Django-allauth-underground

*******************

Note worthy changes
-------------------

- New providers: Weixin, Battle.net, Asana, Eve Online, 23andMe, Slack

- Django's password validation mechanism (see ``AUTH_PASSWORD_VALIDATORS``) is now
used to validate passwords.

- By default, email confirmations are no longer stored in the
database. Instead, the email confirmation mail contains an HMAC
based key identifying the email address to confirm. The verification
lookup includes a fallback to the previous strategy so that there is
no negative impact on pending verification emails.

- A new setting ``ACCOUNT_SIGNUP_EMAIL_ENTER_TWICE`` was added, requiring users to
input their email address twice. The setting
``ACCOUNT_SIGNUP_PASSWORD_VERIFICATION`` has been renamed to
``ACCOUNT_SIGNUP_PASSWORD_ENTER_TWICE``.

- New translations: Latvian, Kyrgyz.


Backwards incompatible changes
------------------------------

- Dropped support for Django 1.6

- In order to accomodate for Django's password validation, the
``clean_password`` method of the adapter now takes an (optional)
``user`` parameter as its second argument.

- The new HMAC based keys may contain colons. If you have forked
``account/urls.py``, be sure to sync the ``account_confirm_email``
pattern.

*******************

Note worthy changes
-------------------

- Bug fix release (MemcachedKeyCharacterError: "Control characters not allowed")

*******************

Note worthy changes
-------------------

- Bug fix release (AttributeError in password reset view).

*******************

Note worthy changes
-------------------

- Many providers were added: Reddit, Untappd, GitLab, Stripe,
Pinterest, Shopify, Draugiem, DigitalOcean, Robinhood,
Bitbucket(OAuth2).

- The account connections view is now AJAX aware.

- You can now customize the template extension that is being used to
render all HTML templates (``ACCOUNT_TEMPLATE_EXTENSION``)

- In order to be secure by default, users are now blocked from logging
in after exceeding a maximum number of failed login attempts (see
``ACCOUNT_LOGIN_ATTEMPTS_LIMIT``,
``ACCOUNT_LOGIN_ATTEMPTS_TIMEOUT``). Set
``ACCOUNT_LOGIN_ATTEMPTS_LIMIT`` to ``None`` to disable this
functionality. Important: while this protects the allauth login view, it
does not protect Django's admin login from being brute forced.

- New translations: Arabic, Lithuanian


Backwards incompatible changes
------------------------------

None

*******************

Note worthy changes
-------------------

- Non-test code accidentally had test packages as a dependency.


Backwards incompatible changes
------------------------------

- Setting a password after logging in with a social account no longer logs out
the user by default on Django 1.7+. Setting an initial password and changing
the password both respect ``settings.ACCOUNT_LOGOUT_ON_PASSWORD_CHANGE``.

*******************

Note worthy changes
-------------------

- Django 1.9b1 compatibility.

- Seppo Erviälä contributed a Finnish translation, thanks!

- Iurii Kriachko contributed a Basecamp provider, thanks!

Backwards incompatible changes
------------------------------

- Increased ``SocialApp`` key/secret/token sizes to 191, decreased
``SocialAccount.uid`` size to 191. The latter was done in order to
accomodate for MySQL in combination with utf8mb4 and contraints on
``uid``. Note that ``uid`` is used to store OpenID URLs, which can
theoretically be longer than 191 characters, although in practice
this does not seem to be the case. In case you really need to
control the ``uid`` length, set ``settings.SOCIALACCOUNT_UID_MAX_LENGTH``
accordingly. Migrations are in place.