Change log

Version 1.1.0 [Unreleased]

Unreleased (Work in progress)

Version 1.0.2 [2022-12-05]


  • Made private storage backend configurable

  • Updated API views to use filterset_class instead of filter_class (required by django-filter==22.1)

  • Fixed organization cache bug in SAML ACS view: A forceful update of the user’s organization cache is done before performing post-login operations to avoid issues occurring due to outdated cache.

  • Added missing Furlan translation for sesame link validity

  • Use storage backend method for deleting RadiusBatch.csvfile: The previous implementation used the “os” module for deleting resisdual csv files. This causes issues when the project uses a file storage backend other than based on file system.

  • Added error handling in RadiusBatch admin change view: Accessing admin change view of a non-existent RadiusBatch object resulted in Server Error 500 because the DoesNotExist conditioned was not handled.

  • Load image using static() in RegisteredUserInline.get_is_verified

  • Use path URL kwarg in “serve_private_file” URL pattern

  • Honor DISPOSABLE_RADIUS_USER_TOKEN in accounting stop API view: The accounting stop REST API operation was not taking into account the OPENWISP_RADIUS_DISPOSABLE_RADIUS_USER_TOKEN setting when disabling the auth capability of the radius token.

Version 1.0.1 [2022-05-10]


  • Fixed a bug in the organization radius settings form which was causing it to not display some default values correctly

  • Fixed a bug in allowed mobile prefix implementation: the implementation was joining the globally allowed prefixes and the prefixes allowed at org level, with the result that disabling a prefix at org level was not possible

  • Called-station-ID command: log with warning instead of warn or error: - warn > warning (warn is deprecated) - use warning instead of errors for more temporary connection issues cases

Version 1.0.0 [2022-04-18]



Backward incompatible changes

  • Updated prefixes of REST API URLs:

    • API endpoints dedicated to FreeRADIUS have moved to /api/v1/freeradius/

    • the rest of the API endpoints have moved to /api/v1/radius/

  • Allowed username and phone_number in password reset API, the endpoint now accepts the “input” parameter instead of “email”

  • Removed customizations for checks and password hashing because they are unmaintained, any user needing these customizations is advised to implement them as a third party app

  • Improved REST API to change password: inherited PasswordChangeView of openwisp-users to add support for the current-password field in password change view


  • Added support for Django 3.2 and 4.0

  • Dropped support for Django 2.2

  • Upgraded celery to 5.2.x

  • Updated and tested Django REST Framework to 3.13.0

  • Added support for Python 3.8, 3.9

  • Removed support for Python 3.6

Other changes

  • Moved AccountingView to freeradius endpoints

  • Relaxed default values for the SMS token settings

  • Switched to new navigation menu and new OpenWISP theme

  • Allowed users to sign up to multiple organizations

  • Update username when phone number is changed if username is equal to the phone number

  • Update stop time and termination to None if status_type is Interim-Update

  • Send password reset emails using HTML theme: leverage the new openwisp-utils send_email function to send an HTML version of the reset password email based on the configurable email HTML theme of OpenWISP

  • Save the user preferred language in obtain and validate token views

  • Added validation check to prevent invalid username in batch user creation

  • Allowed to set the Password Reset URL setting via the admin interface

  • Added soft limits to celery tasks for background operations

  • Generalized the implementation of the fallback model fields which allow overriding general settings for each organization


  • Fixed login template of openwisp-admin-theme

  • Fixed swagger API docs collision with openwisp-users

  • Ensured each user can be member of a group only once

  • Radius check and reply should check for organization membership

  • ValidateAuthTokenView: show phone_number as null if None

  • Freeradius API: properly handle interaction between multiple orgs: an user trying to authorize using the authorization data of an org for which they are not member of must be rejected

  • Fixed radius user group creation with multiple orgs

  • Added validation of phone number uniqueness in the registration API

  • Fixed issues with translatable strings:

    • we don’t translate log lines anymore because these won’t be shown to end users

    • gettext does not work with fstrings, therefore the use of str.format() has been restored

    • improved some user facing strings

  • Fixed Accounting-On and Accounting-Of accounting requests with blank usernames

  • Delete any cached radius token key on phone number change

  • Fixed handling of interim-updates for closed sessions: added handling of “Interim-Updates” for RadiusAccounting sessions that are closed by OpenWISP when user logs into another organization

  • Flag user as verified in batch user creation

  • Added validation which prevents the creation of duplicated check/reply attributes

Version 0.2.1 [2020-12-14]


  • Increased openwisp-users and openwisp-utils versions to be consistent with the OpenWISP 2020-12 release

  • Increased dj-rest-auth to 2.1.2 and weasyprint to 52

Version 0.2.0 [2020-12-11]


  • Changing the phone number via the API now keeps track of previous phone numbers used by the user to comply with ISP legal requirements


  • Obtain Auth Token View API endpoint: added is_active attribute to response

  • Obtain Auth Token View API endpoint: if the user attempting to authenticate is inactive, the API will return HTTP status code 401 along with the auth token and is_active attribute

  • Validate Auth Token View API endpoint: added is_active, phone_number and email to response data

  • When changing phone number, user is flagged as inactive only after the phone token is created and sent successfully

  • All API endpoints related to phone token and SMS sending are now disabled (return 403 HTTP response) if SMS verification not enabled at organization level


  • Removed static() call from media assets

  • Fixed password reset for inactive users

  • Fixed default password reset URL value and added docs

  • Documentation: fixed several broken internal links

Version 0.1.0 [2020-09-10]

  • administration web interface

  • support for freeradius 3.0

  • multi-tenancy


  • integration with rlm_rest module of freeradius

  • possibility of registering new users via API

  • social login support

  • mobile phone verification via SMS tokens

  • possibility to import users from CSV files

  • possibility to generate users for events

  • management commands and/or celery tasks to perform clean up operations and periodic tasks

  • possibility to extend the base classes and swap models to add custom functionality without changing the core code