2.0.1

• BREAKING: Changed PHP version requirement to 8.0. remp/crm#2519
• BREAKING: Changed Latte version from v2 to v3. remp/crm#2519
• Added user_stats table. User stats computed by products:calculate_averages command (product_payments, product_payments_amount) and payments:calculate_averages command (subscription_payments, subscription_payments_amount, avg_month_payment, product_payments) are now saved into user_stats table instead of user_meta to avoid locking the table. remp/crm#2207
  • Note that data is not migrated, next run of the commands will add data into the new table.
• Added UniversalSearchDataProvider for custom searches in users using user.id and user.email. For email field uses wildcard search after entering 3 or more characters. remp/crm#2485
• Added redirect to home route after reset password sign in. Prevents from redirecting back to reset password page which is only single use. remp/helpdesk#1380
• Refactored presenters to use PreviousNextPaginator instead of VisualPaginator. remp/crm#2512
• Added the button for user anonymization on user's list page (merged into menu with user deactivation). remp/crm#2357
• Added users public meta information to user/info api call. remp/dn-mofa#471
• Changed registration of pre-registered users. Keeps already created user account, doesn't create new one. remp/crm#2507

1.2.2

• Fixed issues with filter registration appearing after latte/latte update to version 2.11.5. remp/crm#2511

1.2.0

• Fixed autofilling password in edit user form. remp/helpdesk#1302
• Added locale select to UserFormFactory. remp/crm#2239
• Fixed graphs on dashboard to consider date range filter. remp/crm#2450
• Added german translation. remp2020/crm-users-module#16

1.1.0

• Added check to prevent admin user from removing SSO pairing if Secure admin login is enabled. remp/crm#2347
• Fixed UserConnectedAccountsRepository methods for removing user's connected accounts. Using repository's delete() method to ensure we have audit log. remp/crm#2347
• Fixed incorrectly set response code for not approved autologins. remp/crm#2377
  • This regression was caused by missed error when auto refactoring with custom rector rules. remp/crm#2330 & remp/crm#2342
• Added Crm\UsersModule\Api\v2\UsersEmailHandler api handler with better error and validation handling + deprecate old Crm\UsersModule\Api\UsersEmailHandler api handler. remp/crm#2310
• Added onetimeusemail.com into blocked domains. remp/crm#2388
• Changed way how AccessTokenAuthenticator marks that user token is not allowed to login. Previously, only a binary flag was stored in session. Now, hash of a token is stored.
• Fixed locale switcher in admin. remp/crm#2393
  • This required us to register UserDataLocaleResolver by default to all installations. If you were adding it manually, you don't need to anymore.
• Added source param to GoogleTokenSignInHandler for allowing to register user with specific source through Google sign in api endpoint. remp/crm#2297
• Refactored GoogleTokenSignInHandler to use Nette api params validation instead of deprecated InputParam. remp/crm#2297
• Remove persistent locale from URL in ApplePresenter and GooglePresenter. remp/crm#2390
  • It is already part of final url / referer but keeping it further breaks callback URLs (they are static and shouldn't contain unknown URL parameters).
• Added support for locale in Google and Apple presenters and GoogleSignIn and AppleSignIn models. remp/crm#2308
• Added list of disposable email address domains to blocked_domain.txt. remp/crm#2388
• Added locale parameter into API calls /api/v1/users/create, /api/v1/users/update, '/api/v1/users/google-token-sign-in' and /api/v1/users/apple-token-sign-in. remp/crm#2308

