| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2024-09-02 | Refs #35706 -- Prefixed 'Error:' to titles of admin pages with form errors. | sanjeevholla26 | |
| This improves the screen reader experience. | |||
| 2024-08-23 | Added helper and refactored PasswordResetFormTest to unify email sending tests. | nessita | |
| 2024-08-19 | Fixed #35678 -- Removed "usable_password" field from BaseUserCreationForm. | Natalia | |
| Refs #34429: Following the implementation allowing the setting of unusable passwords via the admin site, the `BaseUserCreationForm` and `UserCreationForm` were extended to include a new field for choosing whether password-based authentication for the new user should be enabled or disabled at creation time. Given that these forms are designed to be extended when implementing custom user models, this branch ensures that this new field is moved to a new, admin-dedicated, user creation form `AdminUserCreationForm`. Regression in e626716c28b6286f8cf0f8174077f3d2244f3eb3. Thanks Simon Willison for the report, Fabian Braun and Sarah Boyce for the review. | |||
| 2024-08-19 | Refs #35678 -- Split tests for BaseUserCreationForm when using a custom User ↵ | Natalia | |
| model. This work also allows to subclass BaseUserCreationFormTest to reuse the tests and assertions for testing forms that extend BaseUserCreationForm, which is now used for UserCreationFormTest, increasing its coverage. | |||
| 2024-08-13 | Refs #35402 -- Added tests for invalid usage of submodules in some settings. | Jacob Walls | |
| 2024-08-08 | Added test for acheck_password() to ensure make_password is called for ↵ | Natalia | |
| unusable passwords. This is a follow up for the fix of CVE-2024-39329 (5d8645857936c142a3973694799c52165e2bdcdb) where the timing of verify_password() was standardized when checking unusable passwords. | |||
| 2024-07-09 | Fixed CVE-2024-39329 -- Standarized timing of verify_password() when ↵ | Michael Manfre | |
| checking unusuable passwords. Refs #20760. Thanks Michael Manfre for the fix and to Adam Johnson for the review. | |||
| 2024-07-04 | Fixed #35520 -- Avoided opening transaction for read-only ModelAdmin requests. | Jake Howard | |
| 2024-07-04 | Fixed #35569 -- Improved wording of invalid ForeignKey error message. | Jacob Walls | |
| 2024-05-30 | Fixed #35477 -- Corrected 'required' errors in auth password set/change forms. | Fabian Braun | |
| The auth forms using SetPasswordMixin were incorrectly including the 'This field is required.' error when additional validations (e.g., overriding `clean_password1`) were performed and failed. This fix ensures accurate error reporting for password fields. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> | |||
| 2024-05-22 | Increased the default PBKDF2 iterations for Django 5.2. | Natalia | |
| 2024-05-22 | Fixed #31405 -- Added LoginRequiredMiddleware. | Hisham Mahmood | |
| Co-authored-by: Adam Johnson <me@adamj.eu> Co-authored-by: Mehmet İnce <mehmet@mehmetince.net> Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | |||
| 2024-05-17 | Fixed #35428 -- Increased parallelism of the ScryptPasswordHasher. | SaJH | |
| 2024-05-13 | Fixed #35408 -- Optimized post-migrate permission creation. | Adam Johnson | |
| co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2024-03-27 | Fixed #34977 -- Improved accessibility in the UserChangeForm by replacing ↵ | Fabian Braun | |
| the reset password link with a button. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> | |||
| 2024-03-07 | Fixed #35030 -- Made django.contrib.auth decorators to work with async ↵ | Dingning | |
| functions. | |||
| 2024-03-06 | Refs #35030 -- Added more tests for @user_passes_test decorator. | Mariusz Felisiak | |
| 2024-02-20 | Fixed #34429 -- Allowed setting unusable passwords for users in the auth forms. | Fabian Braun | |
| Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> | |||
| 2024-02-20 | Refs #34429 -- Defined test user with unusable password for auth forms tests. | Natalia | |
| 2024-01-26 | Applied Black's 2024 stable style. | Mariusz Felisiak | |
| https://github.com/psf/black/releases/tag/24.1.0 | |||
| 2024-01-12 | Added test ensuring that validate_password is used in AdminPasswordChangeForm. | nessita | |
| Co-authored-by: Fabian Braun <fsbraun@gmx.de> | |||
| 2024-01-04 | Used enterClassContext() where appropriate. | Mariusz Felisiak | |
| 2023-12-31 | Used addCleanup() in tests where appropriate. | Mariusz Felisiak | |
