canaille-globuzma/CHANGES.rst

Changed
^^^^^^^
- Model `identifier_attributes` are fixed.

[0.0.53] - 2024-04-22
---------------------

Added
^^^^^
- `env_prefix` create_app variable can select the environment var prefix.

[0.0.52] - 2024-04-22
---------------------

Added
^^^^^
- `env_file` create_app variable can customize/disable the .env file

Changed
^^^^^^^
- Locked users cannot be impersonated anymore.
- Minimum python requirement is 3.9.

[0.0.51] - 2024-04-09
---------------------

Changed
^^^^^^^
- Display the menu bar on error pages.

[0.0.50] - 2024-04-09
---------------------

Added
^^^^^
- Sign in/out events are logged in :issuer:`177`

Fixed
^^^^^
- HTMX and JAVASCRIPT configuration settings.
- Compatibility with old sessions IDs.

[0.0.49] - 2024-04-08
---------------------

Fixed
^^^^^
- LDAP user group removal.
- Display an error message when trying to remove the last user from a group.

[0.0.48] - 2024-04-08
---------------------

Fixed
^^^^^
- LDAP objectClass guessing exception.

[0.0.47] - 2024-04-08
---------------------

Fixed
^^^^^
- Lazy permission loading exception.

[0.0.46] - 2024-04-08
---------------------

Fixed
^^^^^
- Saving an object with the LDAP backend keeps the objectClass un-managed by Canaille. :pr:`171`

[0.0.45] - 2024-04-04
---------------------

Changed
^^^^^^^
- Internal indexation mechanism of :class:`~canaille.backends.memory.model.MemoryModel`

[0.0.44] - 2024-03-29
---------------------

Fixed
^^^^^
- Fix the default LDAP USER_FILTER value
- Fix the OIDC feature detection

[0.0.43] - 2024-03-29
---------------------

🚨Configuration files must be updated.🚨

Added
^^^^^

- Add `created` and `last_modified` datetime for all models
- Sitemap to the documentation :pr:`169`
- Configuration management with pydantic-settings :issue:`138` :pr:`170`

Changed
^^^^^^^

- Use default python logging configuration format. :issue:`188` :pr:`165`
- Bump to htmx 1.99.11 :pr:`166`
- Use the standard tomllib python module instead of `toml` starting from python 3.11 :pr:`167`
- Use shibuya as the documentation theme :pr:`168`

[0.0.42] - 2023-12-29
---------------------

Fixed
^^^^^

- Avoid to fail on imports if ``cryptography`` is missing.

[0.0.41] - 2023-12-25
---------------------

Added
^^^^^

- OIDC `prompt=create` support. :issue:`185` :pr:`164`

Fixed
^^^^^

- Correctly set up Client audience during OIDC dynamic registration.
- ``post_logout_redirect_uris`` was ignored during OIDC dynamic registration.
- Group field error prevented the registration form validation.

[0.0.40] - 2023-12-22
---------------------

Added
^^^^^

- ``THEME`` can be a relative path

[0.0.39] - 2023-12-15
---------------------

Fixed
^^^^^

- Crash when no ACL were defined
- OIDC Userinfo endpoint is also available in POST
- Fix redirection after password reset :issue:`159`

[0.0.38] - 2023-12-15
---------------------

Changed
^^^^^^^

- Convert all the png in webp. :pr:`162`
- Update to flask 3 :issue:`161` :pr:`163`

[0.0.37] - 2023-12-01
---------------------

Fixed
^^^^^

- Handle 4xx and 5xx error codes with htmx. :issue:`171` :pr:`161`

[0.0.36] - 2023-12-01
---------------------

Fixed
^^^^^

- Avoid crashing when LDAP groups references unexisting users.
- Password reset and initialization mails were only sent to the
  preferred user email address.
- Password reset and initialization mails were not sent at all the user
  addresses if one email address could not be reached.
- Password comparision was too permissive on login.
- Encrypt passwords in the SQL backend.

[0.0.35] - 2023-11-25
---------------------

Added
^^^^^

- Refresh token grant supports other client authentication methods. :pr:`157`
- Implement a SQLAlchemy backend. :issue:`30` :pr:`158`

Changed
^^^^^^^

- Model attributes cardinality is closer to SCIM model. :pr:`155`
- Bump to htmx 1.9.9 :pr:`159`

Fixed
^^^^^

- Disable HTMX boosting during the OIDC dance. :pr:`160`

[0.0.34] - 2023-10-02
---------------------

Fixed
^^^^^

- Canaille installations without account lockabilty could not
  delete users. :pr:`153`

Added
^^^^^

- If users register or authenticate during a OAuth Authorization
  phase, they get redirected back to that page afterwards.
  :issue:`168` :pr:`151`
- flask-babel and pytz are now part of the `front` extras
- Bump to fomantic-ui 2.9.3 :pr:`152`
- Bump to htmx 1.9.6 :pr:`154`
- Add support for python 3.12 :pr:`155`

[0.0.33] - 2023-08-26
---------------------

Fixed
^^^^^

- OIDC jwks endpoint do not return empty kid claim

Added
^^^^^

- Documentation details on the canaille models.

