Table of Contents
- Changelog
- Unreleased
- v0.1.1-alpha.1 (2020-02-18)
- v0.1.0-alpha.6 (2020-02-16)
- v0.1.0-alpha.5 (2020-02-06)
- v0.1.0-alpha.4 (2020-02-06)
- v0.1.0-alpha.3 (2020-02-06)
- v0.1.0-alpha.2 (2020-02-03)
- v0.1.0-alpha.1 (2020-01-31)
- v0.0.3-alpha.15 (2020-01-31)
- v0.0.3-alpha.14 (2020-01-31)
- v0.0.3-alpha.12 (2020-01-31)
- v0.0.3-alpha.13 (2020-01-31)
- v0.0.3-alpha.11 (2020-01-31)
- v0.0.3-alpha.10 (2020-01-31)
- v0.0.3-alpha.8+oryOS.15 (2020-01-30)
- v0.0.3-alpha.9 (2020-01-30)
- v0.0.3-alpha.7 (2020-01-30)
- v0.0.3-alpha.5 (2020-01-30)
- v0.0.3-alpha.4 (2020-01-30)
- v0.0.3-alpha.3 (2020-01-30)
- v0.0.3-alpha.2 (2020-01-30)
- v0.0.3-alpha.1 (2020-01-30)
- v0.0.1-alpha.9 (2020-01-29)
- v0.0.1-alpha.10+oryOS.15 (2020-01-29)
- v0.0.1-alpha.11 (2020-01-29)
- v0.0.1-alpha.7 (2020-01-29)
- v0.0.1-alpha.8 (2020-01-29)
- v0.0.2-alpha.1 (2020-01-29)
- v0.0.1-alpha.6 (2020-01-29)
- v0.0.1-alpha.5 (2020-01-29)
- v0.0.1-alpha.3 (2020-01-28)
- v0.0.1-alpha.2 (2020-01-28)
- v0.0.1-alpha.1 (2020-01-28)
Implemented enhancements:
- Rename profile module to settings #311
- Include authentication URL for protected user settings #310
- Rename profile module to settings #304
- Error authenticating POST requests from browser session behind Oathkeeper #270
- verified email address: resend verification challenge when the address changes #267
- Have
dsn: memory
as an alias for SQLite in memory DSN #228 - Remove identity if one of the post-registration workflow jobs returns 403 (unauthorized) #51
- refactor: Prepare profile management payloads for credentials #300 (aeneasr)
Fixed bugs:
- Fix broken redirect in login handler #323
- shutdown doesn't complete #295
- Same version of migration version 20191100000010 caused test failure #279
- Email Verification Error when using PostgreSQL #269
- HBIP check hangs when connection is slow or ends with a network error #261
- Investigate MySQL empty timestamp issue on session #244
- Return REST error when fetching expired login/registration/profile request #235
- fix: fix swagger annotation #331 (aeneasr)
- fix(swagger): Move nolint,deadcode instructions to own file #293 (aeneasr)
- feat: Enable CockroachDB integration #260 (aeneasr)
- fix: Resolve NULL value for seen_at #259 (aeneasr)
Security fixes:
- Regenerate CSRF Tokens on principal change #217
Closed issues:
- Document new redirect behvaior #348
- Quickstart not working on Windows #346
- Document CSRF pitfalls #341
- Quickstart: configuration invalid #335
- Kratos as library for any Golang project #328
- DOCS, wrong link #327
- Quickstart app doubt for authentication only(not authorization) with mysql database #297
- Serve the schemas in the common API and have it documented #287
- Quickstart broken, db.sqlite not writabel #281
- Viper key for SMTP from address appears to be incorrect #277
- Make the session cookie name configurable #268
- MailSlurper is not sending the verification email #264
- SQLite database errors in quickstart #263
- Add a clear guide how to use Kratos without Oathkeeper #262
- Allow configuration of same-site cookie #257
- CSRF token is missing or invalid #250
- selfservice/profile: sudo mode for updating auth related stuff #243
- Enable CockroachDB test suite and integration #132
- Implement selfservice credentials management #113
- Rebrand hooks to workflow(s) #50
- Document identity hooks #31
Merged pull requests:
- fix: docs: spelling in quickstart #356 (Jackneill)
- Update isntall #354 (aeneasr)
- fix: verified_at field should not be required #353 (AntiSC2)
- docs: update github templates #351 (aeneasr)
- docs: update github templates #350 (aeneasr)
- refactor: rework hooks and self-service flow completion #349 (aeneasr)
- docs: update github templates #343 (aeneasr)
