Simon Charette 
							
						 
					 
					
						
						
							
						
						5b1fbcef7a 
					 
					
						
						
							
							Fixed CVE-2019-19844 -- Used verified user email for password reset requests.  
						
						... 
						
						
						
						Co-Authored-By: Florian Apolloner <florian@apolloner.eu > 
						
						
					 
					
						2019-12-18 09:11:39 +01:00 
						 
				 
			
				
					
						
							
							
								Sam Reynolds 
							
						 
					 
					
						
						
							
						
						6c9778a58e 
					 
					
						
						
							
							Fixed   #30776  -- Restored max length validation on AuthenticationForm.UsernameField.  
						
						... 
						
						
						
						Regression in 5ceaf14686 
						
						
					 
					
						2019-09-18 11:37:38 +02:00 
						 
				 
			
				
					
						
							
							
								Jon Dufresne 
							
						 
					 
					
						
						
							
						
						42b9a23267 
					 
					
						
						
							
							Fixed   #30400  -- Improved typography of user facing strings.  
						
						... 
						
						
						
						Thanks Claude Paroz for assistance with translations. 
						
						
					 
					
						2019-06-28 16:46:18 +02:00 
						 
				 
			
				
					
						
							
							
								Hasan Ramezani 
							
						 
					 
					
						
						
							
						
						dcb8f00d06 
					 
					
						
						
							
							Fixed   #29379  -- Added autocomplete attribute to contrib.auth.forms fields.  
						
						... 
						
						
						
						Thank you to Nick Pope for review.
Co-authored-by: CHI Cheng <cloudream@gmail.com > 
						
						
					 
					
						2019-06-07 12:44:39 +02:00 
						 
				 
			
				
					
						
							
							
								Ally Weir 
							
						 
					 
					
						
						
							
						
						bd228cb599 
					 
					
						
						
							
							Fixed mis-capitalisation in comment.  
						
						
						
						
					 
					
						2019-05-15 12:14:59 +02:00 
						 
				 
			
				
					
						
							
							
								Jon Dufresne 
							
						 
					 
					
						
						
							
						
						8d76443aba 
					 
					
						
						
							
							Fixed   #30399  -- Changed django.utils.html.escape()/urlize() to use html.escape()/unescape().  
						
						
						
						
					 
					
						2019-04-25 15:09:07 +02:00 
						 
				 
			
				
					
						
							
							
								pmisteli 
							
						 
					 
					
						
						
							
						
						9410db9683 
					 
					
						
						
							
							Fixed   #30236  -- Made UsernameField render with autocapitalize="none" HTML attribute.  
						
						... 
						
						
						
						This prevents automatic capitalization, which is the default behavior in
some browsers. 
						
						
					 
					
						2019-03-29 15:24:44 +01:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						f3fa86a89b 
					 
					
						
						
							
							Fixed   #29449  -- Reverted "Fixed  #28757  -- Allowed using contrib.auth forms without installing contrib.auth."  
						
						... 
						
						
						
						This reverts commit 3333d935d2 
						
						
					 
					
						2018-07-02 18:39:26 -04:00 
						 
				 
			
				
					
						
							
							
								Mads Jensen 
							
						 
					 
					
						
						
							
						
						9c651641f1 
					 
					
						
						
							
							Added additional AdminPasswordChangeForm tests.  
						
						
						
						
					 
					
						2018-04-04 11:25:28 -04:00 
						 
				 
			
				
					
						
							
							
								Malte Gerth 
							
						 
					 
					
						
						
							
						
						874977d388 
					 
					
						
						
							
							Fixed   #29270  -- Fixed UserChangeForm crash if password field is excluded.  
						
						
						
						
					 
					
						2018-03-29 15:25:54 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						af33fb250e 
					 
					
						
						
							
							Fixed CVE-2018-6188 -- Fixed information leakage in AuthenticationForm.  
						
						... 
						
						
						
						Reverted 359370a8b8#28645 ).
This is a security fix. 
						
