Skip to content

Latest commit

 

History

History
532 lines (300 loc) · 41.7 KB

CHANGELOG.md

File metadata and controls

532 lines (300 loc) · 41.7 KB

Changelog

2.164.0 (2024-11-13)

Features

  • return validation failed error if captcha request was not json (#1815) (26d2e36)

Bug Fixes

  • add error codes to refresh token flow (#1824) (4614dc5)
  • add test coverage for rate limits with 0 permitted events (#1834) (7c3cf26)
  • correct web authn aaguid column naming (#1826) (0a589d0)
  • default to files:read scope for Figma provider (#1831) (9ce2857)
  • improve error messaging for http hooks (#1821) (fa020d0)
  • make drop_uniqueness_constraint_on_phone idempotent (#1817) (158e473)
  • possible panic if refresh token has a null session_id (#1822) (a7129df)
  • rate limits of 0 take precedence over MAILER_AUTO_CONFIRM (#1837) (cb7894e)

2.163.2 (2024-10-22)

Bug Fixes

2.163.1 (2024-10-22)

Bug Fixes

2.163.0 (2024-10-15)

Features

Bug Fixes

  • add twilio verify support on mfa (#1714) (aeb5d8f)
  • email header setting no longer misleading (#1802) (3af03be)
  • enforce authorized address checks on send email only (#1806) (c0c5b23)
  • fix getExcludedColumns slice allocation (#1788) (7f006b6)
  • Fix reqPath for bypass check for verify EP (#1789) (646dc66)
  • inline mailme package for easy development (#1803) (fa6f729)

2.162.2 (2024-10-05)

Bug Fixes

2.162.1 (2024-10-03)

Bug Fixes

  • bypass check for token & verify endpoints (#1785) (9ac2ea0)

2.162.0 (2024-09-27)

Features

  • add support for migration of firebase scrypt passwords (#1768) (ba00f75)

Bug Fixes

  • apply authorized email restriction to non-admin routes (#1778) (1af203f)
  • magiclink failing due to passwordStrength check (#1769) (7a5411f)

2.161.0 (2024-09-24)

Features

Bug Fixes

  • add additional information around errors for missing content type header (#1576) (c2b2f96)
  • add token to hook payload for non-secure email change (#1763) (7e472ad)
  • update aal requirements to update user (#1766) (25d9874)
  • update mfa admin methods (#1774) (567ea7e)
  • user sanitization should clean up email change info too (#1759) (9d419b4)

2.160.0 (2024-09-02)

Features

Bug Fixes

2.159.2 (2024-08-28)

Bug Fixes

2.159.1 (2024-08-23)

Bug Fixes

  • return oauth identity when user is created (#1736) (60cfb60)

2.159.0 (2024-08-21)

Features

Bug Fixes

2.158.1 (2024-08-05)

Bug Fixes

2.158.0 (2024-07-31)

Features

Bug Fixes

  • maintain backward compatibility for asymmetric JWTs (#1690) (0ad1402)
  • MFA NewFactor to default to creating unverfied factors (#1692) (3d448fa)
  • minor spelling errors (#1688) (6aca52b), closes #1682
  • treat GOTRUE_MFA_ENABLED as meaning TOTP enabled on enroll and verify (#1694) (8015251)
  • update mfa phone migration to be idempotent (#1687) (fdff1e7)

2.157.0 (2024-07-26)

Features

2.156.0 (2024-07-25)

Features

  • add is_anonymous claim to Auth hook jsonschema (#1667) (f9df65c)

Bug Fixes

  • restrict autoconfirm email change to anonymous users (#1679) (b57e223)

2.155.6 (2024-07-22)

Bug Fixes

2.155.5 (2024-07-19)

Bug Fixes

  • check password max length in checkPasswordStrength (#1659) (1858c93)
  • don't update attribute mapping if nil (#1665) (7e67f3e)
  • refactor mfa models and add observability to loadFactor (#1669) (822fb93)

2.155.4 (2024-07-17)

Bug Fixes

  • treat empty string as nil in encrypted_password (#1663) (f99286e)

2.155.3 (2024-07-12)

