File python-django-allauth.changes of Package python-django-allauth
-------------------------------------------------------------------
Sun Jun 23 08:14:08 UTC 2024 - Andreas Schneider <asn@cryptomilk.org>
- Update to version 0.63.3
* See https://github.com/pennersr/django-allauth/blob/0.63.3/ChangeLog.rst
or the packaged ChangeLog.rst file.
- Updated missing-template-in-test.patch
-------------------------------------------------------------------
Sat Jan 20 13:06:42 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update to 0.60.1:
* User sessions: after changing your password in case of
ACCOUNT_LOGOUT_ON_PASSWORD_CHANGE = False, the list of
sessions woud be empty instead of showing your current
session.
* SAML: accessing the SLS/ACS views using a GET request would
result in a crash (500).
* SAML: the login view did not obey the
SOCIALACCOUNT_LOGIN_ON_GET = False setting.
-------------------------------------------------------------------
Mon Jan 8 20:43:34 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update to 0.60.0:
* Google One Tap Sign-In is now supported.
* You can now more easily change the URL to redirect to after a
successful password change/set via the newly introduced
get_password_change_redirect_url() adapter method.
* You can now configure the primary key of all models by
configuring ALLAUTH_DEFAULT_AUTO_FIELD, for example to:
"hashid_field.HashidAutoField".
* You can now specify the URL path prefix that is used for all
OpenID Connect providers using
SOCIALACCOUNT_OPENID_CONNECT_URL_PREFIX. By default, it is
set to "oidc", meaning, an OpenID Connect provider with
provider ID foo uses /accounts/oidc/foo/login/ as its login
URL. Set it to empty ("") to keep the previous URL structure
(/accounts/foo/login/).
* The SAML default attribute mapping for uid has been changed
to only include urn:oasis:names:tc:SAML:attribute:subject-id.
If the SAML response does not contain that, it will fallback
to use NameID.
-------------------------------------------------------------------
Thu Dec 14 10:22:34 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 0.59.0:
* The MFA authenticator model now features "created at" an
"last used "at" timestamps.
* The MFA authenticator model is now registered with the Django
admin.
* Added MFA signals emitted when authenticators are added,
removed or (in case of recovery codes) reset.
* There is now an MFA adapter method
``can_delete_authenticator(authenticator)``
available that can be used to prevent users from deactivating
e.g. their TOTP authenticator.
* Added a new app, user sessions, allowing users to view a list
of all their active sessions, as well as offering a means to
end these sessions.
* A configurable timeout (``SOCIALACCOUNT_REQUESTS_TIMEOUT``)
is now applied to all upstream requests.
* Added a setting ``ACCOUNT_EMAIL_UNKNOWN_ACCOUNTS`` to disable
sending of emails to unknown accounts.
* You can now override the MFA forms via the ``MFA_FORMS``
setting.
-------------------------------------------------------------------
Fri Nov 10 12:03:37 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 0.58.2:
* Added rate limiting to the MFA login form.
-------------------------------------------------------------------
Mon Nov 6 00:48:51 UTC 2023 - Marcus Rueckert <mrueckert@suse.de>
- make it easier to notice to keep buildrequires and runtime
requires version limits in sync. This will also help us to notice
early when the version of other libraries do not match the
requires encoded in the source code.
-------------------------------------------------------------------
Thu Nov 2 07:54:22 UTC 2023 - Andreas Schneider <asn@cryptomilk.org>
- Update to v0.58.1
* See https://github.com/pennersr/django-allauth/blob/0.58.1/ChangeLog.rst
or the ChangeLog.rst included in this package
-------------------------------------------------------------------
Sat Jul 29 00:48:53 UTC 2023 - Georg Pfuetzenreuter <georg.pfuetzenreuter@suse.com>
- Update to v0.54.0
* skips multiple versions, reference
https://github.com/pennersr/django-allauth/commits/0.54.0
- Patch out test which cannot run without template files (missing-template-in-test.patch)
-------------------------------------------------------------------
Sun Jun 25 08:25:56 UTC 2023 - Andreas Schneider <asn@cryptomilk.org>
- Use sle15_python_module_pythons
-------------------------------------------------------------------
Fri Dec 24 23:57:39 UTC 2021 - John Vandenberg <jayvdb@gmail.com>
- Update to v0.47.0
* Better compatibility with Django 4.0
* New providers: Gumroad.
