Skip to content

CHANGELOG.md

Latest commit

 

History

History
403 lines (313 loc) · 18.9 KB

CHANGELOG.md

File metadata and controls

403 lines (313 loc) · 18.9 KB

Changelog

Release V1.9.1

  • Fix problem with PGP Encryption where the previous implementation didn't set a GNUPGHOME, so GnuPG was trying to use the default location which was not writable by the PHP.
  • Also, a reveal password toggle on the delete account page was added.

Release V1.9.0

  • Increased the level of php-stan to the max level, for more fixes with security updates.
  • New endpoint for API V2 only - New endpoint for jwt token refresh for apps.
  • Profile download instructions page.
  • New page dedicated for profile download steps and prepared for both translations implemented on the project.
  • Added new screenshots for each case (PT/EN) and for each operating system.
  • Landing page UI rework for authenticated users.
  • Improve landing page by centralizing the display content for better notice and for mobile user focused.
  • Installation of a new text editor open-source alternative for free commercial use.
    • Remove TinyMice text editor bundle from the project because it's not valid for commercial use.
    • Fix and rework customization page to also have this custom editor for (page_tile, page_description & additional_label).
  • New checker on the GetSettings service to also verify if there is any missing or duplicated setting on the DB.
    • More Project optimizations reduce the amount of number of queries made in most of the pages.
  • Password toggle reveal implementation for inputs.
  • New UI design for email templates.
  • Responsive Translations (Available: EN & PT-PT) - Administrator can just add new configurations for YAML files in the translations folder, and the page auto-detects the added language.
  • New Listener to auto-detection of the user language.
  • Session token to auto-detect the new required _locale.
  • Optimized the GetSettings service to significantly reduce the loading process, improving application performance by minimizing redundant data processing and database queries.
  • Renamed some enums to singular form to follow symfony guidelines for enum classes.
  • New feature - Now the admin can configure the landing login authentication, instead of being the traditional ( email/password), it sends a verification link, for both cases (emails || phoneNumbers), to reduce the amount of steps for new users account creation.
  • Rework landing/dashboard authentications because of the new feature - DTO Implementation to improve code optimization and add a new login method selector emails || phoneNumber authentication.
    • Fix minor bugs & conflicts with the new DTO and authentication form.
  • Add a new eventSubscriber to avoid the admin of hard changing the DB value USER_VERIFICATION setting to OFF, when the PLATFORM_MODE setting is ON.
    • When that happens, it could brake the user account registration system for email & phoneNumbers on the landing page.
  • Fix bug 500 on /dashboard/statistics/freeradius in case the connection details are invalid and the portal can reach the server, added a new JSON error message for details.
  • Fix bug 500 on /metrics in case the configuration env details are disabled or missing. Added a new JSON error message for details.
  • Fix bug with returns with admin reset password, the problem was related with the previous firewall configuration implementation where no context has returned.
  • Update /dashboard/edit/{id} to use DTO's and live components for validation.
  • New info icon about uuid explanation when admin is editing a user. Check the following page /dashboard/edit/{id} for more details.
  • New command for freeradius profile connection of each user, now the UserRadiusProfile entity saves the start/end connection of the user profiles when the freeradius server gets a new request. (For later graphics generations and user details)
    • This new command is configurable on the page dashboard/settings/schedule because he is also cron based.
  • New bundle installed composer require symfony/lock required for the command next execution only start when the current active ends.
  • Symfony version increase for maintained version (7.3.3), it bug fixes and security fixes until January 2026.
  • NPM webpack-cli deprecations fixed to the latest stabled release (
  • New validation on the Admin Authentication Methods page to check whether the project has all required certificates.
  • Also for this release, it's required to run the new migrations to set up the new entity for the translations ( SettingTranslation). And the new setting for the login with uuid (LOGIN_WITH_UUID_ONLY):
    • Run the migrations with: 
      php bin/console doctrine:migrations:migrate

API Deprecation Notice

Deprecation of API v1 and v2

As part of our ongoing improvements and rework of the API endpoints, API v1 and v2 are now officially deprecated. These versions will no longer receive updates, and clients are strongly encouraged to migrate to API v3.