[0.0.32] - 2023-08-17
---------------------

Added
^^^^^

- Additional inmemory backend :issue:`30` :pr:`149`
- Installation extras :issue:`167` :pr:`150`

[0.0.31] - 2023-08-15
---------------------

Added
^^^^^

- Configuration option to disable the forced usage of OIDC nonce :pr:`143`
- Validate phone numbers with a regex :pr:`146`
- Email verification :issue:`41` :pr:`147`
- Account registration :issue:`55` :pr:`133` :pr:`148`

Fixed
^^^^^

- The `check` command uses the default configuration values.

Changed
^^^^^^^

- Modals do not need use javascript at the moment. :issue:`158` :pr:`144`

[0.0.30] - 2023-07-06
---------------------

🚨Configuration files must be updated.🚨
Check the new format with ``git diff 0.0.29 0.0.30 canaille/conf/config.sample.toml``

Added
^^^^^

- Configuration option to disable javascript :pr:`141`

Changed
^^^^^^^

- Configuration ``USER_FILTER`` is parsed with jinja.
- Configuration use ``PRIVATE_KEY_FILE`` instead of ``PRIVATE_KEY`` and ``PUBLIC_KEY_FILE`` instead of ``PUBLIC_KEY``

[0.0.29] - 2023-06-30
---------------------

Fixed
^^^^^

- Disabled HTMX boosting on OIDC forms to avoid errors.

[0.0.28] - 2023-06-30
---------------------

Fixed
^^^^^

- A template variable was misnamed.

[0.0.27] - 2023-06-29
---------------------

🚨Configuration files must be updated.🚨
Check the new format with ``git diff 0.0.26 0.0.27 canaille/conf/config.sample.toml``

Added
^^^^^

- Configuration entries can be loaded from files if the entry key has a *_FILE* suffix
  and the entry value is the path to the file. :issue:`134` :pr:`134`
- Field list support. :issue:`115` :pr:`136`
- Pages are boosted with HTMX :issue:`144` :issue:`145` :pr:`137`

Changed
^^^^^^^

- Bump to jquery 3.7.0 :pr:`138`

Fixed
^^^^^

- Profile edition when the user RDN was not ``uid`` :issue:`148` :pr:`139`

Removed
^^^^^^^

- Stop support for python 3.7 :pr:`131`

[0.0.26] - 2023-06-03
---------------------

Added
^^^^^

- Implemented account expiration based on OpenLDAP ppolicy overlay. Needs OpenLDAP 2.5+
  :issue:`13` :pr:`118`
- Timezone configuration entry. :issue:`137` :pr:`130`

Fixed
^^^^^

- Avoid setting ``None`` in JWT claims when they have no value.
- Display password recovery button on OIDC login page. :pr:`129`

[0.0.25] - 2023-05-05
---------------------

🚨Configuration files must be updated.🚨
Check the new format with ``git diff 0.0.25 0.0.24 canaille/conf/config.sample.toml``

Changed
^^^^^^^

- Renamed user model attributes to match SCIM naming convention. :pr:`123`
- Moved OIDC related configuration entries in ``OIDC``
- Moved ``LDAP`` configuration entry to ``BACKENDS.LDAP``
- Bumped to htmx 1.9.0 :pr:`124`
- ACL filters are no more LDAP filters but user attribute mappings. :pr:`125`
- Bumped to htmx 1.9.2 :pr:`127`

Fixed
^^^^^

- ``OIDC.JWT.MAPPING`` configuration entry is really optional now.
- Fixed empty model attributes registration :pr:`125`
- Password initialization mails were not correctly sent. :pr:`128`

[0.0.24] - 2023-04-07
---------------------

Fixed
^^^^^

- Fixed avatar update. :pr:`122`

[0.0.23] - 2023-04-05
---------------------

Added
^^^^^

- Organization field. :pr:`116`
- ETag and Last-Modified headers on user photos. :pr:`116`
- Dynamic form validation :pr:`120`

Changed
^^^^^^^

- UX rework. Submenu addition. :pr:`114`
- Properly handle LDAP date timezones. :pr:`117`

Fixed
^^^^^

- CSRF protection on every forms. :pr:`119`

[0.0.22] - 2023-03-13
---------------------

Fixed
^^^^^
- faker is not imported anymore when the `clean` command is called.

