openstack_auth/tests/run_tests.py | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 [patch 1/2] call django.setup() before running tests for django 1.7
 compatibility

openstack_auth/forms.py | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 [patch 2/2] don't call check_for_test_cookie with django 1.7

The Django doc says this for this method:

    The undocumented check_for_test_cookie method in AuthenticationForm will be
    removed following an accelerated deprecation. Users subclassing this form
    should remove calls to this method, and instead ensure that their auth related
    views are CSRF protected, which ensures that cookies are enabled.

The login view in openstack_auth/views.py is CSRF protected so it should be
fine to just drop the call with Django 1.7.

openstack_auth/tests/data_v2.py | 11 3 + 8 - 0 !
1 file changed, 3 insertions(+), 8 deletions(-)

 replace usermanager/tenantmanager with none in tests
 UserManager/TenantManager seems private classes in keystoneclient and the
 interface was changed in keystoneclient 0.10.0. django-openstack-auth tests
 actually don't need these managers, so this commit makes test data not use
 these classes.

openstack_auth/forms.py | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

 horizon login page contains dos attack mechanism
 The horizon login page (and middleware) accesses the session too early in the
 login process, which will create session records in the session backend. This
 is especially problematic when non-cookie backends are used.