mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-12 05:39:11 +00:00
Code Issues 32 Releases Wiki Activity
30,295 Commits 29 Branches 451 Tags
Commit Graph

356 Commits

Author SHA1 Message Date
David Smith
e565a5cd18 [4.0.x] Refs #33476 -- Applied Black's 2023 stable style. 
Black 23.1.0 is released which, as the first release of the year,
introduces the 2023 stable style. This incorporates most of last year's
preview style.

https://github.com/psf/black/releases/tag/23.1.0

Backport of 097e3a70c1481ee7b042b2edd91b2be86fb7b5b6 from main.
 2023-02-01 11:52:33 +01:00
HieuPham9720
d3ee881c8e [4.0.x] Skipped scrypt tests when OpenSSL 1.1+ is not installed. 
Backport of 3e928de8add92a5f38a562abd7560b023d24b6af from main
 2022-10-20 18:53:47 -07:00
Mariusz Felisiak
3278c31fa5 [4.0.x] Refs #33476 -- Refactored code to strictly match 88 characters line length. 
Backport of 7119f40c9881666b6f9b5cf7df09ee1d21cc8344 from main.
 2022-02-08 19:25:02 +01:00
django-bot
6a682b38e7 [4.0.x] Refs #33476 -- Reformatted code with Black. 
Backport of 9c19aff7c7561e3a82978a272ecdaad40dda5c00 from main.
 2022-02-08 12:15:38 +01:00
Florian Apolloner
df79ef03ac [4.0.x] Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator. 
Thanks Chris Bailey for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
 2022-01-04 10:10:14 +01:00
Christophe Henry
048fbf9c89 [4.0.x] Fixed #33178 -- Made createsuperuser validate required fields passed in options in interactive mode. 
Backport of b1b26b37aff0c80d6abdf15c5ffdf0440a9a1d6a from main.
 2021-10-12 08:43:56 +02:00
Christophe Henry
b55df4c74a [4.0.x] Refs #21755 -- Fixed createsuperuser crash for required foreign keys passed in options in interactive mode. 
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>

Backport of 4ff500f2948bfc332b3f4159021cad06e91943d3 from main
 2021-10-12 07:43:17 +02:00
Mariusz Felisiak
224fa0bc7d [4.0.x] Refs #29628, Refs #33178 -- Made createsuperuser validate password against required fields passed in options. 
Backport of da266b3c5ca4bb7581d7a3cc51bc820e78cf64f0 from main
 2021-10-12 07:41:51 +02:00
Christophe Henry
f2a59630f4 [4.0.x] Fixed #33151 -- Fixed createsuperuser crash for many-to-many required fields in non-interactive mode. 
Backport of df2d2bc95c451c6366fd522a5a1e6ed84f459f31 from main
 2021-10-07 13:11:18 +02:00
Mateo Radman
a7f27fca52 Refs #32508 -- Raised TypeError/ValueError instead of using "assert" in encode() methods of remaining password hashers. 2021-09-06 07:47:53 +02:00
Mariusz Felisiak
54a30a7a00 Refs #29898 -- Changed ProjectState.real_apps to set. 2021-08-11 09:01:14 +02:00
David Smith
6802ac4415
Refs #32956 -- Corrected usage of "insure" and "assure". 2021-08-02 07:45:26 +02:00
ryowright
1783b3cb24 Fixed #32275 -- Added scrypt password hasher. 
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2021-07-22 12:40:33 +02:00
Mariusz Felisiak
83022d279c
Refs #32508 -- Raised TypeError/ValueError instead of using "assert" in encode() methods of some password hashers. 2021-07-22 09:42:07 +02:00
Chris Jerdonek
f3825ee050
Fixed wording of AuthViewsTestCase's docstring. 2021-07-19 06:36:20 +02:00
Mads Jensen
c51bf80d56 Used more specific unittest assertions in tests. 2021-07-07 10:51:38 +02:00
Mateo Radman
8a7ac78b70 Refs #32508 -- Raised ImproperlyConfigured/TypeError instead of using "assert" in various code. 2021-06-25 06:55:47 +02:00
abhiabhi94
22da686ca9 Refs #24121 -- Added __repr__() to PermWrapper. 2021-05-28 08:03:23 +02:00
David Sanders
736bb9868a Renamed "object" argument of ModelAdmin.log_addition(), log_change(), and log_deletion() methods. 2021-05-20 07:29:16 +02:00
David Sanders
536c155e67 Fixed #32765 -- Removed "for" HTML attribute from ReadOnlyPasswordHashWidget. 
ReadOnlyPasswordHashWidget doesn't have any labelable elements.
 2021-05-19 20:34:57 +02:00
François Freitag
6b0b3eafd6 Fixed #32664 -- Made PasswordResetTokenGenerator.secret validation lazy. 
Django apps initialization to run management command triggers the admin
autodiscovery. Importing django.contrib.auth.tokens creates an instance
of PasswordResetTokenGenerator which required a SECRET_KEY.

