summaryrefslogtreecommitdiff
path: root/tests/auth_tests
AgeCommit message (Collapse)Author
2024-09-02Refs #35706 -- Prefixed 'Error:' to titles of admin pages with form errors.sanjeevholla26
This improves the screen reader experience.
2024-08-23Added helper and refactored PasswordResetFormTest to unify email sending tests.nessita
2024-08-19Fixed #35678 -- Removed "usable_password" field from BaseUserCreationForm.Natalia
Refs #34429: Following the implementation allowing the setting of unusable passwords via the admin site, the `BaseUserCreationForm` and `UserCreationForm` were extended to include a new field for choosing whether password-based authentication for the new user should be enabled or disabled at creation time. Given that these forms are designed to be extended when implementing custom user models, this branch ensures that this new field is moved to a new, admin-dedicated, user creation form `AdminUserCreationForm`. Regression in e626716c28b6286f8cf0f8174077f3d2244f3eb3. Thanks Simon Willison for the report, Fabian Braun and Sarah Boyce for the review.
2024-08-19Refs #35678 -- Split tests for BaseUserCreationForm when using a custom User ↵Natalia
model. This work also allows to subclass BaseUserCreationFormTest to reuse the tests and assertions for testing forms that extend BaseUserCreationForm, which is now used for UserCreationFormTest, increasing its coverage.
2024-08-13Refs #35402 -- Added tests for invalid usage of submodules in some settings.Jacob Walls
2024-08-08Added test for acheck_password() to ensure make_password is called for ↵Natalia
unusable passwords. This is a follow up for the fix of CVE-2024-39329 (5d8645857936c142a3973694799c52165e2bdcdb) where the timing of verify_password() was standardized when checking unusable passwords.
2024-07-09Fixed CVE-2024-39329 -- Standarized timing of verify_password() when ↵Michael Manfre
checking unusuable passwords. Refs #20760. Thanks Michael Manfre for the fix and to Adam Johnson for the review.
2024-07-04Fixed #35520 -- Avoided opening transaction for read-only ModelAdmin requests.Jake Howard
2024-07-04Fixed #35569 -- Improved wording of invalid ForeignKey error message.Jacob Walls
2024-05-30Fixed #35477 -- Corrected 'required' errors in auth password set/change forms.Fabian Braun
The auth forms using SetPasswordMixin were incorrectly including the 'This field is required.' error when additional validations (e.g., overriding `clean_password1`) were performed and failed. This fix ensures accurate error reporting for password fields. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2024-05-22Increased the default PBKDF2 iterations for Django 5.2.Natalia
2024-05-22Fixed #31405 -- Added LoginRequiredMiddleware.Hisham Mahmood
Co-authored-by: Adam Johnson <me@adamj.eu> Co-authored-by: Mehmet İnce <mehmet@mehmetince.net> Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-05-17Fixed #35428 -- Increased parallelism of the ScryptPasswordHasher.SaJH
2024-05-13Fixed #35408 -- Optimized post-migrate permission creation.Adam Johnson
co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2024-03-27Fixed #34977 -- Improved accessibility in the UserChangeForm by replacing ↵Fabian Braun
the reset password link with a button. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2024-03-07Fixed #35030 -- Made django.contrib.auth decorators to work with async ↵Dingning
functions.
2024-03-06Refs #35030 -- Added more tests for @user_passes_test decorator.Mariusz Felisiak
2024-02-20Fixed #34429 -- Allowed setting unusable passwords for users in the auth forms.Fabian Braun
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2024-02-20Refs #34429 -- Defined test user with unusable password for auth forms tests.Natalia
2024-01-26Applied Black's 2024 stable style.Mariusz Felisiak
https://github.com/psf/black/releases/tag/24.1.0
2024-01-12Added test ensuring that validate_password is used in AdminPasswordChangeForm.nessita
Co-authored-by: Fabian Braun <fsbraun@gmx.de>
2024-01-04Used enterClassContext() where appropriate.Mariusz Felisiak
2023-12-31Used addCleanup() in tests where appropriate.Mariusz Felisiak
2023-11-01Fixed CVE-2023-46695 -- Fixed potential DoS in UsernameField on Windows.Mariusz Felisiak
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
2023-09-20Defined PASSWORD_HASHERS for auth_tests.test_views.ChangelistTests.Lily Foote
auth_tests.test_views.ChangelistTests.test_view_user_password_is_readonly depends on the password hasher having the three components algorithm, salt and hash. The default password hasher (PBKDF2PasswordHasher) has an extra iterations component, breaking the test.
