News In 2022
django-allauth 0.52.0 released
Posted by Raymond Penners on 2022-12-29
Note worthy changes Officially support Django 4.1. New providers: OpenID Connect, Twitter (OAuth2), Wahoo, DingTalk. Introduced a new provider setting OAUTH_PKCE_ENABLED that enables the PKCE-enhanced Authorization Code Flow for OAuth 2.0 providers. When ACCOUNT_PREVENT_ENUMERATION is turned on, enumeration is now also prevented during signup, provided you are using mandatory email verification.
Read moredjango-allauth 0.51.0 released
Posted by Raymond Penners on 2022-06-07
Note worthy changes New providers: Snapchat, Hubspot, Pocket, Clever. Security notice The reset password form is protected by rate limits. There is a limit per IP, and per email. In previous versions, the latter rate limit could be bypassed by changing the casing of the email address.
Read moredjango-allauth 0.50.0 released
Posted by Raymond Penners on 2022-03-25
Note worthy changes Fixed compatibility issue with setuptools 61. New providers: Drip. The Facebook API version now defaults to v13.0.
django-allauth 0.49.0 released
Posted by Raymond Penners on 2022-02-22
Note worthy changes New providers: LemonLDAP::NG. Fixed SignupForm setting username and email attributes on the User class instead of a dummy user instance. Email addresses POST'ed to the email management view (done in order to resend the confirmation email) were not properly validated.
Read moredjango-allauth 0.48.0 released
Posted by Raymond Penners on 2022-02-03
Note worthy changes New translations: Catalan, Bulgarian. Introduced a new setting ACCOUNT_PREVENT_ENUMERATION that controls whether or not information is revealed about whether or not a user account exists. Warning: this is a work in progress, password reset is covered, yet, signing up is not.
Read more