Simon Charette 
							
						 
					 
					
						
						
							
						
						5b1fbcef7a 
					 
					
						
						
							
							Fixed CVE-2019-19844 -- Used verified user email for password reset requests.  
						
						... 
						
						
						
						Co-Authored-By: Florian Apolloner <florian@apolloner.eu > 
						
						
					 
					
						2019-12-18 09:11:39 +01:00 
						 
				 
			
				
					
						
							
							
								Baptiste Mispelon 
							
						 
					 
					
						
						
							
						
						3df3c5e670 
					 
					
						
						
							
							Fixed   #26480  -- Fixed crash of contrib.auth.authenticate() on decorated authenticate() methods of authentication backends.  
						
						... 
						
						
						
						The Signature API (PEP 362) has better support for decorated functions
(by default, it follows the __wrapped__ attribute set by
functools.wraps for example). 
						
						
					 
					
						2019-12-10 09:36:30 +01:00 
						 
				 
			
				
					
						
							
							
								Carlton Gibson 
							
						 
					 
					
						
						
							
						
						11c5e0609b 
					 
					
						
						
							
							Fixed CVE-2019-19118 -- Required edit permissions on parent model for editable inlines in admin.  
						
						... 
						
						
						
						Thank you to Shen Ying for reporting this issue. 
						
						
					 
					
						2019-12-02 08:56:08 +01:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						e8fcdaad5c 
					 
					
						
						
							
							Fixed   #31021  -- Fixed proxy model permissions data migration crash with a multiple databases setup.  
						
						... 
						
						
						
						Regression in 98296f86b3 
						
						
					 
					
						2019-11-29 08:23:01 +01:00 
						 
				 
			
				
					
						
							
							
								Jon Dufresne 
							
						 
					 
					
						
						
							
						
						7f0946298e 
					 
					
						
						
							
							Replaced encode() usage with bytes literals.  
						
						
						
						
					 
					
						2019-11-18 15:31:42 +01:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						ca0d50f34a 
					 
					
						
						
							
							Fixed random auth_tests.test_tokens.TokenGeneratorTest.test_10265 failures.  
						
						... 
						
						
						
						Random failures depended on the current timestamp. 
						
						
					 
					
						2019-11-13 14:22:23 +01:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						3b4b36fb1d 
					 
					
						
						
							
							Moved MockedPasswordResetTokenGenerator outside of TokenGeneratorTest.test_timeout().  
						
						
						
						
					 
					
						2019-11-13 14:22:23 +01:00 
						 
				 
			
				
					
						
							
							
								Sergey Fedoseev 
							
						 
					 
					
						
						
							
						
						d4e767911f 
					 
					
						
						
							
							Added tests for middlewares' checks.  
						
						
						
						
					 
					
						2019-10-23 08:18:02 +02:00 
						 
				 
			
				
					
						
							
							
								Hasan Ramezani 
							
						 
					 
					
						
						
							
						
						226ebb1729 
					 
					
						
						
							
							Fixed   #28622  -- Allowed specifying password reset link expiration in seconds and deprecated PASSWORD_RESET_TIMEOUT_DAYS.  
						
						
						
						
					 
					
						2019-09-20 13:52:04 +02:00 
						 
				 
			
				
					
						
							
							
								Sam Reynolds 
							
						 
					 
					
						
						
							
						
						6c9778a58e 
					 
					
						
						
							
							Fixed   #30776  -- Restored max length validation on AuthenticationForm.UsernameField.  
						
						... 
						
						
						
						Regression in 5ceaf14686 
						
						
					 
					
						2019-09-18 11:37:38 +02:00 
						 
				 
			
				
					
						
							
							
								Carlton Gibson 
							
						 
					 
					
						
						
							
						
						b5db65c4fb 
					 
					
						
						
							
							Increased the default PBKDF2 iterations for Django 3.1.  
						
						
						
						
					 
					
						2019-09-12 17:24:01 +02:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						d17be88afd 
					 
					
						
						
							
							Refs  #30037  -- Required the RemoteUserBackend.configure_user() to have request as the first positional argument.  
						
						... 
						
						
						
						Per deprecation timeline. 
						
						
					 
					
						2019-09-10 12:01:00 +02:00 
						 
				 
			
				
					
						
							
							
								Berker Peksag 
							
						 
					 
					
						
						
							
						
						400ec5125e 
					 
					
						
						
							
							Fixed   #18763  -- Added ModelBackend/UserManager.with_perm() methods.  
						