* Added a new setting SOCIALACCOUNT_LOGIN_ON_GET that controls
whether or not the endpoints for initiating a social login
(for example, "/accounts/google/login/") require a POST request
to initiate the handshake. As requiring a POST is more secure,
the default of this new setting is False.
- from v0.46.0
* New providers: Gitea, MediaWiki.
* New translations: Georgian, Mongolian.
* Django 3.2 compatibility.
- from v0.45.0
* New providers: Feishu, NetIQ, Frontier, CILogin.
- from v0.44.0
* In previous versions, the mechanism to prevent too many failed login
attempts (ACCOUNT_LOGIN_ATTEMPTS_LIMIT) could be bypassed by
changing the casing of the login.
* The certificate key part of the SOCIALACCOUNT_PROVIDERS
configuration has been renamed to certificate_key. This is done
to prevent the key from being displayed without being masked
in Django debug pages.
* Better compatibility with Django 3.2
- from v0.43.0
* New translation: Slovenian.
* If ACCOUNT_LOGIN_ATTEMPTS_LIMIT is set and the user successfully
resets their password, the timeout is cleared to allow immediate
login.
* You can now limit the amount of email addresses a user can
associate to his account by setting ACCOUNT_MAX_EMAIL_ADDRESSES.
* New providers: Apple, Okta, Stocktwits, Zoho, Zoom.
* If email verification is set to mandatory, the email address you use
to login with must now be verified as well.
In previous versions, it was sufficient if the account had at least
one verified email address, not necessarily the one used to login with.
* Added a new setting: ACCOUNT_SIGNUP_REDIRECT_URL -- the URL
(or URL name) to redirect to directly after signing up.
* In previous versions, the allauth app included a base.html template.
This template could conflict with an equally named template at project
level. Therefore, base.html has now been moved to account/base.html
-------------------------------------------------------------------
Tue Jun 9 10:00:44 UTC 2020 - Ondřej Súkup <mimi.vx@gmail.com>
- Update to 0.42.0
* New providers: EDX, Yandex, Mixer.
* Fixed Twitch get_avatar_url()
* The Facebook API version now defaults to v7.0.
-------------------------------------------------------------------
Tue Jan 7 09:59:46 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
- Update to 0.41.0:
* Fixes CVE-2019-19844: Potential account hijack via password
reset form bsc#1159447
* Dropped Python 2 and Django 1 compatibility.
- Do not bother with the lang subpkg as it is needed to have languages
to be present always anyway
-------------------------------------------------------------------
Mon Sep 16 10:06:12 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
- Update to 0.40.0:
* The instagram provider now extracts the user's full name.
* New provider: NextCloud (OAuth2)
* Added an SDK_URL setting for customizing the loading of the Facebook JavaScript SDK.
* Updated Twitch provider to use new authentication endpoints (https://id.twitch.tv) over deprecated v5 endpoints (https://api.twitch.tv/kraken)
* Added support for Patreon API v2, with API v1 set as default for backwards compatibility.
-------------------------------------------------------------------
Sat Sep 14 03:39:42 UTC 2019 - John Vandenberg <jayvdb@gmail.com>
- Use %ifpython2/3 to allow building only one flavour
-------------------------------------------------------------------
Mon Mar 11 08:41:15 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
- Update to 0.39.1:
* The linkedin_oauth2 provider now gracefully deals with old V1 data that might still be present in SocialAccount.extra_data.
* New providers: JupyterHub (OAuth2), Steam (OpenID)
* Refactor translations: Portuguese (Portugal).
* Add testing for Django 2.2 (no code changes required)
* linkedin_oauth2: As the LinkedIn V1 API is deprecated, the user info endpoint has been moved over to use the API V2. The format of the user extra_data is different and the profile picture is absent by default.
-------------------------------------------------------------------
Sun Feb 17 07:59:01 UTC 2019 - John Vandenberg <jayvdb@gmail.com>
- Skip five failing tests
-------------------------------------------------------------------
Sat Feb 16 09:45:04 UTC 2019 - John Vandenberg <jayvdb@gmail.com>
- Initial spec for v0.38.0
