Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						048a9ebb6e 
					 
					
						
						
							
							[4.2.x] Fixed CVE-2023-46695 -- Fixed potential DoS in UsernameField on Windows.  
						
						... 
						
						
						
						Thanks MProgrammer (https://hackerone.com/mprogrammer ) for the report. 
						
						
					 
					
						2023-11-01 06:19:20 +01:00 
						 
				 
			
				
					
						
							
							
								Gary Jarrel 
							
						 
					 
					
						
						
							
						
						99ba5b43f0 
					 
					
						
						
							
							[4.2.x]  Fixed   #34438  -- Reallowed extending UserCreationForm.  
						
						... 
						
						
						
						Regression in 298d02a77afcc7dc5781 
						
						
					 
					
						2023-03-28 12:48:25 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Schilling 
							
						 
					 
					
						
						
							
						
						298d02a77a 
					 
					
						
						
							
							Fixed   #25617  -- Added case-insensitive unique username validation in UserCreationForm.  
						
						... 
						
						
						
						Co-Authored-By: Neven Mundar <nmundar@gmail.com > 
						
						
					 
					
						2022-12-29 09:42:22 +01:00 
						 
				 
			
				
					
						
							
							
								sdolemelipone 
							
						 
					 
					
						
						
							
						
						9d726c7902 
					 
					
						
						
							
							Fixed   #34187  -- Made UserCreationForm save many-to-many fields.  
						
						
						
						
					 
					
						2022-11-29 05:56:53 +01:00 
						 
				 
			
				
					
						
							
							
								Simon Kern 
							
						 
					 
					
						
						
							
						
						de2c2127b6 
					 
					
						
						
							
							Fixed   #34066  -- Fixed link to password reset view in UserChangeForm.password's help text when using to_field.  
						
						... 
						
						
						
						Co-Authored-By: David Sanders <shang.xiao.sanders@gmail.com >
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com > 
						
						
					 
					
						2022-10-27 09:23:34 +02:00 
						 
				 
			
				
					
						
							
							
								Marcelo Galigniana 
							
						 
					 
					
						
						
							
						
						b440493eaa 
					 
					
						
						
							
							Completed test coverage for contrib.auth.forms.  
						
						
						
						
					 
					
						2022-10-26 12:52:18 +02:00 
						 
				 
			
				
					
						
							
							
								Shai Berger 
							
						 
					 
					
						
						
							
						
						fdf0f62521 
					 
					
						
						
							
							Fixed ReadOnlyPasswordHashWidget's template for RTL languages.  
						
						
						
						
					 
					
						2022-09-01 21:20:15 +02:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						7119f40c98 
					 
					
						
						
							
							Refs  #33476  -- Refactored code to strictly match 88 characters line length.  
						
						
						
						
					 
					
						2022-02-07 20:37:05 +01:00 
						 
				 
			
				
					
						
							
							
								django-bot 
							
						 
					 
					
						
						
							
						
						9c19aff7c7 
					 
					
						
						
							
							Refs  #33476  -- Reformatted code with Black.  
						
						
						
						
					 
					
						2022-02-07 20:37:05 +01:00 
						 
				 
			
				
					
						
							
							
								Mads Jensen 
							
						 
					 
					
						
						
							
						
						c51bf80d56 
					 
					
						
						
							
							Used more specific unittest assertions in tests.  
						
						
						
						
					 
					
						2021-07-07 10:51:38 +02:00 
						 
				 
			
				
					
						
							
							
								David Sanders 
							
						 
					 
					
						
						
							
						
						536c155e67 
					 
					
						
						
							
							Fixed   #32765  -- Removed "for" HTML attribute from ReadOnlyPasswordHashWidget.  
						
						... 
						
						
						
						ReadOnlyPasswordHashWidget doesn't have any labelable elements. 
						
						
					 
					
						2021-05-19 20:34:57 +02:00 
						 
				 
			
				
					
						
							
							
								Timo Ludwig 
							
						 
					 
					
						
						
							
						
						d8dfff2ab0 
					 
					
						
						
							
							Fixed   #32235  -- Made ReadOnlyPasswordHashField disabled by default.  
						