						... 
						
						
						
						Co-authored-by: Nick Pope <nick.pope@flightdataservices.com > 
						
						
					 
					
						2019-08-29 19:32:12 +02:00 
						 
				 
			
				
					
						
							
							
								daniel a rios 
							
						 
					 
					
						
						
							
						
						b5a5c92c72 
					 
					
						
						
							
							Fixed   #30066  -- Enabled super user creation without email and password  
						
						
						
						
					 
					
						2019-08-29 12:49:16 +02:00 
						 
				 
			
				
					
						
							
							
								Carlton Gibson 
							
						 
					 
					
						
						
							
						
						57b9604451 
					 
					
						
						
							
							Converted auth test to use subTest().  
						
						
						
						
					 
					
						2019-08-29 12:49:16 +02:00 
						 
				 
			
				
					
						
							
							
								Hasan Ramezani 
							
						 
					 
					
						
						
							
						
						03dbdfd9bb 
					 
					
						
						
							
							Fixed   #29019  -- Added ManyToManyField support to REQUIRED_FIELDS.  
						
						
						
						
					 
					
						2019-08-26 14:48:40 +02:00 
						 
				 
			
				
					
						
							
							
								Hasan Ramezani 
							
						 
					 
					
						
						
							
						
						a5308514fb 
					 
					
						
						
							
							Fixed   #27801  -- Made createsuperuser fall back to environment variables for password and required fields.  
						
						
						
						
					 
					
						2019-07-02 12:55:09 +02:00 
						 
				 
			
				
					
						
							
							
								Jon Dufresne 
							
						 
					 
					
						
						
							
						
						42b9a23267 
					 
					
						
						
							
							Fixed   #30400  -- Improved typography of user facing strings.  
						
						... 
						
						
						
						Thanks Claude Paroz for assistance with translations. 
						
						
					 
					
						2019-06-28 16:46:18 +02:00 
						 
				 
			
				
					
						
							
							
								Sanyam Khurana 
							
						 
					 
					
						
						
							
						
						87f5d07eed 
					 
					
						
						
							
							Fixed   #12952  -- Adjusted admin log change messages to use form labels instead of field names.  
						
						
						
						
					 
					
						2019-06-14 18:20:29 +02:00 
						 
				 
			
				
					
						
							
							
								Aymeric Augustin 
							
						 
					 
					
						
						
							
						
						3ee0834a46 
					 
					
						
						
							
							Fixed   #30556  -- Avoided useless query and hasher call in ModelBackend.authenticate() when credentials aren't provided.  
						
						... 
						
						
						
						There's no need to fetch a user instance from the database unless
a username and a password are provided as credentials. 
						
						
					 
					
						2019-06-10 11:12:31 +02:00 
						 
				 
			
				
					
						
							
							
								Hasan Ramezani 
							
						 
					 
					
						
						
							
						
						dcb8f00d06 
					 
					
						
						
							
							Fixed   #29379  -- Added autocomplete attribute to contrib.auth.forms fields.  
						
						... 
						
						
						
						Thank you to Nick Pope for review.
Co-authored-by: CHI Cheng <cloudream@gmail.com > 
						
						
					 
					
						2019-06-07 12:44:39 +02:00 
						 
				 
			
				
					
						
							
							
								Tobias Bengfort 
							
						 
					 
					
						
						
							
						
						581a0f4545 
					 
					
						
						
							
							Refs  #30226  -- Added User.get_user_permissions() method.  
						
						... 
						
						
						
						Added to mirror the existing User.get_group_permissions(). 
						
						
					 
					
						2019-06-05 13:56:37 +02:00 
						 
				 
			
				
					
						
							
							
								Tobias Bengfort 
							
						 
					 
					
						
						
							
						
						75337a6050 
					 
					
						
						
							
							Fixed   #30226  -- Added BaseBackend for authentication.  
						
						
						
						
					 
					
						2019-06-05 13:39:46 +02:00 
						 
				 
			
				
					
						
							
							
								Mattia Procopio 
							
						 
					 
					
						
						
							
						
						aff61790a3 
					 
					
						
						
							
							Refs  #24944  -- Added test for overriding domain in email context in PasswordResetView.  
						
