All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Remove Basicauth
- New decommissioning code
- Updated black to version 21.12b0 from 21.8b0
- Updated cairocffi to version 1.3.0 from 1.2.0
- Updated cffi to version 1.14.6 from 1.14.5
- Updated certifi to version 2021.10.8 from 2021.5.30
- Updated charset-normalizer to version 2.0.10 from 2.0.4
- Updated click to version 8.0.3 from 8.0.1
- Updated dependency-injector to version 4.37.0 from 4.36.0
- Updated django to version 3.2.11 from version 3.2.1
- Updated django-appconf to version 1.0.5 from 1.0.5
- Updated django-axes to version 5.31.0 from 5.24.0
- Updated django-cors-headers to version 3.11.0 from 3.8.0
- Updated django-ipware to version 4.0.2 from 4.0.0
- Updated django-otp to version 1.1.3 from 1.0.6
- Updated django-otp-yubikey to version 1.0.1 from 1.0.0.post1
- Updated django-phonenumber-field to version 6.0.0 from 5.2.0
- Updated django-project-version to 0.16.0 from 0.15.1
- Updated django-solo to version 2.0.0 from 1.1.5
- Updated django-waffle to version 2.3.0 from 2.2.1
- Updated django-widget-tweaks to 1.4.12 from 1.4.8
- Updated idna to version 3.3 from 3.2
- Updated newrelic to version 7.2.4.171 from 6.8.1.164
- Updated notifications-python-client to 6.3.0 from 6.2.1
- Updated phonenumbers to 8.12.41 from 8.12.31
- Updated pillow to 9.0.0 from 8.3.2
- Updated platformdirs to 2.4.1 from 2.3.0
- Updated protobuf to 3.19.3 from 3.18.0rc2
- Updated psycopg2-binary to 2.9.3 from 2.9.1
- Updated pycparser to 2.21 from 2.20
- Updated pycryptodome to 3.12.0 from 3.10.1
- Updated pyjwt to 2.3.0 from 2.1.0
- Updated pynacl to 1.5.0 from 1.4.0
- Updated python-dotenv to 0.19.2 from 0.19.0
- Udpated python-stdnum to 1.17 from 1.16
- Updated pytz to 2021.3 from 2021.1
- Updated requests to 2.27.1 from 2.26.0
- Updated segno to 1.4.1 from 1.3.3
- Updated soupsieve to 2.3.1 from 2.2.1
- Updated tinycss2 to 1.1.1 from 1.1.0
- Updated tomli to 1.2.3 from 1.2.1
- Udpated typing-extensions to 4.0.1 from 3.10.0.2
- Updated urllib3 to 1.26.8 from 1.26.6
- Updated develop/coveraget to 6.2 from 6.0b1
- Updated flake8n to 4.0.1 from 3.9.2
- Updated pycodestyle to 2.8.0 from 2.7.0
- Updated pyflakes to 2.4.0 from 2.3.1
- Updated beautiful soup to version 4.10.0 from 4.9.3
- Updated black to version 21.8b0 from 21.6b0
- Updated cffi to version 1.14.6 from 1.14.5
- Updated dependency-injector to version 4.36.0 from 4.34.0
- Updated django to version 3.2.7 from 3.2.5
- Updated django-axes to version 5.24.0 from 5.20.0
- Updated django-cors-headers to version 3.8.0 from 3.7.0
- Updated django-ipware to version 4.0.0 from 3.0.2
- Updated django-sass to version 1.1.0 from 1.0.1
- Updated django-waffle to version 2.2.1 from 2.2.0
- Updated idna to version 3.2 from 2.10
- Updated newrelic to version 6.8.1.164 from 6.4.3.160
- Updated notifications-python-client to version 6.2.1 from 6.2.0
- Updated pathspec to version 0.9.0 from 0.8.1
- Updated phonenumbers to version 8.12.31 from 8.12.26
- Updated pillow to version 8.3.2 from 8.3.0
- Updated protobuf to version 3.18.0rc2 from 3.17.3
- Updated python-dotenv to version 0.19.0 from 0.18.0
- Updated regex to version 2021.8.28 from 2021.7.1
- Updated requests to version 2.26.0 from 2.25.1
- Updated six to version 1.16.0 from 1.15.0
- Updated sqlparse to version 0.4.2 from 0.4.1
- Updated toml/tomli to version 1.2.1 from 0.10.2
- Updated whitenoise to version 5.3.0 from 5.2.0
- Updated develop to version 6.0b1 from 5.5
- Updated python-dateutil to version 2.8.2 from 2.8.1
- Fixed alignment issues with buttons on review page, 'Choose date and time' screens and invitations page
- Changed button text on confirmation page after sending alerts and changed button copy on adding new date screen
- Fixed up French translations
- Removed italics in addresses
- Changed hint message on "Change your mobile number" page
- Fixed up non-breaking spaces in French before colons and around text in quotes- Fixed up typos on Portal start page
- Fixed up bolding in Terms of Use page
- Remove QR code DNS health check
- Fix/send Alert menu fix
- Update the address complete api key
- Changes to "Sending Alerts" screen
- QR code 403 changes
- Fix French apostrophes
- Removed lock for sending surveys to health care users regardless of whether they sent an alert previously or not.
