v2024.8.1

What's Changed

• Adding setting to prevent modification of settings in AoC environment by @john-westcott-iv in #519
• [Low Prio] Add uwsgi + nginx + ssl to the compose stack by @jctanner in #508
• Error if Delete permission is issued without Change permission by @thedoubl3j in #520
• fix: Skip _system user when syncing resources by @rochacbruno in #521
• Prepare 2 User managers to exclude _system user by default by @slemrmartin in #522
• Adding get_relative_url and get_fully_qualified_url by @john-westcott-iv in #505
• Fix new user getting created at every login by @john-westcott-iv in #523
• Fix SAML authenticator to set ACS url as CALLBACK_URL by @john-westcott-iv in #525
• Re-enable black and blacken files that got missed in later PRs by @relrod in #529
• [get_fully_qualified_url] Fallback to crum request by @relrod in #528
• Handle unsupported media type in django-oauth-toolkit by @cutwater in #537
• Add bits necessary to satiate pulpcore's openapi generator. by @jctanner in #542
• Fix authenticator order by @trucdg in #541

Full Changelog: 2024.7.17...2024.8.1

v2024.7.17

What's Changed

• Fix flaky test failure by @AlanCoding in #504
• Custom permission class for oauth token scope adherence by @relrod in #500
• Handle system user login via external source by @trucdg in #502
• Fix AuthMap groups and attributes rules by @slemrmartin in #480
• jwt_consumer: remove unauthorized permissions by @BrennanPaciorek in #486
• Require superuser permission to revoke global roles by @AlanCoding in #497
• Prevent disabling or deleting the last enabled authenticator by @jctanner in #513
• [oauth2_provider] Disable PKCE by default by @relrod in #514
• Fix keycloak public key help text typo by @mabashian in #516
• Fix incorrect mock object calls by @AlanCoding in #518
• Use single postgres definition in compose file by @AlanCoding in #515
• Optimize SQL queries when creating orgs and teams by @cutwater in #506
• Optimize SQL queries when assigning permissions on teams by @cutwater in #509
• Make ansible_id match the JWT data if creating new user by @AlanCoding in #512
• Making CALLBACK_URLS optional by @john-westcott-iv in #511
• [Low Prio] Add a sqlite3 check by @AlanCoding in #517

Full Changelog: 2024.7.1...2024.7.17

v2024.7.1

What's Changed

• Properly resolve the AuthenticatorUser for LDAP by @john-westcott-iv in #492
• Avoid extra database queries when not needed by @cutwater in #495
• Fix queryset of RoleDefinition-assignment list with new utils by @AlanCoding in #425
• Encrypt extra_data to not expose things that might be used by authenticators by @thedoubl3j in #378
• Silly attempt at running eda-server tests by @relrod in #496
• Add callback to validate role assignment by @fosterseth in #490
• Adding .github/CODEOWNERS by @john-westcott-iv in #498
• Enhancements to request logging by @relrod in #478
• Allow managing org roles with view permission locally by @AlanCoding in #501

Full Changelog: 2024.6.26...2024.7.1

v2024.6.26

What's Changed

• Prevent system user from logging in via external source by @bhavenst in #461
• Fix typo in keycloak public key help text by @mabashian in #462
• Avoid references to User.resource which may not be there by @AlanCoding in #466
• Revert superuser claims by @slemrmartin in #470
• Respect admin password env var and remove duplication creation by @AlanCoding in #471
• Split DAB RBAC app docs into 4 parts by intended audience by @AlanCoding in #427
• Always clear ContentType cache to enforce determinism by @AlanCoding in #474
• Allow null values for ansible_id fields by @AlanCoding in #468
• Rename is_system_auditor to is_platform_auditor by @relrod in #459
• Process hub auditor role by @newswangerd in #477
• Remove OIDC backend config data caching by @bhavenst in #460
• Add another variable which might house the public cert by @john-westcott-iv in #464
• Add handling for jwt enc OIDC user info by @bhavenst in #448
• Add a test for permission transference moving teams org by @AlanCoding in #479
• More robust proxy trust header handling by @chrismeyersfsu in #452
• Social Auth reflects Authentication maps by @slemrmartin in #463
• Add test model with no view permission by @AlanCoding in #473
• Fix issues with saving secrets starting with $encrypted$ by @trucdg in #437
• Disable activitystream for access token last_used by @bhavenst in #481
• Fix authenticator-related users view with permission handling by @trucdg in #487
• Add social auth exception handler middleware by @bhavenst in #467
• Prevent N+1 queries problem when reconciling claims by @cutwater in #488
• Fix typo in github field label name for scope. by @jctanner in #494
• Correct the content type as necessary for older systems. by @jctanner in #493
• Parametrize visible users by @slemrmartin in #491

