The SocialAccount.exra_data field was a custom JSON field that used
TextField as the underlying implementation. It was once needed because
Django had no JSONField support. Now, this field is changed to use the
official JSONField(). Migrations are in place.
Officially support Django 5.0.
In previous versions, users could never remove their primary email address.
This is constraint is now relaxed. In case the email address is not required,
for example, because the user logs in by username, removal of the email
address is allowed.
Added a new setting ACCOUNT_REAUTHENTICATION_REQUIRED that, when enabled,
requires the user to reauthenticate before changes (such as changing the
primary email address, adding a new email address, etc.) can be performed.
Backwards incompatible changes
Refactored the built-in templates, with the goal of being able to adjust the
look and feel of the whole project by only overriding a few core templates.
This approach allows you to achieve visual results fast, but is of course more
limited compared to styling all templates yourself. If your project provided
its own templates then this change will not affect anything, but if you rely
on (some of) the built-in templates your project may be affected.
The Azure provider has been removed in favor of keeping the Microsoft
provider. Both providers were targeting the same goal.
Security notice
Facebook: Using the JS SDK flow, it was possible to post valid access tokens
originating from other apps. Facebook user IDs are scoped per app. By default
that user ID (not the email address) is used as key while
authenticating. Therefore, such access tokens can not be abused by
default. However, in case SOCIALACCOUNT_EMAIL_AUTHENTICATION was
explicitly enabled for the Facebook provider, these tokens could be used to
login.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Updates the requirements on django-allauth to permit the latest version.
Changelog
Sourced from django-allauth's changelog.
... (truncated)
Commits
d8b33de
chore: Release 0.58.02b55add
fix(facebook): Inspect POST'ed access tokene8a1035
fix(account/middleware): Check content type vs. dangling login67c5fbc
docs(socialaccount): settings.py vs admin SocialApp104416b
refactor(socialaccount): Move certificate_key into settings5fe150b
fix(account): Don't attempt to lookup invalid emaild7d8d2f
feat(account): Reauthentication required15c1223
fix(account): Email change form action url was emptya0ff1aa
feat(account): Allow removal of email depending on auth method0e29d46
chore(ci): Update to add Django 5.0 (alpha) support.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show