Fixes:
- Dependencies updated to fix DOS vulnerability commit
Enhancement:
- Node 12 check commit
Fixes:
- Fix passing in
undefined
optional parameters to@nearform/sql
v1.3.1 throwing error commit
Enhancement:
- Hapi plugins export a
name
property whose value isudaru-hapi-plugin
. This is useful when loading specific plugin options on registration, based on this newly exported plugin name commit
Fixes:
- Fix organization and teams create callback handling commit
Features, enhancements:
Fixes:
Features, enhancements
- Facilitating underscores in id fields for backward compatibility commit
Fixes:
- Migration scripts updated constraints (redo previous migration to 9) commit
- Bugfix for path on nested paths commit
Features, enhancements
- Exact name search added to teams search commit
- Search enhanced to handle tsquery reserved characters commit
- Zed Attack Proxy baseline and API penetration testing support commit
Fixes:
Features, enhancements
- Batch authorization checks on resource/action pairs commit
Features, enhancements
- Whitelist ID fields formats in users, teams, policies and organization commit
- Node 10 check commit
- Assignment of policies/instances to users, teams and groups must now use object format commit
- Swagger generation mechanism updated commit
- Swagger output validation merged with input validation in core commit
Features, enhancements:
- Lerna package split, udaru-core, udaru-hapi-plugin, udaru-hapi-16-plugin and udaru-hapi-server now in separate npm packages commit
- Breaking change: 404 not found on endpoint GET /authorization/teams/${teamId}/users if team does not exist commit
- Breaking change: 404 not found on endpoint /authorization/users/${userId}/teams if user does not exist commit
- SQL module extracted and placed in own npm module (@nearform/sql)
- Promises support commit
- Hooks support commit
- Policy instance now returned when associating policy with user,team,org, which can be passed as param to DELETE to delete a specific instance commit
- Policy context variables support added, which can be used in policy resources and policy condition elements commit
- GET Policy search endpoint added commit
- GET Policy variables endpoint added commit
- GET Policy instances endpoint added commit
- GET Policy endpoints added to users, teams and organizations commit
Features, enhancements:
- Nested teams endpoint commit
- Team search endpoint commit
- User search endpoint commit
- Team user search endpoint commit
- Updated PBAC to version 0.3.0 (lodash vulnerability)
Fixes:
- Migration scripts 006 & 007 (removed public schema)
Features, enhancements:
- Added /database/loadVolumeData.js to populate test database with large volume of data commit
- Added /bench/ulil/volumeRunner.js to perform Autocannon tests against volume db commit
- Added database migration script 006, adds index to team_members table (performance improvements) commit
- Added metadata support for orgs, teams and users [commit] (#466)
- Added database migration script 007, adds to add metadata field commit
- Updated Lodash dependecy to 4.17.5
- Updated chalk dependency (dev) for volume test output
- Updated PBAC to version 0.2.0 (lodash vulnerability update)
- Updated iam.js (StringLike param order reversed)
- Breaking Change: Updated unique constraint violation to return code 409 conflict for users, policies, orgs and teams
- Enhanced swagger documentation (better definition of models and other tidy ups)
Fixes:
- Added fixes on the get user teams endpoint commit and commit
- Added fix for policy validation (enforce allow|deny on effect)
- Added fix for issue 450 (invalid teams payload)
- Added get user teams commit
Features, enhancements:
- Shared policies commit
- Policy templates commit
- Multi variable policies commit
- Create Udaru instance only on demand commit
- Explicitely add org header for CORS commit
- Remove core instance dependency at plugin level commit
- Enhanced configuring, extract DB pool creation commit
- Endpoint for listing allowed actions on multiple resources commit
- Updated dependencies
- Documentation udpates
Fixes:
- Breaking change: solutions using 2.0 can't migrate DB to 3.0: Fix migration issue commit
- Fix not existing user got authorized commit
- Fix db init script commit
Fixed Udaru plugin registration commit Fixed issue with reconfig package, update deps, replaced shrink wrap with package lock commit
Fixed service startup error handling: commit
Features, enhancements, fixes:
- Breaking change: replace LABS_AUTH_SERVICE with UDARU_SERVICE prefix to environment variables: commit
- Increase user.name field length, fix org_policies.org_id: commit
- Enhanced tests, documentation and examples: commit and commit
Features, enhancements:
- Added two new users endpoints for replace/delete teams: commit
- Add 4 new organization policy management endpoints: commit
- Remove dependency on iam-js (iam-js was a wrapper for pbac): commit
- Authorization documentation: commit
- Sql injection automated tests and sqlmap automated tests: commit
- Removed not used admin account: commit
- Skip dropping the db in production env: commit
- Enhanced Joi validation, better error handling for existing IDs: commit
- Enhanced organization and inherited policies tests: commit and commit
Fixes:
- Fixes invalid ID handling for user and policy: commit
Fix problem with postgrator migrations commit
Features:
- Separate udaru in 3 parts: core, plugin and server commit , commit and commit
- The
statements
parameter now is an object instead of a string commit - Organization id is now optional as all other ids commit
- Added pagination to all list endpoint commit , commit , commit and commit . An example for the response structure is here
- Added migrations script with postgrator commit and commit
- Enanche documentation commit
- Removed
api
andcomponent
folder, made the repo contain only the service app commit - Added framework for authentications tests commit , commit , commit and commit
- Make a single SQL file for fixtures commit
- Added bech test framework commit
- Added travis for CI commit
- Added MIT license commit
Fixes: