django-allauth 65.2.0 released
Posted by Raymond Penners on 2024-11-08
Note worthy changes
- OIDC: You can now configure whether or not PKCE is enabled per app by including "oauth_pkce_enabled": True in the app settings.
- The OpenStreetMap provider is deprecated. You can set it up as an OpenID Connect provider instead.
Fixes
- A NoReverseMatch could occur when using ACCOUNT_LOGIN_BY_CODE_REQUIRED = True while ACCOUNT_LOGIN_BY_CODE_ENABLED = False, fixed.
- The PasswordResetDoneView did not behave correctly when using Django's LoginRequiredMiddleware, as it was not properly marked as @login_not_required.
- When verifying an email address by code, the success URL was hardcoded to the email management view, instead of calling the get_email_verification_redirect_url() adapter method.
Security notice
- Headless: settings.ACCOUNT_EMAIL_VERIFICATION_BY_CODE_MAX_ATTEMPTS was not enforced, fixed. Note that the related verification endpoint will return a 409 in case the maximum limit is exceeded, as at that point the pending email verification stage is aborted.
Next: django-allauth 65.3.0 released Previous: django-allauth 65.1.0 released