Unreleased (Work in progress)
- Made private storage backend configurable
- Updated API views to use
filterset_classinstead offilter_class(required bydjango-filter==22.1) - Fixed organization cache bug in SAML ACS view: A forceful update of the user's organization cache is done before performing post-login operations to avoid issues occurring due to outdated cache.
- Added missing Furlan translation for sesame link validity
- Use storage backend method for deleting
RadiusBatch.csvfile: The previous implementation used the "os" module for deleting resisdual csv files. This causes issues when the project uses a file storage backend other than based on file system. - Added error handling in RadiusBatch admin change view: Accessing admin
change view of a non-existent RadiusBatch object resulted in Server
Error 500 because the
DoesNotExistconditioned was not handled. - Load image using
static()in RegisteredUserInline.get_is_verified - Use
pathURL kwarg in "serve_private_file" URL pattern - Honor DISPOSABLE_RADIUS_USER_TOKEN in accounting stop API view: The accounting stop REST API operation was not taking into account the OPENWISP_RADIUS_DISPOSABLE_RADIUS_USER_TOKEN setting when disabling the auth capability of the radius token.
- Fixed a bug in the organization radius settings form which was causing it to not display some default values correctly
- Fixed a bug in allowed mobile prefix implementation: the implementation was joining the globally allowed prefixes and the prefixes allowed at org level, with the result that disabling a prefix at org level was not possible
- Called-station-ID command: log with warning instead of
warnorerror: - warn > warning (warn is deprecated) - use warning instead of errors for more temporary connection issues cases
- Allowed to login via API with email or phone number
- Allowed freeradius authorize with email or phone number
- Allowed the usage of subnets in OPENWISP_RADIUS_FREERADIUS_ALLOWED_HOSTS
- Made the fields containing personal data of users which are exposed in the registration API configurable (allowed, mandatory, disabled) via the OPENWISP_RADIUS_OPTIONAL_REGISTRATION_FIELDS setting or the admin interface
- Allow to disable registration API via the OPENWISP_RADIUS_REGISTRATION_API_ENABLED setting or the admin interface
- Added throttling of API requests
- Added OPENWISP_RADIUS_API_BASEURL setting
- Add identity verification feature, configurable via the OPENWISP_RADIUS_NEEDS_IDENTITY_VERIFICATION or via admin interface
- Added utilities for implementing new registration and identity verification methods
- Added captive portal mock views to ease development and debugging
- Add possibility to filter users by registration method in the admin interface
- Added SAML registration method to implement captive portal authentication via Single Sign On (SSO)
- Added management command and celery task to delete unverified users
- Added translations of user facing API responses in Italian, German, Slovenian and Furlan
- Added Convert RADIUS accounting CALLED-STATION-ID feature, celery task and management command, with the possibility of triggering it on accounting creation (see OPENWISP_RADIUS_CONVERT_CALLED_STATION_ON_CREATE)
- Added an equivalent of the FreeRADIUS sqlcounter feature to the REST API
- Added emission of django signal to FreeRADIUS accounting view: radius_accounting_success
- Added possibility to send email to the user an they start a new radius accounting session
- Added organization level settings and related admin interface functionality to enable/disable SAML and social login:
- Added setting to avoid updating username from SAML: OPENWISP_RADIUS_SAML_UPDATES_PRE_EXISTING_USERNAME
- Updated prefixes of REST API URLs:
- API endpoints dedicated to FreeRADIUS have moved to
/api/v1/freeradius/ - the rest of the API endpoints have moved to
/api/v1/radius/
- API endpoints dedicated to FreeRADIUS have moved to
- Allowed
usernameandphone_numberin password reset API, the endpoint now accepts the "input" parameter instead of "email" - Removed customizations for checks and password hashing because they are unmaintained, any user needing these customizations is advised to implement them as a third party app
- Improved REST API to change password: inherited
PasswordChangeViewof openwisp-users to add support for the current-password field in password change view
- Added support for Django 3.2 and 4.0
- Dropped support for Django 2.2
- Upgraded celery to 5.2.x
- Updated and tested Django REST Framework to 3.13.0
- Added support for Python 3.8, 3.9
- Removed support for Python 3.6
- Moved AccountingView to freeradius endpoints
- Relaxed default values for the SMS token settings
- Switched to new navigation menu and new OpenWISP theme
- Allowed users to sign up to multiple organizations
- Update username when phone number is changed if username is equal to the phone number
- Update stop time and termination to
Noneifstatus_typeisInterim-Update - Send password reset emails using HTML theme: leverage the new openwisp-utils send_email function to send an HTML version of the reset password email based on the configurable email HTML theme of OpenWISP
- Save the user preferred language in obtain and validate token views
- Added validation check to prevent invalid username in batch user creation
- Allowed to set the Password Reset URL setting via the admin interface
- Added soft limits to celery tasks for background operations
- Generalized the implementation of the fallback model fields which allow overriding general settings for each organization
- Fixed login template of openwisp-admin-theme
- Fixed swagger API docs collision with openwisp-users
- Ensured each user can be member of a group only once
- Radius check and reply should check for organization membership
ValidateAuthTokenView: showphone_numberasnullifNone- Freeradius API: properly handle interaction between multiple orgs: an user trying to authorize using the authorization data of an org for which they are not member of must be rejected
- Fixed radius user group creation with multiple orgs
- Added validation of phone number uniqueness in the registration API
- Fixed issues with translatable strings:
- we don't translate log lines anymore because these won't be shown to end users
gettextdoes not work with fstrings, therefore the use ofstr.format()has been restored- improved some user facing strings
- Fixed Accounting-On and Accounting-Of accounting requests with blank usernames
- Delete any cached radius token key on phone number change
- Fixed handling of interim-updates for closed sessions: added handling of "Interim-Updates" for RadiusAccounting sessions that are closed by OpenWISP when user logs into another organization
- Flag user as verified in batch user creation
- Added validation which prevents the creation of duplicated check/reply attributes
- Increased openwisp-users and openwisp-utils versions to be consistent with the OpenWISP 2020-12 release
- Increased dj-rest-auth to 2.1.2 and weasyprint to 52
- Changing the phone number via the API now keeps track of previous phone numbers used by the user to comply with ISP legal requirements
- Obtain Auth Token View API endpoint: added
is_activeattribute to response - Obtain Auth Token View API endpoint: if the user attempting to
authenticate is inactive, the API will return HTTP status code 401 along
with the auth token and
is_activeattribute - Validate Auth Token View API endpoint: added
is_active,phone_numberandemailto response data - When changing phone number, user is flagged as inactive only after the phone token is created and sent successfully
- All API endpoints related to phone token and SMS sending are now disabled (return 403 HTTP response) if SMS verification not enabled at organization level
- Removed
static()call from media assets - Fixed password reset for inactive users
- Fixed default password reset URL value and added docs
- Documentation: fixed several broken internal links
- administration web interface
- support for freeradius 3.0
- multi-tenancy
- REST API
- integration with rlm_rest module of freeradius
- possibility of registering new users via API
- social login support
- mobile phone verification via SMS tokens
- possibility to import users from CSV files
- possibility to generate users for events
- management commands and/or celery tasks to perform clean up operations and periodic tasks
- possibility to extend the base classes and swap models to add custom functionality without changing the core code