- docs: add csrf and cookie debug section #342 (aeneasr)
- chore: update docusaurus template #340 (aeneasr)
- fix-335 #339 (aeneasr)
- docs: update github templates #338 (aeneasr)
- chore: update docusaurus template #337 (aeneasr)
- Improve quickstart #336 (aeneasr)
- feat: send verification emails on profile update #333 (aeneasr)
- docs: Added database connection documentation #332 (koenmtb1)
- fix: exempt whomai from csrf protection #329 (aeneasr)
- chore: update docusaurus template #324 (aeneasr)
- fix writing #322 (gwind)
- chore: update docusaurus template #321 (aeneasr)
- chore: update docusaurus template #320 (aeneasr)
- chore: update docusaurus template #319 (aeneasr)
- chore: update docusaurus template #318 (aeneasr)
- refactor: move docs to this repository #317 (aeneasr)
- docs: Updates issue and pull request templates #315 (aeneasr)
- docs: Updates issue and pull request templates #314 (aeneasr)
- docs: Updates issue and pull request templates #313 (aeneasr)
- chore: bump ory/x to have csv parsing from env vars #312 (zepatrik)
- fix: move to ory sqa service #309 (aeneasr)
- Fix the query parameter name in the get self-service error endpoint in API docs #308 (sandhose)
- chore: moved watchAndValidateViper to viperx #307 (zepatrik)
- chore: update ory/x dependency and add test case #305 (zepatrik)
- feat: allow configuring same-site for session cookies #303 (zepatrik)
- fix: Linux install script #302 (guillett)
- Document the schema API and serve it in the admin API #299 (sandhose)
- docs: Updates issue and pull request templates #298 (aeneasr)
- fix:add graceful shutdown to courier handler #296 (Gibheer)
- fix(session): Regenerate CSRF Token on principal change #290 (aeneasr)
- feat: Return 410 when selfservice requests expire #289 (aeneasr)
- fix: Use resilient client for HIBP lookup #288 (aeneasr)
- Revert "fix: Use host volume mount for sqlite" #285 (aeneasr)
- feat: add
dsn: memory
shorthand #284 (zepatrik) - fix(session): whoami endpoint now supports all HTTP methods #283 (aeneasr)
- fix: rename migrations with same version #280 (zepatrik)
- Fix smtp/stmp typo #278 (jdnurmi)
- fix(sql/migrations): change type of courier_message.body to "text" #276 (zepatrik)
- fix: Use host volume mount for sqlite #272 (aeneasr)
- feat(selfService/profile): enable updating auth related traits #266 (zepatrik)
- docs: Typo in README.md #265 (cuttlefish)
- feat(selfservice/login): enable reauthentication functionality #248 (zepatrik)
v0.1.1-alpha.1 (2020-02-18)
Fixed bugs:
Merged pull requests:
- fix: Update verify URLs #258 (aeneasr)
- fix: Clean up docker quickstart #255 (aeneasr)
- refactor(persistence/sql): move connection to context to enable transactions #254 (zepatrik)
- fix: Add verify return to address #252 (aeneasr)
v0.1.0-alpha.6 (2020-02-16)
Implemented enhancements:
- Make OIDC strategy capable of dealing with expiry errors #233
- selfservice/updateProfileFlow: disable form fields that the user is not allowed to update #227
- Use jsonschema everywhere #225
- Implement Verification #27
- feat: Implement email verification #245 (aeneasr)
Fixed bugs:
- Mark fields required in login / registration methods #234
- fix: Set AuthenticatedAt in session issuer hook #246 (aeneasr)
- Resolve flaky SDK generation issues caused by UUID #240 (aeneasr)
Closed issues:
- Require Levenshtein distance between identifiers and password #184
Merged pull requests:
- feat: Add verification to quickstart #251 (aeneasr)
- fix: Adapt quickstart to verify changes #247 (aeneasr)
- fix(SelfService/Strategy/oidc): rework auth session expiry #242 (zepatrik)
- feat(selfservice/profile): Add disabled flag to identifier form fields #238 (zepatrik)
- fix(swagger): Use correct annotations for request methods #237 (aeneasr)
