| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2025-02-01 | [5.2.x] Fixed #36140 -- Allowed BaseUserCreationForm to define non required ↵ | nessita | |
| password fields. Regression in e626716c28b6286f8cf0f8174077f3d2244f3eb3. Thanks buffgecko12 for the report and Sarah Boyce for the review. Backport of d15454a6e84a595ffc8dc1b926282f484f782a8f from main. | |||
| 2024-09-03 | Fixed CVE-2024-45231 -- Avoided server error on password reset when email ↵ | Natalia | |
| sending fails. On successful submission of a password reset request, an email is sent to the accounts known to the system. If sending this email fails (due to email backend misconfiguration, service provider outage, network issues, etc.), an attacker might exploit this by detecting which password reset requests succeed and which ones generate a 500 error response. Thanks to Thibaut Spriet for the report, and to Mariusz Felisiak, Adam Johnson, and Sarah Boyce for the reviews. | |||
| 2024-08-23 | Added helper and refactored PasswordResetFormTest to unify email sending tests. | nessita | |
| 2024-08-19 | Fixed #35678 -- Removed "usable_password" field from BaseUserCreationForm. | Natalia | |
| Refs #34429: Following the implementation allowing the setting of unusable passwords via the admin site, the `BaseUserCreationForm` and `UserCreationForm` were extended to include a new field for choosing whether password-based authentication for the new user should be enabled or disabled at creation time. Given that these forms are designed to be extended when implementing custom user models, this branch ensures that this new field is moved to a new, admin-dedicated, user creation form `AdminUserCreationForm`. Regression in e626716c28b6286f8cf0f8174077f3d2244f3eb3. Thanks Simon Willison for the report, Fabian Braun and Sarah Boyce for the review. | |||
| 2024-08-19 | Refs #35678 -- Split tests for BaseUserCreationForm when using a custom User ↵ | Natalia | |
| model. This work also allows to subclass BaseUserCreationFormTest to reuse the tests and assertions for testing forms that extend BaseUserCreationForm, which is now used for UserCreationFormTest, increasing its coverage. | |||
| 2024-05-30 | Fixed #35477 -- Corrected 'required' errors in auth password set/change forms. | Fabian Braun | |
| The auth forms using SetPasswordMixin were incorrectly including the 'This field is required.' error when additional validations (e.g., overriding `clean_password1`) were performed and failed. This fix ensures accurate error reporting for password fields. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> | |||
| 2024-03-27 | Fixed #34977 -- Improved accessibility in the UserChangeForm by replacing ↵ | Fabian Braun | |
| the reset password link with a button. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> | |||
| 2024-02-20 | Fixed #34429 -- Allowed setting unusable passwords for users in the auth forms. | Fabian Braun | |
| Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> | |||
| 2024-02-20 | Refs #34429 -- Defined test user with unusable password for auth forms tests. | Natalia | |
| 2024-01-26 | Applied Black's 2024 stable style. | Mariusz Felisiak | |
| https://github.com/psf/black/releases/tag/24.1.0 | |||
| 2024-01-12 | Added test ensuring that validate_password is used in AdminPasswordChangeForm. | nessita | |
| Co-authored-by: Fabian Braun <fsbraun@gmx.de> | |||
| 2023-11-01 | Fixed CVE-2023-46695 -- Fixed potential DoS in UsernameField on Windows. | Mariusz Felisiak | |
| Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report. | |||
| 2023-03-28 | Fixed #34438 -- Reallowed extending UserCreationForm. | Gary Jarrel | |
| Regression in 298d02a77a69321af8c0023df3250663e9d1362d. | |||
| 2022-12-29 | Fixed #25617 -- Added case-insensitive unique username validation in ↵ | Paul Schilling | |
| UserCreationForm. Co-Authored-By: Neven Mundar <nmundar@gmail.com> | |||
| 2022-11-29 | Fixed #34187 -- Made UserCreationForm save many-to-many fields. | sdolemelipone | |
| 2022-10-27 | Fixed #34066 -- Fixed link to password reset view in ↵ | Simon Kern | |
| UserChangeForm.password's help text when using to_field. Co-Authored-By: David Sanders <shang.xiao.sanders@gmail.com> Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2022-10-26 | Completed test coverage for contrib.auth.forms. | Marcelo Galigniana | |
| 2022-09-01 | Fixed ReadOnlyPasswordHashWidget's template for RTL languages. | Shai Berger | |
| 2022-02-07 | Refs #33476 -- Refactored code to strictly match 88 characters line length. | Mariusz Felisiak | |
| 2022-02-07 | Refs #33476 -- Reformatted code with Black. | django-bot | |