| 2023-11-01 | Fixed CVE-2023-46695 -- Fixed potential DoS in UsernameField on Windows. | Mariusz Felisiak | |
| Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report. | |||
| 2023-09-20 | Defined PASSWORD_HASHERS for auth_tests.test_views.ChangelistTests. | Lily Foote | |
| auth_tests.test_views.ChangelistTests.test_view_user_password_is_readonly depends on the password hasher having the three components algorithm, salt and hash. The default password hasher (PBKDF2PasswordHasher) has an extra iterations component, breaking the test. | |||
| 2023-09-18 | Increased the default PBKDF2 iterations for Django 5.1. | Mariusz Felisiak | |
| 2023-09-18 | Refs #33691 -- Removed insecure password hashers per deprecation timeline. | Mariusz Felisiak | |
| 2023-09-18 | Refs #33764 -- Removed BaseUserManager.make_random_password() per ↵ | Mariusz Felisiak | |
| deprecation timeline. | |||
| 2023-08-22 | Removed unnecessary trailing commas in tests. | konsti | |
| 2023-08-08 | Fixed #34542 -- Made createsuperuser handle required blank fields in ↵ | Mateusz Więckowski | |
| non-interactive mode. | |||
| 2023-06-27 | Fixed #34391 -- Added async-compatible interface to auth functions and ↵ | Jon Janzen | |
| related methods test clients. | |||
| 2023-05-18 | Fixed #34565 -- Added support for async checking of user passwords. | HappyDingning | |
| 2023-03-28 | Fixed #34438 -- Reallowed extending UserCreationForm. | Gary Jarrel | |
| Regression in 298d02a77a69321af8c0023df3250663e9d1362d. | |||
| 2023-03-20 | Fixed some typos in comments, docstrings, and tests. | Liyang Zhang | |
| 2023-03-09 | Fixed #33985 -- Used app_config.verbose_name in ContentType.__str__(). | Hrushikesh Vaidya | |
| 2023-03-08 | Fixed #34384 -- Fixed session validation when rotation secret keys. | David Wobrock | |
| Bug in 0dcd549bbe36c060f536ec270d34d9e7d4b8e6c7. Thanks Eric Zarowny for the report. | |||
| 2023-03-07 | Fixed #31920 -- Made AuthenticationMiddleware add request.auser(). | Jon Janzen | |
| 2023-02-04 | Increased the default PBKDF2 iterations for Django 5.0. | Mariusz Felisiak | |
| Follow up to 9a1848f48c1f7f627a52b2063a8a8428e77765d6. | |||
| 2023-02-01 | Refs #33476 -- Applied Black's 2023 stable style. | David Smith | |
| Black 23.1.0 is released which, as the first release of the year, introduces the 2023 stable style. This incorporates most of last year's preview style. https://github.com/psf/black/releases/tag/23.1.0 | |||
| 2023-01-17 | Increased the default PBKDF2 iterations for Django 5.0. | Mariusz Felisiak | |
| 2023-01-17 | Refs #33691 -- Removed django.contrib.auth.hashers.CryptPasswordHasher per ↵ | Mariusz Felisiak | |
| deprecation timeline. | |||
| 2023-01-17 | Refs #15619 -- Removed support for logging out via GET requests. | Mariusz Felisiak | |
| Per deprecation timeline. | |||
| 2023-01-17 | Refs #33561 -- Made created=True required in signature of ↵ | Mariusz Felisiak | |
| RemoteUserBackend.configure_user() subclasses. Per deprecation timeline. | |||
| 2023-01-04 | Refs #34074 -- Used headers argument for RequestFactory and Client in docs ↵ | David Wobrock | |
| and tests. | |||
| 2022-12-29 | Fixed #25617 -- Added case-insensitive unique username validation in ↵ | Paul Schilling | |
| UserCreationForm. Co-Authored-By: Neven Mundar <nmundar@gmail.com> | |||
| 2022-12-24 | Fixed #34165 -- Made permissions creation respect the "using" parameter. | David Wobrock | |
| 2022-11-29 | Fixed #34187 -- Made UserCreationForm save many-to-many fields. | sdolemelipone | |
| 2022-11-10 | Updated documentation and comments for RFC updates. | Nick Pope | |
| - Updated references to RFC 1123 to RFC 5322 - Only partial as RFC 5322 sort of sub-references RFC 1123. - Updated references to RFC 2388 to RFC 7578 - Except RFC 2388 Section 5.3 which has no equivalent. - Updated references to RFC 2396 to RFC 3986 - Updated references to RFC 2616 to RFC 9110 - Updated references to RFC 3066 to RFC 5646 - Updated references to RFC 7230 to RFC 9112 - Updated references to RFC 7231 to RFC 9110 - Updated references to RFC 7232 to RFC 9110 - Updated references to RFC 7234 to RFC 9111 - Tidied up style of text when referring to RFC documents | |||
| 2022-10-27 | Fixed #34066 -- Fixed link to password reset view in ↵ | Simon Kern | |
| UserChangeForm.password's help text when using to_field. Co-Authored-By: David Sanders <shang.xiao.sanders@gmail.com> Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2022-10-26 | Completed test coverage for contrib.auth.forms. | Marcelo Galigniana | |