  • Date of deprecation: 2026-06-19 (or the first release after this date)
  • Grace period: v1 and v2 will continue to function temporarily, but all users must migrate within 6 months from 2026-01-19.
  • The first release after this date of deprecation will fully remove v1 and v2 code and routes

Recommended Action

  • Review your current integration with API v1/v2.
  • Update your calls to use the new v3 endpoints.
  • Ensure that any authentication, payload structure, or request/response handling matches the v3 specification.

Important

Please follow the steps outlined in UPGRADE.md and review the changelog to ensure a smooth transition.
Failure to migrate before the end of the grace period may result in loss of access to deprecated endpoints.

Release V1.8.1

  • Removed duplicated field relative to the user account verification (Account Verification & User 2FA Configuration).

Important: In this release, the field verificationCode was eliminated. If you are upgrading from version 1.8.0 or lower, and your portal or database still has the verificationCode field, please ensure any necessary data migrations are handled when upgrading to version 1.8.0.

  • This change is part of an optimization process to improve the handling of the user account confirmation on the portal, and other confirmation methods.
  • Also for this release, it's required to run the new migrations to set up the new settings and the new update on the User Entity: Run the migrations with:
php bin/console doctrine:migrations:migrate

Release V1.8.0

  • New UI section on the dashboard for Schedule Automation. This page is responsible for management of the automation commands time schedule.
  • Rework Automation commands to use an official symfony bundle of automation commands.

Note: If you are using automated CRON's from our previous guide, it's recommended you use the official symfony bundle from this release. For reference, the command that takes care of the operation inside the container web is this one:

php:bin/console messenger:consume scheduler_default -vv
  • Update API for version 2, fix bug for iOS App's with invalid format for profile generation endpoint.
  • Prometheus Implementation.
  • Fix bug with registration links, use could use them to re-log in to the portal at any time, can only be used once.
  • Fix bug with account deletion, the admin was able to access the page using the url. The admin cannot delete his own account.
  • Fix bug on the pagination page with the table Access Points Usage on the dashboard/statistics/freeradius page (Add new custom display of results per page).
  • Fix bug about when the user session should be restored. Only when the firewall "landing."
  • Invalidate session on the dashboard in case the admin changes is password on the landing firewall.
  • Fix bug with return detector for expired links on registration email, now it returns to the login page with the input pre-fielded.
  • For security reasons, 2FA is now required to be configured for admin users; now the dashboard is no longer assessable without it.
  • For security reasons,UserAccountDeletion now simulates a login to confirm the account action for external providers.
  • Fix bug with the forgot-password request, checks if the user is not verified and skips that extra unnecessary steps to avoid many codes and interactions with the user.
  • Fix bug for capport endpoint, it's now independent of the API. Required for AP's configuration with captive portal
  • For security reasons, the ForgotPasswordRequest process was reworked: email-based resets now require confirming a link before any database changes occur, and SMS-based resets require validating a code on a dedicated page before proceeding.
  • New Setting for time configuration of email resend on the ForgotPasswordRequest, present on the Authentications methods page (EMAIL_TIMER_RESEND).
  • New Setting for time configuration of an email link validly. These same times reflect for link present on the ForgotPasswordRequest & on the RegistrationWithEmail (LINK_VALIDITY).

Important: In this release, the field verificationCode was eliminated. If you are upgrading from version 1.7.3 or lower, and your portal or database still has the verificationCode field, please ensure any necessary data migrations are handled when upgrading to version 1.8.0.

