Commit d421b6c4 authored by Pierre-Elliott Bécue's avatar Pierre-Elliott Bécue

New upstream version 0.36.0

parent 58ab8f0a
......@@ -19,6 +19,7 @@ Andrey Balandin
Andrey Akolpakov
Andy Matthews
Ani Vera
Antonin Delpeuch
Aron Griffis
Basil Shubin
Ben Timby
......
0.35.0 (2017-02-02)
0.36.0 (2018-05-08)
*******************
Note worthy changes
-------------------
- New providers: Telegram, QuickBooks.
- The Facebook API version now defaults to v2.12.
- ORCID upgraded to use API v2.1.
Security notice
---------------
- In previous versions, the authentication backend did not invoke the
``user_can_authenticate()`` method, potentially allowing users with
``is_active=False`` to authenticate when the allauth authentication backend
was used in a non allauth context.
0.35.0 (2018-02-02)
*******************
Note worthy changes
-------------------
- Add support for Django 2.0
Security notice
---------------
......@@ -9,6 +36,11 @@ Security notice
address to the hash such that whenever the user's email address changes the
token is invalidated.
Backwards incompatible changes
------------------------------
- Drop support for Django 1.8 and Django 1.10.
Note worthy changes
-------------------
......
Metadata-Version: 1.1
Name: django-allauth
Version: 0.35.0
Version: 0.36.0
Summary: Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication.
Home-page: http://github.com/pennersr/django-allauth
Author: Raymond Penners
Author-email: raymond.penners@intenct.nl
License: UNKNOWN
Description-Content-Type: UNKNOWN
Description: ==========================
Welcome to django-allauth!
==========================
......
......@@ -8,7 +8,7 @@ r"""
"""
VERSION = (0, 35, 0, 'final', 0)
VERSION = (0, 36, 0, 'final', 0)
__title__ = 'django-allauth'
__version_info__ = VERSION
......
......@@ -407,7 +407,7 @@ class DefaultAccountAdapter(object):
def is_safe_url(self, url):
from django.utils.http import is_safe_url
return is_safe_url(url)
return is_safe_url(url, allowed_hosts=None)
def get_email_confirmation_url(self, request, emailconfirmation):
"""Constructs the email confirmation (activation) url.
......@@ -476,9 +476,14 @@ class DefaultAccountAdapter(object):
def authenticate(self, request, **credentials):
"""Only authenticates, does not actually login. See `login`"""
from allauth.account.auth_backends import AuthenticationBackend
self.pre_authenticate(request, **credentials)
AuthenticationBackend.unstash_authenticated_user()
user = authenticate(request, **credentials)
if user:
alt_user = AuthenticationBackend.unstash_authenticated_user()
user = user or alt_user
if user and app_settings.LOGIN_ATTEMPTS_LIMIT:
cache_key = self._get_login_attempts_cache_key(
request, **credentials)
cache.delete(cache_key)
......@@ -487,11 +492,14 @@ class DefaultAccountAdapter(object):
return user
def authentication_failed(self, request, **credentials):
cache_key = self._get_login_attempts_cache_key(request, **credentials)
data = cache.get(cache_key, [])
dt = timezone.now()
data.append(time.mktime(dt.timetuple()))
cache.set(cache_key, data, app_settings.LOGIN_ATTEMPTS_TIMEOUT)
if app_settings.LOGIN_ATTEMPTS_LIMIT:
cache_key = self._get_login_attempts_cache_key(
request, **credentials
)
data = cache.get(cache_key, [])
dt = timezone.now()
data.append(time.mktime(dt.timetuple()))
cache.set(cache_key, data, app_settings.LOGIN_ATTEMPTS_TIMEOUT)
def is_ajax(self, request):
return request.is_ajax()
......
