django-hijack
With Django Hijack, admins can log in and work on behalf of other users without having to know their credentials.
MIT License
Bot releases are visible (Hide)
Published by jvamvas about 8 years ago
- Django 1.10 compatibility
- Drop support for Django 1.7 (might still work, but tests are allowed to fail)
- Add template filter
request|is_hijacked - Improve error handling in notification template tag
Published by jvamvas over 8 years ago
Published by jvamvas over 8 years ago
- Make hijacking via POST a default requirement
- Introduce a setting
HIJACK_ALLOW_GET_REQUESTS - Move Django admin integration to a separate package as it depends on GET (https://github.com/arteria/django-hijack-admin)
- If you currently use the admin integration, follow the instructions there when upgrading
- The setting
HIJACK_DISPLAY_ADMIN_BUTTONis not used anymore.
- Pass request to signals
- Tests for custom decorators
Published by jvamvas over 8 years ago
- Fix end-of-hijack session cleanup code
- Don't save hijacked user at login; disconnect update_last_login instead
- Avoid encoding error in setup.py
Published by jvamvas over 8 years ago
- Optional setting for admin hijack button template, cf. http://django-hijack.readthedocs.org/en/latest/configuration/#hijack_button_template
- Minor enhancements
Published by walterrenner almost 9 years ago
- Use pk to access the User primary key
Published by walterrenner almost 9 years ago
- Use pk to access the User primary key
Published by jvamvas almost 9 years ago
- Remove
django-sessioninfoas a dependency
Published by jvamvas almost 9 years ago
- Unify settings; Django will show a warning if a deprecated setting name is used. See http://django-hijack.rtfd.org/en/latest/configuration/#settings-overview
- Drop official support for Django 1.4, 1.6; add support for 1.9 using https://github.com/arteria/django-compat v1.0.8
- Add i18n support, see https://github.com/arteria/django-hijack/tree/v2.0.0/hijack/locale
- Make
HIJACK_DECORATORconfigurable - Do not update last_login time of hijacked users
- Add optional Bootstrap-optimized notification bar. Can be activated with
HIJACK_USE_BOOTSTRAP - Add signals
hijack_startedandhijack_ended - Add AppConfig and various checks
- Check "next" GET parameter for safety
- Move documentation to http://django-hijack.readthedocs.org/
- Use https://github.com/arteria/django-sessioninfo as a dependency
- Rewrite tests
Published by philippeowagner almost 9 years ago
- Bugfixes
- Allow hijacking users with negative IDs
Published by walterrenner about 9 years ago
- allow email usernames in login_with_username
- dropped support for django 1.5
Published by philippeowagner over 9 years ago
- Added RemoteUser support, for more information see the FAQ
- Fixed hide button to redirects to correct full path
- Custom hijack function
NOTE: Be careful using the new custom hijack function, this can cause serious security vulnerabilities!
Published by walterrenner over 9 years ago
Security update.
We recommend you to update django-hijack to the latest version.
- HTML tags, are now rendered with escaping
Published by walterrenner over 9 years ago
- Do not allow staff users to hijack superusers
- Add setting to choose which user attributes can be used for hijacking a user
- Use a more liberal/naive approach to regex checking for an email
- Code cleanup
- Check staff status against logged in user instead the user being hijacked (bugfix)
- Only include 'disable-hijack-warning' url if HIJACK_NOTIFY_ADMIN is enabled
Published by philippeowagner over 9 years ago
- Fixed error in dependency
- Correct classifiers in setup.py
Published by walterrenner almost 10 years ago