						
					 
					
						2018-02-01 09:05:14 -05:00 
						 
				 
			
				
					
						
							
							
								shanghui 
							
						 
					 
					
						
						
							
						
						3333d935d2 
					 
					
						
						
							
							Fixed   #28757  -- Allowed using contrib.auth forms without installing contrib.auth.  
						
						... 
						
						
						
						Also fixed  #28608  -- Allowed UserCreationForm and UserChangeForm to
work with custom user models.
Thanks Sagar Chalise and Rômulo Collopy for reports, and Tim Graham
and Tim Martin for reviews. 
						
						
					 
					
						2018-01-05 14:47:37 -05:00 
						 
				 
			
				
					
						
							
							
								shanghui 
							
						 
					 
					
						
						
							
						
						359370a8b8 
					 
					
						
						
							
							Fixed   #28645  -- Reallowed AuthenticationForm to raise the inactive user error when using ModelBackend.  
						
						... 
						
						
						
						Regression in e0a3d93730 
						
						
					 
					
						2017-11-08 09:39:12 -05:00 
						 
				 
			
				
					
						
							
							
								Jon Dufresne 
							
						 
					 
					
						
						
							
						
						6ed347d851 
					 
					
						
						
							
							Fixed   #28706  -- Moved AuthenticationFormn invalid login ValidationError to a method for reuse.  
						
						
						
						
					 
					
						2017-10-23 09:10:45 -04:00 
						 
				 
			
				
					
						
							
							
								Lucas Connors 
							
						 
					 
					
						
						
							
						
						5ceaf14686 
					 
					
						
						
							
							Fixed   #27515  -- Made AuthenticationForm's username field use the max_length from the model field.  
						
						... 
						
						
						
						Thanks Ramin Farajpour Cami for the report. 
						
						
					 
					
						2017-10-20 11:13:26 -04:00 
						 
				 
			
				
					
						
							
							
								Lucas Connors 
							
						 
					 
					
						
						
							
						
						d233391208 
					 
					
						
						
							
							Refs  #19130  -- Added a test for AuthenticationForm.username max_length.  
						
						... 
						
						
						
						This will be a more useful regression test after refs #27515 . 
						
						
					 
					
						2017-10-20 11:10:32 -04:00 
						 
				 
			
				
					
						
							
							
								Andrew Pinkham 
							
						 
					 
					
						
						
							
						
						a96b981d84 
					 
					
						
						
							
							Fixed   #28127  -- Allowed UserCreationForm's password validation to check all user fields.  
						
						
						
						
					 
					
						2017-06-21 09:22:15 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						dff559ff83 
					 
					
						
						
							
							Fixed   #28097  -- Fixed layout of ReadOnlyPasswordHashWidget.  
						
						
						
						
					 
					
						2017-04-19 12:59:30 -04:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						c651331b34 
					 
					
						
						
							
							Converted usage of ugettext* functions to their gettext* aliases  
						
						... 
						
						
						
						Thanks Tim Graham for the review. 
						
						
					 
					
						2017-02-07 09:04:04 +01:00 
						 
				 
			
				
					
						
							
							
								chillaranand 
							
						 
					 
					
						
						
							
						
						d6eaf7c018 
					 
					
						
						
							
							Refs  #23919  -- Replaced super(ClassName, self) with super().  
						
						
						
						
					 
					
						2017-01-25 12:23:46 -05:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						2366100872 
					 
					
						
						
							
							Removed unneeded force_text calls in the test suite  
						
						
						
						
					 
					
						2017-01-24 18:45:54 +01:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						7aba69145d 
					 
					
						
						
							
							Refs  #23919  -- Removed django.test.mock Python 2 compatibility shim.  
						
						
						
						
					 
					
						2017-01-20 08:17:20 -05:00 
						 
				 
			
				
					
						
							
							
								Simon Charette 
							
						 
					 
					
						
						
							
						
						cecc079168 
					 
					
						
						
							
							Refs  #23919  -- Stopped inheriting from object to define new style classes.  
						
