Loading django/conf/__init__.py +0 −12 Original line number Diff line number Diff line Loading @@ -9,11 +9,9 @@ a list of all possible variables. import importlib import os import time import warnings from django.conf import global_settings from django.core.exceptions import ImproperlyConfigured from django.utils.deprecation import RemovedInDjango110Warning from django.utils.functional import LazyObject, empty ENVIRONMENT_VARIABLE = "DJANGO_SETTINGS_MODULE" Loading Loading @@ -118,16 +116,6 @@ class Settings(BaseSettings): if not self.SECRET_KEY: raise ImproperlyConfigured("The SECRET_KEY setting must not be empty.") if ('django.contrib.auth.middleware.AuthenticationMiddleware' in self.MIDDLEWARE_CLASSES and 'django.contrib.auth.middleware.SessionAuthenticationMiddleware' not in self.MIDDLEWARE_CLASSES): warnings.warn( "Session verification will become mandatory in Django 1.10. " "Please add 'django.contrib.auth.middleware.SessionAuthenticationMiddleware' " "to your MIDDLEWARE_CLASSES setting when you are ready to opt-in after " "reading the upgrade considerations in the 1.8 release notes.", RemovedInDjango110Warning ) if hasattr(time, 'tzset') and self.TIME_ZONE: # When we can, attempt to validate the timezone. If we can't find # this file, no check happens and it's harmless. Loading django/conf/project_template/project_name/settings.py +0 −1 Original line number Diff line number Diff line Loading @@ -45,7 +45,6 @@ MIDDLEWARE_CLASSES = [ 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', ] Loading django/contrib/auth/__init__.py +2 −4 Original line number Diff line number Diff line Loading @@ -173,8 +173,7 @@ def get_user(request): backend = load_backend(backend_path) user = backend.get_user(user_id) # Verify the session if ('django.contrib.auth.middleware.SessionAuthenticationMiddleware' in settings.MIDDLEWARE_CLASSES and hasattr(user, 'get_session_auth_hash')): if hasattr(user, 'get_session_auth_hash'): session_hash = request.session.get(HASH_SESSION_KEY) session_hash_verified = session_hash and constant_time_compare( session_hash, Loading @@ -196,8 +195,7 @@ def get_permission_codename(action, opts): def update_session_auth_hash(request, user): """ Updating a user's password logs out all sessions for the user if django.contrib.auth.middleware.SessionAuthenticationMiddleware is enabled. Updating a user's password logs out all sessions for the user. This function takes the current request and the updated user object from which the new session hash will be derived and updates the session hash Loading django/contrib/auth/middleware.py +2 −2 Original line number Diff line number Diff line Loading @@ -28,8 +28,8 @@ class SessionAuthenticationMiddleware(object): correspond to the user's current session authentication hash. However, it caused the "Vary: Cookie" header on all responses. Now a backwards compatibility shim that enables session verification in auth.get_user() if this middleware is in MIDDLEWARE_CLASSES. It's now a shim to allow a single settings file to more easily support multiple versions of Django. Will be RemovedInDjango20Warning. """ def process_request(self, request): pass Loading django/contrib/auth/views.py +1 −3 Original line number Diff line number Diff line Loading @@ -303,9 +303,7 @@ def password_change(request, if form.is_valid(): form.save() # Updating the password logs out all other sessions for the user # except the current one if # django.contrib.auth.middleware.SessionAuthenticationMiddleware # is enabled. # except the current one. update_session_auth_hash(request, form.user) return HttpResponseRedirect(post_change_redirect) else: Loading Loading
django/conf/__init__.py +0 −12 Original line number Diff line number Diff line Loading @@ -9,11 +9,9 @@ a list of all possible variables. import importlib import os import time import warnings from django.conf import global_settings from django.core.exceptions import ImproperlyConfigured from django.utils.deprecation import RemovedInDjango110Warning from django.utils.functional import LazyObject, empty ENVIRONMENT_VARIABLE = "DJANGO_SETTINGS_MODULE" Loading Loading @@ -118,16 +116,6 @@ class Settings(BaseSettings): if not self.SECRET_KEY: raise ImproperlyConfigured("The SECRET_KEY setting must not be empty.") if ('django.contrib.auth.middleware.AuthenticationMiddleware' in self.MIDDLEWARE_CLASSES and 'django.contrib.auth.middleware.SessionAuthenticationMiddleware' not in self.MIDDLEWARE_CLASSES): warnings.warn( "Session verification will become mandatory in Django 1.10. " "Please add 'django.contrib.auth.middleware.SessionAuthenticationMiddleware' " "to your MIDDLEWARE_CLASSES setting when you are ready to opt-in after " "reading the upgrade considerations in the 1.8 release notes.", RemovedInDjango110Warning ) if hasattr(time, 'tzset') and self.TIME_ZONE: # When we can, attempt to validate the timezone. If we can't find # this file, no check happens and it's harmless. Loading
django/conf/project_template/project_name/settings.py +0 −1 Original line number Diff line number Diff line Loading @@ -45,7 +45,6 @@ MIDDLEWARE_CLASSES = [ 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', ] Loading
django/contrib/auth/__init__.py +2 −4 Original line number Diff line number Diff line Loading @@ -173,8 +173,7 @@ def get_user(request): backend = load_backend(backend_path) user = backend.get_user(user_id) # Verify the session if ('django.contrib.auth.middleware.SessionAuthenticationMiddleware' in settings.MIDDLEWARE_CLASSES and hasattr(user, 'get_session_auth_hash')): if hasattr(user, 'get_session_auth_hash'): session_hash = request.session.get(HASH_SESSION_KEY) session_hash_verified = session_hash and constant_time_compare( session_hash, Loading @@ -196,8 +195,7 @@ def get_permission_codename(action, opts): def update_session_auth_hash(request, user): """ Updating a user's password logs out all sessions for the user if django.contrib.auth.middleware.SessionAuthenticationMiddleware is enabled. Updating a user's password logs out all sessions for the user. This function takes the current request and the updated user object from which the new session hash will be derived and updates the session hash Loading
django/contrib/auth/middleware.py +2 −2 Original line number Diff line number Diff line Loading @@ -28,8 +28,8 @@ class SessionAuthenticationMiddleware(object): correspond to the user's current session authentication hash. However, it caused the "Vary: Cookie" header on all responses. Now a backwards compatibility shim that enables session verification in auth.get_user() if this middleware is in MIDDLEWARE_CLASSES. It's now a shim to allow a single settings file to more easily support multiple versions of Django. Will be RemovedInDjango20Warning. """ def process_request(self, request): pass Loading
django/contrib/auth/views.py +1 −3 Original line number Diff line number Diff line Loading @@ -303,9 +303,7 @@ def password_change(request, if form.is_valid(): form.save() # Updating the password logs out all other sessions for the user # except the current one if # django.contrib.auth.middleware.SessionAuthenticationMiddleware # is enabled. # except the current one. update_session_auth_hash(request, form.user) return HttpResponseRedirect(post_change_redirect) else: Loading