1.0.0

Changelog

• BREAKING: Added parameter newPassword to UserChangePasswordEvent. remp/crm#2331
  • When creating new instances of this event, the new password must be set as the second parameter.
• BREAKING: Changed exception code in case AccessTokenAuthenticator attempts to log in admin user.
  • If you depend on this code, change use of Nette\Security\IAuthenticator::FAILURE in favor of Nette\Security\Authenticator::NOT_APPROVED.
• BREAKING: Changed HTTP status code of /api/v1/user-meta/delete API from 200 OK to 204 No content.
• Added registration ip rate limiter to limit number registration attempts on API endpoints without authorization. remp/crm#2153
  • Added registration_attempts table to store registration attempts.
• Changed translation files. remp/crm#2276
  • Remove duplicated spaces.
  • Fix EOF newlines.
  • Use double quotes around one single quote.
  • Switch tabs to 4 spaces. Weblate can parse only YAML format (doesn't support tabs).
  • Change extension from NEON to YML.
• Fixed partially incorrectly captioned "more options" button in admin filter form.
• Fixed removal of stale cookies when log in using Google or Apple SSO. remp/crm#2114
• Added code to JSON responses in UsersLoginHandler. remp/crm#2274
• Added optional parameter newsletters_subscribe to UsersCreateHandler. remp/crm#2275
• Moved autologin token authentication out of FrontendPresenter to its own event handler. remp/crm#2328
• Flagging attempted admin autologin attempts to prevent future attempts under the same session. remp/crm#2328
• Fixed incorrectly setting access token cookie for API requests. remp/crm#2177
• Fixed slow listing of login attempts for high-volume login instances. remp/crm#2345
• Fixed Apple Sign-In flow when connecting existing account. remp/crm#2333
• Fixed broken SSO login in corner cases, caused by incorrect deletion of login cookies. remp/crm#2114
• Added API endpoint for updating users info. remp/crm#2339
• Changed API handlers (non breaking). remp/crm#2342
  • Changed return type of handle() from Crm\ApiModule\Response\ApiResponseInterface to Tomaj\NetteApi\Response\ResponseInterface.
  • Changed deprecated Crm\ApiModule\Api\JsonResponse to Tomaj\NetteApi\Response\JsonApiResponse.
• Fixed translation string users.admin.user_connected_accounts_list to users.admin.user_connected_accounts_list_widget. Remove unused strings. remp/crm#2158

Nette 3.0

• Changed Compiler::loadDefinitions() (deprecated) to CompilerExtension->loadDefinitionsFromConfig(). remp/crm#1979
• Added return types to implementations where Nette interfaces changed. remp/crm#1979
• Removed calling parent constructor from widgets. Constructor was removed from Nette\ComponentModel\Component. remp/crm#1979
• Fixed link in template. Internal Nette\Routing\Route::param2path() now strictly requires string (object identification) instead of whole object. remp/crm#1979
• Fixed deprecation of second parameter $whenBrowserIsClosed in Nette\Security\User->setExpiration() used within sign-in. remp/crm#1979
• Refactored all uses of Nette\Security\Passwords. class is now used as an object and methods are no longer static. remp/crm#1979
• Fixed type error when trying to restore request. Method restoreRequest() requires string, non null parameter. Restoring request only if back parameter is non-null. remp/crm#1979
• Changed nette/forms method from setAttribute() to setHtmlAttribute(). remp/crm#1979
• Fixed use of Nette\Utils\Json::decode() - second parameter should be Nette\Utils\Json::FORCE_ARRAY, not true. remp/crm#1979
• Fixed capitalized class name JSON to Json (Nette\Utils\Json). remp/crm#1979
• Updated conditions expecting false from Selection::fetch(). Null is returned instead of false after update to Nette 3.0. remp/crm#2142

Nette 3.1

• Changed Nette\Forms access to values from $form->values['form_field'] to $form->getValues()['form_field']. remp/crm#1979
• Changed the way how routes are added to router. From array $router[] = new Route() to method call $router->addRoute(). remp/crm#1979
• Changed deprecated Nette\Application\IResponse to Nette\Application\Response. remp/crm#1979
• Changed deprecated Nette\Caching\IStorage to Nette\Caching\Storage. remp/crm#1979
• Changed deprecated Nette\Database\Context to Nette\Database\Explorer. remp/crm#1979
• Changed deprecated Nette\Database classes. Nette\Database\IRow and Nette\Database\Table\IRow are deprecated. Using Nette\Database\Table\ActiveRow instead. remp/crm#1979
• Changed deprecated Nette\Security\IAuthorizator to Nette\Security\Authorizator. remp/crm#1979
• Changed deprecated Nette\Security\Identity to Nette\Security\SimpleIdentity. remp/crm#1979
• Changed deprecated Nette\Localization\ITranslator to Nette\Localization\Translator. remp/crm#1979

