- Deleted uids for blocked users for requests with a timestamp
- Add forgotten migrations for tests
- Model SecureConnectToken (expiry_date)
- Model SecureConnectCode (expiry_date)
- SecureConnectToken and SecureConnectCode have a expiry_date, we check the expiry_date to pass the expirate to true.
- Fix unittests for retrieving users with a manager within a scoped request
- Upgrade celery version from v4 to v5 (pypa/pip#12063)
- Upgrade redis version from v3 to v4
- Change user permissions when attempting to retrieve a user: Through settings, we can decide the minimum user level that allows him to retrieve all users
- Set a default max length to 1024 for URLFields
- Management command to invite a user to register a TOTP device now supports a list of emails
- Setting to change email subject for otp activation
- Use Email MFA in order to activate OTP MFA to add more security
- Doc MFA authentication
- Enable MFA with TOTP. The user authenticates to an url that will display a qrcode. This qrcode is to be used by an OTP application to generate the code.
- Add the model EmailDevice to the admin models
- Management command
get_stats_models_count to list all the models in the datamodel with their number of instances. Supports ordering by model name and instances count both ascending and descending
- Command management
reset_password
- Management command to get database connection string, could be used with pg_dump (
pg_dump --dbname=$CONNECTION_STRING) see https://www.postgresql.org/docs/14/libpq-connect.html
/usr/bin/pg_dump --dbname=`python3 manage.py db_connection_string` | bzip2 --fast > backup.sql.bzip2
- Command management
check_superuser_with_email: Now we check if any users exists not only superuser
- The datetimefomat accept two formats
yyyy-mm-ddTHH-mm-ssZ and yyyy-mm-ddTHH-mm-ss.SSSSSSZ
- Disable trimmimng the leading and trailing whitespaces within CharField and TextField serializers.
/usr/bin/pg_dump --dbname=`python3 manage.py db_connection_string` | bzip2 --fast > backup.sql.bzip2
- add log on email sending failure
- Use correct base template for mfa login template
- Fix mfa login template because of load admin_static removal from django 3
- Merge migrations in tests to fix the test workflow
- Add the option that a user cannot register by himself
- Secure connect with email and code
- Update django from 2.2 to 3.2 (LTS)
- Check if a user is not anonymous before calling
user.is_at_least_staff
- Fix bandit for python3.9 : Change of the
# nosec to multiline in the settings/base.py
- When throttling enabled, check if the user making the request is either an AnonymousUser or an AbstractUser
- Update the links within the documentation
- Changed default permissions for entrypoint
/user/* (request.user should be at least manager), always allow "at least authenticated" user to access /account/me/
- Add possibility for register backends in order to run custom functionnalities before/after creating a user by register endpoint
- Add entrypoint to serve datamodel (json and yaml)
- Allow anonymous creation on Concrete instances with throttling conditions
- Add settings to configure the path for OpenAPI schema and the Swagger interface
- Allow sending emails asynchronously with celery
- Remove nested foreign keys from open api schema for methods POST PUT and PATCH
- Rename unittests from
tests_ to test_
- sets extra fields: Check that the field is in fields before checking the type
- Add possibility to filter against keys of JSON fields
- Add exclude filters within the API
- The distance filters now support the lookups
__distance_lte, __distance_lt, __distance_gte, __distance_gt, __distance_range, __distance_range!. The bare __distance is no more supported
- Maintenance mode flag in the status view if there is a core app
- When login, create a new token if the old ones are expired
- Logs for auth views (Register/Change Password/Secure Login)
- last_login update for auth views
- Add a try accept when retrieving the file path on deleting instance
- added support for user email value within register email
- Case insensitive contains filter
- Correction of API filters for range over datetimefield when closing period was not applied
- Add 400 response if a date range filter is not well formatted (doesnot contain 2 values)
- Added index on DeletedModel to improve dramatically performances
- DateTime range filters now accept date values and datetime values
- Setting to remove the swagger access
- Changed validation error format, avoid single
% in format args (Correct error 500 while creating user in Admin)
- Added settings
EMAIL_REPLY_TO
- When deleting an instance with a File or Image field, remove the local file
- Add creation_date and modification_date to the list_display and ordering_field when parsing datamodel
- Unittest data model is now in a yaml file
- Add ordering fields to metadata to allow ordering against fk field
- Objects can be filtered with the uid
- Allow NULL values for FileField and PointField serializer
- Use OpenStreetMap for admin PointField
- Add utf8 encoding while loading datamodel
- GeoDjango PointField to compute distances
- Add checks on the url_format for reset password view to avoid template injections
- Add checks on the levels of users that are allowed to set an email_format when reset password
- Add checks on the url_format to avoid template injections
- Enable admin url view with settings
- Change staff to manager in CRUD_LEVELS
- Added the capability to authenticate using
c_auth_with_token query parameter in urls when using HTTP headers is not possible (webhooks).
- Update pillow package version to
>=8 to support python3.7 and later
- Add API filters for ManyToMany fields using the
__in filter
- Fix the Swagger generator to include all the queryparams
- In swagger-ui view, you can either authorize with
Token XXX or XXX. Both are accepted
- Add button in admin site to switch to Core Admin view if core automation is enabled
- Changed filtering of m2m fields in the admin view to horizontal filtering
- Changed the
/stats enpoint to return proper list of urls
- Fixed the special characters list to avoid string-formatting errors because of the
%
- Simpleuser can see the field
scopes of every instances
- use
object_name instead of name to rearrange the admin models in categories
- Add error codes to concrete API 400_BAD_REQUEST responses
- When deleting a SecureConnectToken, ignore creation of a DeletedModel.
- Added a setting IGNORED_MODELS_ON_DELETE for the models to ignore when deleting.
- Do not exclude the recently created objects for requests with
timestamp_start
- Fixed api logs format with the version 2 of pendulum
- Enhanced the information returned by the
/stats/ endpoint by the following fields: num_total_pages, max_allowed_objects_per_page, and pages_urls
- Fix fetching the divider model for an anonymous user if the minimum retrieve level is anonymous
- Enable the use of Workflows within a core installed in concrete
- Pendulum version updgraded to v2.0
- Add url to allow a process to register itself to the datatsore
- Changed sample datamodel with a simpler one
- Added mini term sheet for README.md
- Reduced log level for legacy behavior
- Explicitly pass exception for legacy behavior
- CSV Export added in admin actions
- Fix error when an user not authenticated access the admin views
- In CharField and TextField serializers, the field is required only if
blank is False AND default value is not an empty string. Otherwise it is not required.
- admin view rearranged
- fixed password change token expiry computation
- fixed register serializer to allow null values of url_format and email_format
- register email subject in settings
- concrete datastore doc is up to date.
- Open the sources.