Skip to content

v2.6 🦣
Compare
Choose a tag to compare
@github-actions github-actions released this 22 Feb 12:10
· 238 commits to master since this release
v2.6
1d25386
This commit was signed with the committer’s verified signature.
LukasKalbertodt Lukas Kalbertodt
GPG key ID: AA5025CF1CC85754
Learn about vigilant mode.

What's Changed

Breaking changes ⚠

With this release, the auth system was restructured to be more flexible, convenient and powerful. All previous "auth modes" are still supported and you don't have to change anything apart from the Tobira config file! See the "Migration" section at the bottom of these release notes. As part of this, the documentation about auth was reworked. See those new docs or this PR for more information.

  • Remove auth.mode in favor of auth.source plus auth.session.*
  • Move auth.session_duration to auth.session.duration
  • Remove a auth.*_header configs. These were not useful, see this commit for the reasoning.
  • Move role-related configs into auth.roles. That's moderator_role, upload_role, studio_role, editor_role, user_realm_role, and user_role_prefixes.
  • Always add ROLE_ANONYMOUS and ROLE_USER to logged in users. Technically a breaking change, but this should always be the case. It might not have been in the past if fauly auth integrations forgot to add those roles.

Apart from the auth related changes, there are two other breaking changes:

  • Tobira moderators (ROLE_TOBIRA_MODERATOR) cannot edit all pages anymore. Only ROLE_ADMIN can do that implicitly. To retain the old behavior, add ROLE_TOBIRA_MODERATOR as "page admin" to the home page. (You might have to add a "known group" for that purpose.)
  • The libc requirement for the tobira-x86_64-unknown-linux-gnu binary increased to 2.31 (which is Ubuntu 20.04 kind of old). If this is a problem for you, you an always use the -musl build.

User-facing changes

  • Add granular permissions to the page tree in #1097
    • This allows you to give users access to only parts of the page tree. Access is inherited down the tree, meaning that giving a user access to one page means that user also has access to all sub-pages. There are two levels of permissions: page admin (can do everything) and moderator (cannot delete the page, change its path, or change access rules).
  • Add configurable "terms and conditions" popup in #1112
    • Useful in combination with the added basic Matomo integration.
  • Update Paella and add support for fallback fullscreen mode on iOS in #1113
  • Revise download menu listitems in #1111
  • Add arrow navigation to remaining popover menus in #1001
  • Fix overlarge thumbnails in series slider view in #1078
  • Group edit series options by @geichelberger in #1079
  • Left align "about tobira" page content in #1084
  • Add breadcrumbs to series pages in #1085
  • Make logout button work with keyboard in #1083
  • Hide child list in "change order" UI if sorted alphabetically in #1105
  • Fix login page redirect when login_link is not configured in #1117
  • Extend edit series block by @geichelberger in #1058
  • Change edit series block label "layout" to "Metadata" in #1076

Changes primarily for admins

  • Add auth callbacks in #1032
    • This is a new way to include your custom auth logic with Tobira. It is preferred over the existing "auth header" solution for several reasons. It usually makes setup a lot easier and the whole system faster. See the new auth docs for more information.
  • Add initial support for Matomo data collection via Paella player in #1099
  • Fix bug in auth.mode = "opencast" in #1109
  • Fix deserialization bug for harvesting in special cases in #1109
  • Add logging of useful DB server information in #1089
  • Future proof harvest sync code for new items in #1115

Changes primarily for developers

  • Add url field to routes to build path and use it everywhere in #1035
  • Split ci action into two jobs to start deploy faster in #1073
  • Actually pass relevant options through to start-dev.sh by @JulianKniephoff in #1104
  • Stop using non-existent Roboto fonts in Paella in #1106
  • Add realm ACL roles to db dump in #1110

Full Changelog: v2.5...v2.6

Migration

This section should make the it easy to adjust to the auth system changes that replace auth.mode. Be sure to check the other breaking changes as well.

You currently have auth.mode = ...

"opencast"

[auth]
source = "tobira-session"
session.from_login_credentials = "opencast"

"login-proxy"

[auth]
source = "tobira-session"
session.from_session_endpoint = "trust-auth-headers"

Consider migrating to login callbacks.

"full-auth-proxy"

[auth]
source = "trust-auth-headers"

Consider migrating to auth callbacks.

Contributors

JulianKniephoff and geichelberger
Assets 5