- Added CloudWatch synthetic canary to monitor QR code
- Added CloudWatch alarm for unhealthy QR code canary
- Enabled AWS Shield for QR Code
- Enable sending of surveys to healthcare users
- Added new bulk action for marking inactive
- Modify uwsgi config to scale number of workers/threads
- Portal content audit updates
- Registration site content audit updates
- Fix autoscaling config
- Adjust health check thresholds so ELB doesn't kill processes as unhealthy when slow to respond under load
- Updated post-login flow for users with/without alert permission
- Fix bug when sorting on Alert History screen
- Add French translations for short month names
- Django and dependencies update
- Updated poster/tipsheet
- Accessibility and Mobile/responsive display fixes
- Updated navigation / flow and content on alerting wizard
- Fix bug in nav bar highlight in outbreaks section
- Add WhiteNoise to help with static asset caching
- Add Survey management/sending ui for post-pilot surveys
- Navigation home screen for portal for alerting enabled users
- Validate Canadian postal code format
- Enforce character limit for location name so it doesn't run off the poster
- Add QR Alert docs to Portal
- Add Location Outbreaks History view
- New venue types and selection html select control
- Content updates throughout
- Updated poster and instructions
- Phone number validation
- Updated Portal start screen and navigation
- Split notify service for different notify services in portal and qrposter
- Change rounding of datetime wizard values in minutes
- New privacy and ToU pages
- Google analytics separate between environments and portal / qrposter
- Skip basicauth on /status for dns health checks
- Added a temporary user/pass for registration site to prevent early access
- Fixed a language switch bug when in an environment with dual domains (ie, production)
- Added English and French URL config for Registration Site to fix language switching
- QR Code Registration site
- Portal QR Code Venue search and Outbreak features
- Fix for manage profiles page when showing last password change timestamp
- Update Django to 3.2
- Content changes for Portal iteration v1.1
- Update Django dependencies
- Update screenshots to reflect updated App menu
- The initial flow for creating outbreak alert notifications. This includes:
- A new app named 'outbreak' with a 'notification' model
- A new main menu navigation only accessible for users with 'can_send_alert' permission
- A new flow for creating these alert notifications, if permitted
- New AWS infrastructure for hosting a separate ECS task for QR Code registration
- Modified Portal Django project so that it can host either the Portal or the QR Code registration
- OTK sent via SMS using new html pages
- OTK is temporarily cached in the session
- Added some context to the Support page for when to contact portal team vs admin
- Added the Northern Inter-Tribal Health Authority as their own province
- Changed HTML rendering for backup codes so they won't be duplicated when copied
- More explicit content around saving your backup codes
- Added a confirmation email that is sent to new users upon successful signup
- Added package "dependency-injector" for managing the GC notification client as a service. This is a code refactor and doesn't affect functionality.
- Add accordion-like "side" nav for mobile-sized about pages
- Updated content for backup code pages and password rules
- Prevent visually-hidden text from being selectable
- Remove bottom padding from main nav links on mobile
- Split the "start" page into 2 new pages
- Page 1 to ask if this patient is positive and has the app on their phone?
- Page 2 to ask if this patient is ready to enter the code or write it down somewhere
- Change "start" link in main nav to "Generate keys"
- Added a green "start" GOV.UK type-button
- Remove h3s in About section: use h2s instead
- Resize h2s, make them smaller
- Minor content updates to account page and 2FA flow
- Remove "Next" link to Support page from the "Admin accounts" page
- Remove "Welcome" page
- No 301 redirect for the "welcome" URL because there was no in-app link to it
- New users are now directed to the "start" page
- "Main" nav now visible for not-logged-in users
- Added new "About the Portal" section
- Included in the main navigation and has a new page layout
- Mostly it is the content in the Quick guide, but broken up into more manageable sections
- Added new "Support" page
- Replaces "Contact us" in the main nav
- Announcement banners are now full-screen (except on the login page)
- Remove "Quick guide" page
- 301 redirect the old URL to the new about page
- Remove BACKUP_CODE feature flag now that backup codes rollout has gone swimmingly
- Updated the privacy pages to include new text about Google Analytics.