from threading import local
from django.contrib.auth.backends import ModelBackend
from . import app_settings
......@@ -6,6 +8,9 @@ from .app_settings import AuthenticationMethod
from .utils import filter_users_by_email, filter_users_by_username
_stash = local()
class AuthenticationBackend(ModelBackend):
def authenticate(self, request, **credentials):
......@@ -33,7 +38,7 @@ class AuthenticationBackend(ModelBackend):
try:
# Username query is case insensitive
user = filter_users_by_username(username).get()
if user.check_password(password):
if self._check_password(user, password):
return user
except User.DoesNotExist:
return None
......@@ -47,6 +52,46 @@ class AuthenticationBackend(ModelBackend):
email = credentials.get('email', credentials.get('username'))
if email:
for user in filter_users_by_email(email):
if user.check_password(credentials["password"]):
if self._check_password(user, credentials["password"]):
return user
return None
def _check_password(self, user, password):
ret = user.check_password(password)
if ret:
ret = self.user_can_authenticate(user)
if not ret:
self._stash_user(user)
return ret
@classmethod
def _stash_user(cls, user):
"""Now, be aware, the following is quite ugly, let me explain:
Even if the user credentials match, the authentication can fail because
Django's default ModelBackend calls user_can_authenticate(), which
checks `is_active`. Now, earlier versions of allauth did not do this
and simply returned the user as authenticated, even in case of
`is_active=False`. For allauth scope, this does not pose a problem, as
these users are properly redirected to an account inactive page.
This does pose a problem when the allauth backend is used in a
different context where allauth is not responsible for the login. Then,
by not checking on `user_can_authenticate()` users will allow to become
authenticated whereas according to Django logic this should not be
allowed.
In order to preserve the allauth behavior while respecting Django's
logic, we stash a user for which the password check succeeded but
`user_can_authenticate()` failed. In the allauth authentication logic,
we can then unstash this user and proceed pointing the user to the
account inactive page.
"""
global _stash
ret = getattr(_stash, 'user', None)
_stash.user = user
return ret
@classmethod
def unstash_authenticated_user(cls):
return cls._stash_user(None)
......@@ -821,10 +821,12 @@ class EmailFormTests(TestCase):
HTTP_X_REQUESTED_WITH='XMLHttpRequest')
data = json.loads(resp.content.decode('utf8'))
assert data['data'] == [
{'email': 'john1@example.org',
{'id': self.email_address.pk,
'email': 'john1@example.org',
'primary': True,
'verified': True},
{'email': 'john2@example.org',
{'id': self.email_address2.pk,
'email': 'john2@example.org',
'primary': False,
'verified': False}]
......
......@@ -521,6 +521,7 @@ class EmailView(AjaxCapableProcessFormViewMixin, FormView):
data = []
for emailaddress in self.request.user.emailaddress_set.all():
data.append({
'id': emailaddress.pk,
'email': emailaddress.email,
'verified': emailaddress.verified,
'primary': emailaddress.primary,
......
......@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: 0.1\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2018-02-02 12:55-0600\n"
"POT-Creation-Date: 2018-05-08 00:43-0500\n"
"PO-Revision-Date: 2016-01-19 19:32+0100\n"
"Last-Translator: David D Lowe <daviddlowe.flimm@gmail.com>\n"
"Language-Team: Arabic\n"
......
......@@ -2,20 +2,22 @@
# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
# This file is distributed under the same license as the PACKAGE package.
# Tomas Marcik <tomas.marcik@dolnex.cz>, 2013.
# Beda Kosata <beda.kosata@gmail.com>, 2018.
#
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Project-Id-Version: 0.35\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2018-02-02 12:55-0600\n"
"PO-Revision-Date: 2014-08-12 00:28+0200\n"
"Last-Translator: Tomas Marcik <tomas.marcik@dolnex.cz>, 2013\n"
"Language-Team: Dolnex Technologies s.r.o. <info@dolnex.cz>\n"
"Language: \n"
"POT-Creation-Date: 2018-05-08 00:43-0500\n"
"PO-Revision-Date: 2018-04-17 16:52+0200\n"
"Last-Translator: Beda Kosata <beda.kosata@gmail.com>\n"
"Language-Team: Czech <>\n"
"Language: cs\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n"
"X-Generator: Gtranslator 2.91.7\n"
#: account/adapter.py:45
msgid "Username can not be used. Please use other username."