						
						
						
					 
					
						2019-05-27 11:50:30 +02:00 
						 
				 
			
				
					
						
							
							
								Rob 
							
						 
					 
					
						
						
							
						
						58df8aa40f 
					 
					
						
						
							
							Fixed   #28780  -- Allowed specyfing a token parameter displayed in password reset URLs.  
						
						... 
						
						
						
						Co-authored-by: Tim Givois <tim.givois.mendez@gmail.com > 
						
						
					 
					
						2019-05-24 08:40:25 +02:00 
						 
				 
			
				
					
						
							
							
								Ally Weir 
							
						 
					 
					
						
						
							
						
						bd228cb599 
					 
					
						
						
							
							Fixed mis-capitalisation in comment.  
						
						
						
						
					 
					
						2019-05-15 12:14:59 +02:00 
						 
				 
			
				
					
						
							
							
								Carlton Gibson 
							
						 
					 
					
						
						
							
						
						98296f86b3 
					 
					
						
						
							
							Fixed   #30351  -- Handled pre-existing permissions in proxy model permissions data migration.  
						
						... 
						
						
						
						Regression in 181fb60159 
						
						
					 
					
						2019-04-27 20:18:22 +02:00 
						 
				 
			
				
					
						
							
							
								Jon Dufresne 
							
						 
					 
					
						
						
							
						
						8d76443aba 
					 
					
						
						
							
							Fixed   #30399  -- Changed django.utils.html.escape()/urlize() to use html.escape()/unescape().  
						
						
						
						
					 
					
						2019-04-25 15:09:07 +02:00 
						 
				 
			
				
					
						
							
							
								Markus Holtermann 
							
						 
					 
					
						
						
							
						
						da0b2554ec 
					 
					
						
						
							
							Renamed camelCaseTestMethods to snake_case_test_methods  
						
						
						
						
					 
					
						2019-04-14 16:14:14 +02:00 
						 
				 
			
				
					
						
							
							
								pmisteli 
							
						 
					 
					
						
						
							
						
						9410db9683 
					 
					
						
						
							
							Fixed   #30236  -- Made UsernameField render with autocapitalize="none" HTML attribute.  
						
						... 
						
						
						
						This prevents automatic capitalization, which is the default behavior in
some browsers. 
						
						
					 
					
						2019-03-29 15:24:44 +01:00 
						 
				 
			
				
					
						
							
							
								Ryan J Schave 
							
						 
					 
					
						
						
							
						
						cbf7e71558 
					 
					
						
						
							
							Fixed   #30257  -- Made UsernameValidators prohibit trailing newlines.  
						
						
						
						
					 
					
						2019-03-22 13:16:25 -04:00 
						 
				 
			
				
					
						
							
							
								Jon Dufresne 
							
						 
					 
					
						
						
							
						
						95b7699ffc 
					 
					
						
						
							
							Cleaned up exception message checking in some tests.  
						
						
						
						
					 
					
						2019-03-15 19:27:57 -04:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						a8e2a9bac6 
					 
					
						
						
							
							Refs  #15902  -- Deprecated storing user's language in the session.  
						
						
						
						
					 
					
						2019-02-14 10:23:02 -05:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						06670015f7 
					 
					
						
						
							
							Increased the default PBKDF2 iterations for Django 3.0.  
						
						
						
						
					 
					
						2019-01-17 11:15:27 -05:00 
						 
				 
			
				
					
						
							
							
								Arthur Rio 
							
						 
					 
					
						
						
							
						
						181fb60159 
					 
					
						
						
							
							Fixed   #11154 ,  #22270  -- Made proxy model permissions use correct content type.  
						
						... 
						
						
						
						Co-Authored-By: Simon Charette <charette.s@gmail.com >
Co-Authored-By: Antoine Catton <acatton@fusionbox.com > 
						
						
					 
					
						2019-01-16 10:07:28 -05:00 
						 
				 
			
				
					
						
							
							
								Simon Charette 
							
						 
					 
					
						
						
							
						
						8c775391b7 
					 
					
						
						
							
							Refs  #28478  -- Deprecated TestCase's allow_database_queries and multi_db in favor of databases.  
						
						
						
						
					 
					
						2019-01-10 19:11:21 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Cannon 
							
						 
					 
					
						
						
							
						
						db1b10ef0d 
					 
					
						
						
							
							Fixed   #30037  -- Added request arg to RemoteUserBackend.configure_user().  
						
