Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: bump django-two-factor-auth from 1.13.0 to 1.17.0 (#26)
Bumps [django-two-factor-auth](https://github.com/jazzband/django-two-factor-auth) from 1.13.0 to 1.17.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jazzband/django-two-factor-auth/releases">django-two-factor-auth's releases</a>.</em></p> <blockquote> <h2>1.15.1</h2> <h3>Fixed</h3> <ul> <li>Missing plugin templates (<a href="https://redirect.github.com/jazzband/django-two-factor-auth/issues/583">#583</a>).</li> <li>Migrations of <code>two_factor</code> app are squashed to avoid requiring <code>phonenumber_field</code> optional dependency for new projects.</li> </ul> <h3>Changed</h3> <ul> <li>Updated Finish and French translations.</li> </ul> <h2>1.15.0</h2> <h3>Added</h3> <ul> <li>Enforcing a redirect to setup of otp device when none available for user (<a href="https://redirect.github.com/jazzband/django-two-factor-auth/issues/499">#499</a>)</li> <li>Confirmed Django 4.1 support</li> <li>WebAuthn support (thanks to Javier Paniagua)</li> <li>Confirmed Python 3.11 support</li> </ul> <h3>Changed</h3> <ul> <li>Display the TOTP secret key alongside the QR code to streamline setup for password managers without QR support.</li> <li>Moved phonenumber migrations under the plugins directory.</li> <li>Avoid crash with email devices without email (<a href="https://redirect.github.com/jazzband/django-two-factor-auth/issues/530">#530</a>).</li> </ul> <h3>Removed</h3> <ul> <li>Django 2.2, 3.0, and 3.1 support</li> <li><code>two_factor.utils.get_available_methods()</code> is replaced by <code>MethodRegistry.get_methods()</code>.</li> </ul> <h2>1.14.0</h2> <h3>Added</h3> <ul> <li>Python 3.10 support</li> <li>The setup view got a new <code>secret_key</code> context variable to be able to display that key elsewhere than in the QR code.</li> <li>The token/device forms have now an <code>idempotent</code> class variable to tell if the form can validate more than once with the same input data.</li> <li>A new email plugin (based on django_otp <code>EmailDevice</code>) can now be activated and used to communicate the second factor token by email.</li> </ul> <h3>Changed</h3> <ul> <li>BREAKING: The phone capability moved to a plugins folder, so if you use that capability and want to keep it, you should add <code>two_factor.plugins.phonenumber</code> line in your <code>INSTALLED_APPS</code> setting. Additionally, as the <code>two_factor</code> templatetags library was only containing phone-related filters, the library was renamed to <code>phonenumber</code>.</li> <li>default_device utility function now caches the found device on the given user object.</li> <li>The <code>otp_token</code> form field for <code>AuthenticationTokenForm</code> is now a Django <code>RegexField</code> instead of an <code>IntegerField</code>.</li> <li>The Twilio gateway content for phone interaction is now template-based, and the pause between digits is now using the <code><Pause></code> tag.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jazzband/django-two-factor-auth/blob/master/CHANGELOG.md">django-two-factor-auth's changelog</a>.</em></p> <blockquote> <h2>1.17.0</h2> <h3>Fixed</h3> <ul> <li>Fixed the XML syntax of the Twilio token.xml file.</li> <li>The Yubikey token field is now receiving autofocus.</li> <li>Avoid crashes for devices with no <code>throttle_*</code> methods (<a href="https://redirect.github.com/jazzband/django-two-factor-auth/issues/699">#699</a>).</li> <li>Fixed format of the hash for the OTP device cookie key.</li> </ul> <h3>Changed</h3> <ul> <li>Allow django-phonenumber-field 8.x.x.</li> <li>Project build is now using a more modern toolbox based on <code>pyproject.toml</code> (no more setup.*).</li> <li>The plugins method registry can now return a new <code>MethodNotFoundError</code> exception when some method is not found in the plugins registry.</li> </ul> <h3>Added</h3> <ul> <li>Support confirmation for Django 5.1.</li> <li>The login view is also decorated with the <code>login_not_required</code> decorator for projects using the new <code>LoginRequiredMiddleware</code> available with Django 5.1+.</li> </ul> <h3>Removed</h3> <ul> <li>Dropped support for Django <4.2.</li> <li>Removed custom <code>utils.class_view_decorator()</code> in favor of Django's <code>method_decorator()</code>.</li> </ul> <h2>1.16.0</h2> <h3>Fixed</h3> <ul> <li>Avoid potentially empty <code><ul></code> on the profile page.