mirror of
				https://github.com/django/django.git
				synced 2025-10-26 07:06:08 +00:00 
			
		
		
		
	Fixed CVE-2018-6188 -- Fixed information leakage in AuthenticationForm.
Reverted 359370a8b8 (refs #28645).
This is a security fix.
			
			
This commit is contained in:
		| @@ -1,8 +1,11 @@ | ||||
| from django.contrib.admin.forms import AdminAuthenticationForm | ||||
| from django.contrib.auth.models import User | ||||
| from django.test import TestCase | ||||
| from django.test import TestCase, override_settings | ||||
|  | ||||
|  | ||||
| # To verify that the login form rejects inactive users, use an authentication | ||||
| # backend that allows them. | ||||
| @override_settings(AUTHENTICATION_BACKENDS=['django.contrib.auth.backends.AllowAllUsersModelBackend']) | ||||
| class AdminAuthenticationFormTests(TestCase): | ||||
|     @classmethod | ||||
|     def setUpTestData(cls): | ||||
|   | ||||
		Reference in New Issue
	
	Block a user