MyHebrewDates is a web app for saving and managing Hebrew dates like birthdays, anniversaries, and holidays. It offers an iCal file for easy importing into any calendar app, ensuring users never miss an important Hebrew date again.
Added support for account related security notifications. When
ACCOUNT_EMAIL_NOTIFICATIONS = True, email notifications such as "Your
password was changed", including information on user agent / IP address from where the change
originated, will be emailed.
Google: Starting from 0.52.0, the id_token is being used for extracting
user information. To accommodate for scenario's where django-allauth is used
in contexts where the id_token is not posted, the provider now looks up
the required information from the /userinfo endpoint based on the access
token if the id_token is absent.
Security notice
MFA: It was possible to reuse a valid TOTP code within its time window. This
has now been addressed. As a result, a user can now only login once per 30
seconds (MFA_TOTP_PERIOD).
Backwards incompatible changes
The rate limit mechanism has received an update. Previously, when specifying
e.g. "5/m" it was handled implicitly whether or not that limit was per IP,
per user, or per action specific key. This has now been made explicit:
"5/m/user" vs "5/m/ip" vs "5/m/key". Combinations are also supported
now: "20/m/ip,5/m/key" . Additionally, the rate limit mechanism is now used
throughout, including email confirmation cooldown as well as limitting failed login
attempts. Therefore, the ACCOUNT_LOGIN_ATTEMPTS_LIMIT and
ACCOUNT_EMAIL_CONFIRMATION_COOLDOWN settings are deprecated.
See :doc:Rate Limits <../account/rate_limits> for details.
0.60.1 (2024-01-15)
Fixes
User sessions: after changing your password in case of ACCOUNT_LOGOUT_ON_PASSWORD_CHANGE = False, the list of
sessions woud be empty instead of showing your current session.
SAML: accessing the SLS/ACS views using a GET request would result in a crash (500).
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps django-allauth from 0.58.2 to 0.61.0.
Changelog
Sourced from django-allauth's changelog.
... (truncated)
Commits
6123cca
chore: Release 0.61.0c3b0af2
fix(account): Don't check redirect url if there's no redirect93d47fd
fix(google): Gracefully handle cases where id_token is absent48a661a
fix(mfa): Prevent reuse of TOTP codesad89388
docs(README): Add demo linkd5e33b3
docs(README): Add downloads badged80939d
chore(examples): Remove outdated .example filed775ea4
chore(examples): run regular-django using docker83b45d0
fix(openid): Remove outdated providersb025fdc
docs(ChangeLog): Moved rate limit note to where it belongsDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show