Release notes

All notable changes to this project will be documented in there.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[0.0.55] - 2024-08-30

Changed

  • Use poetry-core build backend. #178

[0.0.54] - 2024-07-25

Added

  • Group member removal can be achieved from the group edition page #192

  • Model management commands #117 #54

Changed

  • Model identifier_attributes are fixed.

  • Bump to htmx 1.9.12 #172

Fixed

  • Dark theme colors for better readability

  • Crash for passwordless users at login when no SMTP server was configured.

[0.0.53] - 2024-04-22

Added

  • env_prefix create_app variable can select the environment var prefix.

[0.0.52] - 2024-04-22

Added

  • env_file create_app variable can customize/disable the .env file

Changed

  • Locked users cannot be impersonated anymore.

  • Minimum python requirement is 3.9.

[0.0.51] - 2024-04-09

Changed

  • Display the menu bar on error pages.

[0.0.50] - 2024-04-09

Added

  • Sign in/out events are logged in #177

Fixed

  • HTMX and JAVASCRIPT configuration settings.

  • Compatibility with old sessions IDs.

[0.0.49] - 2024-04-08

Fixed

  • LDAP user group removal.

  • Display an error message when trying to remove the last user from a group.

[0.0.48] - 2024-04-08

Fixed

  • LDAP objectClass guessing exception.

[0.0.47] - 2024-04-08

Fixed

  • Lazy permission loading exception.

[0.0.46] - 2024-04-08

Fixed

  • Saving an object with the LDAP backend keeps the objectClass un-managed by Canaille. #171

[0.0.45] - 2024-04-04

Changed

  • Internal indexation mechanism of MemoryModel

[0.0.44] - 2024-03-29

Fixed

  • Fix the default LDAP USER_FILTER value

  • Fix the OIDC feature detection

[0.0.43] - 2024-03-29

🚨Configuration files must be updated.🚨

Added

  • Add created and last_modified datetime for all models

  • Sitemap to the documentation #169

  • Configuration management with pydantic-settings #138 #170

Changed

  • Use default python logging configuration format. #188 #165

  • Bump to htmx 1.99.11 #166

  • Use the standard tomllib python module instead of toml starting from python 3.11 #167

  • Use shibuya as the documentation theme #168

[0.0.42] - 2023-12-29

Fixed

  • Avoid to fail on imports if cryptography is missing.

[0.0.41] - 2023-12-25

Added

Fixed

  • Correctly set up Client audience during OIDC dynamic registration.

  • post_logout_redirect_uris was ignored during OIDC dynamic registration.

  • Group field error prevented the registration form validation.

[0.0.40] - 2023-12-22

Added

  • THEME can be a relative path

[0.0.39] - 2023-12-15

Fixed

  • Crash when no ACL were defined

  • OIDC Userinfo endpoint is also available in POST

  • Fix redirection after password reset #159

[0.0.38] - 2023-12-15

Changed

  • Convert all the png in webp. #162

  • Update to flask 3 #161 #163

[0.0.37] - 2023-12-01

Fixed

  • Handle 4xx and 5xx error codes with htmx. #171 #161

[0.0.36] - 2023-12-01

Fixed

  • Avoid crashing when LDAP groups references unexisting users.

  • Password reset and initialization mails were only sent to the preferred user email address.

  • Password reset and initialization mails were not sent at all the user addresses if one email address could not be reached.

  • Password comparison was too permissive on login.

  • Encrypt passwords in the SQL backend.

[0.0.35] - 2023-11-25

Added

  • Refresh token grant supports other client authentication methods. #157

  • Implement a SQLAlchemy backend. #30 #158

Changed

  • Model attributes cardinality is closer to SCIM model. #155

  • Bump to htmx 1.9.9 #159

Fixed

  • Disable HTMX boosting during the OIDC dance. #160

[0.0.34] - 2023-10-02

Fixed

  • Canaille installations without account lockabilty could not delete users. #153

Added

  • If users register or authenticate during a OAuth Authorization phase, they get redirected back to that page afterwards. #168 #151

  • flask-babel and pytz are now part of the front extras

  • Bump to fomantic-ui 2.9.3 #152

  • Bump to htmx 1.9.6 #154

  • Add support for python 3.12 #155

[0.0.33] - 2023-08-26

Fixed

  • OIDC jwks endpoint do not return empty kid claim

Added

  • Documentation details on the canaille models.

[0.0.32] - 2023-08-17

Added

[0.0.31] - 2023-08-15

Added

  • Configuration option to disable the forced usage of OIDC nonce #143

  • Validate phone numbers with a regex #146

  • Email verification #41 #147

  • Account registration #55 #133 #148

Fixed

  • The check command uses the default configuration values.

Changed

  • Modals do not need use javascript at the moment. #158 #144

[0.0.30] - 2023-07-06

🚨Configuration files must be updated.🚨 Check the new format with git diff 0.0.29 0.0.30 canaille/conf/config.sample.toml

Added

  • Configuration option to disable javascript #141

Changed

  • Configuration USER_FILTER is parsed with jinja.