- Added Goolge Analytics tag placeholder and configurator through admin portal.
- Add static backup codes
- On user account page: see codes and generate more codes
- On signup: new accounts can create codes instead of adding a phone
- On login: login accepts a backup code, and allows users to message an administrator
- On attempted login: lock out users after a set number of failed 2FA attempts
- If not able to log in: users can request a backup code from their administrator
- On generating codes: print styles for the backup codes
- Red delete button on the "Delete yubikey" page (missed this earlier)
- Change the maintenance page text in EN and FR for our scheduled maintenance.
- Add the ability to create a site wide or user specific site banner.
- Remove STMP email configuration and ADMINS variable
- Note: this is not a user-facing change but updating the version so that we can release independently
- List users under "Manage team" alphabetically by email address
- "Delete" buttons are red (ie, they are destructive actions) and horizontal
- Update "instructions for patients" screens to reflect new traceback instructions in the app
- Split the signup flow into multiple pages: add a second page for entering mobile phone as 2FA device
- Add the password label and help text back to the sign up page
- Hide the "Your account" link on the 2FA page because people can't see/edit their account info yet
- Rewrite default validation messages
- Content updates to various pages in the app, including the Quick Guide page
- Remove the "required" attribute from form inputs
- (Super)admins are no longer permitted to change other users' passwords
- Redirect to the login page if yubikey verification page is visited before user is authenticated
- Lowercase emails during logins attempts. We convert emails to lowercase during signup, so we should do it during login as well.
- Add new page and flash messages to handle scenarios where account invitations are expired, deleted or accepted
- Pass the admin user's email to the account invitation template in Notify
- Update French content in various places across the application
- Replace straight apostrophes (
') with curly apostrophes (’)
- Now that more provinces are onboarded, bump the limits for how many keys can be generated before alarms go off
- Add custom error templates for common error states
- Very small change to the phonetic alphabet
- Application throttling works as expected, fixed the sequencing of operations
- Remove prior login attempts for newly created accounts
- Fix the login page layout on IE11
- Remove traceback instructions for the instructions for patients. We want to wait for the app to be updated before those go out.
-
Update in-app content
- Update instructions and screenshots for instructions that healthcare providers give to patients
- Data migration to add "sent" dates to any invitations missing that fields
- Allow resending invitations whenever no user account exists — previously, an "accepted" invitation for a deleted user would prevent that user from being invited again
- Remove duplicate "preconnect" link in HTML header
- Title Case the words in the phonetic alphabet
- Updated content for the Privacy and Terms of use pages
- Fixed CSS for "logged-in" nav items for the login page
- Fixed CSS for login thank you message on IE11
- Fixed CSS for the big code box on the "/key" page
- Use Notify to send user-facing emails: ie, the password reset and the invitation email
- No longer flag invitations as accepted when the user clicks on the link
- Adds a welcome page for new users (after completing signup + 2fa for the first time)
- Update the quick guide with an example code
- Up the invitations limit properly to 200 per hour temporarily
- COVID Keys back down to 25
- Up the COVID Key limit to 200 per hour temporarily
- Fix password reset links running in non-production environments
- Default superusers are associated with CDS, not "Ontario"
- Let managers remove other team members who have created a CovidKey in the past
- Add "thank you" message to login page
- Added aria-describedby attributes to inputs when there are validation error messages.
- Yubikey verification form now using base form (no colons, removed autocomplete, etc.)
- Superusers can now block users permanently via django-admin. Those users won't be able to login until a superuser reactivate them.
- Adding a check in the login_handler to prevent the login form from crashing when trying login with a non-existent e-mail
- Lower the daily limit of one time key generation to 25 in production
- Move the errors messages of fields that equality validation (Enter your password again, Enter your phone number again) into the first field to make it easier for accessibility.
- When the user changes password, the user loose his session. Now the user will keep his session on the device used to change the password but will loose his session on all other logged-in devices.
- Adding a second layer of user throttling. After 100 failed logins in a 30 days window, the user will be blocked for 24 hours.
- New Quick Guide page now available in the footer.
- A slack notification is now sent on failed Github Actions
- Github Actions now running terraform check, plan and security scans on deploys (staging repository)
- The privacy page has been simplified
- Adding a list of authorized domains for outgoing account invites
- Amazing new feature: added skiplink for logged-in users
- Added CHANGELOG file
- Added VERSION file
- Added version to GitHub actions
- Added version to of application