[0.0.21] - 2023-03-12
---------------------

Added
^^^^^

- Display TOS and policy URI on the consent list page. :pr:`102`
- Admin token deletion :pr:`100` :pr:`101`
- Revoked consents can be restored. :pr:`103`
- Pre-consented clients are displayed in the user consent list,
  and their consents can be revoked. :issue:`69` :pr:`103`
- A ``populate`` command can be used to fill the database with
  random users generated with faker. :pr:`105`
- SMTP SSL support. :pr:`108`
- Server side pagination. :issue:`114` :pr:`111`
- Department number support. :issue:`129`
- Address edition support (but not in the OIDC claims yet) :pr:`112`
- Title edition support :pr:`113`

Fixed
^^^^^

- Client deletion also deletes related Consent, Token and
  AuthorizationCode objects. :issue:`126` :pr:`98`

Changed
^^^^^^^

- Removed datatables.

[0.0.20] - 2023-01-28
---------------------

Added
^^^^^

- Spanish translation. :pr:`85` :pr:`88`
- Dedicated connectivity test email :pr:`89`
- Update to jquery 3.6.3 :pr:`90`
- Update to fomantic-ui 2.9.1 :pr:`90`
- Update to datatables 1.13.1 :pr:`90`

Fixed
^^^^^

- Fix typos and grammar errors. :pr:`84`
- Fix wording and punctuations. :pr:`86`
- Fix HTML lang tag :issue:`122` :pr:`87`
- Automatically trims the HTML translated strings. :pr:`91`
- Fixed dynamic registration scope management. :issue:`123` :pr:`93`

[0.0.19] - 2023-01-14
---------------------

Fixed
^^^^^

- Ensures the token `expires_in` claim and the `access_token` `exp` claim
  have the same value. :pr:`83`

[0.0.18] - 2022-12-28
---------------------

Fixed
^^^^^

- OIDC end_session was not returning the ``state`` parameter in the
  ``post_logout_redirect_uri`` :pr:`82`

[0.0.17] - 2022-12-26
---------------------

Fixed
^^^^^

- Fixed group deletion button. :pr:`80`
- Fixed post requests in oidc clients views. :pr:`81`

[0.0.16] - 2022-12-15
---------------------

Fixed
^^^^^

- Fixed LDAP operational attributes handling.

[0.0.15] - 2022-12-15
---------------------

Added
^^^^^

- User can chose their favourite display name. :pr:`77`
- Bumped to authlib 1.2. :pr:`78`
- Implemented RFC7592 OAuth 2.0 Dynamic Client Registration Management
  Protocol :pr:`79`
- Added ``nonce`` to the ``claims_supported`` server metadata list.

[0.0.14] - 2022-11-29
---------------------

Fixed
^^^^^
- Fixed translation mo files packaging.

[0.0.13] - 2022-11-21
---------------------

Fixed
^^^^^

- Fixed a bug on the contacts field in the admin client form following
  the LDAP schema update of 0.0.12
- Fixed a bug happening during RP initiated logout on clients without
  `post_logout_redirect_uri` defined.
- Gitlab CI fix. :pr:`64`
- Fixed `client_secret` display on the client administration page. :pr:`65`
- Fixed non-square logo CSS. :pr:`67`
- Fixed schema path on installation. :pr:`68`
- Fixed RFC7591 ``software_statement`` claim support. :pr:`70`
- Fixed client preconsent disabling. :pr:`72`

Added
^^^^^

- Python 3.11 support. :pr:`61`
- apparmor slapd configuration instructions in CONTRIBUTING.rst :pr:`66`
- ``preferredLanguage`` attribute support. :pr:`75`

Changed
^^^^^^^

- Replaced the use of the deprecated `FLASK_ENV` environment variable by
  `FLASK_DEBUG`.
- Dynamically generate the server metadata. Users won't have to copy and
  manually edit ``oauth-authorizationserver.json`` and
  ``openid-configuration.json``. :pr:`71`
- The `FROM_ADDR` configuration option is not mandatory anymore. :pr:`73`
- The `JWT.ISS` configuration option is not mandatory anymore. :pr:`74`

[0.0.12] - 2022-10-24
---------------------

Added
^^^^^

- Basic WebFinger endpoint. :pr:`59`
- Bumped to FomanticUI 2.9.0 00ffffee
- Implemented Dynamic Client Registration :pr:`60`

[0.0.11] - 2022-08-11
---------------------

Added
^^^^^

- Default theme has a dark variant. :pr:`57`

Fixed
^^^^^

- Fixed missing ``canaille`` binary. :pr:`58`

[0.0.10] - 2022-07-07
---------------------

Fixed
^^^^^

- Online demo. :pr:`55`
- The consent page was displaying scopes not supported by clients. :pr:`56`
- Fixed end session when user are already disconnected.