						
						
						
					 
					
						2020-12-03 09:32:08 +01:00 
						 
				 
			
				
					
						
							
							
								François Freitag 
							
						 
					 
					
						
						
							
						
						9ef4a18dbe 
					 
					
						
						
							
							Changed django.forms.ValidationError imports to django.core.exceptions.ValidationError.  
						
						... 
						
						
						
						Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com > 
						
						
					 
					
						2020-04-28 10:49:00 +02:00 
						 
				 
			
				
					
						
							
							
								Simon Charette 
							
						 
					 
					
						
						
							
						
						5b1fbcef7a 
					 
					
						
						
							
							Fixed CVE-2019-19844 -- Used verified user email for password reset requests.  
						
						... 
						
						
						
						Co-Authored-By: Florian Apolloner <florian@apolloner.eu > 
						
						
					 
					
						2019-12-18 09:11:39 +01:00 
						 
				 
			
				
					
						
							
							
								Sam Reynolds 
							
						 
					 
					
						
						
							
						
						6c9778a58e 
					 
					
						
						
							
							Fixed   #30776  -- Restored max length validation on AuthenticationForm.UsernameField.  
						
						... 
						
						
						
						Regression in 5ceaf14686 
						
						
					 
					
						2019-09-18 11:37:38 +02:00 
						 
				 
			
				
					
						
							
							
								Jon Dufresne 
							
						 
					 
					
						
						
							
						
						42b9a23267 
					 
					
						
						
							
							Fixed   #30400  -- Improved typography of user facing strings.  
						
						... 
						
						
						
						Thanks Claude Paroz for assistance with translations. 
						
						
					 
					
						2019-06-28 16:46:18 +02:00 
						 
				 
			
				
					
						
							
							
								Hasan Ramezani 
							
						 
					 
					
						
						
							
						
						dcb8f00d06 
					 
					
						
						
							
							Fixed   #29379  -- Added autocomplete attribute to contrib.auth.forms fields.  
						
						... 
						
						
						
						Thank you to Nick Pope for review.
Co-authored-by: CHI Cheng <cloudream@gmail.com > 
						
						
					 
					
						2019-06-07 12:44:39 +02:00 
						 
				 
			
				
					
						
							
							
								Ally Weir 
							
						 
					 
					
						
						
							
						
						bd228cb599 
					 
					
						
						
							
							Fixed mis-capitalisation in comment.  
						
						
						
						
					 
					
						2019-05-15 12:14:59 +02:00 
						 
				 
			
				
					
						
							
							
								Jon Dufresne 
							
						 
					 
					
						
						
							
						
						8d76443aba 
					 
					
						
						
							
							Fixed   #30399  -- Changed django.utils.html.escape()/urlize() to use html.escape()/unescape().  
						
						
						
						
					 
					
						2019-04-25 15:09:07 +02:00 
						 
				 
			
				
					
						
							
							
								pmisteli 
							
						 
					 
					
						
						
							
						
						9410db9683 
					 
					
						
						
							
							Fixed   #30236  -- Made UsernameField render with autocapitalize="none" HTML attribute.  
						
						... 
						
						
						
						This prevents automatic capitalization, which is the default behavior in
some browsers. 
						
						
					 
					
						2019-03-29 15:24:44 +01:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						f3fa86a89b 
					 
					
						
						
							
							Fixed   #29449  -- Reverted "Fixed  #28757  -- Allowed using contrib.auth forms without installing contrib.auth."  
						
						... 
						
						
						
						This reverts commit 3333d935d2 
						
						
					 
					
						2018-07-02 18:39:26 -04:00 
						 
				 
			
				
					
						
							
							
								Mads Jensen 
							
						 
					 
					
						
						
							
						
						9c651641f1 
					 
					
						
						
							
							Added additional AdminPasswordChangeForm tests.  
						
						
						
						
					 
					
						2018-04-04 11:25:28 -04:00 
						 
				 
			
				
					
						
							
							
								Malte Gerth 
							
						 
					 
					
						
						
							
						
						874977d388 
					 
					
						
						
							
							Fixed   #29270  -- Fixed UserChangeForm crash if password field is excluded.  
						