......@@ -35,9 +37,8 @@ msgid "Password must be a minimum of {0} characters."
msgstr "Heslo musí obsahovat minimálně {0} znaků."
#: account/apps.py:7
#, fuzzy
msgid "Accounts"
msgstr "Účet"
msgstr "Účty"
#: account/forms.py:61 account/forms.py:398
msgid "You must type the same password each time."
......@@ -88,26 +89,20 @@ msgid "Login"
msgstr "Login"
#: account/forms.py:292
#, fuzzy
#| msgid "E-mail (optional)"
msgid "E-mail (again)"
msgstr "E-mail (nepovinné)"
msgstr "E-mail (znovu)"
#: account/forms.py:296
#, fuzzy
#| msgid "email confirmation"
msgid "E-mail address confirmation"
msgstr "Potrvzovací e-mail"
msgstr "Potrvzení e-mailové adresy"
#: account/forms.py:304
msgid "E-mail (optional)"
msgstr "E-mail (nepovinné)"
#: account/forms.py:345
#, fuzzy
#| msgid "You must type the same password each time."
msgid "You must type the same email each time."
msgstr "Hesla se musí shodovat."
msgstr "Vložené emaily se musí shodovat."
#: account/forms.py:368 account/forms.py:477
msgid "Password (again)"
......@@ -147,22 +142,19 @@ msgstr "Token pro reset hesla není platný."
#: account/models.py:23
msgid "user"
msgstr ""
msgstr "uživatel"
#: account/models.py:27 account/models.py:81
#, fuzzy
msgid "e-mail address"
msgstr "e-mailová adresa"
#: account/models.py:28
#, fuzzy
msgid "verified"
msgstr "Neověřeno"
msgstr "ověřeno"
#: account/models.py:29
#, fuzzy
msgid "primary"
msgstr "Primární"
msgstr "primární"
#: account/models.py:34
msgid "email address"
......@@ -174,15 +166,15 @@ msgstr "e-mailové adresy"
#: account/models.py:83
msgid "created"
msgstr ""
msgstr "vytvořit"
#: account/models.py:85
msgid "sent"
msgstr ""
msgstr "odeslaný"
#: account/models.py:86 socialaccount/models.py:55
msgid "key"
msgstr ""
msgstr "klíč"
#: account/models.py:91
msgid "email confirmation"
......@@ -210,102 +202,100 @@ msgid "Your account has no verified e-mail address."
msgstr "Váš účet nemá žádný ověřený e-mail."
#: socialaccount/apps.py:7
#, fuzzy
msgid "Social Accounts"
msgstr "Účet"
msgstr "Účty sociálních sítí"
#: socialaccount/models.py:43 socialaccount/models.py:77
msgid "provider"
msgstr ""
msgstr "poskytovatel"
#: socialaccount/models.py:46
#, fuzzy
msgid "name"
msgstr "Uživatelské jméno"
msgstr "jméno"
#: socialaccount/models.py:48
msgid "client id"
msgstr ""
msgstr "id klienta"
#: socialaccount/models.py:50
msgid "App ID, or consumer key"
msgstr ""
msgstr "App ID nebo uživatelský klíč"
#: socialaccount/models.py:51
msgid "secret key"
msgstr ""
msgstr "tajný klíč"
#: socialaccount/models.py:53
msgid "API secret, client secret, or consumer secret"
msgstr ""
msgstr "tajný API klíč, tajný klientský klíč nebo uživatelský tajný klíč"
#: socialaccount/models.py:58
msgid "Key"
msgstr ""
msgstr "Klíč"
#: socialaccount/models.py:66
msgid "social application"
msgstr ""
msgstr "sociální aplikace"
#: socialaccount/models.py:67
msgid "social applications"
msgstr ""
msgstr "sociální aplikace"
#: socialaccount/models.py:96
msgid "uid"
msgstr ""
msgstr "uid"
#: socialaccount/models.py:98
msgid "last login"
msgstr ""
msgstr "poslední přihlášení"
