuthenticationForm.UsernameField. Regression in 5ceaf14686ce626404afb6a5fbd3d8286410bf13. Thanks gopackgo90 for the report and Mariusz Felisiak for tests. | |||
| 2019-09-12 | Increased the default PBKDF2 iterations for Django 3.1. | Carlton Gibson | |
| 2019-09-10 | Refs #30037 -- Required the RemoteUserBackend.configure_user() to have ↵ | Mariusz Felisiak | |
| request as the first positional argument. Per deprecation timeline. | |||
| 2019-08-29 | Fixed #18763 -- Added ModelBackend/UserManager.with_perm() methods. | Berker Peksag | |
| Co-authored-by: Nick Pope <nick.pope@flightdataservices.com> | |||
| 2019-08-29 | Fixed #30066 -- Enabled super user creation without email and password | daniel a rios | |
| 2019-08-29 | Converted auth test to use subTest(). | Carlton Gibson | |
| 2019-08-26 | Fixed #29019 -- Added ManyToManyField support to REQUIRED_FIELDS. | Hasan Ramezani | |
| 2019-07-02 | Fixed #27801 -- Made createsuperuser fall back to environment variables for ↵ | Hasan Ramezani | |
| password and required fields. | |||
| 2019-06-28 | Fixed #30400 -- Improved typography of user facing strings. | Jon Dufresne | |
| Thanks Claude Paroz for assistance with translations. | |||
| 2019-06-14 | Fixed #12952 -- Adjusted admin log change messages to use form labels ↵ | Sanyam Khurana | |
| instead of field names. | |||
| 2019-06-10 | Fixed #30556 -- Avoided useless query and hasher call in ↵ | Aymeric Augustin | |
| ModelBackend.authenticate() when credentials aren't provided. There's no need to fetch a user instance from the database unless a username and a password are provided as credentials. | |||
| 2019-06-07 | Fixed #29379 -- Added autocomplete attribute to contrib.auth.forms fields. | Hasan Ramezani | |
| Thank you to Nick Pope for review. Co-authored-by: CHI Cheng <cloudream@gmail.com> | |||
| 2019-06-05 | Refs #30226 -- Added User.get_user_permissions() method. | Tobias Bengfort | |
| Added to mirror the existing User.get_group_permissions(). | |||
| 2019-06-05 | Fixed #30226 -- Added BaseBackend for authentication. | Tobias Bengfort | |
| 2019-05-27 | Refs #24944 -- Added test for overriding domain in email context in ↵ | Mattia Procopio | |
| PasswordResetView. | |||
| 2019-05-24 | Fixed #28780 -- Allowed specyfing a token parameter displayed in password ↵ | Rob | |
| reset URLs. Co-authored-by: Tim Givois <tim.givois.mendez@gmail.com> | |||
| 2019-05-15 | Fixed mis-capitalisation in comment. | Ally Weir | |
| 2019-04-27 | Fixed #30351 -- Handled pre-existing permissions in proxy model permissions ↵ | Carlton Gibson | |
| data migration. Regression in 181fb60159e54d442d3610f4afba6f066a6dac05. | |||
| 2019-04-25 | Fixed #30399 -- Changed django.utils.html.escape()/urlize() to use ↵ | Jon Dufresne | |
| html.escape()/unescape(). | |||
| 2019-04-14 | Renamed camelCaseTestMethods to snake_case_test_methods | Markus Holtermann | |
| 2019-03-29 | Fixed #30236 -- Made UsernameField render with autocapitalize="none" HTML ↵ | pmisteli | |
| attribute. This prevents automatic capitalization, which is the default behavior in some browsers. | |||
| 2019-03-22 | Fixed #30257 -- Made UsernameValidators prohibit trailing newlines. | Ryan J Schave | |
| 2019-03-15 | Cleaned up exception message checking in some tests. | Jon Dufresne | |
| 2019-02-14 | Refs #15902 -- Deprecated storing user's language in the session. | Claude Paroz | |
| 2019-01-17 | Increased the default PBKDF2 iterations for Django 3.0. | Tim Graham | |
| 2019-01-16 | Fixed #11154, #22270 -- Made proxy model permissions use correct content type. | Arthur Rio | |
| Co-Authored-By: Simon Charette <charette.s@gmail.com> Co-Authored-By: Antoine Catton <acatton@fusionbox.com> | |||
| 2019-01-10 | Refs #28478 -- Deprecated TestCase's allow_database_queries and multi_db in ↵ | Simon Charette | |
| favor of databases. | |||
| 2019-01-09 | Fixed #30037 -- Added request arg to RemoteUserBackend.configure_user(). | Joshua Cannon | |
| 2018-12-31 | Updated test URL patterns to use path() and re_path(). | Tim Graham | |
| 2018-12-21 | Added tests for ContentType/Group/Permission.__str__(). | Tim Graham | |
| 2018-11-27 | Made reused RequestFactory instances class attributes. | Simon Charette | |
| 2018-11-27 | Switched setUp() to setUpTestData() where possible in Django's tests. | Simon Charette | |
| 2018-11-27 | Switched TestCase to SimpleTestCase where possible in Django's tests. | Tim Graham | |
| 2018-11-15 | Fixed #29952 -- Lowercased all passwords in contrib.auth's ↵ | Mathew Payne | |
| auth/common-passwords.txt.gz. | |||
| 2018-10-10 | Refs #27795 -- Removed force_bytes() usage from django/utils/http.py. | Jon Dufresne | |
| django.utils.http.urlsafe_base64_encode() now returns a string, not a bytestring. Since URLs are represented as strings, urlsafe_base64_encode() should return a string. All uses immediately decoded the bytestring to a string anyway. As the inverse operation, urlsafe_base64_decode() accepts a string. | |||
| 2018-10-01 | Fixed #29809 -- Fixed a crash when a "view only" user POSTs to the admin ↵ | Tim Graham | |
| user change form. | |||
| 2018-10-01 | Fixed CVE-2018-16984 -- Fixed password hash disclosure to admin "view only" ↵ | Carlton Gibson | |
| users. Thanks Claude Paroz & Tim Graham for collaborating on the patch. | |||
| 2018-09-26 | Fixed #29782 -- Added better error message when filtering queryset with ↵ | Ramon Saraiva | |
| AnonymousUser. | |||
| 2018-09-26 | Refs #29784 -- Switched to https:// links where available. | Jon Dufresne | |
| 2018-09-25 | Added a test for password_changed() with a custom validator. | Alexey | |
| 2018-08-18 | Simplified how createsuperuser tests generate passwords. | Josh Schneier | |