- feat: add levenshtein distance check for password validation #231 (zepatrik)
- Use ory/jsonschema/v3 everywhere #229 (aeneasr)
v0.1.0-alpha.5 (2020-02-06)
Fixed bugs:
- Mitigate expired login and registration requests #96
Merged pull requests:
v0.1.0-alpha.4 (2020-02-06)
v0.1.0-alpha.3 (2020-02-06)
v0.1.0-alpha.2 (2020-02-03)
Implemented enhancements:
- Rework errors API #204
Fixed bugs:
Closed issues:
Merged pull requests:
- Serve: add admin /self-service/errors route #226 (zepatrik)
- fix: Set csrf token on public endpoints #224 (aeneasr)
- ci: Switch to golangci orb #223 (aeneasr)
- docs: Updates issue and pull request templates #222 (aeneasr)
- ci: Bump sdk and changelog versions #221 (aeneasr)
- feat: Override semantic config #220 (aeneasr)
- Add paths to sqa middleware #216 (aeneasr)
v0.1.0-alpha.1 (2020-01-31)
Implemented enhancements:
- FormFields for Login, Registration, Profile requests should be array and not maps #186
- Adopt CircleCI orbs for SDK, goreleaser, changelog #166
- Improve
--dev
flag #162 - Reintroduce SQL Migration plans #131
- Refactor DBAL layer #128
- Populate registration form with data from JSON Schema #120
- Implement selfservice profile management #112
- Implement SQL backend for errorx package #92
- Schemas should be mirrored by hive at some well-known url #86
- Add health endpoints #82
- Check all credentials for uniqueness to support uniqueness in passwordless flows #78
- Implement persistent DBAL using Postgres #66
- Disable login and registration when session exists #63
- Implement Admin CRUD for Identities #58
- Write test for missing data during sign up with oidc #55
- Write tests for selfservice.ErrorHandler #54
- Add continuous integration #53
- Support object stubs in form payloads #45
- Implement form-based, self-service login and registration #29
- Rework public and admin fetch strategy #203 (aeneasr)
- Update HTTP routes for a consistent API naming #199 (aeneasr)
- ss: Use JSON Schema to type assert form body #116 (aeneasr)
Fixed bugs:
- Improve
/profile
and/session
URLs #195 - Profile Management requests sends Request ID in POST Body instead of Query Parameter #190
- Key
traits\_schema\_url
not populated in profile management request #189 - Update Quickstart Access Rules to include new CSS files for sample app #188
- Send right field type in registration/login request information #175
- Ensure that decoderx works with checkboxes #125
- OIDC Credentials do not allow multiple connections #114
- selfservice: Form BodyParser should assert types using JSON Schema #109
- Using only numbers as password during sign up leads to error #98
- Irrecoverable state when "securecookie" fails. #97
- Do not echo headers in login/register request response #95
- Registration values are not properly propagated #71
- CSRF is broken for social sign in #68
- Reset CSRF Token on Principal Change (Sign Out) #38
- selfservice: Omit request header from login/registration request #106 (aeneasr)
- selfservice: Explicitly whitelist form parser keys #105 (aeneasr)
Security fixes:
- Rethink public fetch request protection #122
- Prevent credentials from being filled in without validation #46
Closed issues:
- OIDC method has "request" field in the form #180
- Schemas should be tested #165
- JSON Schema
ory.sh/kratos
keyword extension design document #118 - Decide JSON Schema custom keyword prefix for custom logic #115
- Implement profile and credentials management #108
- hermes: Notification architecture #99
- Omit oidc client secret, cookie secret, and dsn from k8s configmap #88
- Document Self-Service state machine #52
- Document how the form parser works #41
- docs: Document that the password strategy lowercases identifiers #25
