From 731016d7f36ad74fd8fed2a33f4b71c11dd916fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89loi=20Rivard?= Date: Thu, 28 Mar 2024 15:31:55 +0100 Subject: [PATCH] doc: changelog improvements --- CHANGES.rst | 152 +++++++++++++++++++++++----------------------- doc/changelog.rst | 51 +++++++++++++++- 2 files changed, 124 insertions(+), 79 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index e7136903..db3b081a 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -1,16 +1,14 @@ -All notable changes to this project will be documented in this file. - -The format is based on `Keep a Changelog `_, -and this project adheres to `Semantic Versioning `_. +Unreleased +---------- Added -===== +^^^^^ - Add `created` and `last_modified` datetime for all models - Sitemap to the documentation :pr:`169` Changed -======= +^^^^^^^ - Use default python logging configuration format. :issue:`188` :pr:`165` - Bump to htmx 1.99.11 :pr:`166` @@ -21,7 +19,7 @@ Changed --------------------- Fixed -===== +^^^^^ - Avoid to fail on imports if ``cryptography`` is missing. @@ -29,12 +27,12 @@ Fixed --------------------- Added -===== +^^^^^ - OIDC `prompt=create` support. :issue:`185` :pr:`164` Fixed -===== +^^^^^ - Correctly set up Client audience during OIDC dynamic registration. - ``post_logout_redirect_uris`` was ignored during OIDC dynamic registration. @@ -44,7 +42,7 @@ Fixed --------------------- Added -===== +^^^^^ - ``THEME`` can be a relative path @@ -52,7 +50,7 @@ Added --------------------- Fixed -===== +^^^^^ - Crash when no ACL were defined - OIDC Userinfo endpoint is also available in POST @@ -62,7 +60,7 @@ Fixed --------------------- Changed -======= +^^^^^^^ - Convert all the png in webp. :pr:`162` - Update to flask 3 :issue:`161` :pr:`163` @@ -71,7 +69,7 @@ Changed --------------------- Fixed -===== +^^^^^ - Handle 4xx and 5xx error codes with htmx. :issue:`171` :pr:`161` @@ -79,7 +77,7 @@ Fixed --------------------- Fixed -===== +^^^^^ - Avoid crashing when LDAP groups references unexisting users. - Password reset and initialization mails were only sent to the @@ -93,19 +91,19 @@ Fixed --------------------- Added -===== +^^^^^ - Refresh token grant supports other client authentication methods. :pr:`157` - Implement a SQLAlchemy backend. :issue:`30` :pr:`158` Changed -======= +^^^^^^^ - Model attributes cardinality is closer to SCIM model. :pr:`155` - Bump to htmx 1.9.9 :pr:`159` Fixed -===== +^^^^^ - Disable HTMX boosting during the OIDC dance. :pr:`160` @@ -113,13 +111,13 @@ Fixed --------------------- Fixed -===== +^^^^^ - Canaille installations without account lockabilty could not delete users. :pr:`153` Added -===== +^^^^^ - If users register or authenticate during a OAuth Authorization phase, they get redirected back to that page afterwards. @@ -133,12 +131,12 @@ Added --------------------- Fixed -===== +^^^^^ - OIDC jwks endpoint do not return empty kid claim Added -===== +^^^^^ - Documentation details on the canaille models. @@ -146,7 +144,7 @@ Added --------------------- Added -===== +^^^^^ - Additional inmemory backend :issue:`30` :pr:`149` - Installation extras :issue:`167` :pr:`150` @@ -155,7 +153,7 @@ Added --------------------- Added -===== +^^^^^ - Configuration option to disable the forced usage of OIDC nonce :pr:`143` - Validate phone numbers with a regex :pr:`146` @@ -163,12 +161,12 @@ Added - Account registration :issue:`55` :pr:`133` :pr:`148` Fixed -===== +^^^^^ - The `check` command uses the default configuration values. Changed -======= +^^^^^^^ - Modals do not need use javascript at the moment. :issue:`158` :pr:`144` @@ -179,12 +177,12 @@ Changed Check the new format with ``git diff 0.0.29 0.0.30 canaille/conf/config.sample.toml`` Added -===== +^^^^^ - Configuration option to disable javascript :pr:`141` Changed -======= +^^^^^^^ - Configuration ``USER_FILTER`` is parsed with jinja. - Configuration use ``PRIVATE_KEY_FILE`` instead of ``PRIVATE_KEY`` and ``PUBLIC_KEY_FILE`` instead of ``PUBLIC_KEY`` @@ -193,7 +191,7 @@ Changed --------------------- Fixed -===== +^^^^^ - Disabled HTMX boosting on OIDC forms to avoid errors. @@ -201,7 +199,7 @@ Fixed --------------------- Fixed -===== +^^^^^ - A template variable was misnamed. @@ -212,7 +210,7 @@ Fixed Check the new format with ``git diff 0.0.26 0.0.27 canaille/conf/config.sample.toml`` Added -===== +^^^^^ - Configuration entries can be loaded from files if the entry key has a *_FILE* suffix and the entry value is the path to the file. :issue:`134` :pr:`134` @@ -220,17 +218,17 @@ Added - Pages are boosted with HTMX :issue:`144` :issue:`145` :pr:`137` Changed -======= +^^^^^^^ - Bump to jquery 3.7.0 :pr:`138` Fixed -===== +^^^^^ - Profile edition when the user RDN was not ``uid`` :issue:`148` :pr:`139` Removed -======= +^^^^^^^ - Stop support for python 3.7 :pr:`131` @@ -238,14 +236,14 @@ Removed --------------------- Added -===== +^^^^^ - Implemented account expiration based on OpenLDAP ppolicy overlay. Needs OpenLDAP 2.5+ :issue:`13` :pr:`118` - Timezone configuration entry. :issue:`137` :pr:`130` Fixed -===== +^^^^^ - Avoid setting ``None`` in JWT claims when they have no value. - Display password recovery button on OIDC login page. :pr:`129` @@ -257,7 +255,7 @@ Fixed Check the new format with ``git diff 0.0.25 0.0.24 canaille/conf/config.sample.toml`` Changed -======= +^^^^^^^ - Renamed user model attributes to match SCIM naming convention. :pr:`123` - Moved OIDC related configuration entries in ``OIDC`` @@ -267,7 +265,7 @@ Changed - Bumped to htmx 1.9.2 :pr:`127` Fixed -===== +^^^^^ - ``OIDC.JWT.MAPPING`` configuration entry is really optional now. - Fixed empty model attributes registration :pr:`125` @@ -277,7 +275,7 @@ Fixed --------------------- Fixed -===== +^^^^^ - Fixed avatar update. :pr:`122` @@ -285,20 +283,20 @@ Fixed --------------------- Added -===== +^^^^^ - Organization field. :pr:`116` - ETag and Last-Modified headers on user photos. :pr:`116` - Dynamic form validation :pr:`120` Changed -======= +^^^^^^^ - UX rework. Submenu addition. :pr:`114` - Properly handle LDAP date timezones. :pr:`117` Fixed -===== +^^^^^ - CSRF protection on every forms. :pr:`119` @@ -306,14 +304,14 @@ Fixed --------------------- Fixed -===== +^^^^^ - faker is not imported anymore when the `clean` command is called. [0.0.21] - 2023-03-12 --------------------- Added -===== +^^^^^ - Display TOS and policy URI on the consent list page. :pr:`102` - Admin token deletion :pr:`100` :pr:`101` @@ -329,13 +327,13 @@ Added - Title edition support :pr:`113` Fixed -===== +^^^^^ - Client deletion also deletes related Consent, Token and AuthorizationCode objects. :issue:`126` :pr:`98` Changed -======= +^^^^^^^ - Removed datatables. @@ -343,7 +341,7 @@ Changed --------------------- Added -===== +^^^^^ - Spanish translation. :pr:`85` :pr:`88` - Dedicated connectivity test email :pr:`89` @@ -352,7 +350,7 @@ Added - Update to datatables 1.13.1 :pr:`90` Fixed -===== +^^^^^ - Fix typos and grammar errors. :pr:`84` - Fix wording and punctuations. :pr:`86` @@ -364,7 +362,7 @@ Fixed --------------------- Fixed -===== +^^^^^ - Ensures the token `expires_in` claim and the `access_token` `exp` claim have the same value. :pr:`83` @@ -373,7 +371,7 @@ Fixed --------------------- Fixed -===== +^^^^^ - OIDC end_session was not returning the ``state`` parameter in the ``post_logout_redirect_uri`` :pr:`82` @@ -382,7 +380,7 @@ Fixed --------------------- Fixed -===== +^^^^^ - Fixed group deletion button. :pr:`80` - Fixed post requests in oidc clients views. :pr:`81` @@ -391,7 +389,7 @@ Fixed --------------------- Fixed -===== +^^^^^ - Fixed LDAP operational attributes handling. @@ -399,7 +397,7 @@ Fixed --------------------- Added -===== +^^^^^ - User can chose their favourite display name. :pr:`77` - Bumped to authlib 1.2. :pr:`78` @@ -411,14 +409,14 @@ Added --------------------- Fixed -===== +^^^^^ - Fixed translation mo files packaging. [0.0.13] - 2022-11-21 --------------------- Fixed -===== +^^^^^ - Fixed a bug on the contacts field in the admin client form following the LDAP schema update of 0.0.12 @@ -432,14 +430,14 @@ Fixed - Fixed client preconsent disabling. :pr:`72` Added -===== +^^^^^ - Python 3.11 support. :pr:`61` - apparmor slapd configuration instructions in CONTRIBUTING.rst :pr:`66` - ``preferredLanguage`` attribute support. :pr:`75` Changed -======= +^^^^^^^ - Replaced the use of the deprecated `FLASK_ENV` environment variable by `FLASK_DEBUG`. @@ -453,7 +451,7 @@ Changed --------------------- Added -===== +^^^^^ - Basic WebFinger endpoint. :pr:`59` - Bumped to FomanticUI 2.9.0 00ffffee @@ -463,12 +461,12 @@ Added --------------------- Added -===== +^^^^^ - Default theme has a dark variant. :pr:`57` Fixed -===== +^^^^^ - Fixed missing ``canaille`` binary. :pr:`58` @@ -476,7 +474,7 @@ Fixed --------------------- Fixed -===== +^^^^^ - Online demo. :pr:`55` - The consent page was displaying scopes not supported by clients. :pr:`56` @@ -486,14 +484,14 @@ Fixed -------------------- Added -===== +^^^^^ - ``DISABLE_PASSWORD_RESET`` configuration option to disable password recovery. :pr:`46` - ``edit_self`` ACL permission to control user self edition. :pr:`47` - Implemented RP-initiated logout :pr:`54` Changed -======= +^^^^^^^ - Bumped to authlib 1 :pr:`48` - documentation improvements :pr:`50` @@ -501,7 +499,7 @@ Changed - additional nonce tests :pr:`52` Fixed -===== +^^^^^ - ``HIDE_INVALID_LOGIN`` behavior and default value. - mo files are not versionned anymore :pr:`49` :pr:`53` @@ -509,7 +507,7 @@ Fixed -------------------- Fixed -===== +^^^^^ - Fixed dependencies @@ -517,7 +515,7 @@ Fixed -------------------- Fixed -===== +^^^^^ - Fixed spaces and escaped special char in ldap cn/dn :pr:`43` @@ -525,12 +523,12 @@ Fixed -------------------- Changed -======= +^^^^^^^ - Access token are JWT. :pr:`38` Fixed -===== +^^^^^ - Default groups on invitations :pr:`41` - Schemas are shipped within the canaille package :pr:`42` @@ -539,12 +537,12 @@ Fixed -------------------- Changed -======= +^^^^^^^ - LDAP model objects have new identifiers :pr:`37` Fixed -===== +^^^^^ - Admin menu dropdown display :pr:`39` - `GROUP_ID_ATTRIBUTE` configuration typo :pr:`40` @@ -553,7 +551,7 @@ Fixed -------------------- Added -===== +^^^^^ - Client preauthorization :pr:`11` - LDAP permissions check with the check command :pr:`12` @@ -576,7 +574,7 @@ Added - LDAP backend refactoring :pr:`35` Fixed -===== +^^^^^ - Fixed ghost members in a group :pr:`14` - Fixed email sender names :pr:`19` @@ -591,7 +589,7 @@ Fixed -------------------- Added -===== +^^^^^ - Two-steps sign-in :issue:`49` - Tokens can have several audiences. :issue:`62` :pr:`9` @@ -599,7 +597,7 @@ Added - Groups managament. :issue:`12` :pr:`6` Fixed -===== +^^^^^ - Introspection access bugfix. :issue:`63` :pr:`10` - Introspection sub claim. :issue:`64` :pr:`7` @@ -608,7 +606,7 @@ Fixed -------------------- Added -===== +^^^^^ - Login page is responsive. :issue:`1` - Adapt mobile keyboards to login page fields. :issue:`2` @@ -630,13 +628,13 @@ Added - Password initialization mail. :pr:`51` Fixed -===== +^^^^^ - Form translations. :issue:`19` :issue:`23` - Avoid to use Google Fonts. :issue:`21` Removed -======= +^^^^^^^ - 'My tokens' page. :issue:`22` @@ -644,6 +642,6 @@ Removed -------------------- Added -===== +^^^^^ - Initial release. diff --git a/doc/changelog.rst b/doc/changelog.rst index 4b475116..2569d171 100644 --- a/doc/changelog.rst +++ b/doc/changelog.rst @@ -1,7 +1,54 @@ Roadmap and changelog ##################### -canaille 0 versions -------------------- +Roadmap +******* + +BĂȘta version +============ + +To go out of the current Alpha version we want to achieve the following tasks: + +- :issue:`Configuration validation using pydantic <138>` + +Stable version +============== + +Before we push Canaille in stable version we want to achieve the following tasks: + +Security +-------- + +- :issue:`Password hashing configuration <175>` +- :issue:`Authentication logging policy <177>` +- :issue:`Intruder lockout <173>` +- :issue:`Password expiry policy <176>` +- :issue:`Password compromission check <179>` +- :issue:`Multi-factor authentication: Email <47>` +- :issue:`Multi-factor authentication: SMS <47>` +- :issue:`Multi-factor authentication: OTP <47>` + +Packaging +--------- + +- :issue:`Nix package <190>` +- :issue:`Docker / OCI package <59>` + +And beyond +========== + +- :issue:`OpenID Connect certification <182>` +- :issue:`SCIM support <116>` + +Release notes +************* + +All notable changes to this project will be documented in there. + +The format is based on `Keep a Changelog `_, +and this project adheres to `Semantic Versioning `_. + +Alpha versions +============== .. include:: ../CHANGES.rst