#: socialaccount/models.py:100
msgid "date joined"
msgstr ""
msgstr "datum registrace"
#: socialaccount/models.py:102
msgid "extra data"
msgstr ""
msgstr "extra data"
#: socialaccount/models.py:106
msgid "social account"
msgstr ""
msgstr "účet sociální sítě"
#: socialaccount/models.py:107
msgid "social accounts"
msgstr ""
msgstr "účty sociálních sítí"
#: socialaccount/models.py:133
msgid "token"
msgstr ""
msgstr "token"
#: socialaccount/models.py:135
msgid "\"oauth_token\" (OAuth1) or access token (OAuth2)"
msgstr ""
msgstr "\"oauth_token\" (OAuth1) nebo přístupový token (OAuth2)"
#: socialaccount/models.py:138
msgid "token secret"
msgstr ""
msgstr "tajný token"
#: socialaccount/models.py:140
msgid "\"oauth_token_secret\" (OAuth1) or refresh token (OAuth2)"
msgstr ""
msgstr "\"oauth_token_secret\" (OAuth1) nebo token pro obnovu (OAuth2)"
#: socialaccount/models.py:142
msgid "expires at"
msgstr ""
msgstr "vyprší"
#: socialaccount/models.py:146
msgid "social application token"
msgstr ""
msgstr "token sociální aplikace"
#: socialaccount/models.py:147
msgid "social application tokens"
msgstr ""
msgstr "tokeny sociálních aplikací"
#: socialaccount/providers/douban/views.py:36
msgid "Invalid profile data"
msgstr ""
msgstr "Neplatná data profilu"
#: socialaccount/providers/oauth/client.py:78
#, python-format
......@@ -403,12 +393,7 @@ msgid "Do you really want to remove the selected e-mail address?"
msgstr "Opravdu chcete odstranit zvolené e-mailové adresy?"
#: templates/account/email/email_confirmation_message.txt:1
#, fuzzy, python-format
#| msgid ""
#| "User %(user_display)s at %(site_name)s has given this as an email "
#| "address.\n"
#| "\n"
#| "To confirm this is correct, go to %(activate_url)s\n"
#, python-format
msgid ""
"Hello from %(site_name)s!\n"
"\n"
......@@ -417,10 +402,12 @@ msgid ""
"\n"
"To confirm this is correct, go to %(activate_url)s\n"
msgstr ""
"Uživatel %(user_display)s na stránce %(site_name)s zadal tuto e-mailovou "
"adresu.\n"
"Zdravíme z %(site_name)s!\n"
"\n"
"Tento e-mail jste obdrželi protože uživatel %(user_display)s zadal vaši "
"adresu jako e-mailovou adresu pro připojení svého účtu.\n"
"\n"
"Pro potvrzení následujte adresu %(activate_url)s\n"
"Pro potvrzení, že je to v pořádku, pokračujte na %(activate_url)s\n"
#: templates/account/email/email_confirmation_message.txt:7
#, python-format
......@@ -428,20 +415,15 @@ msgid ""
"Thank you from %(site_name)s!\n"
"%(site_domain)s"
msgstr ""
"Díky z %(site_name)s!\n"
"%(site_domain)s"
#: templates/account/email/email_confirmation_subject.txt:3
#, fuzzy
#| msgid "Confirm E-mail Address"
msgid "Please Confirm Your E-mail Address"
msgstr "Potvrzení e-mailové adresy"
msgstr "Potvrďte prosím svou e-mailovou adresu"
#: templates/account/email/password_reset_key_message.txt:1
#, fuzzy, python-format
#| msgid ""
#| "You're receiving this e-mail because you or someone else has requested a "
#| "password for your user account at %(site_domain)s.\n"
#| "It can be safely ignored if you did not request a password reset. Click "
#| "the link below to reset your password."
#, python-format
msgid ""
"Hello from %(site_name)s!\n"
"\n"
......@@ -450,8 +432,10 @@ msgid ""
"It can be safely ignored if you did not request a password reset. Click the "
"link below to reset your password."
msgstr ""
"Tento e-mail jste dostali protože vy nebo někdo jiný zažádal o změnu hesla "
"uživatelského účtu na stránce %(site_domain)s.\n"
"Zdravíme z %(site_name)s!\n"
"\n"
"Tento e-mail jste obdrželi protože jste vy nebo někdo jiný zažádal o změnu "
"hesla uživatelského účtu.\n"
"Pokud jste to nebyli vy, můžete tento e-mail ignorovat. Pokud ano, klikněte "
"na odkaz níže pro změnu vašeho hesla."
......@@ -467,6 +451,8 @@ msgid ""
"Thank you for using %(site_name)s!\n"
"%(site_domain)s"
msgstr ""
"Děkujeme, že používáte %(site_name)s!\n"
"%(site_domain)s"
#: templates/account/email/password_reset_key_subject.txt:3
msgid "Password Reset E-mail"
......@@ -505,14 +491,15 @@ msgid "Sign In"
msgstr "Přihlásit se"
#: templates/account/login.html:15
#, fuzzy, python-format
#, python-format
msgid ""
"Please sign in with one\n"
"of your existing third party accounts. Or, <a href=\"%(signup_url)s\">sign "
"up</a>\n"
"for a %(site_name)s account and sign in below:"
msgstr ""
"Přihlašte se výběrem jednoho poskytovatele. Nebo se <a href=\"%(signup_url)s"
"Přihlašte se prosím výběrem jednoho\n"
"z vašich účtů třetích stran. Nebo se <a href=\"%(signup_url)s"
"\">zaregistruje</a> na stránky %(site_name)s a přihlašte se níže:"
#: templates/account/login.html:25
......@@ -520,11 +507,13 @@ msgid "or"
msgstr "nebo"
#: templates/account/login.html:32
#, fuzzy, python-format
#, python-format
msgid ""
"If you have not created an account yet, then please\n"
"<a href=\"%(signup_url)s\">sign up</a> first."
msgstr "Máte již účet? <a href=\"%(login_url)s\">Přihlašte se</a>, prosím."
msgstr ""
"Pokud jste si ještě nevytvořili účet, nejprve se <a href=\"%(signup_url)s"
"\">zaregistrujte</a>."
#: templates/account/login.html:42
msgid "Forgot Password?"
......@@ -695,16 +684,14 @@ msgid "Verify Your E-mail Address"
msgstr "Ověřte svoji e-mailovou adresu."
#: templates/account/verification_sent.html:10
#, fuzzy
msgid ""
"We have sent an e-mail to you for verification. Follow the link provided to "
"finalize the signup process. Please contact us if you do not receive it "
"within a few minutes."
msgstr ""
"Byl Vám zaslán ověřovací e-mail na adresu <a href=\"mailto:%(email)s\">"
"%(email)s</a>. Následujte odkaz v e-mailu pro dokončení registračního "
"procesu. Neváhejte nás kontaktovat v případě, pokud e-mail nedostanete do "
"několika minut."
"Byl vám zaslán ověřovací e-mail. Následujte odkaz v e-mailu pro dokončení "
"registračního procesu. Neváhejte nás kontaktovat v případě, pokud e-mail do "
"několika minut neobdržíte."
#: templates/account/verified_email_required.html:12
msgid ""
......@@ -790,22 +777,25 @@ msgid "The social account has been connected."
msgstr "Účet sociální sítě byl připojen."
#: templates/socialaccount/messages/account_connected_other.txt:2
#, fuzzy
msgid "The social account is already connected to a different account."
msgstr "Účet sociální sítě byl připojen."
msgstr "Účet sociální sítě je již spojen s jiným účtem."
