This may be the last version of django-allauth-2fa under this stewardship;
allauth contains its own allauth.mfa
package that should be used instead
for versions of Allauth >= 0.58.0. The dependency range for allauth
in this
version has been updated accordingly; this release will conflict with newer versions
of allauth
on purpose.
See #189 for discussion.
You can use the experimental allauth_2fa_migrate
management command to create
allauth.mfa
Authenticator objects from your allauth_2fa
data before switching
your production environment over to allauth.mfa
.
- You can't write to allauth_2fa.app_settings variables anymore; instead modify the underlying django.conf.settings settings.
- Add flag to make the required entry of an OTP code for device removal optional (#169)
- Add setting to allow generating a different number of backup tokens (#192)
- Potential bugfix for
redirect_field_name
AttributeError (#196)
Patch release to address a packaging issue where templates weren't included (#176, #177).
We didn't wait one year from the last release for this on purpose, I swear!
- The minimum version of Python for this release is 3.7.
- The minimum version of Django for this release is 3.2.
- The minimum version of django-otp for this release is 1.1.x.
- The minimum version of django-allauth for this release is 0.53.0.
- The token field in forms is now otp_token; if you have subclassed forms, or are using custom templates, this may require adjustment.
- Allow customizing view success URLs via app_settings
- Show secret on setup page to allow for non-QR-code devices
- You can customize the QR code generation arguments in TwoFactorSetup (#156)
- 2FA can be disabled using backup tokens (#155)
- You can now override the forms used by the views using settings, like allauth does (#161)
- The package now has (partial) type annotations.
If you're using a custom template for the 2FA token removal view,
note that you will need to also display the token
field beginning
with this version (PR #135 in particular).
The minimum version of django-otp was bumped to 0.6.x.
- Update CI bits and bobs by @akx in #137
- Drop support for django-otp 0.5.x by @akx in #138
- Require user token to disable 2FA by @SchrodingersGat in #135
This release dropped support for Python 3.5 and added support for Django 4.0.
- Improves documentation for protection Django admin with 2FA. Contributed by @hailkomputer in #91.
- Autocomplete on the token entry form is disabled. Contributed by @qvicksilver in #95.
- Stop restricting a class of an adapter in TwoFactorAuthenticate by @illia-v in #96
- Use same base template as upstream allauth by @ErwinJunge in #98
- Redirect to next, when given via GET or POST by @ErwinJunge in #99
- Allow TOTP removal when no backup device is present by @akx in #126
- Fix for subclassed OTP adapter by @squio in #129
- Replace Travis with GitHub Actions by @akx in #110
- Drop EOL Python 3.5, modernize for 3.6+ by @akx in #106
- Remove Django 1.11 from tox, and add Django 4.0b1. by @valberg in #118
- Typo in docs by @beckedorf in #122
- Add pre-commit, and run it. by @valberg in #121
- Rename master -> main by @akx in #123
- Declarative setup.cfg by @akx in #124
- Use Py.test for tests + fix coverage reporting by @akx in #127
- Require2FAMiddleware improvements by @akx in #107
- Miscellaneous housekeeping by @akx in #130
- Drop support for Python 2.7 and Python 3.4.
- Officially support Python 3.7 and 3.8.
- Drop support for Django 2.0 and Django 2.1.
- Officially support Django 3.0.
- Remove more code that was for Django < 1.11.
- Officially support Django 2.0 and Django 2.1.
- Officially support django-otp 0.7.
- Do not include test code in distribution, fix from @akx, PR #67.
- Support for more complex user IDs (e.g. UUIDs), fix from @chromakey, see issue #64 / PR #66.
- The extension used by the 2FA templates is customizable. Originally in PR #69 by @akx, split into PR #71.
- The QR code is now included inline as an SVG instead of being a separate view. PR #74 by @akx.
- A new mixin is included to enforce a user having 2FA enabled for particular views. Added in PR #73 by @akx.
- Passing additional context to the
TwoFactorBackupTokens
was broken. This was fixed in PR #73 by @akx. - A configuration option (
ALLAUTH_2FA_ALWAYS_REVEAL_BACKUP_TOKENS
) was added to only show the static tokens once (during creation)> PR #75 by @akx.
- Drop support for Django < 1.11, these are no longer supported by django-allauth (as of 0.35.0).
- Avoid an exception if a user without any configured devices tries to view a QR code. This view now properly 404s.
- Redirect users to configure 2FA is they attempt to configure backup tokens without enabling 2FA first.
- Add base middleware to ensure particular users (e.g. superusers) have 2FA enabled.
- Drop official support for Django 1.9 and 1.10, they're no longer supported by the Django project.
- Added Sphinx-generated documentation. A rendered version is available at.
- Adds trailing slashes to the URL patterns. This is backwards compatible with the old URLs.
- Properly support installing in Python 3 via PyPI.
- Adds support for forwarding
GET
parameters through the 2FA workflow. This fixesnext
not working when logging in using 2FA.
- Reverts the fix in 0.4.1 as this breaks custom adapters that inherit from
OTPAdapter
and don't override thelogin
method.
- Fixed a bug when using a custom adapter that doesn't inherit from
OTPAdapter
and that overrides thelogin
method.
- Properly continue the allauth login workflow after successful 2FA login, e.g. send allauth signals
- Support using
MIDDLEWARE
setting with Django 1.10. - Support customer
USERNAME_FIELD
on the auth model.
- Fix an error when hitting the TwoFactorBackupTokens view as a non-anonymous user.
- Properly handle an
AnonymousUser
hitting the views.
- Support custom
User
models. - Fixed a bug where a user could end up half logged in if they didn't complete
the two-factor login flow. A user's login flow will now be reset. Requires
enabled the included middle:
allauth_2fa.middleware.AllauthTwoFactorMiddleware
. - Disable autocomplete on the two-factor code input form.
- Properly redirect anonymous users.
- Minor simplifications of code (and inherit more code from django-otp).
- Minor updates to documentation.
- Add tests / tox / Travis support.
- Don't pin dependencies.
- Officially support Django 1.10, drop support for Django 1.7.
- Autofocus the token input field on forms.
- Fix deprecation notices for Django 1.10.
- Fixed an error when a user enters invalid input into the token form.
- Project reorganization and clean-up.
- Added support for Microsoft Authenticator.
- Support being installed via pip.
- Pull more configuration from Django settings (success URL).
- Support disabling two-factor for an account.
- Initial version by Víðir Valberg Guðmundsson