Upgrade django-allauth dependency
#9122
Assignees
Labels
Comments
stsewd
added
Improvement
stsewd
added a commit
that referenced
this issue
Jun 6, 2022
\### 0.43.0 > In previous versions, the allauth app included a base.html template. This > template could conflict with an equally named template at project level. > Therefore, base.html has now been moved to account/base.html -- you will need > to check your templates and likely override account/base.html within your > project. We include our own base.html template, in order to make the allauth templates use our base template I have added a an account/base.html file that just extends from base.html. \### 0.44.0 > The certificate key part of the SOCIALACCOUNT_PROVIDERS configuration has been > renamed to certificate_key. This is done to prevent the key from being > displayed without being masked in Django debug pages. We don't use that field nor we access it from our application. \### 0.47.0 > Added a new setting SOCIALACCOUNT_LOGIN_ON_GET that controls whether or not the > endpoints for initiating a social login (for example, > "/accounts/google/login/") require a POST request to initiate the handshake. As > requiring a POST is more secure, the default of this new setting is False. This adds one more step for users before signing in with an external provider. > You are about to sign in using a third party account from GitHub. > [ Continue ] I have changed our list to be a form, so it stil is just a click away from our platform, but a link from outside will require the user to click on "continue". We can just set this setting to True if we want too (but there is a security notice that explains why isn't a good idea https://github.com/pennersr/django-allauth/blob/master/ChangeLog.rst#security-notice) \### 0.48.0 > The newly introduced ACCOUNT_PREVENT_ENUMERATION defaults to True impacting the > current behavior of the password reset flow. We want that. > The newly introduced rate limitting is by default turned on. You will need to > provide a 429.html template. We want this, I have added a 429.html template :) > The default of SOCIALACCOUNT_STORE_TOKENS has been changed to False. Rationale > is that storing sensitive information should be opt in, not opt out. If you > were relying on this functionality without having it explicitly turned on, > please add it to your settings.py. We rely on this, I have set it to true. \### 0.49.0 > Changed naming of internal_reset_url_key attribute in > allauth.account.views.PasswordResetFromKeyView to reset_url_key. We don't override this view. Closes #9122
Repository owner
moved this from Needs review
to Done
in 📍Roadmap
Jun 6, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I've been hitting this bug locally a couple of times pennersr/django-allauth#3063, as a workaround I've been executing tox like
VIRTUALENV_SETUPTOOLS=58.3.0 toxWe pinned allauth a time ago, but we never came back to upgrade it.
readthedocs.org/requirements/pip.txt
Lines 43 to 49 in 51c732a
There are a couple of improvements that are useful for us in the new versions https://github.com/pennersr/django-allauth/blob/master/ChangeLog.rst
The text was updated successfully, but these errors were encountered: