mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-04 02:48:35 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fixed CVE-2018-6188 -- Fixed information leakage in AuthenticationForm.

Browse source 
Reverted 359370a8b8 (refs #28645).

This is a security fix.
This commit is contained in:
Tim Graham 2018-01-23 13:20:18 -05:00
parent 552abffab1
commit af33fb250e
5 changed files with 67 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

5
tests/admin_views/test_forms.py
View file

@ -1,8 +1,11 @@
from django.contrib.admin.forms import AdminAuthenticationForm
from django.contrib.auth.models import User
from django.test import TestCase
from django.test import TestCase, override_settings
# To verify that the login form rejects inactive users, use an authentication
# backend that allows them.
@override_settings(AUTHENTICATION_BACKENDS=['django.contrib.auth.backends.AllowAllUsersModelBackend'])
class AdminAuthenticationFormTests(TestCase):
@classmethod
def setUpTestData(cls):