						
						
						
					 
					
						2019-01-09 20:01:04 -05:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						043bd70942 
					 
					
						
						
							
							Updated test URL patterns to use path() and re_path().  
						
						
						
						
					 
					
						2018-12-31 10:47:32 -05:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						194a4b526c 
					 
					
						
						
							
							Added tests for ContentType/Group/Permission.__str__().  
						
						
						
						
					 
					
						2018-12-21 12:45:02 -05:00 
						 
				 
			
				
					
						
							
							
								Simon Charette 
							
						 
					 
					
						
						
							
						
						0f212db29d 
					 
					
						
						
							
							Made reused RequestFactory instances class attributes.  
						
						
						
						
					 
					
						2018-11-27 09:49:02 -05:00 
						 
				 
			
				
					
						
							
							
								Simon Charette 
							
						 
					 
					
						
						
							
						
						84e7a9f4a7 
					 
					
						
						
							
							Switched setUp() to setUpTestData() where possible in Django's tests.  
						
						
						
						
					 
					
						2018-11-27 09:35:17 -05:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						193c109327 
					 
					
						
						
							
							Switched TestCase to SimpleTestCase where possible in Django's tests.  
						
						
						
						
					 
					
						2018-11-27 08:58:44 -05:00 
						 
				 
			
				
					
						
							
							
								Mathew Payne 
							
						 
					 
					
						
						
							
						
						26bb2611a5 
					 
					
						
						
							
							Fixed   #29952  -- Lowercased all passwords in contrib.auth's auth/common-passwords.txt.gz.  
						
						
						
						
					 
					
						2018-11-15 14:11:03 -05:00 
						 
				 
			
				
					
						
							
							
								Jon Dufresne 
							
						 
					 
					
						
						
							
						
						c82893cb8c 
					 
					
						
						
							
							Refs  #27795  -- Removed force_bytes() usage from django/utils/http.py.  
						
						... 
						
						
						
						django.utils.http.urlsafe_base64_encode() now returns a string, not a
bytestring. Since URLs are represented as strings,
urlsafe_base64_encode() should return a string. All uses immediately
decoded the bytestring to a string anyway.
As the inverse operation, urlsafe_base64_decode() accepts a string. 
						
						
					 
					
						2018-10-10 14:38:22 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						a7284cc0c3 
					 
					
						
						
							
							Fixed   #29809  -- Fixed a crash when a "view only" user POSTs to the admin user change form.  
						
						
						
						
					 
					
						2018-10-01 10:09:50 +02:00 
						 
				 
			
				
					
						
							
							
								Carlton Gibson 
							
						 
					 
					
						
						
							
						
						bf39978a53 
					 
					
						
						
							
							Fixed CVE-2018-16984 -- Fixed password hash disclosure to admin "view only" users.  
						
						... 
						
						
						
						Thanks Claude Paroz & Tim Graham for collaborating on the patch. 
						
						
					 
					
						2018-10-01 10:05:01 +02:00 
						 
				 
			
				
					
						
							
							
								Ramon Saraiva 
							
						 
					 
					
						
						
							
						
						2349cbd909 
					 
					
						
						
							
							Fixed   #29782  -- Added better error message when filtering queryset with AnonymousUser.  
						
						
						
						
					 
					
						2018-09-26 15:36:19 -04:00 
						 
				 
			
				
					
						
							
							
								Jon Dufresne 
							
						 
					 
					
						
						
							
						
						82f286cf6f 
					 
					
						
						
							
							Refs  #29784  -- Switched to https:// links where available.  
						
						
						
						
					 
					
						2018-09-26 08:48:47 +02:00 
						 
				 
			
				
					
						
							
							
								Alexey 
							
						 
					 
					
						
						
							
						
						8624459586 
					 
					
						
						
							
							Added a test for password_changed() with a custom validator.  
						
						
						
						
					 
					
						2018-09-25 11:58:05 -04:00 
						 
				 
			
				
					
						
							
							
								Josh Schneier 
							
						 
					 
					
						
						
							
						
						3daac76cfb 
					 
					
						
						
							
							Simplified how createsuperuser tests generate passwords.  
						
						
						
						
					 
					
						2018-08-18 16:26:13 -04:00