New providers: OpenID Connect, Twitter (OAuth2), Wahoo, DingTalk.
Introduced a new provider setting OAUTH_PKCE_ENABLED that enables the
PKCE-enhanced Authorization Code Flow for OAuth 2.0 providers.
When ACCOUNT_PREVENT_ENUMERATION is turned on, enumeration is now also
prevented during signup, provided you are using mandatory email
verification. There is a new email template
(templates/account/email/acccount_already_exists_message.txt) that will be
used in this scenario.
Updated URLs of Google's endpoints to the latest version; removed a redundant
userinfo call.
Fixed Pinterest provider on new api version.
0.51.0 (2022-06-07)
Note worthy changes
New providers: Snapchat, Hubspot, Pocket, Clever.
Security notice
The reset password form is protected by rate limits. There is a limit per IP,
and per email. In previous versions, the latter rate limit could be bypassed by
changing the casing of the email address. Note that in that case, the former
rate limit would still kick in.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Updates the requirements on django-allauth to permit the latest version.
Changelog
Sourced from django-allauth's changelog.
... (truncated)
Commits
18d9413
chore: Preparing release 0.52.0fc3163e
chore(pinterest): blackf0dc74d
chore(pinterest): PINTEREST_VERSION -> API_VERSIONc16d8d1
docs(pinterest): :memo: update changelog for pinterest2443c54
fix(pinterest): :bug: make v3 get user info work well, and update the docs27f7f1c
fix(google): enable neededid_token
verificatione6c5a04
feat(google): drop a redundantuserinfo
callfe1d55c
feat(google): update URLs0bfc710
chore(templates): Add mobile-first meta tags911b072
feat(pinterest): Support API v3/v5Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)