</li> </ul> <h3>Changed</h3> <ul> <li>Upgraded minimal webauthn dependency to 2.0 (which also removes a deprecation warning) (<a href="https://redirect.github.com/jazzband/django-two-factor-auth/issues/634">#634</a>, <a href="https://redirect.github.com/jazzband/django-two-factor-auth/issues/701">#701</a>). Note the <code>pydantic</code> dependency was removed in webauthn 2.</li> <li>Checking phone method availability uses now the method registry (<a href="https://redirect.github.com/jazzband/django-two-factor-auth/issues/665">#665</a>).</li> <li>Logout example uses POST method to match recent Django behavior.</li> <li>Updated translations.</li> </ul> <h3>Added</h3> <ul> <li>Support confirmation for Django 5.0 and Python 3.12.</li> <li>A new <code>main_form_content</code> template block on login template allows for easier overridability.</li> </ul> <h2>1.15.5</h2> <h3>Fixed</h3> <ul> <li>Include transitively replaced migrations in phonenumber migration.</li> <li>Avoid importing PhoneDevice when not enabled.</li> <li>Simplified URLs for phone_create/phone_delete paths.</li> <li>Implement strict PhoneDevice identification (<a href="https://redirect.github.com/jazzband/django-two-factor-auth/issues/661">#661</a>).</li> <li>Avoid multiple registrations of the same method (<a href="https://redirect.github.com/jazzband/django-two-factor-auth/issues/657">#657</a>).</li> <li>Get all phonedevices of the user (<a href="https://redirect.github.com/jazzband/django-two-factor-auth/issues/659">#659</a>).</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jazzband/django-two-factor-auth/commit/06547e23f9596e81bec3c585e8276fa98d00f999"><code>06547e2</code></a> Prepare 1.17.0 release</li> <li><a href="https://github.com/jazzband/django-two-factor-auth/commit/373a3cf8414947d71a254f6fe518e6ecf9ad33dc"><code>373a3cf</code></a> Merge pull request <a href="https://redirect.github.com/jazzband/django-two-factor-auth/issues/738">#738</a> from claudep/login_not_required</li> <li><a href="https://github.com/jazzband/django-two-factor-auth/commit/6966ddc5edc57b222d8c1f84f8e6c8bd11d1b228"><code>6966ddc</code></a> Decorate the login view with login_not_required on Django 5.1+</li> <li><a href="https://github.com/jazzband/django-two-factor-auth/commit/68ef964c1b2c0f803c3624e004abb1bb98b4000e"><code>68ef964</code></a> Merge pull request <a href="https://redirect.github.com/jazzband/django-two-factor-auth/issues/737">#737</a> from claudep/class_deco</li> <li><a href="https://github.com/jazzband/django-two-factor-auth/commit/856d8a1d786382559a610cd26b6e9e6365252fc4"><code>856d8a1</code></a> Use Django's method_decorator instead of custom utility</li> <li><a href="https://github.com/jazzband/django-two-factor-auth/commit/e9fe6a746c4ca286e8f230dc3ed374766ce2ac26"><code>e9fe6a7</code></a> Merge pull request <a href="https://redirect.github.com/jazzband/django-two-factor-auth/issues/732">#732</a> from claudep/bumpversion</li> <li><a href="https://github.com/jazzband/django-two-factor-auth/commit/6c43e68724c5032fd5fe8b43e5c1318e68483ac2"><code>6c43e68</code></a> Merge pull request <a href="https://redirect.github.com/jazzband/django-two-factor-auth/issues/731">#731</a> from jazzband/pre-commit-ci-update-config</li> <li><a href="https://github.com/jazzband/django-two-factor-auth/commit/b75e22bd368fd7c00a6ea18468e108ac35d6b8fe"><code>b75e22b</code></a> Merge branch 'master' into bumpversion</li> <li><a href="https://github.com/jazzband/django-two-factor-auth/commit/0ddd87a7fe1ad115c1615cbedcbc69a9a47154bd"><code>0ddd87a</code></a> Merge pull request <a href="https://redirect.github.com/jazzband/django-two-factor-auth/issues/733">#733</a> from claudep/release_yml</li> <li><a href="https://github.com/jazzband/django-two-factor-auth/commit/a152732779dbe6d8fb667f8c95efc1d77e48eba0"><code>a152732</code></a> Merge pull request <a href="https://redirect.github.com/jazzband/django-two-factor-auth/issues/734">#734</a> from claudep/translations</li> <li>Additional commits viewable in <a href="https://github.com/jazzband/django-two-factor-auth/compare/1.13...1.17.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> ## Summary by Sourcery Bump django-two-factor-auth from version 1.13.0 to 1.17.0 to incorporate various bug fixes, enhancements, and support for newer Django and Python versions. Bug Fixes: - Fix missing plugin templates and avoid crashes for devices with no throttle methods in django-two-factor-auth. Enhancements: - Update django-two-factor-auth to support Django 5.1 and Python 3.12, and improve the login view with login_not_required decorator.
- Loading branch information
