Release notes¶
All notable changes to this project will be documented in there.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
[0.0.57] - Unreleased¶
Added¶
Intruder lockout #173
Multi-factor authentication #47
OTP_METHOD
andEMAIL_OTP
andSMS_OTP
andSMPP
#47Password compromission check #179
ADMIN_EMAIL
andENABLE_PASSWORD_COMPROMISSION_CHECK
andPASSWORD_COMPROMISSION_CHECK_API_URL
#179Implement OIDC client_credentials flow. #207
Button in the client admin page to create client tokens.
Password expiry policy #176
Changed¶
PostgreSQL and MySQL extras does not rely on libraries that need to be compiled.
.env
files are not loaded by default. TheENV_FILE
env var must be passed so.env
files are loaded.
[0.0.56] - 2024-11-07¶
Fixed¶
With LDAP backend, updating another user groups could result in a permission lost for the editor. #202
Added¶
MAX_PASSWORD_LENGTH
andMIN_PASSWORD_LENGTH
configuration options #174Password strength visual indicator. #174
Security events logs. #177
Support for Python 3.13. #186
Changed¶
Removed¶
End support for Python 3.9. #179
[0.0.55] - 2024-08-30¶
Changed¶
Use poetry-core build backend. #178
[0.0.54] - 2024-07-25¶
Added¶
Changed¶
Model identifier_attributes are fixed.
Bump to HTMX 1.9.12. #172
Fixed¶
Dark theme colors for better readability.
Crash for passwordless users at login when no SMTP server was configured.
[0.0.53] - 2024-04-22¶
Added¶
env_prefix create_app` variable can select the environment var prefix.
[0.0.52] - 2024-04-22¶
Added¶
env_file create_app variable can customize/disable the .env file.
Changed¶
Locked users cannot be impersonated anymore.
Minimum Python requirement is 3.9.
[0.0.51] - 2024-04-09¶
Changed¶
Display the menu bar on error pages.
[0.0.50] - 2024-04-09¶
Added¶
Sign in/out events are logged in. #177
Fixed¶
HTMX and JAVASCRIPT configuration settings.
Compatibility with old sessions IDs.
[0.0.49] - 2024-04-08¶
Fixed¶
LDAP user group removal.
Display an error message when trying to remove the last user from a group.
[0.0.48] - 2024-04-08¶
Fixed¶
LDAP
objectClass
guessing exception.
[0.0.47] - 2024-04-08¶
Fixed¶
Lazy permission loading exception.
[0.0.46] - 2024-04-08¶
Fixed¶
Saving an object with the LDAP backend keeps the
objectClass
un-managed by Canaille. #171
[0.0.45] - 2024-04-04¶
Changed¶
Internal indexation mechanism of
MemoryModel
.
[0.0.44] - 2024-03-29¶
Fixed¶
Fix the default LDAP
USER_FILTER
value.Fix the OIDC feature detection.
[0.0.43] - 2024-03-29¶
Warning
Configuration files must be updated.
Added¶
Changed¶
[0.0.42] - 2023-12-29¶
Fixed¶
Avoid to fail on imports if
cryptography
is missing.
[0.0.41] - 2023-12-25¶
Added¶
Fixed¶
Correctly set up
audience
during OIDC dynamic registration.post_logout_redirect_uris
was ignored during OIDC dynamic registration.Group field error prevented the registration form validation.
[0.0.40] - 2023-12-22¶
Added¶
The
THEME
setting can be a relative path.
[0.0.39] - 2023-12-15¶
Fixed¶
Crash when no ACL were defined.
OIDC Userinfo endpoint is also available in POST.
Fix redirection after password reset. #159
[0.0.38] - 2023-12-15¶
Changed¶
[0.0.37] - 2023-12-01¶
Fixed¶
[0.0.36] - 2023-12-01¶
Fixed¶
Avoid crashing when LDAP groups references unexisting users.
Password reset and initialization mails were only sent to the preferred user email address.
Password reset and initialization mails were not sent at all the user addresses if one email address could not be reached.
Password comparison was too permissive on login.
Encrypt passwords in the SQL backend.
[0.0.35] - 2023-11-25¶
Added¶
Changed¶
Fixed¶
Disable HTMX boosting during the OIDC dance. #160
[0.0.34] - 2023-10-02¶
Fixed¶
Canaille installations without account lockabilty could not delete users. #153
Added¶
[0.0.33] - 2023-08-26¶
Fixed¶
OIDC jwks endpoint do not return empty kid claim.
Added¶
Documentation details on the Canaille models.
[0.0.32] - 2023-08-17¶
Added¶
[0.0.31] - 2023-08-15¶
Added¶
Fixed¶
The check command uses the default configuration values.
Changed¶
[0.0.30] - 2023-07-06¶
Warning
Configuration files must be updated.
Check the new format with git diff 0.0.29 0.0.30 canaille/conf/config.sample.toml
Added¶
Configuration option to disable Javascript. #141
Changed¶
The configuration parameter
USER_FILTER
is parsed with Jinja.Configuration use
PRIVATE_KEY_FILE
instead ofPRIVATE_KEY
andPUBLIC_KEY_FILE
instead ofPUBLIC_KEY
.
[0.0.29] - 2023-06-30¶
Fixed¶
Disabled HTMX boosting on OIDC forms to avoid errors.
[0.0.28] - 2023-06-30¶
Fixed¶
A template variable was misnamed.
[0.0.27] - 2023-06-29¶
Warning
Configuration files must be updated.
