Change log¶
Version 1.0.2 [2022-12-05]¶
Bugfixes¶
Made private storage backend configurable
Updated API views to use
filterset_class
instead offilter_class
(required bydjango-filter==22.1
)Fixed organization cache bug in SAML ACS view: A forceful update of the user’s organization cache is done before performing post-login operations to avoid issues occurring due to outdated cache.
Added missing Furlan translation for sesame link validity
Use storage backend method for deleting
RadiusBatch.csvfile
: The previous implementation used the “os” module for deleting resisdual csv files. This causes issues when the project uses a file storage backend other than based on file system.Added error handling in RadiusBatch admin change view: Accessing admin change view of a non-existent RadiusBatch object resulted in Server Error 500 because the
DoesNotExist
conditioned was not handled.Load image using
static()
in RegisteredUserInline.get_is_verifiedUse
path
URL kwarg in “serve_private_file” URL patternHonor DISPOSABLE_RADIUS_USER_TOKEN in accounting stop API view: The accounting stop REST API operation was not taking into account the OPENWISP_RADIUS_DISPOSABLE_RADIUS_USER_TOKEN setting when disabling the auth capability of the radius token.
Version 1.0.1 [2022-05-10]¶
Bugfixes¶
Fixed a bug in the organization radius settings form which was causing it to not display some default values correctly
Fixed a bug in allowed mobile prefix implementation: the implementation was joining the globally allowed prefixes and the prefixes allowed at org level, with the result that disabling a prefix at org level was not possible
Called-station-ID command: log with warning instead of
warn
orerror
: - warn > warning (warn is deprecated) - use warning instead of errors for more temporary connection issues cases
Version 1.0.0 [2022-04-18]¶
Features¶
Allowed to login via API with email or phone number
Allowed freeradius authorize with email or phone number
Allowed the usage of subnets in OPENWISP_RADIUS_FREERADIUS_ALLOWED_HOSTS
Made the fields containing personal data of users which are exposed in the registration API configurable (allowed, mandatory, disabled) via the OPENWISP_RADIUS_OPTIONAL_REGISTRATION_FIELDS setting or the admin interface
Allow to disable registration API via the OPENWISP_RADIUS_REGISTRATION_API_ENABLED setting or the admin interface
Add identity verification feature, configurable via the OPENWISP_RADIUS_NEEDS_IDENTITY_VERIFICATION or via admin interface
Added utilities for implementing new registration and identity verification methods
Added captive portal mock views to ease development and debugging
Add possibility to filter users by registration method in the admin interface
Added SAML registration method to implement captive portal authentication via Single Sign On (SSO)
Added management command and celery task to delete unverified users
Added translations of user facing API responses in Italian, German, Slovenian and Furlan
Added Convert RADIUS accounting CALLED-STATION-ID feature, celery task and management command, with the possibility of triggering it on accounting creation (see OPENWISP_RADIUS_CONVERT_CALLED_STATION_ON_CREATE)
Added an equivalent of the FreeRADIUS sqlcounter feature to the REST API
Added emission of django signal to FreeRADIUS accounting view: radius_accounting_success
Added possibility to send email to the user an they start a new radius accounting session
Added organization level settings and related admin interface functionality to enable/disable SAML and social login:
Added setting to avoid updating username from SAML: OPENWISP_RADIUS_SAML_UPDATES_PRE_EXISTING_USERNAME
Changes¶
Backward incompatible changes¶
Updated prefixes of REST API URLs:
API endpoints dedicated to FreeRADIUS have moved to
/api/v1/freeradius/
the rest of the API endpoints have moved to
/api/v1/radius/
Allowed
username
andphone_number
in password reset API, the endpoint now accepts the “input” parameter instead of “email”Removed customizations for checks and password hashing because they are unmaintained, any user needing these customizations is advised to implement them as a third party app
Improved REST API to change password: inherited
PasswordChangeView
of openwisp-users to add support for the current-password field in password change view
Dependencies¶
Added support for Django 3.2 and 4.0
Dropped support for Django 2.2
Upgraded celery to 5.2.x
Updated and tested Django REST Framework to 3.13.0
Added support for Python 3.8, 3.9
Removed support for Python 3.6
Other changes¶
Moved AccountingView to freeradius endpoints
Relaxed default values for the SMS token settings
Switched to new navigation menu and new OpenWISP theme
Allowed users to sign up to multiple organizations
Update username when phone number is changed if username is equal to the phone number
Update stop time and termination to
None
ifstatus_type
isInterim-Update
Send password reset emails using HTML theme: leverage the new openwisp-utils send_email function to send an HTML version of the reset password email based on the configurable email HTML theme of OpenWISP
Save the user preferred language in obtain and validate token views
Added validation check to prevent invalid username in batch user creation
Allowed to set the Password Reset URL setting via the admin interface
Added soft limits to celery tasks for background operations
Generalized the implementation of the fallback model fields which allow overriding general settings for each organization
Bugfixes¶
Fixed login template of openwisp-admin-theme
Fixed swagger API docs collision with openwisp-users
Ensured each user can be member of a group only once
Radius check and reply should check for organization membership
ValidateAuthTokenView
: showphone_number
asnull
ifNone
Freeradius API: properly handle interaction between multiple orgs: an user trying to authorize using the authorization data of an org for which they are not member of must be rejected
Fixed radius user group creation with multiple orgs
Added validation of phone number uniqueness in the registration API
Fixed issues with translatable strings:
we don’t translate log lines anymore because these won’t be shown to end users
gettext
does not work with fstrings, therefore the use ofstr.format()
has been restoredimproved some user facing strings
Fixed Accounting-On and Accounting-Of accounting requests with blank usernames
Delete any cached radius token key on phone number change
Fixed handling of interim-updates for closed sessions: added handling of “Interim-Updates” for RadiusAccounting sessions that are closed by OpenWISP when user logs into another organization
Flag user as verified in batch user creation
Added validation which prevents the creation of duplicated check/reply attributes
Version 0.2.1 [2020-12-14]¶
Changes¶
Increased openwisp-users and openwisp-utils versions to be consistent with the OpenWISP 2020-12 release
Increased dj-rest-auth to 2.1.2 and weasyprint to 52
Version 0.2.0 [2020-12-11]¶
Features¶
Changing the phone number via the API now keeps track of previous phone numbers used by the user to comply with ISP legal requirements
Changes¶
Obtain Auth Token View API endpoint: added
is_active
attribute to responseObtain Auth Token View API endpoint: if the user attempting to authenticate is inactive, the API will return HTTP status code 401 along with the auth token and
is_active
attributeValidate Auth Token View API endpoint: added
is_active
,phone_number
andemail
to response dataWhen changing phone number, user is flagged as inactive only after the phone token is created and sent successfully
All API endpoints related to phone token and SMS sending are now disabled (return 403 HTTP response) if SMS verification not enabled at organization level
Bugfixes¶
Removed
static()
call from media assetsFixed password reset for inactive users
Fixed default password reset URL value and added docs
Documentation: fixed several broken internal links
Version 0.1.0 [2020-09-10]¶
administration web interface
support for freeradius 3.0
multi-tenancy
REST API
integration with rlm_rest module of freeradius
possibility of registering new users via API
social login support
mobile phone verification via SMS tokens
possibility to import users from CSV files
possibility to generate users for events
management commands and/or celery tasks to perform clean up operations and periodic tasks
possibility to extend the base classes and swap models to add custom functionality without changing the core code