Roadmap and changelog
canaille 0 versions
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
[0.0.42] - 2023-12-29
Fixed
Avoid to fail on imports if
cryptography
is missing.
[0.0.41] - 2023-12-25
Added
Fixed
Correctly set up Client audience during OIDC dynamic registration.
post_logout_redirect_uris
was ignored during OIDC dynamic registration.Group field error prevented the registration form validation.
[0.0.40] - 2023-12-22
Added
THEME
can be a relative path
[0.0.39] - 2023-12-15
Fixed
Crash when no ACL were defined
OIDC Userinfo endpoint is also available in POST
Fix redirection after password reset #159
[0.0.38] - 2023-12-15
Changed
[0.0.37] - 2023-12-01
Fixed
[0.0.36] - 2023-12-01
Fixed
Avoid crashing when LDAP groups references unexisting users.
Password reset and initialization mails were only sent to the preferred user email address.
Password reset and initialization mails were not sent at all the user addresses if one email address could not be reached.
Password comparision was too permissive on login.
Encrypt passwords in the SQL backend.
[0.0.35] - 2023-11-25
Added
Changed
Fixed
Disable HTMX boosting during the OIDC dance. #160
[0.0.34] - 2023-10-02
Fixed
Canaille installations without account lockabilty could not delete users. #153
Added
[0.0.33] - 2023-08-26
Fixed
OIDC jwks endpoint do not return empty kid claim
Added
Documentation details on the canaille models.
[0.0.32] - 2023-08-17
Added
[0.0.31] - 2023-08-15
Added
Fixed
The check command uses the default configuration values.
Changed
[0.0.30] - 2023-07-06
🚨Configuration files must be updated.🚨
Check the new format with git diff 0.0.29 0.0.30 canaille/conf/config.sample.toml
Added
Configuration option to disable javascript #141
Changed
Configuration
USER_FILTER
is parsed with jinja.Configuration use
PRIVATE_KEY_FILE
instead ofPRIVATE_KEY
andPUBLIC_KEY_FILE
instead ofPUBLIC_KEY
[0.0.29] - 2023-06-30
Fixed
Disabled HTMX boosting on OIDC forms to avoid errors.
[0.0.28] - 2023-06-30
Fixed
A template variable was misnamed.
[0.0.27] - 2023-06-29
🚨Configuration files must be updated.🚨
Check the new format with git diff 0.0.26 0.0.27 canaille/conf/config.sample.toml
Added
Changed
Bump to jquery 3.7.0 #138
Fixed
Removed
Stop support for python 3.7 #131
[0.0.26] - 2023-06-03
Added
Fixed
Avoid setting
None
in JWT claims when they have no value.Display password recovery button on OIDC login page. #129
[0.0.25] - 2023-05-05
🚨Configuration files must be updated.🚨
Check the new format with git diff 0.0.25 0.0.24 canaille/conf/config.sample.toml
Changed
Fixed
[0.0.24] - 2023-04-07
Fixed
Fixed avatar update. #122
[0.0.23] - 2023-04-05
Added
Changed
Fixed
CSRF protection on every forms. #119
[0.0.22] - 2023-03-13
Fixed
faker is not imported anymore when the clean command is called.
[0.0.21] - 2023-03-12
Added
Display TOS and policy URI on the consent list page. #102
Revoked consents can be restored. #103
Pre-consented clients are displayed in the user consent list, and their consents can be revoked. #69 #103
A
populate
command can be used to fill the database with random users generated with faker. #105SMTP SSL support. #108
Department number support. #129
Address edition support (but not in the OIDC claims yet) #112
Title edition support #113
Fixed
Changed
Removed datatables.
[0.0.20] - 2023-01-28
Added
Fixed
[0.0.19] - 2023-01-14
Fixed
Ensures the token expires_in claim and the access_token exp claim have the same value. #83
[0.0.18] - 2022-12-28
Fixed
OIDC end_session was not returning the
state
parameter in thepost_logout_redirect_uri
#82
[0.0.17] - 2022-12-26
Fixed
[0.0.16] - 2022-12-15
Fixed
Fixed LDAP operational attributes handling.
[0.0.15] - 2022-12-15
Added
[0.0.14] - 2022-11-29
Fixed
Fixed translation mo files packaging.
[0.0.13] - 2022-11-21
Fixed
Fixed a bug on the contacts field in the admin client form following the LDAP schema update of 0.0.12
Fixed a bug happening during RP initiated logout on clients without post_logout_redirect_uri defined.
Gitlab CI fix. #64
Fixed client_secret display on the client administration page. #65
Fixed non-square logo CSS. #67
Fixed schema path on installation. #68
Fixed RFC7591
software_statement
claim support. #70Fixed client preconsent disabling. #72
Added
Changed
Replaced the use of the deprecated FLASK_ENV environment variable by FLASK_DEBUG.
Dynamically generate the server metadata. Users won’t have to copy and manually edit
oauth-authorizationserver.json
andopenid-configuration.json
. #71The FROM_ADDR configuration option is not mandatory anymore. #73
The JWT.ISS configuration option is not mandatory anymore. #74
[0.0.12] - 2022-10-24
Added
[0.0.11] - 2022-08-11
Added
Default theme has a dark variant. #57
Fixed
Fixed missing
canaille
binary. #58
[0.0.10] - 2022-07-07
Fixed
[0.0.9] - 2022-06-05
Added
Changed
Fixed
[0.0.8] - 2022-03-15
Fixed
Fixed dependencies
[0.0.7] - 2022-03-15
Fixed
Fixed spaces and escaped special char in ldap cn/dn #43
[0.0.6] - 2022-03-08
Changed
Access token are JWT. #38
Fixed
[0.0.5] - 2022-02-17
Changed
LDAP model objects have new identifiers #37
Fixed
[0.0.4] - 2022-02-16
Added
Client preauthorization #11
LDAP permissions check with the check command #12
Update consents when a scope required is larger than the scope of an already given consent #13
Theme customization #15
Logging configuration #16
Installation command #17
Invitation links #18
Advanced permissions #20
An option to not use OIDC #23
Disable some features when no SMTP server is configured #24
Login placeholder dynamically generated according to the configuration #25
Added an option to tune object IDs #26
Avatar support #27
Dynamical and configurable JWT claims #28
UI improvemnts #29
Invitation links expiration #30
Invitees can choose their IDs #31
LDAP backend refactoring #35
Fixed
[0.0.3] - 2021-10-13
Added
Fixed
[0.0.2] - 2021-01-06
Added
Login page is responsive. #1
Adapt mobile keyboards to login page fields. #2
Password recovery interface. #3
User profile interface. #4
Renamed the project canaille. #5
Command to remove old tokens. #17
Use flask SERVER_NAME configuration variable instead of URL. #24
Improved consents page. #27
Admin user page. #8
Project logo. #29
User account self-deletion can be enabled in the configuration with SELF_DELETION. #35
Admins can impersonate users. #39
Forgotten page UX improvement. #43
Admins can remove clients. #45
Option HIDE_INVALID_LOGIN that can be unactivated to let the user know if the login he attempt to sign in with exists or not. #48
Password initialization mail. #51
Fixed
Removed
‘My tokens’ page. #22
[0.0.1] - 2020-10-21
Added
Initial release.