pennersr
commented
10 months ago Confirmative -- this is an issue in django-allauth. You can expect a 0.56.1 that fixes this.
Closed apagano-vue closed 9 months ago
pennersr
commented
10 months ago Confirmative -- this is an issue in django-allauth. You can expect a 0.56.1 that fixes this.
pennersr
commented
10 months ago Done -- please upgrade to 0.56.1.
pennersr
commented
9 months ago @apagano-vue Can you please close this issue?
akx
commented
9 months ago @pennersr Should 0.56.0 be yanked from PyPI?
pennersr
commented
9 months ago Yes :white_check_mark:
We've just tested compatibility of django-allauth-2fa (0.11.1) with the latest version of django-allauth (0.56.0).
When using those two versions together, 2FA authentication is silently bypassed and the user can connect just using their credentials.
The regression seems to have been introduced between 0.54.0 and 0.56.0 (perhaps something to do with the new required allauth.account.middleware.AccountMiddleware)
I'd be happy to look more into it if there is interest in making django-allauth-2fa compatible with the latest version of django-allauth