News
django-allauth 0.54.0 released
Posted by Raymond Penners on 2023-03-31
Note worthy changes Dropped support for EOL Python versions (3.5, 3.6). Security notice Even when account enumeration prevention was turned on, it was possible for an attacker to infer whether or not a given account exists based upon the response time of an authentication attempt.
Read moredjango-allauth 0.53.1 released
Posted by Raymond Penners on 2023-03-20
Note worthy changes Example base template was missing {% load i18n %}, fixed.
django-allauth 0.53.0 released
Posted by Raymond Penners on 2023-03-16
Note worthy changes You can now override the use of the UserTokenForm over at the PasswordResetFromKeyView by configuring ACCOUNT_FORMS["user_token"] to allow the change of the password reset token generator. The Google API URLs are now configurable via the provider setting which enables use-cases such as overriding the endpoint during integration tests to talk to a mocked version of the API.
Read moredjango-allauth 0.52.0 released
Posted by Raymond Penners on 2022-12-29
Note worthy changes Officially support Django 4.1. New providers: OpenID Connect, Twitter (OAuth2), Wahoo, DingTalk. Introduced a new provider setting OAUTH_PKCE_ENABLED that enables the PKCE-enhanced Authorization Code Flow for OAuth 2.0 providers. When ACCOUNT_PREVENT_ENUMERATION is turned on, enumeration is now also prevented during signup, provided you are using mandatory email verification.
Read moredjango-allauth 0.51.0 released
Posted by Raymond Penners on 2022-06-07
Note worthy changes New providers: Snapchat, Hubspot, Pocket, Clever. Security notice The reset password form is protected by rate limits. There is a limit per IP, and per email. In previous versions, the latter rate limit could be bypassed by changing the casing of the email address.
Read more