2.0.0 release of django-user-accounts has landed!

Today we are excited to announce django-user-accounts v2.0.0, with bug fixes, enhancements, and support for Django 1.10! Since this is a major version release you can expect a few backward incompatibilities as well as exciting enhancements such as automatic login after confirming email address and (optional) automatic password expiration.

Change Log

  • BI: moved account deletion callbacks to hooksets
  • BI: dropped Django 1.7 support
  • BI: dropped Python 3.2 support
  • BI: removed deprecated ACCOUNT_USE_AUTH_AUTHENTICATE setting with behavior matching its True value
  • added Django 1.10 support
  • added Turkish translations
  • made language codes migration dynamic
  • added password expiration
  • added password stripping by default
  • added ACCOUNT_EMAIL_CONFIRMATION_AUTO_LOGIN feature (default is False)

Backward Incompatible Changes

account deletion callbacks moved to hookset

PR 209

This change brings the previously defined functions in the callbacks.py module into line with the hooksets convention we’ve been using for awhile now. It does mean that if you have functions defined in your site for the following settings: ACCOUNT_DELETION_MARK_CALLBACK or ACCOUNT_DELETION_EXPUNGE_CALLBACK you will need to migrate those functions to a hookset implementation if you don’t already have one to add to.

dropped Django 1.7 and Python 3.2 support

If you still need support for 1.7 then you should likely continue with the 1.x line of DUA, but it’s highly recommended you at least upgrade to Django 1.8.

remove deprecated ACCOUNT_USE_AUTH_AUTHENTICATE setting

Commit 9c3f71c

The current behavior matches how things worked when that setting was set to True.

Django 1.10 support added

Commit 74434fc

DUA was for the most part working fine with Django 1.10. However, the middleware needed to be updated to work with Django 1.10’s middleware changes.

DUA now speaks Turkish

PR 215

Thanks Serkan Altuntaş for helping!

Made language codes migration dynamic

PR 217

Thanks Jonathan Potter for this fix that DRYs up things a bit.

Password Expiration and Password History Tracking

PR 223 and PR 224

Graham Ullrich landed this new feature set to DUA that enables per-user setting of password expiration as well as a global expiry setting. You can also set passwords that never expire. Lastly you can enforce password validation that doesn’t permit using old passwords.

Docs for these features are online.

New setting to enable auto-login when confirming email added

Commit c6f6b5a which closes Issue 130 added.

This commit adds a new setting: ACCOUNT_EMAIL_CONFIRMATION_AUTO_LOGIN which defaults to False but when set to True users that click the email confirmation link will not only confirm their email address but automatically logged in.

Thanks to Lord Daedra for submitting this issue and to Andrew Velis, Michele Mattioni, Steven Day and k4ml for contributing to the discussion.

Other Minor Fixes