- Fix
UserChangeForm
admin formfields
to only include fields used inUserAdmin.fieldsets
.
- Add
delete
toProfileDetail
view
- When an object is referencing the user model with a foreign key it is possible
to define the behavior with
on_delete
.
see https://docs.djangoproject.com/en/1.7/ref/models/fields/#django.db.models.ForeignKey.on_delete
- Raise an error when user is not active at login
- Return 400 instead of 401 when
uidb64
ortoken
is expired or not valid.
- Return
AuthenticationFailed
401
instead of404
NotFound
for not validuidb64
andtoken
- Add
ResendConfirmationEmail
view.
- Remove calculation in translatable string
- Enforce complex passwords
- Get user by natural key in
ValidateEmailMixin
.
- Get user by natural key in
PasswordResetEmail
.
- Add timezone support: projects with
USE_TZ=True
will now work correctly
- Split
BasicUserFieldsMixin
andVerifyEmailMixin
into mixins.
- Auth tokens offer expiration functionality.
- Add custom Sentry logging class to disallow sensitive data being logged by Sentry client.
- Add
UsernameLoginRateThrottle
to throttle users based on their username. GetToken
throttle extended withUsernameLoginRateThrottle
.
- Allow POST to avatar views.
- Allow authentication with
token
as a form field on avatar views. - Replace
django-inmemorystorage==0.1.1
withdj-inmemorystorage==1.2.0
in tests.
GetToken
throttlesPOST
requests only.
Backwards incompatible due to required authentication when using ProfileAvatar
PasswordResetEmail
now only throttled onPOST
requests.- Added
DELETE
method toProfileAvatar
. ProfileAvatar
now requires authentication.
- Add missing plaintext account validation email
- Add missing
/
to html account validation email
- Update
create_user
to set last_login with a default.
Note: this change has been done for the upcoming version django > 1.7.0.
User.last_login
default is removed from django > 1.7.0. For existing
project using django-user-management
project migrations would be run
after django.contrib.auth
migrations. The project migrations will cancel
last_login
IS NULL
.
Backwards incompatible due to incuna-mail update
- Update VerifyEmailMixin.send_validation_email to send a multipart email by default
- Allow overriding the verification email's subject and django templates
- Update incuna-mail to v2.0.0
- Fix bug where VerifyUserAdmin.get_fieldsets is called twice
- Bump required version of
incuna-mail
in order to fix circular import.
- Protect auth login and password reset views against throttling.
- Add email field to PasswordResetEmail response to OPTIONS request
- Fix error in OneTimeUseAPIMixin that made it 500 with bad urls
- Add hooks to PasswordResetEmail view to allow easier subclassing
- Improve UserFactory to deal with passwords neatly.
- Add CaseInsensitiveEmailBackend authentication backend
- Consistently convert email addresses to lower-case
- Move sending of verification emails into UserRegister view from VerifyEmailMixin.
- Add delete method to GetToken view.
- Return HTTP_201_CREATED and ok message from VerifyAccountView.
-
Move
avatar
code to self-contained app so it does not break when extra dependencies are not installed.Note: this is backward incompatible release. Avatar related code should now be imported from
api.avatar
namespace instead of previousapi
namespace. An exampleProfileAvatar
class view lives now atuser_management.api.avatar.views.ProfileAvatar
(notuser_management.api.views.ProfileAvatar
).
- Bump required version of incuna_mail to 0.2
- Add labels to password serializers' fields.
- Add user avatar model mixin, serializer and endpoint. Requires djangorestframework>=2.3.13.
- Ensure all urls accept a trailing slash.
- Separate user detail / list urls from (my) profile.
- Rename views to not end View.
- Make users views hyperlinked.
- Add
user_management_api
namesapce to api urls. Include withinclude('user_management.api.urls', namespace='something', app_name='user_management_api')
- Add admin forms and simple UserAdmin
- Add VerifyUserAdmin
- Order UserAdmin by name, not email
- Use python 2 compatible super
- Added users list
- Added urls and url tests
- Add wheel support
- Rename users template dir to user_management
- Rename UserSerializer to RegistrationSerializer
- Check new superusers are active by default
- Make User model abstract.
- Convert abstract models to mixins.
- Reorganise app into models and api modules.
- Separate verify_email_urls.
- Use self.normalize_email
- Better duplicate email test.
- Add .travis.yml
- Add Python 2.7 compatibility