  • Configuration use PRIVATE_KEY_FILE instead of PRIVATE_KEY and PUBLIC_KEY_FILE instead of PUBLIC_KEY

[0.0.29] - 2023-06-30

Fixed

  • Disabled HTMX boosting on OIDC forms to avoid errors.

[0.0.28] - 2023-06-30

Fixed

  • A template variable was misnamed.

[0.0.27] - 2023-06-29

🚨Configuration files must be updated.🚨 Check the new format with git diff 0.0.26 0.0.27 canaille/conf/config.sample.toml

Added

  • Configuration entries can be loaded from files if the entry key has a _FILE suffix and the entry value is the path to the file. #134 #134

  • Field list support. #115 #136

  • Pages are boosted with HTMX #144 #145 #137

Changed

  • Bump to jquery 3.7.0 #138

Fixed

  • Profile edition when the user RDN was not uid #148 #139

Removed

  • Stop support for python 3.7 #131

[0.0.26] - 2023-06-03

Added

  • Implemented account expiration based on OpenLDAP ppolicy overlay. Needs OpenLDAP 2.5+ #13 #118

  • Timezone configuration entry. #137 #130

Fixed

  • Avoid setting None in JWT claims when they have no value.

  • Display password recovery button on OIDC login page. #129

[0.0.25] - 2023-05-05

🚨Configuration files must be updated.🚨 Check the new format with git diff 0.0.25 0.0.24 canaille/conf/config.sample.toml

Changed

  • Renamed user model attributes to match SCIM naming convention. #123

  • Moved OIDC related configuration entries in OIDC

  • Moved LDAP configuration entry to BACKENDS.LDAP

  • Bumped to htmx 1.9.0 #124

  • ACL filters are no more LDAP filters but user attribute mappings. #125

  • Bumped to htmx 1.9.2 #127

Fixed

  • OIDC.JWT.MAPPING configuration entry is really optional now.

  • Fixed empty model attributes registration #125

  • Password initialization mails were not correctly sent. #128

[0.0.24] - 2023-04-07

Fixed

  • Fixed avatar update. #122

[0.0.23] - 2023-04-05

Added

  • Organization field. #116

  • ETag and Last-Modified headers on user photos. #116

  • Dynamic form validation #120

Changed

  • UX rework. Submenu addition. #114

  • Properly handle LDAP date timezones. #117

Fixed

  • CSRF protection on every forms. #119

[0.0.22] - 2023-03-13

Fixed

  • faker is not imported anymore when the clean command is called.

[0.0.21] - 2023-03-12

Added

  • Display TOS and policy URI on the consent list page. #102

  • Admin token deletion #100 #101

  • Revoked consents can be restored. #103

  • Pre-consented clients are displayed in the user consent list, and their consents can be revoked. #69 #103

  • A populate command can be used to fill the database with random users generated with faker. #105

  • SMTP SSL support. #108

  • Server side pagination. #114 #111

  • Department number support. #129

  • Address edition support (but not in the OIDC claims yet) #112

  • Title edition support #113

Fixed

  • Client deletion also deletes related Consent, Token and AuthorizationCode objects. #126 #98

Changed

  • Removed datatables.

[0.0.20] - 2023-01-28

Added

  • Spanish translation. #85 #88

  • Dedicated connectivity test email #89

  • Update to jquery 3.6.3 #90

  • Update to fomantic-ui 2.9.1 #90

  • Update to datatables 1.13.1 #90

Fixed

  • Fix typos and grammar errors. #84

  • Fix wording and punctuations. #86

  • Fix HTML lang tag #122 #87

  • Automatically trims the HTML translated strings. #91

  • Fixed dynamic registration scope management. #123 #93

[0.0.19] - 2023-01-14

Fixed

  • Ensures the token expires_in claim and the access_token exp claim have the same value. #83

[0.0.18] - 2022-12-28

Fixed

  • OIDC end_session was not returning the state parameter in the post_logout_redirect_uri #82

[0.0.17] - 2022-12-26

Fixed

  • Fixed group deletion button. #80

  • Fixed post requests in oidc clients views. #81

[0.0.16] - 2022-12-15

Fixed

  • Fixed LDAP operational attributes handling.

[0.0.15] - 2022-12-15

Added

  • User can chose their favourite display name. #77

  • Bumped to authlib 1.2. #78

  • Implemented RFC7592 OAuth 2.0 Dynamic Client Registration Management Protocol #79

  • Added nonce to the claims_supported server metadata list.

[0.0.14] - 2022-11-29

Fixed

  • Fixed translation mo files packaging.

[0.0.13] - 2022-11-21

Fixed

  • Fixed a bug on the contacts field in the admin client form following the LDAP schema update of 0.0.12

  • Fixed a bug happening during RP initiated logout on clients without post_logout_redirect_uri defined.

