Django-allauth-underground

*******************

Note worthy changes
-------------------

- The Battle.net login backend now recognizes ``apac`` as a valid region.

- User model using a ``UUIDField`` as it's primary key can now be logged
in upon email confirmation (if using ``ACCOUNT_LOGIN_ON_EMAIL_CONFIRMATION``).

- New providers: Agave, Disqus, Globus

*******************

Note worthy changes
-------------------

- New providers: Telegram, QuickBooks.

- The Facebook API version now defaults to v2.12.

- ORCID upgraded to use API v2.1.


Security notice
---------------

- In previous versions, the authentication backend did not invoke the
``user_can_authenticate()`` method, potentially allowing users with
``is_active=False`` to authenticate when the allauth authentication backend
was used in a non allauth context.

*******************

Note worthy changes
-------------------

- Add support for Django 2.0

Security notice
---------------

- As an extra security measure on top of what the standard Django password reset
token generator is already facilitating, allauth now adds the user email
address to the hash such that whenever the user's email address changes the
token is invalidated.

Backwards incompatible changes
------------------------------

- Drop support for Django 1.8 and Django 1.10.


Note worthy changes
-------------------

- New provider: Azure, Microsoft Graph, Salesforce, Yahoo.

*******************

Security notice
---------------

- The "Set Password" view did not properly check whether or not the user already
had a usable password set. This allowed an attacker to set the password
without providing the current password, but only in case the attacker already
gained control over the victim's session.


Note worthy changes
-------------------

- New provider: Meetup.

*******************

Note worthy changes
-------------------

- Security: password reset tokens are now prevented from being leaked through
the password reset URL.

- New providers: Patreon, Authentiq, Dataporten.

- Dropbox has been upgraded to API V2.

- New translation: Norwegian.


Backwards incompatible changes
------------------------------

- Dropped support for Django 1.9.

*******************

Note worthy changes
-------------------

- Improved AJAX support: the account management views (change/set password,
manage e-mail addresses and social connections) now support AJAX GET requests.
These views hand over all the required data for you to build your frontend
application upon.

- New providers: Dwolla, Trello.

- Shopify: support for per-user access mode.


Backwards incompatible changes
------------------------------

- In previous versions, the views only responded with JSON responses when
issuing AJAX requests of type POST. Now, the views also respond in JSON when
making AJAX GET requests.

- The structure of the response for AJAX requests has changed. Previously, it
contained a ``form_errors`` key containing all form validation errors, if any.
Now, it contains a ``form`` key that describes the complete form, including
the fields. Field specific errors are placed in
``form.fields['some_field'].errors``, non-field errors in ``form.errors``.

- The parameters passed to the Facebook JS SDK ``FB.init()`` method used to contain
``cookie``, ``status``, and ``xfbml``, all set to ``true``. These parameters
are no longer explicitly passed. You can use the newly introduced ``INIT_PARAMS``
provider setting to provide your own values.