django-bot 
							
						 
					 
					
						
						
							
						
						9c19aff7c7 
					 
					
						
						
							
							Refs  #33476  -- Reformatted code with Black.  
						
						
						
						
					 
					
						2022-02-07 20:37:05 +01:00 
						 
				 
			
				
					
						
							
							
								tschilling 
							
						 
					 
					
						
						
							
						
						0dcd549bbe 
					 
					
						
						
							
							Fixed   #30360  -- Added support for secret key rotation.  
						
						... 
						
						
						
						Thanks Florian Apolloner for the implementation idea.
Co-authored-by: Andreas Pelme <andreas@pelme.se >
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es >
Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com > 
						
						
					 
					
						2022-02-01 11:12:24 +01:00 
						 
				 
			
				
					
						
							
							
								François Freitag 
							
						 
					 
					
						
						
							
						
						6b0b3eafd6 
					 
					
						
						
							
							Fixed   #32664  -- Made PasswordResetTokenGenerator.secret validation lazy.  
						
						... 
						
						
						
						Django apps initialization to run management command triggers the admin
autodiscovery. Importing django.contrib.auth.tokens creates an instance
of PasswordResetTokenGenerator which required a SECRET_KEY.
For several management commands, the token generator is unused. It
should only complain about a missing SECRET_KEY when it is used. 
						
						
					 
					
						2021-04-20 07:34:53 +02:00 
						 
				 
			
				
					
						
							
							
								François Freitag 
							
						 
					 
					
						
						
							
						
						b13af4752f 
					 
					
						
						
							
							Refs  #28017  -- Added test for PasswordResetTokenGenerator subclass with a custom secret.  
						
						
						
						
					 
					
						2021-04-20 07:28:06 +02:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						0aa6a602b2 
					 
					
						
						
							
							Refs  #31842  -- Removed DEFAULT_HASHING_ALGORITHM transitional setting.  
						
						... 
						
						
						
						Per deprecation timeline. 
						
						
					 
					
						2021-01-14 17:50:04 +01:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						66b4046d68 
					 
					
						
						
							
							Refs  #27468  -- Removed support for the pre-Django 3.1 password reset tokens.  
						
						... 
						
						
						
						Per deprecation timeline. 
						
						
					 
					
						2021-01-14 17:50:04 +01:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						3418092238 
					 
					
						
						
							
							Fixed   #32130  -- Fixed pre-Django 3.1 password reset tokens validation.  
						
						... 
						
						
						
						Thanks Gordon Wrigley for the report and implementation idea.
Regression in 226ebb1729 
						
						
					 
					
						2020-10-22 13:21:14 +02:00 
						 
				 
			
				
					
						
							
							
								Jacob Walls 
							
						 
					 
					
						
						
							
						
						0362b0e986 
					 
					
						
						
							
							Fixed   #26615  -- Made password reset token invalidate when changing email.  
						
						... 
						
						
						
						Co-Authored-By: Silas Barta <sbarta@gmail.com > 
						
						
					 
					
						2020-10-21 09:29:53 +02:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						d907371ef9 
					 
					
						
						
							
							Fixed   #31842  -- Added DEFAULT_HASHING_ALGORITHM transitional setting.  
						
						... 
						
						
						
						It's a transitional setting helpful in migrating multiple instance of
the same project to Django 3.1+.
Thanks Markus Holtermann for the report and review, Florian
Apolloner for the implementation idea and review, and Carlton Gibson
for the review. 
						
						
					 
					
						2020-08-04 09:35:24 +02:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						8725d04764 
					 
					
						
						
							
							Fixed random auth_tests.test_tokens.TokenGeneratorTest.test_timeout failures.  
						
						... 
						
						
						
						Random failures depended on the current timestamp.
Thanks Matthijs Kooijman for the review. 
						
						
					 
					
						2020-03-12 10:56:38 +01:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						da4923ea87 
					 
					
						
						
							
							Refs  #27468  -- Made PasswordResetTokenGenerator use SHA-256 algorithm.  
						
						
						
						
					 
					
						2020-02-12 21:46:56 +01:00 
						 
				 
			
				
					
						
							
							
								Jon Dufresne 
							
						 
					 
					
						
						
							
						
						f791673537 
					 
					
						
						
							
							Made token tests in auth_tests use assertIs() rather than assertTrue/False().  
						