  • This change is part of an optimization process to improve the handling of the user account confirmation on the portal, and other confirmation methods.
  • Also for this release, it's required to run the new migrations to set up the new settings and the new update on the User Entity: Run the migrations with:
php bin/console doctrine:migrations:migrate

Release V1.7.3

  • Update docker add new geoLite volume, to save the previous geoLite database schema.
  • Fix CAPPORT endpoint /api/v1/capport/json is independent of the current state of the API_STATUS.
  • The user can now delete its own account from the account_widget popup
  • New endpoint on the API to delete the user account for APP's
  • Rework Two Factor Authenticator to have a type of validation. Now the page knows what type of request is being made when a new code is generated, to having problems of saving the previous number of attempts on new requests (disable, validate, verify, etc.)
  • Rework Two Factor Authenticator request API endpoint to also now the type of request

Release V1.7.2

  • Fix minor detail with an invalid comparison to show the cookie banner on the landing page

Release V1.7.1

  • Removed the "Reset Password" option for admins editing their own account.

  • Resolved an issue where logout didn't invalidate the session token, causing 2FA issues.

  • Resolved an issue where editing a user account caused the ban action to also disable the account, which conflicted with the error messages in the landing page authenticator

  • Migrated from the deprecated to its actively maintained forks:

  • Fix validation for JWT tokens to prevent 500 errors during API authentication.

  • Added validation on the Authentication Methods page, to check if the provider is active before submitting the page, to avoid conflicts with PROFILE_LIMIT date expiration.

  • Fix turnstile validation on the login page was not triggering correctly.

  • Update API docs add missing docs capport endpoint from "User Engagement Page"

Release V1.7.0

  • Update PHP to 8.4
  • Add revoke reason everytime a profile is revoked
  • Turnstile API Fix: Refactored the Turnstile logic in the API to resolve an issue where the verification step was being prematurely interrupted
  • Rework cookies integration only EEA users (checks for current location of the user to show the cookies banner) - Using GeoLite2 from Maxmind
  • New docs for GEOLITEGUI and setup
  • New Setting for API Status (ON & OFF)
  • SideBar Admin UI changes
  • Two-Factor Authentication Implementation
    • New endpoint for 2FA request codes
    • Rework old endpoints authentication endpoint (local/google/saml/microsoft)to implement with 2FA
    • New settings page /dashboard/settings/twoFA
    • New implementation on landing page depending on the enforcement level
      • NOT_ENFORCED
      • ENFORCED_FOR_LOCAL
      • ENFORCED_FOR_ALL
    • New Two-factor authentication selection
      • Email
      • SMS
      • TOTP (Google Authenticator && Microsoft Authenticator)
  • Microsoft Login Implementation - New authentication provider / New endpoint

Important: In this release, the fields googleId, saml_identifier and Allocate Providers Command were eliminated. If you have version 1.5 or lower with data in these fields, you will have to first switch to version 1.6, run the Allocate Providers Command and then can you upgrade to version 1.7.

  • Note: The Allocate Providers Command has been discontinued and has therefore been removed
php bin/console reset:allocate-providers

Release V1.6.0

  • Fix bug on the date filtering on both statistics pages
  • Add a country dropdown for phone selection
  • Separate user and admin login flows
  • Allow user or admin to revoke a radius profile
  • Fix filtering results, they aren't reflect the actual active count on the filter's (Search User's)
  • Cookie Banner
  • TOS Checkbox to enable/disable buttons
  • Allow TOS and Privacy Policy to be configured directly on the platform.
  • New entity for TOS & Privacy Policy for the new custom editors on the terms page.
  • Fix missing unit of measurement for statistics
  • User per page on User Management is not reflecting the pagination
  • Update READ.ME add new env's && settings
  • Auto delete unconfirmed users after a specific timeframe configurable by the admin
  • Added a new endpoint for Turnstile configuration required for the Android App's
  • Clear Unverified Accounts Command: clear:deleteUnconfirmedUsers Removes any records in the User and all the associated entity's that have an unverified accounts associated.

Important: This command will permanently delete any log or record in the User entity.

