Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update django-allauth to 0.58.0 #4646

Closed
wants to merge 1 commit into from
Closed

Update django-allauth to 0.58.0 #4646

wants to merge 1 commit into from

Conversation

pyup-bot
Copy link
Collaborator

This PR updates django-allauth from 0.57.0 to 0.58.0.

Changelog

0.58.0

*******************

Note worthy changes
-------------------

- The ``SocialAccount.exra_data`` field was a custom JSON field that used
``TextField`` as the underlying implementation. It was once needed because
Django had no ``JSONField`` support. Now, this field is changed to use the
official ``JSONField()``. Migrations are in place.

- Officially support Django 5.0.

- In previous versions, users could never remove their primary email address.
This is constraint is now relaxed. In case the email address is not required,
for example, because the user logs in by username, removal of the email
address is allowed.

- Added a new setting ``ACCOUNT_REAUTHENTICATION_REQUIRED`` that, when enabled,
requires the user to reauthenticate before changes (such as changing the
primary email address, adding a new email address, etc.) can be performed.


Backwards incompatible changes
------------------------------

- Refactored the built-in templates, with the goal of being able to adjust the
look and feel of the whole project by only overriding a few core templates.
This approach allows you to achieve visual results fast, but is of course more
limited compared to styling all templates yourself. If your project provided
its own templates then this change will not affect anything, but if you rely
on (some of) the built-in templates your project may be affected.

- The Azure provider has been removed in favor of keeping the Microsoft
provider. Both providers were targeting the same goal.


Security notice
---------------

- Facebook: Using the JS SDK flow, it was possible to post valid access tokens
originating from other apps. Facebook user IDs are scoped per app. By default
that user ID (not the email address) is used as key while
authenticating. Therefore, such access tokens can not be abused by
default. However, in case ``SOCIALACCOUNT_EMAIL_AUTHENTICATION`` was
explicitly enabled for the Facebook provider, these tokens could be used to
login.
Links

@pyup-bot
Copy link
Collaborator Author

Closing this in favor of #4649

@pyup-bot pyup-bot closed this Oct 29, 2023
@pydanny pydanny deleted the pyup-update-django-allauth-0.57.0-to-0.58.0 branch October 29, 2023 21:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
update
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@pyup-bot