2023-09-18Increased the default PBKDF2 iterations for Django 5.1.Mariusz Felisiak
2023-09-18Refs #33691 -- Removed insecure password hashers per deprecation timeline.Mariusz Felisiak
2023-09-18Refs #33764 -- Removed BaseUserManager.make_random_password() per ↵Mariusz Felisiak
deprecation timeline.
2023-08-22Removed unnecessary trailing commas in tests.konsti
2023-08-08Fixed #34542 -- Made createsuperuser handle required blank fields in ↵Mateusz Więckowski
non-interactive mode.
2023-06-27Fixed #34391 -- Added async-compatible interface to auth functions and ↵Jon Janzen
related methods test clients.
2023-05-18Fixed #34565 -- Added support for async checking of user passwords.HappyDingning
2023-03-28Fixed #34438 -- Reallowed extending UserCreationForm.Gary Jarrel
Regression in 298d02a77a69321af8c0023df3250663e9d1362d.
2023-03-20Fixed some typos in comments, docstrings, and tests.Liyang Zhang
2023-03-09Fixed #33985 -- Used app_config.verbose_name in ContentType.__str__().Hrushikesh Vaidya
2023-03-08Fixed #34384 -- Fixed session validation when rotation secret keys.David Wobrock
Bug in 0dcd549bbe36c060f536ec270d34d9e7d4b8e6c7. Thanks Eric Zarowny for the report.
2023-03-07Fixed #31920 -- Made AuthenticationMiddleware add request.auser().Jon Janzen
2023-02-04Increased the default PBKDF2 iterations for Django 5.0.Mariusz Felisiak
Follow up to 9a1848f48c1f7f627a52b2063a8a8428e77765d6.
2023-02-01Refs #33476 -- Applied Black's 2023 stable style.David Smith
Black 23.1.0 is released which, as the first release of the year, introduces the 2023 stable style. This incorporates most of last year's preview style. https://github.com/psf/black/releases/tag/23.1.0
2023-01-17Increased the default PBKDF2 iterations for Django 5.0.Mariusz Felisiak
2023-01-17Refs #33691 -- Removed django.contrib.auth.hashers.CryptPasswordHasher per ↵Mariusz Felisiak
deprecation timeline.
2023-01-17Refs #15619 -- Removed support for logging out via GET requests.Mariusz Felisiak
Per deprecation timeline.
2023-01-17Refs #33561 -- Made created=True required in signature of ↵Mariusz Felisiak
RemoteUserBackend.configure_user() subclasses. Per deprecation timeline.
2023-01-04Refs #34074 -- Used headers argument for RequestFactory and Client in docs ↵David Wobrock
and tests.
2022-12-29Fixed #25617 -- Added case-insensitive unique username validation in ↵Paul Schilling
UserCreationForm. Co-Authored-By: Neven Mundar <nmundar@gmail.com>
2022-12-24Fixed #34165 -- Made permissions creation respect the "using" parameter.David Wobrock
2022-11-29Fixed #34187 -- Made UserCreationForm save many-to-many fields.sdolemelipone
2022-11-10Updated documentation and comments for RFC updates.Nick Pope
- Updated references to RFC 1123 to RFC 5322 - Only partial as RFC 5322 sort of sub-references RFC 1123. - Updated references to RFC 2388 to RFC 7578 - Except RFC 2388 Section 5.3 which has no equivalent. - Updated references to RFC 2396 to RFC 3986 - Updated references to RFC 2616 to RFC 9110 - Updated references to RFC 3066 to RFC 5646 - Updated references to RFC 7230 to RFC 9112 - Updated references to RFC 7231 to RFC 9110 - Updated references to RFC 7232 to RFC 9110 - Updated references to RFC 7234 to RFC 9111 - Tidied up style of text when referring to RFC documents
2022-10-27Fixed #34066 -- Fixed link to password reset view in ↵Simon Kern
UserChangeForm.password's help text when using to_field. Co-Authored-By: David Sanders <shang.xiao.sanders@gmail.com> Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-10-26Completed test coverage for contrib.auth.forms.Marcelo Galigniana