For more details on how this command works, please refer to the file at: src/Command/AutoDeleteUnconfirmedUsersCommand.php

To use this command, run the following root in the root folder of the project:

php bin/console clear:deleteUnconfirmedUsers
  • Notify User When Profile is about to Expire Command: notify:usersWhenProfileExpires Sends a notification (email/sms) for all the user's that have a profile installed when the expiration date is about to end.

For more details on how this command works, please refer to the file at: src/Command/NotifyUsersWhenProfileExpiresCommand.php

To use this command, run the following root in the root folder of the project:

php bin/console notify:usersWhenProfileExpires

Release V1.5.0

  • Update Php version to (php8.3)
  • Starting APIs (Open Api implementation - v4.0.2)
  • Api docs generation (accessible in dev mode in "/api")
  • Fix inputs validation on forms
  • Fix Delete User (missing user_id with pgp_encryption)
  • New user validation for profiles generation (isDisabled())
  • Rework LDAP Command (conflicts with new php-ldap8.3 on old code)
  • User Filter Tabs Search (All/Verified/Banned) fix counting
  • Update && Review export user management && freeradius export (rework required with new UserExternalAuth entity)
  • New events (about the new logic related with the api actions)

Release V1.4.0

  • Clear Event Command: clear:eventEntity Removes any records in the Event entity that have empty or null fields.

This command is required for older versions that cannot run the new migrations. The clear:eventEntity command removes any records in the Event entity that have empty or null fields.

Important: This command will permanently delete any log or record in the Event entity that has an empty field.

For more details on how this command works, please refer to the file at: src/Command/ClearEventCommand.php

To use this command, run the following root in the root folder of the project:

php bin/console clear:eventEntity
  • Rework Pagination on User Management Table
  • User Provider Implementation (New UserExternalAuth Entity)
  • Cleanup Admin UI (Options renamed to Settings -> Button now on the bottom of the page) in lower resolutions
  • Fix number of user's per page in User Management Table
  • PSR12 Implementation (Review all project for code reading optimization)

Release V1.3.0

  • Allocate Providers Command: reset:allocate-providers Allocates providers info from the User Entity to the UserExternalAuth Entity

Important: This command will allocate any log or record in the User entity to the UserExternalAuth entity,

For security reasons only run this command in older versions of the project to not miss any potential data

For more details on how this command works, please refer to the file at: src/Command/AllocateProvidersCommand.php

To use this command, run the following code in the root folder of the project:

php bin/console reset:allocate-providers
  • Rework User delete - Add PGP encryption (Steps for configuration on the Installation Guide, it's required to back up the user data for legal purposes)
  • Forgot password for user's - landing page implementation (widget for user on the landing page after login)
  • CloudFlare TurnStile Implementation - Landing page
  • Update Landing Page UI - design update
  • Update Admin Dashboard - design update

Release V1.2.3

  • Fix bugs with Freeradius Statistics (Fix data filtering)
  • Fix SAML authentication (accounts without email)
  • Export data (Freeradius - Excel format)
  • Export data (User Management - Excel format)

Release V1.2.2

  • Add Portal Statistics (Graphics and statistics about the portal events)
  • Add Freeradius Statistics (Graphics and statistics about the accounting of the users)

Release V1.2.1

  • Allow only white-listed Google domains to authenticate with Google
  • Authenticate user after account creation with SMS provider
  • Add blocker for code resending with SMS (block spam of code generation)

Release V1.2.0

  • Implement Ban User system (disable associated profiles)
  • Implement Verification User system (also disables profiles)
  • Events Rework with metadata info (json format conversion)
  • Login with SAML Implementation

Release V1.1.0

  • Tailwind CSS Implementation
  • Login with Google implementation
  • SMS Provider implementation (send SMS)
  • Admin UI Dashboard Management creation
  • Capport Support/Implementation
  • Events Implementations

Release V1.0.0

  • Initial Release