| Age | Commit message (Collapse) | Author |
|---|
|
Thanks Olivier Dalang, Tim McCurrach, Sarah Boyce, and Mar Bartolome for reviews.
|
|
For use in checking user permissions via has_perm().
Co-authored-by: 사재혁 <jaehyuck.sa.dev@gmail.com>
|
|
alogin/alogout().
Regression in 31a43c571f4d036827d4fd7a5f615591637dc1be.
|
|
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
|
|
Thanks Sarah Boyce and Jacob Walls for reviews.
Co-authored-by: Hrushikesh Vaidya <hrushikeshrv@gmail.com>
|
|
deferred annotations.
Provide a wrapper for safe introspection of user functions on Python 3.14+.
Follow-up to 601914722956cc41f1f2c53972d669ddee6ffc04.
|
|
It's how Django formats values internally and makes tests compatible
with databases that use non-integer primary keys.
|
|
auth handler.
Refs CVE-2024-39329, #20760.
Thanks Stackered for the report, and Jacob Walls and Markus Holtermann
for the reviews.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
As Python 3.12 is now the floor, we can drop the shims and
use the `inspect` module.
|
|
https://github.com/psf/black/releases/tag/26.1.0
|
|
model renaming in migrations."
This reverts commits f02b49d2f3bf84f5225de920ca510149f1f9f1da and 6e89271a8507fe272d11814975500a1b40303a04.
|
|
It isn't safe to set display: flex on <fieldset>, because on Safari this
interferes with display: block on child divs.
Thanks Paulo Coutinho for the report and Antoliny for the review.
Regression in 4187da258fe212d494cb578a0bc2b52c4979ab95.
|
|
|
|
tests/auth_tests/test_handlers.py.
|
|
UserModel.is_anonymous/is_authenticated methods.
|
|
|
|
Co-authored by: farita1699 <uwanjerry25@gmail.com>
|
|
|
|
aprocess_request().
Per deprecation timeline.
|
|
auth.alogin.
Per deprecation timeline.
|
|
Regression in f02b49d2f3bf84f5225de920ca510149f1f9f1da.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
|
|
|
|
|
|
|
|
contrib.auth.alogout().
|
|
- Changed EmailMessage.message() to construct a "modern email API"
email.message.EmailMessage and added policy keyword arg.
- Added support for modern MIMEPart objects in EmailMessage.attach()
(and EmailMessage constructor, EmailMessage.attachments list).
- Updated SMTP EmailBackend to use modern email.policy.SMTP.
Deprecated:
- Attaching MIMEBase objects (replace with MIMEPart)
- BadHeaderError (modern email uses ValueError)
- SafeMIMEText, SafeMIMEMultipart (unnecessary for modern email)
- django.core.mail.forbid_multi_line_headers()
(undocumented, but exposed via `__all__` and in wide use)
- django.core.mail.message.sanitize_address()
(undocumented, but in wide use)
Removed without deprecation (all undocumented):
- EmailMessage.mixed_subtype
- EmailMultiAlternatives.alternative_subtype
- Support for setting (undocumented) EmailMessage.encoding property
to a legacy email.charset.Charset object
Related changes:
- Dropped tests for incorrect RFC 2047 encoding of non-ASCII email
address localparts. This is specifically prohibited by RFC 2047, and
not supported by any known MTA or email client. (Python still
mis-applies encoded-word to non-ASCII localparts, but it is a bug that
may be fixed in the future.)
- Added tests that try to discourage using Python's legacy email APIs
in future updates to django.core.mail.
|
|
Rewrapped long docstrings and block comments to 79 characters + newline
using script from https://github.com/medmunds/autofix-w505.
|
|
|
|
Co-authored-by: Screamadelica <1621456391@sjtu.edu.cn>
|
|
In public mail APIs, changed less frequently used parameters from
keyword-or-positional to keyword-only, emitting a warning during the
required deprecation period.
|
|
aprocess_request().
Regression in 50f89ae850f6b4e35819fe725a08c7e579bfd099.
Thank you to shamoon for the report and Natalia Bidart for the review.
|
|
sufficient permissions.
This change ensures that the "Reset password" button in the admin is
shown only when the user has the necessary permission to perform a
password change operation. It reuses the password hashing rendering
logic in `display_for_field` to show the appropriate read-only widget
for users with view-only access.
|
|
rendering.
|
|
Regression in ec7d69035a408b357f1803ca05a7c991cc358cfa.
Thank you Gabriel Trouvé for the report and Claude Paroz for the review.
|
|
|
|
https://github.com/psf/black/releases/tag/25.1.0
|
|
auth/common-passwords.txt.gz.
|
|
datetime.UTC was added in Python 3.11.
|
|
fields.
Regression in e626716c28b6286f8cf0f8174077f3d2244f3eb3.
Thanks buffgecko12 for the report and Sarah Boyce for the review.
|
|
|
|
composite primary key.
|
|
|
|
|
|
unavailable.
Thanks Mariusz Felisiak and Jacob Tyler Walls for reviews.
|
|
|
|
asyncio.iscoroutinefunction().
Fixes DeprecationWarning:
'asyncio.iscoroutinefunction' is deprecated and slated for removal in
Python 3.16; use inspect.iscoroutinefunction() instead.
|
|
HttpResponse.text property.
Signed-off-by: SaJH <wogur981208@gmail.com>
|
|
|
|
|
|
sending fails.
On successful submission of a password reset request, an email is sent
to the accounts known to the system. If sending this email fails (due to
email backend misconfiguration, service provider outage, network issues,
etc.), an attacker might exploit this by detecting which password reset
requests succeed and which ones generate a 500 error response.
Thanks to Thibaut Spriet for the report, and to Mariusz Felisiak, Adam
Johnson, and Sarah Boyce for the reviews.
|
