News
django-allauth 0.53.0 released
Posted by Raymond Penners on 2023-03-16
Note worthy changes You can now override the use of the UserTokenForm over at the PasswordResetFromKeyView by configuring ACCOUNT_FORMS["user_token"] to allow the change of the password reset token generator. The Google API URLs are now configurable via the provider setting which enables use-cases such as overriding the endpoint during integration tests to talk to a mocked version of the API.
Read moredjango-allauth 0.52.0 released
Posted by Raymond Penners on 2022-12-29
Note worthy changes Officially support Django 4.1. New providers: OpenID Connect, Twitter (OAuth2), Wahoo, DingTalk. Introduced a new provider setting OAUTH_PKCE_ENABLED that enables the PKCE-enhanced Authorization Code Flow for OAuth 2.0 providers. When ACCOUNT_PREVENT_ENUMERATION is turned on, enumeration is now also prevented during signup, provided you are using mandatory email verification.
Read moredjango-allauth 0.51.0 released
Posted by Raymond Penners on 2022-06-07
Note worthy changes New providers: Snapchat, Hubspot, Pocket, Clever. Security notice The reset password form is protected by rate limits. There is a limit per IP, and per email. In previous versions, the latter rate limit could be bypassed by changing the casing of the email address.
Read moredjango-allauth 0.50.0 released
Posted by Raymond Penners on 2022-03-25
Note worthy changes Fixed compatibility issue with setuptools 61. New providers: Drip. The Facebook API version now defaults to v13.0.
django-allauth 0.49.0 released
Posted by Raymond Penners on 2022-02-22
Note worthy changes New providers: LemonLDAP::NG. Fixed SignupForm setting username and email attributes on the User class instead of a dummy user instance. Email addresses POST'ed to the email management view (done in order to resend the confirmation email) were not properly validated.
Read more