django.git - django

Age	Commit message (Collapse)	Author
2021-01-14	Fixed #31358 -- Increased salt entropy of password hashers.	Jon Moroney
	Co-authored-by: Florian Apolloner <florian@apolloner.eu>
2021-01-14	Refs #31358 -- Added bcrypt password hashers tests for must_update() with ↵	Jon Moroney
	salt().
2020-12-28	Refs #31358 -- Fixed decoding salt in Argon2PasswordHasher.	Florian Apolloner
	Argon2 encodes the salt as base64 for representation in the final hash output. To be able to accurately return the used salt from decode(), add padding, b64decode, and decode from latin1 (for the remote possibility that someone supplied a custom hash consisting solely of bytes -- this would require a manual construction of the hash though, Django's interface does not allow for that).
2020-12-03	Fixed #32235 -- Made ReadOnlyPasswordHashField disabled by default.	Timo Ludwig

2020-11-30	Refs #31978 -- Fixed hint in admin's password reset confirmation form for ↵	Mariusz Felisiak
	custom username fields. Thanks Jaap Roes for the report.
2020-11-30	Refs #22909 -- Removed camelCasing in auth_tests.test_templates tests.	Mariusz Felisiak

2020-11-10	Avoided direct styles in admin templates.	Claude Paroz
	Direct styles might be forbidden by Content Security Policies.
2020-10-28	Refs #28215 -- Marked auth credentials as sensitive variables.	Hasan Ramezani
	Co-authored-by: Collin Anderson <collin@onetencommunications.com>
2020-10-22	Fixed #32130 -- Fixed pre-Django 3.1 password reset tokens validation.	Mariusz Felisiak
	Thanks Gordon Wrigley for the report and implementation idea. Regression in 226ebb17290b604ef29e82fb5c1fbac3594ac163.
2020-10-21	Fixed #26615 -- Made password reset token invalidate when changing email.	Jacob Walls
	Co-Authored-By: Silas Barta <sbarta@gmail.com>
2020-10-20	Fixed #32121 -- Fixed detecting uniqueness of USERNAME_FIELD when using ↵	Hannes Ljungberg
	Meta.constraints. Co-authored-by: Simon Charette <charettes@users.noreply.github.com>
2020-09-14	Fixed #32003 -- Added obj argument to has_perm() methods in tests.	Alexander Todorov

2020-09-14	Fixed #31789 -- Added a new headers interface to HttpResponse.	Tom Carrick

2020-09-10	Fixed #31992 -- Made admin password reset templates use title/content_title ↵	Jon Dufresne
	blocks from the base template.
2020-09-03	Fixed #31978 -- Added username hint to admin's password reset confirmation form.	Collin Anderson

2020-08-14	Fixed #31878 -- Made createsuperuser respect --database option in default ↵	Yan Mitrofanov
	usernames.
2020-08-14	Fixed typo in tests/auth_tests/test_management.py docstring.	Yan Mitrofanov

2020-08-05	Fixed #26977 -- Made abstract models raise TypeError when instantiating.	Jacob Walls

2020-08-04	Fixed #31842 -- Added DEFAULT_HASHING_ALGORITHM transitional setting.	Mariusz Felisiak
	It's a transitional setting helpful in migrating multiple instance of the same project to Django 3.1+. Thanks Markus Holtermann for the report and review, Florian Apolloner for the implementation idea and review, and Carlton Gibson for the review.
2020-07-09	Used urllib.parse.urljoin() in auth_tests to join URLs.	Jon Dufresne
	As the strings represent URLs and not paths, should use urllib to manipulate them.
2020-07-06	Refs #26445 -- Allowed using UserManager.create_user()/create_superuser() in ↵	Hasan Ramezani
	migrations. Used app config to lookup user model in _create_user(). Thanks Markus Holtermann for the review and initial patch. Thanks Simon Charette for the implementation idea.
2020-06-23	Fixed #31443 -- Fixed login redirection in auth mixins when LOGIN_URL is ↵	Frantisek Holop
	off-site URL.
2020-06-23	Refs #31358 -- Added decode() to password hashers.	Jon Moroney
	By convention a hasher which does not use a salt should populate the decode dict with `None` rather than omit the dict key. Co-Authored-By: Florian Apolloner <apollo13@users.noreply.github.com>
2020-06-17	Fixed #30472 -- Made Argon2PasswordHasher use Argon2id.	Florian Apolloner