						
						
						
					 
					
						2018-03-29 15:25:54 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						af33fb250e 
					 
					
						
						
							
							Fixed CVE-2018-6188 -- Fixed information leakage in AuthenticationForm.  
						
						... 
						
						
						
						Reverted 359370a8b8#28645 ).
This is a security fix. 
						
						
					 
					
						2018-02-01 09:05:14 -05:00 
						 
				 
			
				
					
						
							
							
								shanghui 
							
						 
					 
					
						
						
							
						
						3333d935d2 
					 
					
						
						
							
							Fixed   #28757  -- Allowed using contrib.auth forms without installing contrib.auth.  
						
						... 
						
						
						
						Also fixed  #28608  -- Allowed UserCreationForm and UserChangeForm to
work with custom user models.
Thanks Sagar Chalise and Rômulo Collopy for reports, and Tim Graham
and Tim Martin for reviews. 
						
						
					 
					
						2018-01-05 14:47:37 -05:00 
						 
				 
			
				
					
						
							
							
								shanghui 
							
						 
					 
					
						
						
							
						
						359370a8b8 
					 
					
						
						
							
							Fixed   #28645  -- Reallowed AuthenticationForm to raise the inactive user error when using ModelBackend.  
						
						... 
						
						
						
						Regression in e0a3d93730 
						
						
					 
					
						2017-11-08 09:39:12 -05:00 
						 
				 
			
				
					
						
							
							
								Jon Dufresne 
							
						 
					 
					
						
						
							
						
						6ed347d851 
					 
					
						
						
							
							Fixed   #28706  -- Moved AuthenticationFormn invalid login ValidationError to a method for reuse.  
						
						
						
						
					 
					
						2017-10-23 09:10:45 -04:00 
						 
				 
			
				
					
						
							
							
								Lucas Connors 
							
						 
					 
					
						
						
							
						
						5ceaf14686 
					 
					
						
						
							
							Fixed   #27515  -- Made AuthenticationForm's username field use the max_length from the model field.  
						
						... 
						
						
						
						Thanks Ramin Farajpour Cami for the report. 
						
						
					 
					
						2017-10-20 11:13:26 -04:00 
						 
				 
			
				
					
						
							
							
								Lucas Connors 
							
						 
					 
					
						
						
							
						
						d233391208 
					 
					
						
						
							
							Refs  #19130  -- Added a test for AuthenticationForm.username max_length.  
						
						... 
						
						
						
						This will be a more useful regression test after refs #27515 . 
						
						
					 
					
						2017-10-20 11:10:32 -04:00 
						 
				 
			
				
					
						
							
							
								Andrew Pinkham 
							
						 
					 
					
						
						
							
						
						a96b981d84 
					 
					
						
						
							
							Fixed   #28127  -- Allowed UserCreationForm's password validation to check all user fields.  
						
						
						
						
					 
					
						2017-06-21 09:22:15 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						dff559ff83 
					 
					
						
						
							
							Fixed   #28097  -- Fixed layout of ReadOnlyPasswordHashWidget.  
						
						
						
						
					 
					
						2017-04-19 12:59:30 -04:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						c651331b34 
					 
					
						
						
							
							Converted usage of ugettext* functions to their gettext* aliases  
						
						... 
						
						
						
						Thanks Tim Graham for the review. 
						
						
					 
					
						2017-02-07 09:04:04 +01:00 
						 
				 
			
				
					
						
							
							
								chillaranand 
							
						 
					 
					
						
						
							
						
						d6eaf7c018 
					 
					
						
						
							
							Refs  #23919  -- Replaced super(ClassName, self) with super().  
						
						
						
						
					 
					
						2017-01-25 12:23:46 -05:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						2366100872 
					 
					
						
						
							
							Removed unneeded force_text calls in the test suite  
						
						
						
						
					 
					
						2017-01-24 18:45:54 +01:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						7aba69145d 
					 
					
						
						
							
							Refs  #23919  -- Removed django.test.mock Python 2 compatibility shim.  
						
						
						
						
					 
					
						2017-01-20 08:17:20 -05:00 
						 
				 
			
				
					
						
							
							
								Simon Charette 
							
						 
					 
					
						
						
							
						
						cecc079168 
					 
					
						
						
							
							Refs  #23919  -- Stopped inheriting from object to define new style classes.  
						
