Skip to content

v0.27.0

Pre-release
Pre-release
Compare
Choose a tag to compare
@matthew-shaw matthew-shaw released this 04 Aug 22:39
· 143 commits to main since this release
v0.27.0
3fc38d1
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Added

  • Cookie page detailing what cookies the app uses and the ability to accept or reject non-essential cookies. Link also added to footer.
  • Cookie banner to allow users to accept or reject non-essential cookies.
  • Persistent cookies_policy cookie is set to store preferences with an expiry of one year.
  • App-wide CSRF protection. All forms were already CRSF protected using WTForms, but this setting protects every route unless explicitly exempt.
  • Highlight active navigation item in navbar.
  • Development-only requirements containing packages used for linting, formatting, testing and requirements management.
  • Using Pytest Coverage to measure unit test coverage, including in branching code.
  • Refactored unit and functional tests. Thanks @jonodrew.
  • Error handling if email send request to service providers API fails for any reason. Re-raised as a 500 internal server error and logged.
  • Error pages contain a back link taking the user back to the referring page if there was one.

Changed

  • Time entries spanning multiple days now add the date to the end time e.g. instead of "22:00 to 06:00" it's now "22:00 to 28/03/2021 06:00".
  • "Remember me" checkbox is removed from the login page if the user has not accepted non-essential cookies.
  • session and remember_token cookies are set to HttpOnly and Secure to prevent access over non-HTTPS connections or via JavaScript to mitigate cookie theft via cross-site scripting (XSS) or eavesdropping.
  • Reduced remember_token cookie expiration from one year, to thirty days.
  • Content Security Policy (CSP) updated to require HTTPS connection to all sources.
  • Require a fresh login (not a restored session) prior to any delete action.
  • CSRF errors are now explicitly handled with a flash message to inform the user to try again, rather than a form validation error.
  • Flash messages have been simplified to three categories; error, important and success. Error messages are used for form validation and are not dismissable. Important and success messages are dismissable contextual confirmation of user actions.
  • Form fields validation error messages are now added to the aria-describedby attribute.
  • Non-primary action buttons now use the "outline" style.
  • Footer layout redesigned for multiple columns on desktop and single column on mobile.
  • Reduce header content margin.
  • Swapped Fontawesome icons out for Bootstrap icons
  • Upgraded to Bootstrap v5.2.0

Removed

  • Python 3.6 support
  • Postgres 10 support
  • Redis 5 support

Fixed

  • Prevent other users time entries from appearing in search results. Other users entries could not be edited or deleted, this resulted in a 403 forbidden error.
  • Pre-select "None" when changing default tag and user has no tags.
  • Database URI using deprecated scheme designator.

Contributors

jonodrew
Assets 2
Loading