Check the new format with git diff 0.0.26 0.0.27 canaille/conf/config.sample.toml
Added¶
Changed¶
Bump to jquery 3.7.0. #138
Fixed¶
Removed¶
Stop support for Python 3.7. #131
[0.0.26] - 2023-06-03¶
Added¶
Fixed¶
Avoid setting
None
in JWT claims when they have no value.Display password recovery button on OIDC login page. #129
[0.0.25] - 2023-05-05¶
Warning
- Configuration files must be updated.
Check the new format with
git diff 0.0.25 0.0.24 canaille/conf/config.sample.toml
Changed¶
Fixed¶
[0.0.24] - 2023-04-07¶
Fixed¶
Fixed avatar update. #122
[0.0.23] - 2023-04-05¶
Added¶
Changed¶
Fixed¶
CSRF protection on every forms. #119
[0.0.22] - 2023-03-13¶
Fixed¶
The Faker library is not imported anymore when the clean command is called.
[0.0.21] - 2023-03-12¶
Added¶
Display TOS and policy URI on the consent list page. #102
Revoked consents can be restored. #103
Pre-consented clients are displayed in the user consent list, and their consents can be revoked. #69 #103
A
populate
command can be used to fill the database with random users generated with faker. #105SMTP SSL support. #108
Department number support. #129
Address edition support (but not in the OIDC claims yet). #112
Title edition support. #113
Fixed¶
Client deletion also deletes related
Consent
,Token
andAuthorizationCode
objects. #126 #98
Changed¶
Removed the DataTables Javascript library.
[0.0.20] - 2023-01-28¶
Added¶
Fixed¶
[0.0.19] - 2023-01-14¶
Fixed¶
Ensures the token expires_in claim and the access_token exp claim have the same value. #83
[0.0.18] - 2022-12-28¶
Fixed¶
OIDC end_session was not returning the
state
parameter in thepost_logout_redirect_uri
. #82
[0.0.17] - 2022-12-26¶
Fixed¶
[0.0.16] - 2022-12-15¶
Fixed¶
Fixed LDAP operational attributes handling.
[0.0.15] - 2022-12-15¶
Added¶
[0.0.14] - 2022-11-29¶
Fixed¶
Fixed translation catalogs packaging.
[0.0.13] - 2022-11-21¶
Fixed¶
Fixed a bug on the contacts field in the admin client form following the LDAP schema update of 0.0.12.
Fixed a bug happening during RP initiated logout on clients without post_logout_redirect_uri defined.
Gitlab CI fix. #64
Fixed client_secret display on the client administration page. #65
Fixed non-square logo CSS. #67
Fixed schema path on installation. #68
Fixed RFC7591
software_statement
claim support. #70Fixed client preconsent disabling. #72
Added¶
Changed¶
Replaced the use of the deprecated FLASK_ENV environment variable by FLASK_DEBUG.
Dynamically generate the server metadata. Users won’t have to copy and manually edit
oauth-authorizationserver.json
andopenid-configuration.json
. #71The FROM_ADDR configuration option is not mandatory anymore. #73
The JWT.ISS configuration option is not mandatory anymore. #74
[0.0.12] - 2022-10-24¶
Added¶
[0.0.11] - 2022-08-11¶
Added¶
Default theme has a dark variant. #57
Fixed¶
Fixed missing
canaille
binary. #58
[0.0.10] - 2022-07-07¶
Fixed¶
[0.0.9] - 2022-06-05¶
Added¶
Changed¶
Fixed¶
[0.0.8] - 2022-03-15¶
Fixed¶
Fixed dependencies.
[0.0.7] - 2022-03-15¶
Fixed¶
Fixed spaces and escaped special char in LDAP
cn/dn
attributes. #43
[0.0.6] - 2022-03-08¶
Changed¶
Access token are JWT. #38
Fixed¶
[0.0.5] - 2022-02-17¶
Changed¶
LDAP model objects have new identifiers. #37
Fixed¶
[0.0.4] - 2022-02-16¶
Added¶
Client pre-authorization. #11
LDAP permissions check with the check command. #12
Update consents when a scope required is larger than the scope of an already given consent. #13
Theme customization. #15
Logging configuration. #16
Installation command. #17
Invitation links. #18
Advanced permissions. #20
An option to not use OIDC. #23
Disable some features when no SMTP server is configured. #24
Login placeholder dynamically generated according to the configuration. #25
Added an option to tune object IDs. #26
Avatar support. #27
Dynamical and configurable JWT claims. #28
UI improvements. #29
Invitation links expiration. #30
Invitees can choose their IDs. #31
LDAP backend refactoring. #35
Fixed¶
[0.0.3] - 2021-10-13¶
Added¶
Fixed¶
[0.0.2] - 2021-01-06¶
Added¶
Login page is responsive. #1
Adapt mobile keyboards to login page fields. #2
Password recovery interface. #3
User profile interface. #4
Renamed the project Canaille. #5
Command to remove old tokens. #17
Use Flask SERVER_NAME configuration variable instead of URL. #24
Improved consents page. #27
Admin user page. #8
Project logo. #29
User account self-deletion can be enabled in the configuration with SELF_DELETION. #35
Admins can impersonate users. #39
Forgotten page UX improvement. #43
Admins can remove clients. #45
Option HIDE_INVALID_LOGIN that can be unactivated to let the user know if the login he attempt to sign in with exists or not. #48
Password initialization mail. #51
Fixed¶
Removed¶
‘My tokens’ page. #22
[0.0.1] - 2020-10-21¶
Added¶
Initial release.