New Contributors

• @mabashian made their first contribution in #462
• @trucdg made their first contribution in #437

Full Changelog: 2024.6.11...2024.6.26

v2024.6.11

What's Changed

• oauth2_provider: support adding, removing, clearing tokens by @BrennanPaciorek in #421
• fix: Do not convert jwt_user_id from None to str by @rochacbruno in #441
• Reconcile User Claims with AuthMap roles by @slemrmartin in #431
• fix: make RESOURCE_JWT_USER_ID and RESOURCE_SERVICE_PATH optional. by @rochacbruno in #442
• Identify specific actions from non-viewset views for resource registry by @AlanCoding in #446
• Rename DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED by @rochacbruno in #456
• Alter JWT authentication by @john-westcott-iv in #420

Full Changelog: 2024.6.8...2024.6.11

v2024.6.8

What's Changed

• Consolidate member test fixtures by @AlanCoding in #439
• Vendoring system for shared role definitions by @AlanCoding in #435
• Lock down OAuth2 views by @relrod in #434
• Replace X-TRUSTED-HEADER with pub/priv encrypted message by @john-westcott-iv in #389
• Prevent role assignment or removal of unmanaged things by @AlanCoding in #430

Full Changelog: 2024.6.6...2024.6.8

v2024.6.6

What's Changed

• Create system user as needed by @john-westcott-iv in #418
• Fix issue where tests fail to teardown by @john-westcott-iv in #429
• Alter lib/utils/models to not depend on resource_registry by @john-westcott-iv in #433
• AuthenticationMap role by @slemrmartin in #407
• Use dynamic docstrings for sublists by @AlanCoding in #419
• Fix SSO/radius bug by @bhavenst in #436
• [CI] Add check for missing migrations, add missing migration by @relrod in #438

Full Changelog: 2024.5.31...2024.6.6

v2024.5.31

What's Changed

• Fix IntegrityError when giving overlapping team permissions by @AlanCoding in #401
• [oauth2] Add a general /tokens/ to user mixin by @relrod in #409
• Make username and password optional for Radius authenticator by @john-westcott-iv in #417
• Fix server error and prohibit team org member assignment by @AlanCoding in #412
• More fixes from warnings in /docs/ page by @AlanCoding in #377
• RBAC: User can't delete self by @slemrmartin in #413
• Fetch is_superuser/is_system_auditor/groups for OIDC, Keycloak, SAML by @bhavenst in #399
• Introduce caching utility for lazy managed role references by @AlanCoding in #422
• disable POST in options for role definitions if custom roles disabled by @AlanCoding in #411
• Implement periodic sync command and functions. by @rochacbruno in #297
• disallow filtering by encrypted_fields by @BrennanPaciorek in #414

Full Changelog: 2024.5.23...2024.5.31

v2024.5.23

What's Changed

• Add back in debugging apps by @AlanCoding in #402
• Only check redis file settings if tls is enabled by @john-westcott-iv in #403
• Pin django-oauth-toolkit to 2.3.0 by @slemrmartin in #406
• Fix 500 on unintended endpoints and further refactor association router by @AlanCoding in #370
• Add file and unix URL support to the redis client by @john-westcott-iv in #381
• Add type hints for OAuth2 serializer method fields by @AlanCoding in #405
• Fix dir() giving wrong answer in autogenerated viewsets by @AlanCoding in #410
• [oauth2] Prevent filtering on client_secret by @relrod in #404
• Add a role metadata endpoint for clients by @AlanCoding in #238

Full Changelog: 2024.5.18...2024.5.23

v2024.5.18

What's Changed

• Move rest_filter default excludes to unconditional settings include by @AlanCoding in #398
• Re-apply fix broken in rebase error by @AlanCoding in #400

Full Changelog: 2024.5.17...2024.5.18