  • Gitlab CI fix. #64

  • Fixed client_secret display on the client administration page. #65

  • Fixed non-square logo CSS. #67

  • Fixed schema path on installation. #68

  • Fixed RFC7591 software_statement claim support. #70

  • Fixed client preconsent disabling. #72

Added

  • Python 3.11 support. #61

  • apparmor slapd configuration instructions in CONTRIBUTING.rst #66

  • preferredLanguage attribute support. #75

Changed

  • Replaced the use of the deprecated FLASK_ENV environment variable by FLASK_DEBUG.

  • Dynamically generate the server metadata. Users won’t have to copy and manually edit oauth-authorizationserver.json and openid-configuration.json. #71

  • The FROM_ADDR configuration option is not mandatory anymore. #73

  • The JWT.ISS configuration option is not mandatory anymore. #74

[0.0.12] - 2022-10-24

Added

  • Basic WebFinger endpoint. #59

  • Bumped to FomanticUI 2.9.0 00ffffee

  • Implemented Dynamic Client Registration #60

[0.0.11] - 2022-08-11

Added

  • Default theme has a dark variant. #57

Fixed

  • Fixed missing canaille binary. #58

[0.0.10] - 2022-07-07

Fixed

  • Online demo. #55

  • The consent page was displaying scopes not supported by clients. #56

  • Fixed end session when user are already disconnected.

[0.0.9] - 2022-06-05

Added

  • DISABLE_PASSWORD_RESET configuration option to disable password recovery. #46

  • edit_self ACL permission to control user self edition. #47

  • Implemented RP-initiated logout #54

Changed

  • Bumped to authlib 1 #48

  • documentation improvements #50

  • use poetry instead of setuptools #51

  • additional nonce tests #52

Fixed

  • HIDE_INVALID_LOGIN behavior and default value.

  • mo files are not versioned anymore #49 #53

[0.0.8] - 2022-03-15

Fixed

  • Fixed dependencies

[0.0.7] - 2022-03-15

Fixed

  • Fixed spaces and escaped special char in ldap cn/dn #43

[0.0.6] - 2022-03-08

Changed

  • Access token are JWT. #38

Fixed

  • Default groups on invitations #41

  • Schemas are shipped within the canaille package #42

[0.0.5] - 2022-02-17

Changed

  • LDAP model objects have new identifiers #37

Fixed

  • Admin menu dropdown display #39

  • GROUP_ID_ATTRIBUTE configuration typo #40

[0.0.4] - 2022-02-16

Added

  • Client preauthorization #11

  • LDAP permissions check with the check command #12

  • Update consents when a scope required is larger than the scope of an already given consent #13

  • Theme customization #15

  • Logging configuration #16

  • Installation command #17

  • Invitation links #18

  • Advanced permissions #20

  • An option to not use OIDC #23

  • Disable some features when no SMTP server is configured #24

  • Login placeholder dynamically generated according to the configuration #25

  • Added an option to tune object IDs #26

  • Avatar support #27

  • Dynamical and configurable JWT claims #28

  • UI improvements #29

  • Invitation links expiration #30

  • Invitees can choose their IDs #31

  • LDAP backend refactoring #35

Fixed

  • Fixed ghost members in a group #14

  • Fixed email sender names #19

  • Fixed filter being not escaped #21

  • Demo script good practices #32

  • Binary path for Debian #33

  • Last name was not mandatory in the forms while this was mandatory in the LDAP server #34

  • Spelling typos #36

[0.0.3] - 2021-10-13

Added

  • Two-steps sign-in #49

  • Tokens can have several audiences. #62 #9

  • Configuration check command. #66 #8

  • Groups management. #12 #6

Fixed

  • Introspection access bugfix. #63 #10

  • Introspection sub claim. #64 #7

[0.0.2] - 2021-01-06

Added

  • Login page is responsive. #1

  • Adapt mobile keyboards to login page fields. #2

  • Password recovery interface. #3

  • User profile interface. #4

  • Renamed the project canaille. #5

  • Command to remove old tokens. #17

  • Improved password recovery email. #14 #26

  • Use flask SERVER_NAME configuration variable instead of URL. #24

  • Improved consents page. #27

  • Admin user page. #8

  • Project logo. #29

  • User account self-deletion can be enabled in the configuration with SELF_DELETION. #35

  • Admins can impersonate users. #39

  • Forgotten page UX improvement. #43

  • Admins can remove clients. #45

  • Option HIDE_INVALID_LOGIN that can be unactivated to let the user know if the login he attempt to sign in with exists or not. #48

  • Password initialization mail. #51

Fixed

  • Form translations. #19 #23

  • Avoid to use Google Fonts. #21

Removed

  • ‘My tokens’ page. #22

[0.0.1] - 2020-10-21

Added

  • Initial release.