Closed apagano-vue closed 9 months ago
Confirmative -- this is an issue in django-allauth. You can expect a 0.56.1 that fixes this.
Done -- please upgrade to 0.56.1.
@apagano-vue Can you please close this issue?
@pennersr Should 0.56.0 be yanked from PyPI?
Yes :white_check_mark:
We've just tested compatibility of django-allauth-2fa (0.11.1) with the latest version of django-allauth (0.56.0).
When using those two versions together, 2FA authentication is silently bypassed and the user can connect just using their credentials.
The regression seems to have been introduced between 0.54.0 and 0.56.0 (perhaps something to do with the new required allauth.account.middleware.AccountMiddleware)
I'd be happy to look more into it if there is interest in making django-allauth-2fa compatible with the latest version of django-allauth