Releases: jazzband/django-two-factor-auth
Releases · jazzband/django-two-factor-auth
1.15.1
1.15.0
Added
- Enforcing a redirect to setup of otp device when none available for user (#499)
- Confirmed Django 4.1 support
- WebAuthn support (thanks to Javier Paniagua)
- Confirmed Python 3.11 support
Changed
- Display the TOTP secret key alongside the QR code to streamline setup for
password managers without QR support. - Moved phonenumber migrations under the plugins directory.
- Avoid crash with email devices without email (#530).
Removed
- Django 2.2, 3.0, and 3.1 support
two_factor.utils.get_available_methods()is replaced by
MethodRegistry.get_methods().
1.14.0
Added
- Python 3.10 support
- The setup view got a new
secret_keycontext variable to be able to display
that key elsewhere than in the QR code. - The token/device forms have now an
idempotentclass variable to tell if the
form can validate more than once with the same input data. - A new email plugin (based on django_otp
EmailDevice) can now be activated
and used to communicate the second factor token by email.
Changed
- BREAKING: The phone capability moved to a plugins folder, so if you use that
capability and want to keep it, you should addtwo_factor.plugins.phonenumber
line in yourINSTALLED_APPSsetting. Additionally, as thetwo_factor
templatetags library was only containing phone-related filters, the library
was renamed tophonenumber. - default_device utility function now caches the found device on the given user
object. - The
otp_tokenform field forAuthenticationTokenFormis now a Django
RegexFieldinstead of anIntegerField. - The Twilio gateway content for phone interaction is now template-based, and
the pause between digits is now using the<Pause>tag. - The QR code now always uses a white background to support pages displayed
with a dark theme.
Removed
- Python 3.5 and 3.6 support
1.13.2
Added
- Translations for new languages: Hausa, Japanese, Vietnamese
- Django 4.0 support
Changed
- Suppressed default_app_config warning on Django 3.2+
- qrcode dependency limit upped to 7.99 and django-phonenumber-field to 7
- When validating a TOTP after scanning the QR code, allow a time drift of +/-1 instead of just -1
1.13.1
1.13
Added
- User can request that two-factor authentication be skipped the next time they
log in on that particular device - Django 3.1 support
- SMS message can now be customised by using a template
Changed
- Simplified
re_path()topath()in URLConf - Templates are now based on Bootstrap 4.
DisableViewnow checks user has verified before disabling two-factor on
their account- Inline CSS has been replaced to allow stricter Content Security Policies.
Removed
- Upper limit on django-otp dependency
- Obsolete IE<9 workarounds
- Workarounds for older versions of django-otp
1.12.1
1.12
Added
- It is possible to set a timeout between a user authenticiating in the
LoginViewand them needing to re-authenticate. By default this is 10
minutes.
Removed
- The final step in the
LoginViewno longer re-validates a user's credentials. - Django 1.11 support.
Changed
- Security Fix:
LoginViewno longer stores credentials in plaintext in the
session store.
1.11.0
Added
Nothing has been added for this version
Removed
- MiddlewareMixin
- Python 3.4 support
- Django 2.1 support
mockdependency
Changed
extra_requiresare now listed in lowercase. This is to workaround a bug inpip.- Use
trimmedoption onblocktransto avoid garbage newlines in translations. random_hexfromdjango_otp0.8.0 will always return astr, don't try to decode it.