Roadmap and changelog

canaille 0 versions

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[0.0.15] - 2022-12-15

Added

  • User can chose their favourite display name. #77

  • Bumped to authlib 1.2. #78

  • Implemented RFC7592 OAuth 2.0 Dynamic Client Registration Management Protocol #79

  • Added nonce to the claims_supported server metadata list.

[0.0.14] - 2022-11-29

Fixed

  • Fixed translation mo files packaging.

[0.0.13] - 2022-11-21

Fixed

  • Fixed a bug on the contacts field in the admin client form following the LDAP schema update of 0.0.12

  • Fixed a bug happening during RP initiated logout on clients without post_logout_redirect_uri defined.

  • Gitlab CI fix. #64

  • Fixed client_secret display on the client administration page. #65

  • Fixed non-square logo CSS. #67

  • Fixed schema path on installation. #68

  • Fixed RFC7591 software_statement claim support. #70

  • Fixed client preconsent disabling. #72

Added

  • Python 3.11 support. #61

  • apparmor slapd configuration instructions in CONTRIBUTING.rst #66

  • preferredLanguage attribute support. #75

Changed

  • Replaced the use of the deprecated FLASK_ENV environment variable by FLASK_DEBUG.

  • Dynamically generate the server metadata. Users won’t have to copy and manually edit oauth-authorizationserver.json and openid-configuration.json. #71

  • The FROM_ADDR configuration option is not mandatory anymore. #73

  • The JWT.ISS configuration option is not mandatory anymore. #74

[0.0.12] - 2022-10-24

Added

  • Basic WebFinger endpoint. #59

  • Bumped to FomanticUI 2.9.0 00ffffee

  • Implemented Dynamic Client Registration #60

[0.0.11] - 2022-08-11

Added

  • Default theme has a dark variant. #57

Fixed

  • Fixed missing canaille binary. #58

[0.0.10] - 2022-07-07

Fixed

  • Online demo. #55

  • The consent page was displaying scopes not supported by clients. #56

  • Fixed end session when user are already disconnected.

[0.0.9] - 2022-06-05

Added

  • DISABLE_PASSWORD_RESET configuration option to disable password recovery. #46

  • edit_self ACL permission to control user self edition. #47

  • Implemented RP-initiated logout #54

Changed

  • Bumped to authlib 1 #48

  • documentation improvements #50

  • use poetry instead of setuptools #51

  • additional nonce tests #52

Fixed

  • HIDE_INVALID_LOGIN behavior and default value.

  • mo files are not versionned anymore #49 #53

[0.0.8] - 2022-03-15

Fixed

  • Fixed dependencies

[0.0.7] - 2022-03-15

Fixed

  • Fixed spaces and escaped special char in ldap cn/dn #43

[0.0.6] - 2022-03-08

Changed

  • Access token are JWT. #38

Fixed

  • Default groups on invitations #41

  • Schemas are shipped within the canaille package #42

[0.0.5] - 2022-02-17

Changed

  • LDAP model objects have new identifiers #37

Fixed

  • Admin menu dropdown display #39

  • GROUP_ID_ATTRIBUTE configuration typo #40

[0.0.4] - 2022-02-16

Added

  • Client preauthorization #11

  • LDAP permissions check with the check command #12

  • Update consents when a scope required is larger than the scope of an already given consent #13

  • Theme customization #15

  • Logging configuration #16

  • Installation command #17

  • Invitation links #18

  • Advanced permissions #20

  • An option to not use OIDC #23

  • Disable some features when no SMTP server is configured #24

  • Login placeholder dynamically generated according to the configuration #25

  • Added an option to tune object IDs #26

  • Avatar support #27

  • Dynamical and configurable JWT claims #28

  • UI improvemnts #29

  • Invitation links expiration #30

  • Invitees can choose their IDs #31

  • LDAP backend refactoring #35

Fixed

  • Fixed ghost members in a group #14

  • Fixed email sender names #19

  • Fixed filter being not escaped #21

  • Demo script good practices #32

  • Binary path for Debian #33

  • Last name was not mandatory in the forms while this was mandatory in the LDAP server #34

  • Spelling typos #36

[0.0.3] - 2021-10-13

Added

  • Two-steps sign-in #49

  • Tokens can have several audiences. #62 #9

  • Configuration check command. #66 #8

  • Groups managament. #12 #6

Fixed

  • Introspection access bugfix. #63 #10

  • Introspection sub claim. #64 #7

[0.0.2] - 2021-01-06

Added

  • Login page is responsive. #1

  • Adapt mobile keyboards to login page fields. #2

  • Password recovery interface. #3

  • User profile interface. #4

  • Renamed the project canaille. #5

  • Command to remove old tokens. #17

  • Improved password recovery email. #14 #26

  • Use flask SERVER_NAME configuration variable instead of URL. #24

  • Improved consents page. #27

  • Admin user page. #8

  • Project logo. #29

  • User account self-deletion can be enabled in the configuration with SELF_DELETION. #35

  • Admins can impersonate users. #39

  • Forgotten page UX improvement. #43

  • Admins can remove clients. #45

  • Option HIDE_INVALID_LOGIN that can be unactivated to let the user know if the login he attempt to sign in with exists or not. #48

  • Password initialization mail. #51

Fixed

  • Form translations. #19 #23

  • Avoid to use Google Fonts. #21

Removed

  • ‘My tokens’ page. #22

[0.0.1] - 2020-10-21

Added

  • Initial release.