						
						
						
					 
					
						2017-01-19 08:39:46 +01:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						c716fe8782 
					 
					
						
						
							
							Refs  #23919  -- Removed six.PY2/PY3 usage  
						
						... 
						
						
						
						Thanks Tim Graham for the review. 
						
						
					 
					
						2017-01-18 16:21:28 +01:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						d7b9aaa366 
					 
					
						
						
							
							Refs  #23919  -- Removed encoding preambles and future imports  
						
						
						
						
					 
					
						2017-01-18 09:55:19 +01:00 
						 
				 
			
				
					
						
							
							
								za 
							
						 
					 
					
						
						
							
						
						321e94fa41 
					 
					
						
						
							
							Refs  #27392  -- Removed "Tests that", "Ensures that", etc. from test docstrings.  
						
						
						
						
					 
					
						2016-11-10 21:30:21 -05:00 
						 
				 
			
				
					
						
							
							
								levental 
							
						 
					 
					
						
						
							
						
						617e36dc1e 
					 
					
						
						
							
							Fixed   #20705  -- Allowed using PasswordResetForm with user models with an email field not named 'email'.  
						
						
						
						
					 
					
						2016-09-27 11:59:00 -04:00 
						 
				 
			
				
					
						
							
							
								Gavin Wahl 
							
						 
					 
					
						
						
							
						
						f0f3de3c96 
					 
					
						
						
							
							Fixed   #23155  -- Added request argument to user_login_failed signal.  
						
						
						
						
					 
					
						2016-09-12 20:30:34 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						0368d63a78 
					 
					
						
						
							
							Fixed indentation in previous commit.  
						
						
						
						
					 
					
						2016-09-10 18:39:13 -04:00 
						 
				 
			
				
					
						
							
							
								Alexander Gaevsky 
							
						 
					 
					
						
						
							
						
						536db42cf0 
					 
					
						
						
							
							Fixed   #26097  -- Added password_validators_help_text_html to UserCreationForm.  
						
						
						
						
					 
					
						2016-09-10 18:23:18 -04:00 
						 
				 
			
				
					
						
							
							
								Berker Peksag 
							
						 
					 
					
						
						
							
						
						3c18f8a3d2 
					 
					
						
						
							
							Fixed   #27111  -- Fixed KeyError if USERNAME_FIELD isn't in UserCreationForm.fields.  
						
						
						
						
					 
					
						2016-08-24 13:20:12 -04:00 
						 
				 
			
				
					
						
							
							
								Olexander Yermakov 
							
						 
					 
					
						
						
							
						
						975a76a964 
					 
					
						
						
							
							Fixed   #26951  -- Allowed AuthenticationForm to work with a username of 0.  
						
						
						
						
					 
					
						2016-08-10 09:44:48 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						39805686b3 
					 
					
						
						
							
							Refs  #21379 ,  #26719  -- Moved username normalization to AbstractBaseUser.  
						
						... 
						
						
						
						Thanks Huynh Thanh Tam for the initial patch and Claude Paroz for review. 
						
						
					 
					
						2016-06-21 16:19:37 -04:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						9935f97cd2 
					 
					
						
						
							
							Refs  #21379  -- Normalized unicode username inputs  
						
						
						
						
					 
					
						2016-05-16 19:38:02 +02:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						526575c641 
					 
					
						
						
							
							Fixed   #21379  -- Created auth-specific username validators  
						
						... 
						
						
						
						Thanks Tim Graham for the review. 
						
						
					 
					
						2016-05-16 19:37:57 +02:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						b26fedacef 
					 
					
						
						
							
							Fixed   #26544  -- Delayed translations of SetPasswordForm help_texts  
						
						... 
						
						
						
						Thanks Michael Bitzi for the reporti and Tim Graham for the review. 
						
						
					 
					
						2016-05-07 10:17:49 +02:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						92053acbb9 
					 
					
						
						
							
							Fixed E128 flake8 warnings in tests/.  
						
