summaryrefslogtreecommitdiff
path: root/tests/auth_tests
AgeCommit message (Collapse)Author
2019-12-18Fixed CVE-2019-19844 -- Used verified user email for password reset requests.Simon Charette
Co-Authored-By: Florian Apolloner <florian@apolloner.eu>
2019-12-10Fixed #26480 -- Fixed crash of contrib.auth.authenticate() on decorated ↵Baptiste Mispelon
authenticate() methods of authentication backends. The Signature API (PEP 362) has better support for decorated functions (by default, it follows the __wrapped__ attribute set by functools.wraps for example).
2019-12-02Fixed CVE-2019-19118 -- Required edit permissions on parent model for ↵Carlton Gibson
editable inlines in admin. Thank you to Shen Ying for reporting this issue.
2019-11-29Fixed #31021 -- Fixed proxy model permissions data migration crash with a ↵Mariusz Felisiak
multiple databases setup. Regression in 98296f86b340c8c9c968375d59f1d3a3479e60c2.
2019-11-18Replaced encode() usage with bytes literals.Jon Dufresne
2019-11-13Fixed random auth_tests.test_tokens.TokenGeneratorTest.test_10265 failures.Mariusz Felisiak
Random failures depended on the current timestamp.
2019-11-13Moved MockedPasswordResetTokenGenerator outside of ↵Mariusz Felisiak
TokenGeneratorTest.test_timeout().
2019-10-23Added tests for middlewares' checks.Sergey Fedoseev
2019-09-20Fixed #28622 -- Allowed specifying password reset link expiration in seconds ↵Hasan Ramezani
and deprecated PASSWORD_RESET_TIMEOUT_DAYS.
2019-09-18Fixed #30776 -- Restored max length validation on ↵Sam Reynolds
AuthenticationForm.UsernameField. Regression in 5ceaf14686ce626404afb6a5fbd3d8286410bf13. Thanks gopackgo90 for the report and Mariusz Felisiak for tests.
2019-09-12Increased the default PBKDF2 iterations for Django 3.1.Carlton Gibson
2019-09-10Refs #30037 -- Required the RemoteUserBackend.configure_user() to have ↵Mariusz Felisiak
request as the first positional argument. Per deprecation timeline.
2019-08-29Fixed #18763 -- Added ModelBackend/UserManager.with_perm() methods.Berker Peksag
Co-authored-by: Nick Pope <nick.pope@flightdataservices.com>
2019-08-29Fixed #30066 -- Enabled super user creation without email and passworddaniel a rios
2019-08-29Converted auth test to use subTest().Carlton Gibson
2019-08-26Fixed #29019 -- Added ManyToManyField support to REQUIRED_FIELDS.Hasan Ramezani
2019-07-02Fixed #27801 -- Made createsuperuser fall back to environment variables for ↵Hasan Ramezani
password and required fields.
2019-06-28Fixed #30400 -- Improved typography of user facing strings.Jon Dufresne
Thanks Claude Paroz for assistance with translations.
2019-06-14Fixed #12952 -- Adjusted admin log change messages to use form labels ↵Sanyam Khurana
instead of field names.
2019-06-10Fixed #30556 -- Avoided useless query and hasher call in ↵Aymeric Augustin
ModelBackend.authenticate() when credentials aren't provided. There's no need to fetch a user instance from the database unless a username and a password are provided as credentials.
2019-06-07Fixed #29379 -- Added autocomplete attribute to contrib.auth.forms fields.Hasan Ramezani
Thank you to Nick Pope for review. Co-authored-by: CHI Cheng <cloudream@gmail.com>
2019-06-05Refs #30226 -- Added User.get_user_permissions() method.Tobias Bengfort
Added to mirror the existing User.get_group_permissions().
2019-06-05Fixed #30226 -- Added BaseBackend for authentication.Tobias Bengfort
2019-05-27Refs #24944 -- Added test for overriding domain in email context in ↵Mattia Procopio
PasswordResetView.
2019-05-24Fixed #28780 -- Allowed specyfing a token parameter displayed in password ↵Rob
reset URLs. Co-authored-by: Tim Givois <tim.givois.mendez@gmail.com>
2019-05-15Fixed mis-capitalisation in comment.Ally Weir
2019-04-27Fixed #30351 -- Handled pre-existing permissions in proxy model permissions ↵Carlton Gibson
data migration. Regression in 181fb60159e54d442d3610f4afba6f066a6dac05.
2019-04-25Fixed #30399 -- Changed django.utils.html.escape()/urlize() to use ↵Jon Dufresne
html.escape()/unescape().
2019-04-14Renamed camelCaseTestMethods to snake_case_test_methodsMarkus Holtermann
2019-03-29Fixed #30236 -- Made UsernameField render with autocapitalize="none" HTML ↵pmisteli
attribute. This prevents automatic capitalization, which is the default behavior in some browsers.
2019-03-22Fixed #30257 -- Made UsernameValidators prohibit trailing newlines.Ryan J Schave
2019-03-15Cleaned up exception message checking in some tests.Jon Dufresne
2019-02-14Refs #15902 -- Deprecated storing user's language in the session.Claude Paroz
2019-01-17Increased the default PBKDF2 iterations for Django 3.0.Tim Graham
2019-01-16Fixed #11154, #22270 -- Made proxy model permissions use correct content type.Arthur Rio
Co-Authored-By: Simon Charette <charette.s@gmail.com> Co-Authored-By: Antoine Catton <acatton@fusionbox.com>
2019-01-10Refs #28478 -- Deprecated TestCase's allow_database_queries and multi_db in ↵Simon Charette
favor of databases.
2019-01-09Fixed #30037 -- Added request arg to RemoteUserBackend.configure_user().Joshua Cannon
2018-12-31Updated test URL patterns to use path() and re_path().Tim Graham
2018-12-21Added tests for ContentType/Group/Permission.__str__().Tim Graham
2018-11-27Made reused RequestFactory instances class attributes.Simon Charette
2018-11-27Switched setUp() to setUpTestData() where possible in Django's tests.Simon Charette
2018-11-27Switched TestCase to SimpleTestCase where possible in Django's tests.Tim Graham
2018-11-15Fixed #29952 -- Lowercased all passwords in contrib.auth's ↵Mathew Payne
auth/common-passwords.txt.gz.
2018-10-10Refs #27795 -- Removed force_bytes() usage from django/utils/http.py.Jon Dufresne
django.utils.http.urlsafe_base64_encode() now returns a string, not a bytestring. Since URLs are represented as strings, urlsafe_base64_encode() should return a string. All uses immediately decoded the bytestring to a string anyway. As the inverse operation, urlsafe_base64_decode() accepts a string.
2018-10-01Fixed #29809 -- Fixed a crash when a "view only" user POSTs to the admin ↵Tim Graham
user change form.
2018-10-01Fixed CVE-2018-16984 -- Fixed password hash disclosure to admin "view only" ↵Carlton Gibson
users. Thanks Claude Paroz & Tim Graham for collaborating on the patch.
2018-09-26Fixed #29782 -- Added better error message when filtering queryset with ↵Ramon Saraiva
AnonymousUser.
2018-09-26Refs #29784 -- Switched to https:// links where available.Jon Dufresne
2018-09-25Added a test for password_changed() with a custom validator.Alexey
2018-08-18Simplified how createsuperuser tests generate passwords.Josh Schneier