Releases: 2amigos/yii2-usuario
1.6.3
- Fix: Update last_login_at and last_login_ip on social networt authenticate (@eluhr)
- Enh: Keycloak auth client (@eluhr)
- Fix: Social Network Auth (@eluhr)
- Enh #532: /user/registration/register now shows form validation errors
- Enh: Allow/suggest new v3 releases of 2amigos 2fa dependencies: 2fa-library, qrcode-library (@TonisOrmisson)
- Enh: Added option to disable viewing any other user's profile for non-admin users (@TonisOrmisson)
- Ehn: updated Estonian (et) translation by (@TonisOrmisson)
- Ehn: use recaptcha.net instead of google.com (@Eseperio)
For future reference, this release introduces a possible regression with custom integrations:
Class common\clients\YourCustomEndpoint contains 1 abstract method and must therefore be declared abstract or implement the remaining methods (Da\User\Contracts\AuthClientInterface::getUserId)
You can fix it by using the Da\User\Traits\AuthClientUserIdTrait
inside your class like:
class Microsoft365 extends \yii\authclient\OAuth2 implements \Da\User\Contracts\AuthClientInterface
{
use \Da\User\Traits\AuthClientUserIdTrait;
Thanks to @edegaudenzi for reporting it here.
1.6.2
- Fix: Two Factor Authentication - Filter - Blocks even when two factor authentication is enabled
- Fix: update Dutch (nl) translations (@squio)
- Enh: possibility to limit the depth of the recursion when getting user ids from roles (@mp1509)
- Fix: UserSearch avoid fields name conflict if joined with other tables (@liviuk2)
- Fix: PasswordExpireService return false when user model attribute "password_changed_at" is already set at null.
- Enh #524: Two Factor - Authenticator App - offer a "Can't scan?" fallback
- Fix #530: Welcome email: reported Password is now HTML-encoded
- Ehn: updated french translation by @arollmann
1.6.1
First patch release for 1.6.
- Fix: use correct password recovery url in welcome mail and add functionality to plain text version of the mail (@eluhr)
- Fix: correct viewPath error in LoginWidget (niciz)
- Enh: possibility to call all the api endpoints with either id or username or email (liviuk2)
- Fix: use configured User model in SecurityController 2FA confirmation (jussiaho)
- Enh: possibility to get user ids from roles recursively (mp1509)
1.6.0
Welcome to the latest stable release of Yii2-Usuario, 1.6.0, after long time. People still running on Boostrap 3 environments are encouraged to switch to this version and abandon dev-master
, as work for bringing BS4 and BS5 support is coming soon.
There are some changes which devs upgrading should take care of, please read through all the notes.
This release makes a step forward in PHP compatibility, leaving behind obsolete versions. While yii2-usuario should still work without issues on 5.6, from now on testing and development will look forward and maintain only >=7.4 versions.
There's also a security issue for 2FA tokens: settings/two-factor
route wasn't checking for the currently logged in user, so any authenticated account could access to all user's 2FA root code. If you cannot upgrade, check 24d5d5744fe0. Many thanks to Scott Tester for responsibly reporting it.
There's also a change in flash messages handling, please see #391 for details.
For a full list of changes, see CHANGELOG.md.
Thanks to everyone who contributed in these years, and to those willing to continue.
1.6.0-beta1
WARNING: this (pre-)release (long time due) makes a step forward in PHP
compatibility, leaving behind obsolete versions. While yii2-usuario should
still work without issues on 5.6, from now on testing and development will
look forward and maintain only >=7.4 versions.
There's also a security issue for 2FA tokens: settings/two-factor
route
wasn't checking for the currently logged in user, so any authenticated account
could access to all user's 2FA root code. If you cannot upgrade, check
24d5d5744fe0.
There's also a change in flash messages handling, please see #391 for details.
For a full list of changes, see CHANGELOG.md.
People are encouraged to update translation files.
1.5.1
- Fix #370: Extending view fix (effsoft)
- Fix #306: Add event for failed login (ivan-cc)
- Fix #347: Only pass fields known to User model in registrationControl->actionRegister() (BillHeaton)
- Fix #346: Update ReCaptcha guide to not use AJAX (BillHeaton)
- Fix #345: Update ReCaptcha guide to add scenarios() in recoveryForm (BillHeaton)
- Fix #307: Fix French translation (arollmann)
- Fix #316: Fix new response from Google OAuth Api (Julian-B90)
- Fix #321: Fix new response from LinkedIn OAuth Api (tonydspaniard)
- Fix #322: Fix boolean values in migrations for SQL server (tsdogs)
- Enh #325: Added support for sqlite3 (santilin)
- Fix #326: Fix rule for the user auth_tf_enabled field (santilin)
- Fix #290: Fix wrong email message for resending confirmation (tonydspaniard)
- Enh #269: Added help documentation to console commands (tonydspaniard)
- Fix #244: Fix forced inclusion of a suggested class (tonydspaniard)
- Fix user event triggering in admin controller (maxxer)
- Enh #331: Added Ukrainian translations (kwazaro)
- Enh #324: Added option to restrict user assignments to roles only (CheckeredFlag)
- Enh #224: Added option to require consent (eseperio)
- Enh: Added classMap for MailService (necrox87)
1.5.0-rc.1
We're almost ready to release...!