For several management commands, the token generator is unused. It
should only complain about a missing SECRET_KEY when it is used.
 2021-04-20 07:34:53 +02:00
François Freitag
b13af4752f Refs #28017 -- Added test for PasswordResetTokenGenerator subclass with a custom secret. 2021-04-20 07:28:06 +02:00
Hasan Ramezani
a2d5ea626e Refs #32508 -- Raised ImproperlyConfigured instead of using "assert" in middlewares. 2021-03-11 08:34:28 +01:00
ThinkChaos
b99d6c9cbc Fixed #28216 -- Added next_page/get_default_redirect_url() to LoginView. 2021-02-08 21:08:05 +01:00
Mariusz Felisiak
a948d9df39 Increased the default PBKDF2 iterations for Django 4.0. 2021-01-14 17:50:04 +01:00
Mariusz Felisiak
0aa6a602b2 Refs #31842 -- Removed DEFAULT_HASHING_ALGORITHM transitional setting. 
Per deprecation timeline.
 2021-01-14 17:50:04 +01:00
Mariusz Felisiak
6b4941dd57 Refs #27468 -- Removed support for the pre-Django 3.1 user sessions. 
Per deprecation timeline.
 2021-01-14 17:50:04 +01:00
Mariusz Felisiak
66b4046d68 Refs #27468 -- Removed support for the pre-Django 3.1 password reset tokens. 
Per deprecation timeline.
 2021-01-14 17:50:04 +01:00
Mariusz Felisiak
12ac4916af Refs #28622 -- Removed settings.PASSWORD_RESET_TIMEOUT_DAYS per deprecation timeline. 2021-01-14 17:50:04 +01:00
Jon Moroney
76ae6ccf85 Fixed #31358 -- Increased salt entropy of password hashers. 
Co-authored-by: Florian Apolloner <florian@apolloner.eu>
 2021-01-14 11:20:28 +01:00
Jon Moroney
6bd206e1ff Refs #31358 -- Added bcrypt password hashers tests for must_update() with salt(). 2021-01-14 11:20:28 +01:00
Florian Apolloner
c76d51b3ad Refs #31358 -- Fixed decoding salt in Argon2PasswordHasher. 
Argon2 encodes the salt as base64 for representation in the final hash
output. To be able to accurately return the used salt from decode(),
add padding, b64decode, and decode from latin1 (for the remote
possibility that someone supplied a custom hash consisting solely of
bytes -- this would require a manual construction of the hash though,
Django's interface does not allow for that).
 2020-12-28 11:02:08 +01:00
Timo Ludwig
d8dfff2ab0 Fixed #32235 -- Made ReadOnlyPasswordHashField disabled by default. 2020-12-03 09:32:08 +01:00
Mariusz Felisiak
3828427f63 Refs #31978 -- Fixed hint in admin's password reset confirmation form for custom username fields. 
Thanks Jaap Roes for the report.
 2020-11-30 06:34:22 +01:00
Mariusz Felisiak
58740c0d7f Refs #22909 -- Removed camelCasing in auth_tests.test_templates tests. 2020-11-30 06:34:22 +01:00
Claude Paroz
187482d743
Avoided direct styles in admin templates. 
Direct styles might be forbidden by Content Security Policies.
 2020-11-10 21:32:15 +01:00
Hasan Ramezani
4eb756793b
Refs #28215 -- Marked auth credentials as sensitive variables. 
Co-authored-by: Collin Anderson <collin@onetencommunications.com>
 2020-10-28 14:21:53 +01:00
Mariusz Felisiak
3418092238
Fixed #32130 -- Fixed pre-Django 3.1 password reset tokens validation. 
Thanks Gordon Wrigley for the report and implementation idea.

Regression in 226ebb17290b604ef29e82fb5c1fbac3594ac163.
 2020-10-22 13:21:14 +02:00
Jacob Walls
0362b0e986 Fixed #26615 -- Made password reset token invalidate when changing email. 
Co-Authored-By: Silas Barta <sbarta@gmail.com>
 2020-10-21 09:29:53 +02:00
Hannes Ljungberg
f7963615eb Fixed #32121 -- Fixed detecting uniqueness of USERNAME_FIELD when using Meta.constraints. 
Co-authored-by: Simon Charette <charettes@users.noreply.github.com>
 2020-10-20 07:23:51 +02:00
Alexander Todorov
5fab16392f
Fixed #32003 -- Added obj argument to has_perm() methods in tests. 2020-09-14 12:28:17 +02:00
Tom Carrick
bcc2befd0e Fixed #31789 -- Added a new headers interface to HttpResponse. 2020-09-14 08:41:59 +02:00
Jon Dufresne
53c0d16ac1
Fixed #31992 -- Made admin password reset templates use title/content_title blocks from the base template. 2020-09-10 11:53:09 +02:00
Collin Anderson
daa26acc4e Fixed #31978 -- Added username hint to admin's password reset confirmation form. 2020-09-03 09:25:21 +02:00
Yan Mitrofanov
b88f98738f Fixed #31878 -- Made createsuperuser respect --database option in default usernames. 2020-08-14 11:08:20 +02:00
Yan Mitrofanov
552bb82928 Fixed typo in tests/auth_tests/test_management.py docstring. 2020-08-14 11:08:12 +02:00
Jacob Walls
c7e7f176c1 Fixed #26977 -- Made abstract models raise TypeError when instantiating. 2020-08-05 06:37:04 +02:00
Mariusz Felisiak
d907371ef9 Fixed #31842 -- Added DEFAULT_HASHING_ALGORITHM transitional setting. 
It's a transitional setting helpful in migrating multiple instance of
the same project to Django 3.1+.

Thanks Markus Holtermann for the report and review, Florian
Apolloner for the implementation idea and review, and Carlton Gibson
for the review.
 2020-08-04 09:35:24 +02:00
Jon Dufresne
5a3d7cf462
Used urllib.parse.urljoin() in auth_tests to join URLs. 
As the strings represent URLs and not paths, should use urllib to
manipulate them.
 2020-07-09 12:03:03 +02:00
Hasan Ramezani
7af8f41273 Refs #26445 -- Allowed using UserManager.create_user()/create_superuser() in migrations. 
Used app config to lookup user model in _create_user().

Thanks Markus Holtermann for the review and initial patch.
Thanks Simon Charette for the implementation idea.
 2020-07-06 11:47:22 +02:00