Django/django
11
0
Fork 0
Code Pull Requests Projects Releases Activity
24,408 Commits 26 Branches 382 Tags
Commit Graph

30 Commits

Author SHA1 Message Date
Simon Charette
f4cff43bf9 [1.11.x] Fixed CVE-2019-19844 -- Used verified user email for password reset requests. 
Backport of 5b1fbcef7a8bec991ebe7b2a18b5d5a95d72cb70 from master.

Co-Authored-By: Florian Apolloner <florian@apolloner.eu>
 2019-12-18 09:17:28 +01:00
Tim Graham
57b95fedad [1.11.x] Fixed CVE-2018-6188 -- Fixed information leakage in AuthenticationForm. 
Reverted 359370a8b8ca0efe99b1d4630b291ec060b69225 (refs #28645).

This is a security fix.
 2018-02-01 09:18:33 -05:00
shanghui
308f644624 [1.11.x] Fixed #28645 -- Reallowed AuthenticationForm to raise the inactive user error when using ModelBackend. 
Regression in e0a3d937309a82b8beea8f41b17d8b6298da2a86.

Thanks Guilherme Junqueira for the report and Tim Graham for the review.

Backport of 359370a8b8ca0efe99b1d4630b291ec060b69225 from master
 2017-11-08 09:52:27 -05:00
Tim Graham
cf1e682c8c [1.11.x] Fixed #28097 -- Fixed layout of ReadOnlyPasswordHashWidget. 
Backport of dff559ff83a6aac14de0bbca58101786edf4195f from master
 2017-04-19 12:59:53 -04:00
za
321e94fa41 Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings. 2016-11-10 21:30:21 -05:00
levental
617e36dc1e Fixed #20705 -- Allowed using PasswordResetForm with user models with an email field not named 'email'. 2016-09-27 11:59:00 -04:00
Gavin Wahl
f0f3de3c96 Fixed #23155 -- Added request argument to user_login_failed signal. 2016-09-12 20:30:34 -04:00
Tim Graham
0368d63a78 Fixed indentation in previous commit. 2016-09-10 18:39:13 -04:00
Alexander Gaevsky
536db42cf0 Fixed #26097 -- Added password_validators_help_text_html to UserCreationForm. 2016-09-10 18:23:18 -04:00
Berker Peksag
3c18f8a3d2 Fixed #27111 -- Fixed KeyError if USERNAME_FIELD isn't in UserCreationForm.fields. 2016-08-24 13:20:12 -04:00
Olexander Yermakov
975a76a964 Fixed #26951 -- Allowed AuthenticationForm to work with a username of 0. 2016-08-10 09:44:48 -04:00
Tim Graham
39805686b3 Refs #21379, #26719 -- Moved username normalization to AbstractBaseUser. 
Thanks Huynh Thanh Tam for the initial patch and Claude Paroz for review.
 2016-06-21 16:19:37 -04:00
Claude Paroz
9935f97cd2 Refs #21379 -- Normalized unicode username inputs 2016-05-16 19:38:02 +02:00
Claude Paroz
526575c641 Fixed #21379 -- Created auth-specific username validators 
Thanks Tim Graham for the review.
 2016-05-16 19:37:57 +02:00
Claude Paroz
b26fedacef Fixed #26544 -- Delayed translations of SetPasswordForm help_texts 
Thanks Michael Bitzi for the reporti and Tim Graham for the review.
 2016-05-07 10:17:49 +02:00
Tim Graham
92053acbb9 Fixed E128 flake8 warnings in tests/. 2016-04-08 10:12:33 -04:00
Alexander Gaevsky
e0a3d93730 Fixed #25232 -- Made ModelBackend/RemoteUserBackend reject inactive users. 2016-03-23 09:01:48 -04:00
Berker Peksag
efa9539787 Fixed #26381 -- Made UserCreationForm reusable with custom user models that define USERNAME_FIELD. 2016-03-21 12:32:42 -04:00
Vincenzo Pandolfo
d0fe6c9156 Fixed #26334 -- Removed whitespace stripping from contrib.auth password fields. 2016-03-14 20:20:24 -04:00
Berker Peksag
f0425c7260 Refs #19353 -- Added tests for using custom user models with built-in auth forms. 
Also updated topics/auth/customizing.txt to reflect that subclasses of
UserCreationForm and UserChangeForm can be used with custom user models.

Thanks Baptiste Mispelon for the initial documentation.
 2016-02-17 10:26:07 -05:00
Tim Graham
015fad9060 Fixed #26175 -- Removed SHA1 password hashes in tests. 2016-02-06 08:47:21 -05:00
Josh Soref
93452a70e8 Fixed many spelling mistakes in code, comments, and docs. 2015-12-03 12:48:24 -05:00
Tim Graham
774c16d16e Fixed #25052; refs #16860 -- Added password validation to UserCreationForm. 2015-07-20 13:44:34 -04:00
Tim Graham
f5e9d67907 Refs #16860 -- Moved password_changed() logic to AbstractBaseUser. 
Thanks Carl Meyer for review.
 2015-07-20 13:44:26 -04:00
Tim Graham
55b3bd8468 Refs #16860 -- Minor edits and fixes to password validation. 2015-06-10 07:41:01 -04:00
Erik Romijn
1daae25bdc Fixed #16860 -- Added password validation to django.contrib.auth. 2015-06-07 19:31:20 +02:00
Simon Charette
be67400b47 Refs #24652 -- Used SimpleTestCase where appropriate. 2015-05-20 13:46:13 -04:00
Josh Smeaton
39a7eed1bb Converted test fixtures to setUpTestData methods 2015-03-05 10:10:32 +11:00
Tim Graham
e0b3926026 Isolated auth_tests from contenttypes_tests; refs #11505. 2015-02-14 22:04:48 -05:00
Tim Graham
2d7aca3da0 Moved contrib.auth tests out of contrib. 2015-02-11 10:19:22 -05:00