2020-06-17	Added test for old Argon2i hashes with version attribute.	Florian Apolloner

2020-05-15	Refs #31395 -- Relied on setUpTestData() test data isolation in various tests.	Simon Charette

2020-05-14	Fixed #31575 -- Added system check for admin sidebar request context ↵	Jon Dufresne
	processor dependency. Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
2020-05-13	Disabled management commands output with verbosity 0 in various tests.	François Freitag

2020-05-13	Increased the default PBKDF2 iterations for Django 3.2.	Mariusz Felisiak

2020-05-11	Refs #30116 -- Simplified regex match group access with Match.__getitem__().	Jon Dufresne
	The method has been available since Python 3.6. The shorter syntax is also marginally faster.
2020-05-01	Removed unnecessary inner methods in CreatesuperuserManagementCommandTestCase.	François Freitag

2020-04-29	Refs #27468 -- Made user sessions use SHA-256 algorithm.	Mariusz Felisiak

2020-04-28	Changed django.forms.ValidationError imports to ↵	François Freitag
	django.core.exceptions.ValidationError. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-04-20	Capitalized Unicode in docs, strings, and comments.	Jon Dufresne

2020-04-20	Disabled management commands output with verbosity 0 in various tests.	François Freitag
	Instead of capturing the command output and discard it immediately, tell the command not to log.
2020-04-20	Removed unnecessary capturing of stdout/stderr in auth_tests.test_management.	François Freitag

2020-03-31	Fixed #31375 -- Made contrib.auth.hashers.make_password() accept only bytes ↵	Hasan Ramezani
	or strings.
2020-03-31	Refs #31375 -- Added test for contrib.auth.hashers.make_password() bytes ↵	Hasan Ramezani
	support.
2020-03-16	Fixed #31361 -- Fixed invalid action="" in admin forms.	Jon Dufresne
	The attribute action="" (empty string) on the <form> element is invalid HTML5. The spec (https://html.spec.whatwg.org/#attr-fs-action) says: > The action and formaction content attributes, if specified, must have > a value that is a valid non-empty URL potentially surrounded by > spaces. Emphasis on non-empty. The action attribute is allowed to be omitted, in which case the current URL is used which is the same behavior as now.
2020-03-12	Fixed random auth_tests.test_tokens.TokenGeneratorTest.test_timeout failures.	Mariusz Felisiak
	Random failures depended on the current timestamp. Thanks Matthijs Kooijman for the review.
2020-02-26	Fixed #28699 -- Fixed CSRF validation with remote user middleware.	Colton Hicks
	Ensured process_view() always accesses the CSRF token from the session or cookie, rather than the request, as rotate_token() may have been called by an authentication middleware during the process_request() phase.
2020-02-26	Fixed #31289 -- Added hint for USERNAME_FIELD/REQUIRED_FIELDS system check.	aryan

2020-02-18	Refs #26601 -- Deprecated passing None as get_response arg to middleware ↵	Claude Paroz
	classes. This is the new contract since middleware refactoring in Django 1.10. Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-02-12	Refs #27468 -- Made PasswordResetTokenGenerator use SHA-256 algorithm.	Claude Paroz

2020-02-12	Removed unnecessary token regex in auth_tests URLs.	Claude Paroz
	All URLs in django.contrib.auth use a "<uidb64>/<token>" pattern.
2020-02-07	Used assertRaisesMessage() in various tests.	Hasan Ramezani

2020-01-30	Replaced assertWarns() with SimpleTestCase.assertWarnsMessage() in tests.	Hasan Ramezani

2020-01-29	Made token tests in auth_tests use assertIs() rather than assertTrue/False().	Jon Dufresne

2020-01-23	Fixed #31200 -- Added system checks for permissions codenames max length.	Michael Mulholland

2020-01-20	Refs #31117 -- Made various tests properly handle unexpected databases aliases.	Matthijs Kooijman
	- Used selected "databases" instead of django.db.connections. - Made routers in tests.migrations skip migrations on unexpected databases. - Added DiscoverRunnerGetDatabasesTests.assertSkippedDatabases() hook which properly asserts messages about skipped databases.