						
						
						
					 
					
						2016-04-08 10:12:33 -04:00 
						 
				 
			
				
					
						
							
							
								Alexander Gaevsky 
							
						 
					 
					
						
						
							
						
						e0a3d93730 
					 
					
						
						
							
							Fixed   #25232  -- Made ModelBackend/RemoteUserBackend reject inactive users.  
						
						
						
						
					 
					
						2016-03-23 09:01:48 -04:00 
						 
				 
			
				
					
						
							
							
								Berker Peksag 
							
						 
					 
					
						
						
							
						
						efa9539787 
					 
					
						
						
							
							Fixed   #26381  -- Made UserCreationForm reusable with custom user models that define USERNAME_FIELD.  
						
						
						
						
					 
					
						2016-03-21 12:32:42 -04:00 
						 
				 
			
				
					
						
							
							
								Vincenzo Pandolfo 
							
						 
					 
					
						
						
							
						
						d0fe6c9156 
					 
					
						
						
							
							Fixed   #26334  -- Removed whitespace stripping from contrib.auth password fields.  
						
						
						
						
					 
					
						2016-03-14 20:20:24 -04:00 
						 
				 
			
				
					
						
							
							
								Berker Peksag 
							
						 
					 
					
						
						
							
						
						f0425c7260 
					 
					
						
						
							
							Refs  #19353  -- Added tests for using custom user models with built-in auth forms.  
						
						... 
						
						
						
						Also updated topics/auth/customizing.txt to reflect that subclasses of
UserCreationForm and UserChangeForm can be used with custom user models.
Thanks Baptiste Mispelon for the initial documentation. 
						
						
					 
					
						2016-02-17 10:26:07 -05:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						015fad9060 
					 
					
						
						
							
							Fixed   #26175  -- Removed SHA1 password hashes in tests.  
						
						
						
						
					 
					
						2016-02-06 08:47:21 -05:00 
						 
				 
			
				
					
						
							
							
								Josh Soref 
							
						 
					 
					
						
						
							
						
						93452a70e8 
					 
					
						
						
							
							Fixed many spelling mistakes in code, comments, and docs.  
						
						
						
						
					 
					
						2015-12-03 12:48:24 -05:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						774c16d16e 
					 
					
						
						
							
							Fixed   #25052 ; refs  #16860  -- Added password validation to UserCreationForm.  
						
						
						
						
					 
					
						2015-07-20 13:44:34 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						f5e9d67907 
					 
					
						
						
							
							Refs  #16860  -- Moved password_changed() logic to AbstractBaseUser.  
						
						... 
						
						
						
						Thanks Carl Meyer for review. 
						
						
					 
					
						2015-07-20 13:44:26 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						55b3bd8468 
					 
					
						
						
							
							Refs  #16860  -- Minor edits and fixes to password validation.  
						
						
						
						
					 
					
						2015-06-10 07:41:01 -04:00 
						 
				 
			
				
					
						
							
							
								Erik Romijn 
							
						 
					 
					
						
						
							
						
						1daae25bdc 
					 
					
						
						
							
							Fixed   #16860  -- Added password validation to django.contrib.auth.  
						
						
						
						
					 
					
						2015-06-07 19:31:20 +02:00 
						 
				 
			
				
					
						
							
							
								Simon Charette 
							
						 
					 
					
						
						
							
						
						be67400b47 
					 
					
						
						
							
							Refs  #24652  -- Used SimpleTestCase where appropriate.  
						
						
						
						
					 
					
						2015-05-20 13:46:13 -04:00 
						 
				 
			
				
					
						
							
							
								Josh Smeaton 
							
						 
					 
					
						
						
							
						
						39a7eed1bb 
					 
					
						
						
							
							Converted test fixtures to setUpTestData methods  
						
						
						
						
					 
					
						2015-03-05 10:10:32 +11:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						e0b3926026 
					 
					
						
						
							
							Isolated auth_tests from contenttypes_tests; refs  #11505 .  
						
						
						
						
					 
					
						2015-02-14 22:04:48 -05:00