User sessions: after changing your password in case of ACCOUNT_LOGOUT_ON_PASSWORD_CHANGE = False, the list of
sessions woud be empty instead of showing your current session.
SAML: accessing the SLS/ACS views using a GET request would result in a crash (500).
SAML: the login view did not obey the SOCIALACCOUNT_LOGIN_ON_GET = False setting.
Backwards incompatible changes
The rate limit mechanism has received an update. Previously, when specifying
e.g. "5/m" it was handled implicitly whether or not that limit was per IP,
per user, or per action specific key. This has now been made explicit:
"5/m/user" vs "5/m/ip" vs "5/m/key". Combinations are also supported
now: "20/m/ip,5/m/key" . Additionally, the rate limit mechanism is now used
throughout, including email confirmation cooldown as well as limitting failed login
attempts. Therefore, the ACCOUNT_LOGIN_ATTEMPTS_LIMIT and
ACCOUNT_EMAIL_CONFIRMATION_COOLDOWN settings are deprecated.
See :doc:Rate Limits <../account/rate_limits> for details.
0.60.0 (2024-01-05)
Note worthy changes
Google One Tap Sign-In is now supported.
You can now more easily change the URL to redirect to after a successful password
change/set via the newly introduced get_password_change_redirect_url()
adapter method.
You can now configure the primary key of all models by configuring
ALLAUTH_DEFAULT_AUTO_FIELD, for example to:
"hashid_field.HashidAutoField".
Backwards incompatible changes
You can now specify the URL path prefix that is used for all OpenID Connect
providers using SOCIALACCOUNT_OPENID_CONNECT_URL_PREFIX. By default, it is
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps django-allauth from 0.58.2 to 0.60.1.
Changelog
Sourced from django-allauth's changelog.
... (truncated)
Commits
0ad6c51
chore: Release 0.60.111a549c
docs(ChangeLog): Add SAML fixesbefdf9b
fix(usersessions): Handle LOGOUT_ON_PASSWORD_CHANGE3b65b11
fix(saml): Respect SOCIALACCOUNT_LOGIN_ON_GET0c49379
fix(saml): Handle wrong methods at acs/sls5f4b584
chore: Opening 0.60.1-dev4faff2d
chore: Release 0.60.052bffbd
fix(i18n): Updates to django.po for ru locale89ebcc5
fix(google): get_avatar_url sometimes returns None0bb3cec
fix(steam): get(params)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show