Django-two-factor-auth

Latest version: v1.16.0

Safety actively analyzes 613777 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 6

1.15.1

Fixed
- Missing plugin templates (583).
- Migrations of `two_factor` app are squashed to avoid requiring `phonenumber_field`
optional dependency for new projects.

Changed
- Updated Finish and French translations.

1.15.0

Added
- Enforcing a redirect to setup of otp device when none available for user (499)
- Confirmed Django 4.1 support
- WebAuthn support (thanks to Javier Paniagua)
- Confirmed Python 3.11 support

Changed

- Display the TOTP secret key alongside the QR code to streamline setup for
password managers without QR support.
- Moved phonenumber migrations under the plugins directory.
- Avoid crash with email devices without email (530).

Removed
- Django 2.2, 3.0, and 3.1 support
- `two_factor.utils.get_available_methods()` is replaced by
`MethodRegistry.get_methods()`.

1.14.0

Added
- Python 3.10 support
- The setup view got a new `secret_key` context variable to be able to display
that key elsewhere than in the QR code.
- The token/device forms have now an `idempotent` class variable to tell if the
form can validate more than once with the same input data.
- A new email plugin (based on django_otp `EmailDevice`) can now be activated
and used to communicate the second factor token by email.

Changed
- BREAKING: The phone capability moved to a plugins folder, so if you use that
capability and want to keep it, you should add `two_factor.plugins.phonenumber`
line in your `INSTALLED_APPS` setting. Additionally, as the `two_factor`
templatetags library was only containing phone-related filters, the library
was renamed to `phonenumber`.
- default_device utility function now caches the found device on the given user
object.
- The `otp_token` form field for `AuthenticationTokenForm` is now a Django
`RegexField` instead of an `IntegerField`.
- The Twilio gateway content for phone interaction is now template-based, and
the pause between digits is now using the `<Pause>` tag.
- The QR code now always uses a white background to support pages displayed
with a dark theme.

Removed
- Python 3.5 and 3.6 support

1.13.2

Added
- Translations for new languages: Hausa, Japanese, Vietnamese
- Django 4.0 support

Changed
- Suppressed default_app_config warning on Django 3.2+
- qrcode dependency limit upped to 7.99 and django-phonenumber-field to 7
- When validating a TOTP after scanning the QR code, allow a time drift of +/-1 instead of just -1

1.13.1

Add
- Support Twilio Messaging Service SID
- Add autofocus, autocomplete one-time-code and inputmode numeric to token input fields

Changed
- Change "Back to Profile" to "Back to Account Security"

1.13

Added
- User can request that two-factor authentication be skipped the next time they
log in on that particular device
- Django 3.1 support
- SMS message can now be customised by using a template

Changed
- Simplified `re_path()` to `path()` in URLConf
- Templates are now based on Bootstrap 4.
- `DisableView` now checks user has verified before disabling two-factor on
their account
- Inline CSS has been replaced to allow stricter Content Security Policies.

Removed
- Upper limit on django-otp dependency
- Obsolete IE<9 workarounds
- Workarounds for older versions of django-otp

Page 1 of 6

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.