#: templates/socialaccount/messages/account_disconnected.txt:2
msgid "The social account has been disconnected."
msgstr "Účet sociální sítě byl odpojen."
#: templates/socialaccount/signup.html:10
#, fuzzy, python-format
#, python-format
msgid ""
"You are about to use your %(provider_name)s account to login to\n"
"%(site_name)s. As a final step, please complete the following form:"
msgstr ""
"Nyní jste zažádali o přihlášení vašeho %(provider_name)s účtu na naše "
"stránky %(site_name)s. Jako poslední krok, prosím, vyplňte tento formulář:"
"Chystáte se použít vaš %(provider_name)s účtu k přihlášení na naše stránky \n"
"%(site_name)s. Jako poslední krok, prosím, vyplňte následující formulář:"
#~| msgid "The password reset token was invalid."
#~ msgid "The provided password is not valid."
#~ msgstr "Použité heslo není platné."
#~ msgid "The login and/or password you specified are not correct."
#~ msgstr "Zadané přihlašovací údaje nejsou správné."
......
......@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: django-allauth\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2018-02-02 12:55-0600\n"
"POT-Creation-Date: 2018-05-08 00:43-0500\n"
"PO-Revision-Date: 2017-11-04 16:22+0100\n"
"Last-Translator: Jannis Vajen <jvajen@gmail.com>\n"
"Language-Team: German (http://www.transifex.com/projects/p/django-allauth/"
......@@ -105,7 +105,7 @@ msgstr "E-Mail (optional)"
#: account/forms.py:345
msgid "You must type the same email each time."
msgstr "Du musst zweimal dasselbe Passwort eingeben."
msgstr "Du musst zweimal dieselbe E-Mail-Adresse eingeben."
#: account/forms.py:368 account/forms.py:477
msgid "Password (again)"
......
......@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2018-02-02 12:55-0600\n"
"POT-Creation-Date: 2018-05-08 00:43-0500\n"
"PO-Revision-Date: 2014-08-12 00:29+0200\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
......
......@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2018-02-02 12:55-0600\n"
"POT-Creation-Date: 2018-05-08 00:43-0500\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
......
......@@ -7,8 +7,8 @@ msgid ""
msgstr ""
"Project-Id-Version: django-allauth\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2018-02-02 12:55-0600\n"
"PO-Revision-Date: 2014-08-12 00:30+0200\n"
"POT-Creation-Date: 2018-05-08 00:43-0500\n"
"PO-Revision-Date: 2018-02-14 17:46-0600\n"
"Last-Translator: Jannis Š\n"
"Language-Team: Spanish (http://www.transifex.com/projects/p/django-allauth/"
"language/es/)\n"
......@@ -17,6 +17,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
"X-Generator: Poedit 1.8.7.1\n"
#: account/adapter.py:45
msgid "Username can not be used. Please use other username."
......@@ -89,26 +90,20 @@ msgid "Login"
msgstr "Iniciar sesión"
#: account/forms.py:292
#, fuzzy
#| msgid "E-mail (optional)"
msgid "E-mail (again)"
msgstr "Correo Electrónico (opcional)"
msgstr "Correo Electrónico (otra vez)"
#: account/forms.py:296
#, fuzzy
#| msgid "email confirmation"
msgid "E-mail address confirmation"
msgstr "confirmación de correo electrónico"
msgstr "Confirmación de la dirección de correo electrónico"
#: account/forms.py:304
msgid "E-mail (optional)"
msgstr "Correo Electrónico (opcional)"
#: account/forms.py:345
#, fuzzy
#| msgid "You must type the same password each time."
msgid "You must type the same email each time."
msgstr "Debes escribir la misma contraseña cada vez."
msgstr "Debe escribir el mismo correo electrónico cada vez."
#: account/forms.py:368 account/forms.py:477
msgid "Password (again)"
......@@ -303,7 +298,7 @@ msgstr ""