Merge branch 'main' into fix/update-cs-locale

.github/workflows/ci.yml

@@ -37,7 +37,7 @@ jobs:
             django-version: 'main'
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Set up Python ${{ matrix.python-version }}
       uses: actions/setup-python@v4
       with:
@@ -65,7 +65,7 @@ jobs:
       matrix:
         extra-env: ['docs', 'black', 'isort', 'flake8', 'standardjs']
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - uses: actions/setup-node@v3
       if: ${{ matrix.extra-env == 'standardjs' }}
       with:

AUTHORS

@@ -71,6 +71,7 @@ Guoyu Hao
 Haesung Park
 Hatem Nassrat
 Hyunwoo Shim
+Ian R-P
 Ignacio Ocampo
 Illia Volochii
 J. Erm

ChangeLog.rst

@@ -1,4 +1,26 @@
-0.56.0 (unreleased)
+0.57.0 (unreleased)
+*******************
+
+Note worthy changes
+-------------------
+
+- Added django password validation help text to password1 on set/change/signup forms.
+- ...
+
+
+0.56.1 (2023-09-08)
+*******************
+
+Security notice
+---------------
+
+- ``ImmediateHttpResponse`` exceptions were not handled properly when raised
+  inside ``adapter.pre_login()``.  If you relied on aborting the login using
+  this mechanism, that would not work. Most notably, django-allauth-2fa uses
+  this approach, resulting in 2FA not being triggered.
+
+
+0.56.0 (2023-09-07)
 *******************
 
 Note worthy changes
@@ -16,6 +38,10 @@ Note worthy changes
     from allauth.core import context
     context.request
 
+- Previously, ``SOCIALACCOUNT_STORE_TOKENS = True`` did not work when the social
+  app was configured in the settings instead of in the database. Now, this
+  functionality works regardless of how you configure the app.
+
 
 Backwards incompatible changes
 ------------------------------
@@ -46,6 +72,28 @@ Backwards incompatible changes
         }
     }
 
+- The Keycloak provider was added before the OpenID Connect functionality
+  landed. Afterwards, the Keycloak implementation was refactored to reuse the
+  regular OIDC provider. As this approach led to bugs (see 0.55.1), it was
+  decided to remove the Keycloak implementation altogether.  Instead, use the
+  regular OpenID Connect configuration::
+
+    SOCIALACCOUNT_PROVIDERS = {
+        "openid_connect": {
+            "APPS": [
+                {
+                    "provider_id": "keycloak",
+                    "name": "Keycloak",
+                    "client_id": "<insert-id>",
+                    "secret": "<insert-secret>",
+                    "settings": {
+                        "server_url": "http://keycloak:8080/realms/master/.well-known/openid-configuration",
+                    },
+                }
+            ]
+        }
+    }
+
 
 0.55.2 (2023-08-30)
 *******************

README.rst

@@ -32,7 +32,7 @@ registration, account management as well as 3rd party (social) account
 authentication.
 
 Home page
-  http://www.intenct.nl/projects/django-allauth/
+  https://allauth.org/
 
 Source code
   http://github.com/pennersr/django-allauth

allauth/__init__.py

@@ -8,7 +8,7 @@
 
 """
 
-VERSION = (0, 56, 0, "dev", 0)
+VERSION = (0, 57, 0, "dev", 0)
 
 __title__ = "django-allauth"
 __version_info__ = VERSION

allauth/account/forms.py

@@ -3,6 +3,7 @@
 from importlib import import_module
 
 from django import forms
+from django.contrib.auth import password_validation
 from django.contrib.auth.tokens import PasswordResetTokenGenerator
 from django.contrib.sites.shortcuts import get_current_site
 from django.core import exceptions, validators
@@ -394,7 +395,9 @@ class SignupForm(BaseSignupForm):
     def __init__(self, *args, **kwargs):
         super(SignupForm, self).__init__(*args, **kwargs)
         self.fields["password1"] = PasswordField(
-            label=_("Password"), autocomplete="new-password"
+            label=_("Password"),
+            autocomplete="new-password",
+            help_text=password_validation.password_validators_help_text_html(),
         )
         if app_settings.SIGNUP_PASSWORD_ENTER_TWICE:
             self.fields["password2"] = PasswordField(
@@ -502,7 +505,10 @@ class ChangePasswordForm(PasswordVerificationMixin, UserForm):
     oldpassword = PasswordField(
         label=_("Current Password"), autocomplete="current-password"
     )
-    password1 = SetPasswordField(label=_("New Password"))
+    password1 = SetPasswordField(
+        label=_("New Password"),
+        help_text=password_validation.password_validators_help_text_html(),
+    )
     password2 = PasswordField(label=_("New Password (again)"))
 
     def __init__(self, *args, **kwargs):
@@ -519,7 +525,10 @@ def save(self):
 
 
 class SetPasswordForm(PasswordVerificationMixin, UserForm):
-    password1 = SetPasswordField(label=_("Password"))
+    password1 = SetPasswordField(
+        label=_("Password"),
+        help_text=password_validation.password_validators_help_text_html(),
+    )
     password2 = PasswordField(label=_("Password (again)"))
 
     def __init__(self, *args, **kwargs):

allauth/account/migrations/0004_alter_emailaddress_drop_unique_email.py

@@ -1,8 +1,10 @@
-# Generated by Django 4.2.2 on 2023-06-14 12:59
-
+from django.conf import settings
 from django.db import migrations, models
 
 
+EMAIL_MAX_LENGTH = getattr(settings, "ACCOUNT_EMAIL_MAX_LENGTH", 254)
+
+
 class Migration(migrations.Migration):
     dependencies = [
         ("account", "0003_alter_emailaddress_create_unique_verified_email"),
@@ -12,6 +14,8 @@ class Migration(migrations.Migration):
         migrations.AlterField(
             model_name="emailaddress",
             name="email",
-            field=models.EmailField(max_length=254, verbose_name="email address"),
+            field=models.EmailField(
+                max_length=EMAIL_MAX_LENGTH, verbose_name="email address"
+            ),
         ),
     ]

allauth/account/tests/test_adapter.py

@@ -0,0 +1,20 @@
+from django.http import HttpResponseRedirect
+from django.urls import reverse
+
+from allauth.account.adapter import DefaultAccountAdapter
+from allauth.core.exceptions import ImmediateHttpResponse
+
+
+class TestAccountAdapter(DefaultAccountAdapter):
+    def pre_login(self, *args, **kwargs):
+        raise ImmediateHttpResponse(HttpResponseRedirect("/foo"))
+
+
+def test_adapter_pre_login(settings, user, user_password, client):
+    settings.ACCOUNT_ADAPTER = "allauth.account.tests.test_adapter.TestAccountAdapter"
+    resp = client.post(
+        reverse("account_login"),
+        {"login": user.username, "password": user_password},
+    )
+    assert resp.status_code == 302
+    assert resp["location"] == "/foo"

allauth/account/utils.py

@@ -173,13 +173,10 @@ def _perform_login(request, login):
     # `user_signed_up` signal. Furthermore, social users should be
     # stopped anyway.
     adapter = get_adapter()
-    try:
-        hook_kwargs = _get_login_hook_kwargs(login)
-        response = adapter.pre_login(request, login.user, **hook_kwargs)
-        if response:
-            return response
-    except ImmediateHttpResponse as e:
-        response = e.response
+    hook_kwargs = _get_login_hook_kwargs(login)
+    response = adapter.pre_login(request, login.user, **hook_kwargs)
+    if response:
+        return response
     return resume_login(request, login)