0.38.0

• BREAKING: Changed UsersRepository::add() function signature. remp/crm#2060
  • Removed firstName, lastName and address arguments as they're not mandatory anymore and AddressRepository / UserMetaRepository should preferably be used to store these fields. If you want to store them in users table, update the $user row right after the add() method.
  • Added preregistration argument to support new user pregeristration flow.
  • If you use UsersRepository::add() in your own modules, please revise the usage to reflect the changes.
• BREAKING: Changed UserCreatedEvent event to UserRegisteredEvent. Old UserCreatedEvent extends new UserRegisteredEvent so custom implementations dependent on UserCreatedEvent should work for now. UserCreatedEvent event is deprecated and will be removed in the future. remp/crm#2060
  • If you emit or listen to UserCreatedEvent, change it to UserRegisteredEvent.
  • This change intends to create room for user to be created, but not officially registered - intended for unclaimed users and other backend-only users. Unless you work with backend-only flows, UserRegisteredEvent is the one that you want to use onwards. This event is complemented with NewUserEvent. Read their PhpDocs if you want to know more.
  • Any scenarios using user_created trigger will automatically be migrated to user_registered trigger.
• BREAKING: Renamed user-created hermes event to user-registered to maintain consistency with the previous changes. remp/crm#2060
  • If you emit or listen to the user-created hermes event, update it to the new user-registered hermes event.
• Added option to /api/v1/users/create API endpoint to create unclaimed user. remp/crm#2060
• Added login attempts tracking to the /api/v1/users/email (UsersEmailHandler) to include the API in the rate-limiter coverage. remp/crm#1779
• Added widget into User administration to manage user connected accounts. remp/crm#2158
• Added confirmation dialog into reset password hyperlink in user settings. remp/#crm2168
• Added support for user-specific locales. remp/crm#2187
  • Column locale added to users table. Column is non-null and is filled with default locale during migration.
  • Scenario criteria LocaleCriteria added.
  • Added UserDataLocaleResolver, supporting switching locales based on user-specific locale.
• Fixed directory names to follow PSR-4 standard. Namespaces weren't changed (no breaking change). remp/crm#2228
• Added hungarian translations. remp/crm#2255

0.37.0

• Changed user access source update query from INSERT .. ON DUPLICATE to INSERT+UPDATE to prevent possible deadlocks. remp/crm#2079
• Changed storage location of SSO authentication values from session to cookie. remp/crm#2114
• Changed email validation handlers /api/v1/users/set-email-validated and /api/v1/users/email to consider the unclaimed user as if it did not exist. remp/crm#2061
• Added validation for all users in users:check-email command. remp/crm#2160
• Changed UsernameAuthenticator to not allow the unclaimed user to log in. remp/crm#2062
• Added handling for malformed URLs in SignInRedirectValidator. remp/crm#2149
• Added /api/v1/user/delete API to delete user (authorized with user's Bearer token). remp/crm#2053

0.36.0

• Added flag include_deactivated to /api/v1/users/list API to allow listing also deactivated users. Anonymized users are always excluded. remp/crm#1392
• Fixed referer redirect after sign-in. remp/crm#2108
• Removed requirement for device_token when claiming unclaimed user. remp/crm#2105

0.35.0

• BREAKING: Bump minimal PHP version to 7.4. remp/crm#2068
• BREAKING: Changed SsoUserManager#matchOrCreateUser() function parameters - $userBuilder added, $registrationChannel and $source removed. remp/helpdesk#848
• Added option to set password lazily in UserBuilder using callable function. The actual password is generated later when user is saved using save() function. remp/helpdesk#848
• Fixed saving referer when creating user via Apple or Google Sign-in. remp/helpdesk#848
• Added optional parameter is_web to /api/v1/users/google-token-sign-in API. remp/crm#2054
• Added priority to BasicUserDataProvider registration. We want to execute it as last so we have email accessible until all user data are removed when deleting user (eg. user subscriptions from REMP/Mailer). remp/crm#2047

0.34.0

• BREAKING: Changed response status code to 404 Not Found when there is no device token found based on request parameters in /api/v1/users/login API. remp/crm#1986
  • The API used to previously return 400 Bad Request.
• Added confirmed_at property to various user login/create/info API endpoints. See README for additional details. remp/crm#1999
• Added support for device_token pairing in /api/v1/users/google-token-sign-in API and /api/v1/users/apple-token-sign-in. remp/crm#1986
• Added confirmed_at to the BasicUserDataProvider so it's cached for client application to use. remp/crm#2003
• Fixed saving date of update in AdminGroupsRepository->update().
• Changed command return codes to Symfony's Command return code. remp/crm#2007
• Added return to UsersRepository->update(). remp/crm#2007
• Added ability to specify SameSite flag for cookies set by AccessToken. remp/helpdesk#778
• Added scenario criteria to check if user's account is confirmed ("user" - "is confirmed"). remp/crm#1028
• Added optional parameter gsi_auth_code to /api/v1/users/google-token-sign-in API. remp/crm#1954
• Added users.dataprovider.google_sign_in dataprovider placeholder. remp/crm#1954
• Added AddressScenarioConditionModel for registering address related scenario conditions. remp/novydenik#812
• Added AddressTypeCriteria condition to scenarios. remp/novydenik#812