*******************
Note worthy changes
-------------------
- New translations: Catalan, Bulgarian.
- Introduced a new setting ``ACCOUNT_PREVENT_ENUMERATION`` that controls whether
or not information is revealed about whether or not a user account exists.
**Warning**: this is a work in progress, password reset is covered, yet,
signing up is not.
- The ``ACCOUNT_EMAIL_CONFIRMATION_COOLDOWN`` is now also respected when using
HMAC based email confirmations. In earlier versions, users could trigger email
verification mails without any limits.
- Added builtin rate limiting (see ``ACCOUNT_RATE_LIMITS``).
- Added ``internal_reset_url_key`` attribute in
``allauth.account.views.PasswordResetFromKeyView`` which allows specifying
a token parameter displayed as a component of password reset URLs.
- It is now possible to use allauth without having ``sites`` installed. Whether or
not sites is used affects the data models. For example, the social app model
uses a many-to-many pointing to the sites model if the ``sites`` app is
installed. Therefore, enabling or disabling ``sites`` is not something you can
do on the fly.
- The ``facebook`` provider no longer raises ``ImproperlyConfigured``
within ``{% providers_media_js %}`` when it is not configured.
Backwards incompatible changes
------------------------------
- The newly introduced ``ACCOUNT_PREVENT_ENUMERATION`` defaults to ``True`` impacting
the current behavior of the password reset flow.
- The newly introduced rate limiting is by default turned on. You will need to provide
a ``429.html`` template.
- The default of ``SOCIALACCOUNT_STORE_TOKENS`` has been changed to
``False``. Rationale is that storing sensitive information should be opt in, not
opt out. If you were relying on this functionality without having it
explicitly turned on, please add it to your ``settings.py``.