						
						
						
					 
					
						2020-01-29 09:01:18 +01:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						ca0d50f34a 
					 
					
						
						
							
							Fixed random auth_tests.test_tokens.TokenGeneratorTest.test_10265 failures.  
						
						... 
						
						
						
						Random failures depended on the current timestamp. 
						
						
					 
					
						2019-11-13 14:22:23 +01:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						3b4b36fb1d 
					 
					
						
						
							
							Moved MockedPasswordResetTokenGenerator outside of TokenGeneratorTest.test_timeout().  
						
						
						
						
					 
					
						2019-11-13 14:22:23 +01:00 
						 
				 
			
				
					
						
							
							
								Hasan Ramezani 
							
						 
					 
					
						
						
							
						
						226ebb1729 
					 
					
						
						
							
							Fixed   #28622  -- Allowed specifying password reset link expiration in seconds and deprecated PASSWORD_RESET_TIMEOUT_DAYS.  
						
						
						
						
					 
					
						2019-09-20 13:52:04 +02:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						67a6ba391b 
					 
					
						
						
							
							Reverted "Fixed  #28248  -- Fixed password reset tokens being valid for 1 day longer than PASSWORD_RESET_TIMEOUT_DAYS."  
						
						... 
						
						
						
						This reverts commit 95993a89ce 
						
						
					 
					
						2017-09-25 09:05:00 -04:00 
						 
				 
			
				
					
						
							
							
								Nick Zaccardi 
							
						 
					 
					
						
						
							
						
						95993a89ce 
					 
					
						
						
							
							Fixed   #28248  -- Fixed password reset tokens being valid for 1 day longer than PASSWORD_RESET_TIMEOUT_DAYS.  
						
						
						
						
					 
					
						2017-05-29 09:22:22 -04:00 
						 
				 
			
				
					
						
							
							
								jannh 
							
						 
					 
					
						
						
							
						
						c930c241f8 
					 
					
						
						
							
							Fixed   #28017  -- Allowed customizing PasswordResetTokenGenerator's secret.  
						
						
						
						
					 
					
						2017-05-26 07:37:36 -04:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						c716fe8782 
					 
					
						
						
							
							Refs  #23919  -- Removed six.PY2/PY3 usage  
						
						... 
						
						
						
						Thanks Tim Graham for the review. 
						
						
					 
					
						2017-01-18 16:21:28 +01:00 
						 
				 
			
				
					
						
							
							
								Romain Garrigues 
							
						 
					 
					
						
						
							
						
						ede59ef6f3 
					 
					
						
						
							
							Fixed   #27518  -- Prevented possibie password reset token leak via HTTP Referer header.  
						
						... 
						
						
						
						Thanks Florian Apolloner for contributing to this patch and
Collin Anderson, Markus Holtermann, and Tim Graham for review. 
						
						
					 
					
						2017-01-13 09:17:54 -05:00 
						 
				 
			
				
					
						
							
							
								za 
							
						 
					 
					
						
						
							
						
						321e94fa41 
					 
					
						
						
							
							Refs  #27392  -- Removed "Tests that", "Ensures that", etc. from test docstrings.  
						
						
						
						
					 
					
						2016-11-10 21:30:21 -05:00 
						 
				 
			
				
					
						
							
							
								Hasan 
							
						 
					 
					
						
						
							
						
						3d0dcd7f5a 
					 
					
						
						
							
							Refs  #26022  -- Used context manager version of assertRaises in tests.  
						
						
						
						
					 
					
						2016-01-29 12:32:18 -05:00 
						 
				 
			
				
					
						
							
							
								Curtis Maloney 
							
						 
					 
					
						
						
							
						
						88d7fcebde 
					 
					
						
						
							
							Use mock.patch in migrations tests  
						
						... 
						
						
						
						Currently some of the migrations tests rely on the fact 'input' is aliased
because of six, instead of using mock.patch.  Replace this code with proper
use of mock.patch.
Also, replace one case of excessively specific python version check with
testing six.PY3 
						
						
					 
					
						2015-04-09 11:16:12 +10:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						2d7aca3da0 
					 
					
						
						
							
							Moved contrib.auth tests out of contrib.  
						
						
						
						
					 
					
						2015-02-11 10:19:22 -05:00