						
						
						
					 
					
						2017-01-19 08:39:46 +01:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						c716fe8782 
					 
					
						
						
							
							Refs  #23919  -- Removed six.PY2/PY3 usage  
						
						... 
						
						
						
						Thanks Tim Graham for the review. 
						
						
					 
					
						2017-01-18 16:21:28 +01:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						d7b9aaa366 
					 
					
						
						
							
							Refs  #23919  -- Removed encoding preambles and future imports  
						
						
						
						
					 
					
						2017-01-18 09:55:19 +01:00 
						 
				 
			
				
					
						
							
							
								za 
							
						 
					 
					
						
						
							
						
						321e94fa41 
					 
					
						
						
							
							Refs  #27392  -- Removed "Tests that", "Ensures that", etc. from test docstrings.  
						
						
						
						
					 
					
						2016-11-10 21:30:21 -05:00 
						 
				 
			
				
					
						
							
							
								levental 
							
						 
					 
					
						
						
							
						
						617e36dc1e 
					 
					
						
						
							
							Fixed   #20705  -- Allowed using PasswordResetForm with user models with an email field not named 'email'.  
						
						
						
						
					 
					
						2016-09-27 11:59:00 -04:00 
						 
				 
			
				
					
						
							
							
								Gavin Wahl 
							
						 
					 
					
						
						
							
						
						f0f3de3c96 
					 
					
						
						
							
							Fixed   #23155  -- Added request argument to user_login_failed signal.  
						
						
						
						
					 
					
						2016-09-12 20:30:34 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						0368d63a78 
					 
					
						
						
							
							Fixed indentation in previous commit.  
						
						
						
						
					 
					
						2016-09-10 18:39:13 -04:00 
						 
				 
			
				
					
						
							
							
								Alexander Gaevsky 
							
						 
					 
					
						
						
							
						
						536db42cf0 
					 
					
						
						
							
							Fixed   #26097  -- Added password_validators_help_text_html to UserCreationForm.  
						
						
						
						
					 
					
						2016-09-10 18:23:18 -04:00 
						 
				 
			
				
					
						
							
							
								Berker Peksag 
							
						 
					 
					
						
						
							
						
						3c18f8a3d2 
					 
					
						
						
							
							Fixed   #27111  -- Fixed KeyError if USERNAME_FIELD isn't in UserCreationForm.fields.  
						
						
						
						
					 
					
						2016-08-24 13:20:12 -04:00 
						 
				 
			
				
					
						
							
							
								Olexander Yermakov 
							
						 
					 
					
						
						
							
						
						975a76a964 
					 
					
						
						
							
							Fixed   #26951  -- Allowed AuthenticationForm to work with a username of 0.  
						
						
						
						
					 
					
						2016-08-10 09:44:48 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						39805686b3 
					 
					
						
						
							
							Refs  #21379 ,  #26719  -- Moved username normalization to AbstractBaseUser.  
						
						... 
						
						
						
						Thanks Huynh Thanh Tam for the initial patch and Claude Paroz for review. 
						
						
					 
					
						2016-06-21 16:19:37 -04:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						9935f97cd2 
					 
					
						
						
							
							Refs  #21379  -- Normalized unicode username inputs  
						
						
						
						
					 
					
						2016-05-16 19:38:02 +02:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						526575c641 
					 
					
						
						
							
							Fixed   #21379  -- Created auth-specific username validators  
						
						... 
						
						
						
						Thanks Tim Graham for the review. 
						
						
					 
					
						2016-05-16 19:37:57 +02:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						b26fedacef 
					 
					
						
						
							
							Fixed   #26544  -- Delayed translations of SetPasswordForm help_texts  
						
						... 
						
						
						
						Thanks Michael Bitzi for the reporti and Tim Graham for the review. 
						
						
					 
					
						2016-05-07 10:17:49 +02:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						92053acbb9 
					 
					
						
						
							
							Fixed E128 flake8 warnings in tests/.  
						
						
						
						
					 
					
						2016-04-08 10:12:33 -04:00