- Update
VerifyUserEmailView
to redirect to login without providing a next. - Redirect to the login when attempting to verify an email address that is already verified.
- Updated for compatibility with Python 3.5 and Django 1.10
- Allow changing the subject of email verification and password reset emails with
Django settings (
DUM_PASSWORD_RESET_SUBJECT
andDUM_VALIDATE_EMAIL_SUBJECT
).
- Make
VerifyUserEmailView
redirect to the login page ifLOGIN_URL
is set (and/
otherwise).
- Add
headers
toutils.email_handler
enabling custom email headers to be sent.
- Fix the URL for
VerifyUserEmailView
.
- Refactor the UI
VerifyUserEmailView
to function in the same way as the existing APIVerifyAccountView
.
- Add
VerifyUserEmailView
to handle links from registration verification emails.
- Clarify error message when your old and new passwords match, you will need to update translations.
- Add translation for email in
RegistrationSerializer
andUserSerializerCreate
.
- Swap
request.DATA
(deprecated in DRF v3.0, removed in DRF v3.2) forrequest.data
.
- Make token to verify account to expires if
VERIFY_ACCOUNT_EXPIRY
is set to a value in seconds.
- If
VERIFY_ACCOUNT_EXPIRY
is not set the token will never expire.
- Make
RegistrationSerializer
andEmailSerializerBase
fields a tuple.
RegistrationSerializer
or EmailSerializerBase
subclasses adding new fields
with a list
will generate a TypeError
:
class CustomRegistration(RegistrationSerializer):
class Meta(RegistrationSerializer.Meta):
fields = RegistrationSerializer.Meta.fields + ['custom_field']
TypeError: can only concatenate tuple (not "list") to tuple`
To fix the previous error we use a tuple instead:
class CustomRegistration(RegistrationSerializer):
class Meta(RegistrationSerializer.Meta):
fields = RegistrationSerializer.Meta.fields + ('custom_field',)
- Ensure new and old passwords differ when changing password.
- Update factories to use
class Meta:
syntax instead ofFACTORY_FOR
.
- Add correct HTML to HTML email templates.
- Add
django v1.8
support.
- Add
django-rest-framework v3
support. - Drop
django-rest-framework v2
support.
- Allow authenticated user to receive a new confirmation email.
- Previously only anonymous could request a new confirmation email.
- Replace
default_token_generator
withdjango.core.signing
.
- Previously not validated emails would be invalid.
- Send
user_logged_in
anduser_logged_out
signals fromGetAuthToken
view.
- Replace
email_verification_required
flag withemail_verified
flag. - Note that
email_verified == not email_verification_required
. - A data migration will be necessary.
This release backports a specific change from v14.0.0
- Clarify error message when your old and new passwords match, you will need to update translations.
This release backports a specific change from v12.0.1
- Ensure new and old passwords differ when changing password.
- Bugfix: Don't show "passwords do not match" when the first password is invalid.
- Add docstrings for views.
Docstrings will be displayed in django-rest-framework
browsable API.
- Fix translation for notifications.
- Use
incuna-pigeon
for notifications.
- Fix
UserChangeForm
admin formfields
to only include fields used inUserAdmin.fieldsets
.
- Add
delete
toProfileDetail
view
- When an object is referencing the user model with a foreign key it is possible
to define the behavior with
on_delete
.
see https://docs.djangoproject.com/en/1.7/ref/models/fields/#django.db.models.ForeignKey.on_delete
- Raise an error when user is not active at login
- Return 400 instead of 401 when
uidb64
ortoken
is expired or not valid.
- Return
AuthenticationFailed
401
instead of404
NotFound
for not validuidb64
andtoken
- Add
ResendConfirmationEmail
view.
- Remove calculation in translatable string
- Enforce complex passwords
- Get user by natural key in
ValidateEmailMixin
.
- Get user by natural key in
PasswordResetEmail
.
- Add timezone support: projects with
USE_TZ=True
will now work correctly
- Split
BasicUserFieldsMixin
andVerifyEmailMixin
into mixins.
- Auth tokens offer expiration functionality.
- Add custom Sentry logging class to disallow sensitive data being logged by Sentry client.
- Add
UsernameLoginRateThrottle
to throttle users based on their username. GetToken
throttle extended withUsernameLoginRateThrottle
.
- Allow POST to avatar views.
- Allow authentication with
token
as a form field on avatar views. - Replace
django-inmemorystorage==0.1.1
withdj-inmemorystorage==1.2.0
in tests.
GetToken
throttlesPOST
requests only.
Backwards incompatible due to required authentication when using ProfileAvatar
PasswordResetEmail
now only throttled onPOST
requests.- Added
DELETE
method toProfileAvatar
. ProfileAvatar
now requires authentication.
- Add missing plaintext account validation email
- Add missing
/
to html account validation email
- Update
create_user
to set last_login with a default.
Note: this change has been done for the upcoming version django > 1.7.0.
User.last_login
default is removed from django > 1.7.0. For existing
project using django-user-management
project migrations would be run
after django.contrib.auth
migrations. The project migrations will cancel
last_login
IS NULL
.
Backwards incompatible due to incuna-mail update
- Update VerifyEmailMixin.send_validation_email to send a multipart email by default
- Allow overriding the verification email's subject and django templates
- Update incuna-mail to v2.0.0
- Fix bug where VerifyUserAdmin.get_fieldsets is called twice
- Bump required version of
incuna-mail
in order to fix circular import.
- Protect auth login and password reset views against throttling.
- Add email field to PasswordResetEmail response to OPTIONS request
- Fix error in OneTimeUseAPIMixin that made it 500 with bad urls
- Add hooks to PasswordResetEmail view to allow easier subclassing
- Improve UserFactory to deal with passwords neatly.
- Add CaseInsensitiveEmailBackend authentication backend
- Consistently convert email addresses to lower-case
- Move sending of verification emails into UserRegister view from VerifyEmailMixin.
- Add delete method to GetToken view.
- Return HTTP_201_CREATED and ok message from VerifyAccountView.
-
Move
avatar
code to self-contained app so it does not break when extra dependencies are not installed.Note: this is backward incompatible release. Avatar related code should now be imported from
api.avatar
namespace instead of previousapi
namespace. An exampleProfileAvatar
class view lives now atuser_management.api.avatar.views.ProfileAvatar
(notuser_management.api.views.ProfileAvatar
).
- Bump required version of incuna_mail to 0.2
- Add labels to password serializers' fields.
- Add user avatar model mixin, serializer and endpoint. Requires djangorestframework>=2.3.13.
- Ensure all urls accept a trailing slash.
- Separate user detail / list urls from (my) profile.
- Rename views to not end View.
- Make users views hyperlinked.
- Add
user_management_api
namesapce to api urls. Include withinclude('user_management.api.urls', namespace='something', app_name='user_management_api')
- Add admin forms and simple UserAdmin
- Add VerifyUserAdmin
- Order UserAdmin by name, not email
- Use python 2 compatible super
- Added users list
- Added urls and url tests
- Add wheel support
- Rename users template dir to user_management
- Rename UserSerializer to RegistrationSerializer
- Check new superusers are active by default
- Make User model abstract.
- Convert abstract models to mixins.
- Reorganise app into models and api modules.
- Separate verify_email_urls.
- Use self.normalize_email
- Better duplicate email test.
- Add .travis.yml
- Add Python 2.7 compatibility