| 2021-07-07 | Used more specific unittest assertions in tests. | Mads Jensen | |
| 2021-05-19 | Fixed #32765 -- Removed "for" HTML attribute from ReadOnlyPasswordHashWidget. | David Sanders | |
| ReadOnlyPasswordHashWidget doesn't have any labelable elements. | |||
| 2020-12-03 | Fixed #32235 -- Made ReadOnlyPasswordHashField disabled by default. | Timo Ludwig | |
| 2020-04-28 | Changed django.forms.ValidationError imports to ↵ | François Freitag | |
| django.core.exceptions.ValidationError. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2019-12-18 | Fixed CVE-2019-19844 -- Used verified user email for password reset requests. | Simon Charette | |
| Co-Authored-By: Florian Apolloner <florian@apolloner.eu> | |||
| 2019-09-18 | Fixed #30776 -- Restored max length validation on ↵ | Sam Reynolds | |
| AuthenticationForm.UsernameField. Regression in 5ceaf14686ce626404afb6a5fbd3d8286410bf13. Thanks gopackgo90 for the report and Mariusz Felisiak for tests. | |||
| 2019-06-28 | Fixed #30400 -- Improved typography of user facing strings. | Jon Dufresne | |
| Thanks Claude Paroz for assistance with translations. | |||
| 2019-06-07 | Fixed #29379 -- Added autocomplete attribute to contrib.auth.forms fields. | Hasan Ramezani | |
| Thank you to Nick Pope for review. Co-authored-by: CHI Cheng <cloudream@gmail.com> | |||
| 2019-05-15 | Fixed mis-capitalisation in comment. | Ally Weir | |
| 2019-04-25 | Fixed #30399 -- Changed django.utils.html.escape()/urlize() to use ↵ | Jon Dufresne | |
| html.escape()/unescape(). | |||
| 2019-03-29 | Fixed #30236 -- Made UsernameField render with autocapitalize="none" HTML ↵ | pmisteli | |
| attribute. This prevents automatic capitalization, which is the default behavior in some browsers. | |||
| 2018-07-02 | Fixed #29449 -- Reverted "Fixed #28757 -- Allowed using contrib.auth forms ↵ | Tim Graham | |
| without installing contrib.auth." This reverts commit 3333d935d2914cd80cf31f4803821ad5c0e2a51d due to a crash if USERNAME_FIELD isn't a CharField. | |||
| 2018-04-04 | Added additional AdminPasswordChangeForm tests. | Mads Jensen | |
| 2018-03-29 | Fixed #29270 -- Fixed UserChangeForm crash if password field is excluded. | Malte Gerth | |
| 2018-02-01 | Fixed CVE-2018-6188 -- Fixed information leakage in AuthenticationForm. | Tim Graham | |
| Reverted 359370a8b8ca0efe99b1d4630b291ec060b69225 (refs #28645). This is a security fix. | |||
| 2018-01-05 | Fixed #28757 -- Allowed using contrib.auth forms without installing ↵ | shanghui | |
| contrib.auth. Also fixed #28608 -- Allowed UserCreationForm and UserChangeForm to work with custom user models. Thanks Sagar Chalise and Rômulo Collopy for reports, and Tim Graham and Tim Martin for reviews. | |||
| 2017-11-08 | Fixed #28645 -- Reallowed AuthenticationForm to raise the inactive user ↵ | shanghui | |
| error when using ModelBackend. Regression in e0a3d937309a82b8beea8f41b17d8b6298da2a86. Thanks Guilherme Junqueira for the report and Tim Graham for the review. | |||
| 2017-10-23 | Fixed #28706 -- Moved AuthenticationFormn invalid login ValidationError to a ↵ | Jon Dufresne | |
| method for reuse. | |||
| 2017-10-20 | Fixed #27515 -- Made AuthenticationForm's username field use the max_length ↵ | Lucas Connors | |
| from the model field. Thanks Ramin Farajpour Cami for the report. | |||
| 2017-10-20 | Refs #19130 -- Added a test for AuthenticationForm.username max_length. | Lucas Connors | |
| This will be a more useful regression test after refs #27515. | |||
| 2017-06-21 | Fixed #28127 -- Allowed UserCreationForm's password validation to check all ↵ | Andrew Pinkham | |
| user fields. | |||
| 2017-04-19 | Fixed #28097 -- Fixed layout of ReadOnlyPasswordHashWidget. | Tim Graham | |
| 2017-02-07 | Converted usage of ugettext* functions to their gettext* aliases | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
| 2017-01-25 | Refs #23919 -- Replaced super(ClassName, self) with super(). | chillaranand | |
| 2017-01-24 | Removed unneeded force_text calls in the test suite | Claude Paroz | |
| 2017-01-20 | Refs #23919 -- Removed django.test.mock Python 2 compatibility shim. | Tim Graham | |
| 2017-01-19 | Refs #23919 -- Stopped inheriting from object to define new style classes. | Simon Charette | |
| 2017-01-18 | Refs #23919 -- Removed six.PY2/PY3 usage | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
| 2017-01-18 | Refs #23919 -- Removed encoding preambles and future imports | Claude Paroz | |
| 2016-11-10 | Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings. | za | |
 |
index : django.git | |
| django |
| summaryrefslogtreecommitdiff |