[0.0.9] - 2022-06-05
--------------------

Added
^^^^^

- ``DISABLE_PASSWORD_RESET`` configuration option to disable password recovery. :pr:`46`
- ``edit_self`` ACL permission to control user self edition. :pr:`47`
- Implemented RP-initiated logout :pr:`54`

Changed
^^^^^^^

- Bumped to authlib 1 :pr:`48`
- documentation improvements :pr:`50`
- use poetry instead of setuptools :pr:`51`
- additional nonce tests :pr:`52`

Fixed
^^^^^
- ``HIDE_INVALID_LOGIN`` behavior and default value.
- mo files are not versionned anymore :pr:`49` :pr:`53`

[0.0.8] - 2022-03-15
--------------------

Fixed
^^^^^

- Fixed dependencies

[0.0.7] - 2022-03-15
--------------------

Fixed
^^^^^

- Fixed spaces and escaped special char in ldap cn/dn :pr:`43`

[0.0.6] - 2022-03-08
--------------------

Changed
^^^^^^^

- Access token are JWT. :pr:`38`

Fixed
^^^^^

- Default groups on invitations :pr:`41`
- Schemas are shipped within the canaille package :pr:`42`

[0.0.5] - 2022-02-17
--------------------

Changed
^^^^^^^

- LDAP model objects have new identifiers :pr:`37`

Fixed
^^^^^

- Admin menu dropdown display :pr:`39`
- `GROUP_ID_ATTRIBUTE` configuration typo :pr:`40`

[0.0.4] - 2022-02-16
--------------------

Added
^^^^^

- Client preauthorization :pr:`11`
- LDAP permissions check with the check command :pr:`12`
- Update consents when a scope required is larger than the scope of an already
  given consent :pr:`13`
- Theme customization :pr:`15`
- Logging configuration :pr:`16`
- Installation command :pr:`17`
- Invitation links :pr:`18`
- Advanced permissions :pr:`20`
- An option to not use OIDC :pr:`23`
- Disable some features when no SMTP server is configured :pr:`24`
- Login placeholder dynamically generated according to the configuration :pr:`25`
- Added an option to tune object IDs :pr:`26`
- Avatar support :pr:`27`
- Dynamical and configurable JWT claims :pr:`28`
- UI improvemnts :pr:`29`
- Invitation links expiration :pr:`30`
- Invitees can choose their IDs :pr:`31`
- LDAP backend refactoring :pr:`35`

Fixed
^^^^^

- Fixed ghost members in a group :pr:`14`
- Fixed email sender names :pr:`19`
- Fixed filter being not escaped :pr:`21`
- Demo script good practices :pr:`32`
- Binary path for Debian :pr:`33`
- Last name was not mandatory in the forms while this was mandatory
  in the LDAP server :pr:`34`
- Spelling typos :pr:`36`

[0.0.3] - 2021-10-13
--------------------

Added
^^^^^

- Two-steps sign-in :issue:`49`
- Tokens can have several audiences. :issue:`62` :pr:`9`
- Configuration check command. :issue:`66` :pr:`8`
- Groups managament. :issue:`12` :pr:`6`

Fixed
^^^^^

- Introspection access bugfix. :issue:`63` :pr:`10`
- Introspection sub claim. :issue:`64` :pr:`7`

[0.0.2] - 2021-01-06
--------------------

Added
^^^^^

- Login page is responsive. :issue:`1`
- Adapt mobile keyboards to login page fields. :issue:`2`
- Password recovery interface. :issue:`3`
- User profile interface. :issue:`4`
- Renamed the project *canaille*. :issue:`5`
- Command to remove old tokens. :issue:`17`
- Improved password recovery email. :issue:`14` :issue:`26`
- Use flask `SERVER_NAME` configuration variable instead of `URL`. :issue:`24`
- Improved consents page. :issue:`27`
- Admin user page. :issue:`8`
- Project logo. :pr:`29`
- User account self-deletion can be enabled in the configuration with `SELF_DELETION`. :issue:`35`
- Admins can impersonate users. :issue:`39`
- Forgotten page UX improvement. :pr:`43`
- Admins can remove clients. :pr:`45`
- Option `HIDE_INVALID_LOGIN` that can be unactivated to let the user know if
  the login he attempt to sign in with exists or not. :pr:`48`
- Password initialization mail. :pr:`51`

Fixed
^^^^^

- Form translations. :issue:`19` :issue:`23`
- Avoid to use Google Fonts. :issue:`21`

Removed
^^^^^^^

- 'My tokens' page. :issue:`22`

[0.0.1] - 2020-10-21
--------------------

Added
^^^^^

- Initial release.