You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
The key has expired.
* Bump RAPyDo version to 1.0
* Dropped deprecated graph_transactions decorator from neo4j connector, replaced with @decorators.graph_transactions starting from v0.7.6
* Dropped deprecated app parameter in connectors init
* Dropped deprecated verify_local_admin method, replaced by verify_staff starting from v0.9
* Dropped obsolete htmlcodes utility
* Dropped support for old password encoding, deprecated since v0.7.2
* Fixed celery and celery-beat initialization to prevent the used of obsolete Detector.get_connector method
* Dropped deprecated get_service_instance from detector. Dropped obsolete get_connector method from detector. Cleanup of detector services
* Excluded non available services from wait loop
* Deprecated Env.load_group (replaced by already existing load_variables_group
* Added AUTH management to Redis connector, Celery and Celery-Beat Redis backend, Redis cache
* Upgraded Celery from 4.4.7 to 5.0.4
* Upgraded schemathesis from 2.7.1 to 2.8.4
* Models injection is now executed once at class level
* Refactor of models injection to be type-safe [now are dynamically retrieved by __getattr__]
* Dropped detector.check_availability (replaced by Connector.check_availability)
* Dropped Detector class, fully replaced by the Connector class
* Bug fix: connector name corresponds now to the connector folder, instead of the lower cased class name
* Fix to prevent inline styles in html response
* Moved flask app from CeleryExt.celery_app to CeleryExt
* Replaced Celery tasks injection with standard Celery task registry
* Extracted load_models function from the load_connectors
* Deprecated boolean env variabiles (True, true, False and false) and back to old-fashioned 0/1 values. Backend and Frontend use different booleans due to Py vs Js 0/1 is a much more portable value to prevent true|True|true This fixes troubles in setting boolean values only used by Angular (expected true|false) or used by Pyton (expected True|False)
* Implemented @decorators.auth.optional() decorator to accept missing or valid tokens. Invalid tokens will always be rejected
* Deprecated get_user_if_logged utility, replaced by new @decorator.auth.optional decorator coupled with the normal get_user method
* Bug fix to make endpoint caching token-depends and prevent data leakage
* Improved rabbit connector connection checks
* Catched StreamLostError exceptions raised by rabbit disconnect
* Basic implementation of failed login registration and account bans
* Added 403 response to login endpoint definition
* Forbbiden password reset when account is blocked by too many failed login attempts
* Forbbiden accunt activation when account is blocked due to too many failed login attempts
* Failed login ban is now controlled by env variable AUTH_LOGIN_BAN_TIME (defaulted to 3600 seconds)
* Added user expiration to db models and to admin users input/output endpoint schemas
* BUG fix in reset password endpoint: unused credentials was not verified
* Implemented user expiration
* Token expiration is now capped by the user expiration date, if set
* When account expiration is reduced all tokens with expiration greater than user expiration are automatically invalidated
* Added gunicorn and meinheld to restapi dependencies
* Replaced the use of neomodel UniqueIdProperty with StringProperty with custom generated uuids. This fixes the incompatibility between neomodel generated uuids (in non standard hex format without hyphes) and marshamallow serialized uuids (standard format with hyphens)
* Added username and password management to mongoDB connector
* Added a status check to active containers to make tests fail when containers are unexpectedly found in exited status
* Upgraded Telethon from 1.18.2 to 1.19.0
* Upgraded Faker from 5.0.2 to 5.6.1
* Upgraded schemathesis from 2.8.4 to 3.0.3
* Fix to let creation of users during locally executed tests when smtp is not enabled
* Upgraded Flask-Migrate from 2.5.3 to 2.6.0
* Prevent upgrade to py-amqp 5.0.3 because new ssl context defaults are not able to validate self signed certificates
* Extended redbeat support for periods other than seconds
* Bug fix to detect unknown roles at init time in alchemy implementation
* Added account expiration to profile data
* Fix to prevent double custom_user_properties_pre/custom_user_properties_post in user registration
* Bug fix: added missing save user to profile registration
* Added default group on user registration
* Groups input model is now a simple schema, instead of a dynamic callback
* Fix to prevent empty and/or unnamed models in swagger specs
* Fix to include Nested schemas in swagger spec
* AUTH_SECOND_FACTOR_AUTHENTICATION Changed from TOTP string to boolean
* Deprecated obsolete catch_graph_exceptions decorator
* Increased tests timeout
* Bug fix ValidationError on empty user.expiration on mongodb backend
* Set totp len validation
* TOTP secret is now randomly generated
* SECOND_FACTOR renamed as two_factor_enabled in user profile
* Upgraded pyotp from 2.4.1 to 2.6.0
* Invalid username or password error modified into Invalid access credentials
* Added tests on TOTP failures
* AUTH_FORCE_FIRST_PASSWORD_CHANGE and AUTH_VERIFY_PASSWORD_STRENGTH are now automatically enabled when AUTH_SECOND_FACTOR_AUTHENTICATION is on
* TOTP fields validation
* Added time synchronization to caching test to prevent cache expiration due to overlapping seconds
* Token IP validity period is now configurable via AUTH_TOKEN_IP_GRACE_PERIOD env variable
* Added tests on unused credentials ban
* Bug fix to prevent initialization of last password change for default user
* Bug fix in mongo model to allow empty date on user model
* Increased password validity during tests from 10 to 60 seconds
* Changed response for disabled credentials due to inactivity from 401 to 403 status
* Introduced an exception to let the default user to be protected by inactivity ban during tests
* Token validity grace period is not based on creation time instead of last access
* Fix to test custom folder before base folder
* Added log_event utility to log security events on a log file
* Replaced ADMINER_DISABLED and proFiLE_DISABLED with not MAIN_LOGIN_ENABLE
* fake fixture renamed into faker to replace the default faker fixture and prevent ambiguities
* Added tests on token ip validation
* Removed mock null ip used during tests
* Added a initialize_testing_environment utility executed during project initialization in testing mode
* Added a create_group utility in the test suite
* Added filters parameter to get_last_events test utility
* Bug fix: prevent obfuscate_dict to cut long fields on save log event
* Extended tokens in activate_account template with name, surname and username
* Added read to log events
* Added totp to obscured fields
* Enhancement of regular expression used to extract validation tokens from urls during tests
* Added marker file for PEP 561 to inform mypy that restapi package uses inline types
* Applied werkzeug secure_filename to filename provided to download function
* Improved read_mock_email test utility to decode base64 bodies
* Added marshal fields Neo4jRelationshipToMany, Neo4jRelationshipToSingle and Neo4jRelationshipToCount to serialize neo4j relationships into list, single values or counts
* Dropped error field from do_login test utility function
* Fixed chunk_upload to use the parse_content_range utility function
* Added roles parameter to create_user test utility
