Skip to content

Update django-allauth to 65.5.0 #5723

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Mar 24, 2025
Merged

Update django-allauth to 65.5.0 #5723

merged 3 commits into from
Mar 24, 2025

Conversation

pyup-bot
Copy link
Collaborator

This PR updates django-allauth[mfa] from 65.4.1 to 65.5.0.

Changelog

65.5.0

*******************

Note worthy changes
-------------------

- Added support for phone (SMS) authentication.

- Added support for resetting passwords by code, instead of a link
(``ACCOUNT_PASSWORD_RESET_BY_CODE_ENABLED``).

- Added support for Tumblr OAuth2.

- Simplified signup form configuration. The following settings all controlled
signup form: ``ACCOUNT_EMAIL_REQUIRED``, ``ACCOUNT_USERNAME_REQUIRED``,
``ACCOUNT_SIGNUP_EMAIL_ENTER_TWICE``, ``ACCOUNT_SIGNUP_PASSWORD_ENTER_TWICE``.
This setup had its issues. For example, when email was not required it was
still available as an optional field, whereas the username field disappeared
when not required. Also, for phone/SMS support, additional settings
would have been required.  The settings are now all deprecated, and replaced by one
new setting: ``ACCOUNT_SIGNUP_FIELDS``, which can be configured to
e.g. ``['username*', 'email', 'password1*', 'password2*']`` to indicate which
fields are present and required (``'*'``). This change is performed in a
backwards compatible manner.

- Headless: if, while signing up using a third-party provider account, there is
insufficient information received from the provider to automatically complete
the signup process, an additional step is needed to complete the missing data
before the user is fully signed up and authenticated.  You can now perform a
``GET`` request to ``/_allauth/{client}/v1/auth/provider/signup`` to obtain
information on the pending signup.

- Headless: OpenID Connect providers now support token authentication.

- The "Forgot your password?" help text can now be more easily customized by
providing your own ``"account/password_reset_help_text.html"`` template.

- Removed inline scripts, so that it becomes possible to use a strong Content
Security Policy.

- Headless: The OpenAPI specification now dynamically reflects the
``ACCOUNT_SIGNUP_FIELDS`` configuration, as well as any custom fields you have
in ``ACCOUNT_SIGNUP_FORM_CLASS``.

- Added official support for Python 3.13.


Fixes
-----

- Headless: In case you had multiple apps of the same provider configured,
you could run into a ``MultipleObjectsReturned``. Fixed.
Links

@browniebroke browniebroke merged commit 7fbcc65 into master Mar 24, 2025
14 checks passed
@browniebroke browniebroke deleted the pyup-update-django-allauth-65.4.1-to-65.5.0 branch March 24, 2025 23:00
@roushikk roushikk mentioned this pull request Mar 31, 2025
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
update
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pyup-bot @browniebroke