- Dealing with missing data when using 3rd-party registration #23
Merged pull requests:
- docs: Updates issue and pull request templates #215 (aeneasr)
- Clean up and resolve packr2 issues #211 (aeneasr)
- Resolve goreleaser build issues #208 (aeneasr)
- ci: Bump sdk orb #206 (aeneasr)
- ss/oidc: Remove obsolete request field from form #193 (aeneasr)
- sql: Re-introduce migration plans to CLI command #192 (aeneasr)
- courier: Implement message templates and SMTP delivery #146 (aeneasr)
- Implement base features for v0.0.1 release #102 (aeneasr)
v0.0.3-alpha.15 (2020-01-31)
v0.0.3-alpha.14 (2020-01-31)
v0.0.3-alpha.12 (2020-01-31)
v0.0.3-alpha.13 (2020-01-31)
Merged pull requests:
v0.0.3-alpha.11 (2020-01-31)
Merged pull requests:
v0.0.3-alpha.10 (2020-01-31)
v0.0.3-alpha.8+oryOS.15 (2020-01-30)
v0.0.3-alpha.9 (2020-01-30)
v0.0.3-alpha.7 (2020-01-30)
v0.0.3-alpha.5 (2020-01-30)
Merged pull requests:
v0.0.3-alpha.4 (2020-01-30)
v0.0.3-alpha.3 (2020-01-30)
v0.0.3-alpha.2 (2020-01-30)
v0.0.3-alpha.1 (2020-01-30)
Fixed bugs:
- Order registration/login form fields according to schema #176
Merged pull requests:
- Update quickstart #207 (aeneasr)
- Take field order from schema #205 (zepatrik)
- ss/profile: Use request ID as query param everywhere #202 (aeneasr)
v0.0.1-alpha.9 (2020-01-29)
v0.0.1-alpha.10+oryOS.15 (2020-01-29)
v0.0.1-alpha.11 (2020-01-29)
v0.0.1-alpha.7 (2020-01-29)
v0.0.1-alpha.8 (2020-01-29)
v0.0.2-alpha.1 (2020-01-29)
v0.0.1-alpha.6 (2020-01-29)
v0.0.1-alpha.5 (2020-01-29)
Closed issues:
- Issue with the quickstart build failure #198
Merged pull requests:
v0.0.1-alpha.3 (2020-01-28)
v0.0.1-alpha.2 (2020-01-28)
v0.0.1-alpha.1 (2020-01-28)
Fixed bugs:
- Contain security context for reading schemas from disk #163
- strategy/oidc: Allow multiple OIDC Connections #191 (aeneasr)
Closed issues:
- Registration/Login form fields should not include "request" #178
- Fix broken CI test pipeline #151
- Seprate out login & registeration POST hooks #149
- Optionally allow only one active session per identity #139
- Deleting user does not delete sessions #69
- Support RISC #10
- pool: Comparing email addresses properly #3
- Sign here to help! #2
- Rough feature-ideas (wip) #1
Merged pull requests:
- Remove redundant return statement #194 (aeneasr)
- Improve Docker Compose Quickstart #187 (aeneasr)
- Registration/Login HTML form: remove request field and ensure method is set #183 (zepatrik)
- Replace number with integer in config JSON Schema #177 (aeneasr)
- docs: Updates issue and pull request templates #174 (aeneasr)
- Schema testing #171 (zepatrik)
- Add goreleaser orb task #170 (aeneasr)
- Add changelog generation task #169 (aeneasr)
- Adopt new SDK pipeline #168 (aeneasr)
- Improve dev flag #167 (zepatrik)
- Serve json schemas #164 (zepatrik)
- update to readme.md #160 (tacurran)
- Bump go-acc and resolve test issues #154 (aeneasr)
- Docker compose #153 (aeneasr)
- Separate post register/login hooks #150 (nmlc)
- Optionally allow only one active session per identity #148 (evalsocket)
- Update documentation images #145 (jfcurran)
- Refactor selfservice modules and add profile management #126 (aeneasr)
- Rebrand ORY Hive to ORY Kratos #111 (aeneasr)
- vendor: Update to ory/x 0.0.80 #110 (aeneasr)
- Update README.md #107 (aeneasr)
- Fix broken tests and linter issues #104 (aeneasr)
- errorx: Move package to selfservice #103 (aeneasr)
- docs: Updates issue and pull request templates #59 (aeneasr)
- docs: Updates issue and pull request templates #40 (aeneasr)
- docs: Updates issue and pull request templates #39 (aeneasr)
- docs: Updates issue and pull request templates #8 (aeneasr)
- docs: Updates issue and pull request templates #7 (aeneasr)
* This Changelog was automatically generated by github_changelog_generator