Changelog¶
2.1.0¶
- Vendored a more secure
is_safe_url
implementation from latest Django, instead of relying on a potentially insecure bundled version. See #17.
2.0.1¶
- Added
sudo.views.SudoView
class based view. This is now more extensible and should be preferred over the oldersudo.views.sudo
view function. - Removed
SUDO_FORM
setting. It’s now suggested to subclasssudo.views.SudoView
and overrideform_class
. - Added
SUDO_URL
setting to set the url for the sudo page.
2.0.0¶
- Bad release. :( Don’t install.
1.2.0¶
1.1.3¶
- Use
constant_time_compare
when verifying the correct sudo token. - Make sure to check against all
AUTHENTICATION_BACKENDS
for theSudoForm
. See #3.
1.1.2¶
- Added new setting,
SUDO_FORM
which allows you to override the default form that is used. See #2.
1.1.1¶
- Fixed a bug when using the new
SUDO_COOKIE_SALT
. If specifying a non-default salt, all cookies would be marked incorrectly as invalid. - Don’t use
request.REQUEST
anymore since that’s deprecated in modern Django. Always userequest.GET
instead since we never POSTed thenext
variable anyways.
1.1.0¶
- Switch to using signed cookies for the sudo cookie, see #1.
- Added new
SUDO_COOKIE_SALT
setting to go along with the signed cookie.
1.0.0¶
- Initial release