Bug Fixes

2.155.2 (2024-07-12)

Bug Fixes

  • improve session error logging (#1655) (5a6793e)
  • omit empty string from name & use case-insensitive equality for comparing SAML attributes (#1654) (bf5381a)
  • set rate limit log level to warn (#1652) (10ca9c8)

2.155.1 (2024-07-04)

Bug Fixes

  • apply mailer autoconfirm config to update user email (#1646) (a518505)
  • check for empty aud string (#1649) (42c1d45)
  • return proper error if sms rate limit is exceeded (#1647) (3c8d765)

2.155.0 (2024-07-03)

Features

  • add password_hash and id fields to admin create user (#1641) (20d59f1)

Bug Fixes

2.154.2 (2024-06-24)

Bug Fixes

  • publish to ghcr.io/supabase/auth (#1626) (930aa3e), closes #1625
  • revert define search path in auth functions (#1634) (155e87e)
  • update MaxFrequency error message to reflect number of seconds (#1540) (e81c25d)

2.154.1 (2024-06-17)

Bug Fixes

2.154.0 (2024-06-12)

Features

Bug Fixes

2.153.0 (2024-06-04)

Features

  • add SAML specific external URL config (#1599) (b352719)
  • add support for verifying argon2i and argon2id passwords (#1597) (55409f7)
  • make the email client explicity set the format to be HTML (#1149) (53e223a)

Bug Fixes

2.152.0 (2024-05-22)

Features

  • new timeout writer implementation (#1584) (72614a1)
  • remove legacy lookup in users for one_time_tokens (phase II) (#1569) (39ca026)
  • update chi version (#1581) (c64ae3d)
  • update openapi spec with identity and is_anonymous fields (#1573) (86a79df)

Bug Fixes

2.151.0 (2024-05-06)

Features

  • refactor one-time tokens for performance (#1558) (d1cf8d9)

Bug Fixes

2.150.1 (2024-04-28)

Bug Fixes

2.150.0 (2024-04-25)

Features

  • add support for Azure CIAM login (#1541) (1cb4f96)
  • add timeout middleware (#1529) (f96ff31)
  • allow for postgres and http functions on each extensibility point (#1528) (348a1da)
  • merge provider metadata on link account (#1552) (bd8b5c4)
  • send over user in SendSMS Hook instead of UserID (#1551) (d4d743c)

Bug Fixes

  • return error if session id does not exist (#1538) (91e9eca)

2.149.0 (2024-04-15)

Features

  • refactor generate accesss token to take in request (#1531) (e4f2b59)

Bug Fixes

2.148.0 (2024-04-10)

Features

2.147.1 (2024-04-09)

Bug Fixes

  • add validation and proper decoding on send email hook (#1520) (e19e762)
  • remove deprecated LogoutAllRefreshTokens (#1519) (35533ea)

2.147.0 (2024-04-05)

Features

2.146.0 (2024-04-03)

Features

Bug Fixes

2.145.0 (2024-03-26)

Features

Bug Fixes

  • add http support for https hooks on localhost (#1484) (5c04104)
  • cleanup panics due to bad inactivity timeout code (#1471) (548edf8)
  • docs: remove bracket on file name for broken link (#1493) (96f7a68)
  • impose expiry on auth code instead of magic link (#1440) (35aeaf1)
  • invalidate email, phone OTPs on password change (#1489) (960a4f9)
  • move creation of flow state into function (#1470) (4392a08)
  • prevent user email side-channel leak on verify (#1472) (311cde8)
  • refactor email sending functions (#1495) (285c290)
  • refactor factor_test to centralize setup (#1473) (c86007e)
  • refactor mfa challenge and tests (#1469) (6c76f21)
  • Resend SMS when duplicate SMS sign ups are made (#1490) (73240a0)
  • unlink identity bugs (#1475) (73e8d87)

2.144.0 (2024-03-04)

Features

  • add configuration for custom sms sender hook (#1428) (1ea56b6)
  • anonymous sign-ins (#1460) (130df16)
  • clean up test setup in MFA tests (#1452) (7185af8)
  • pass transaction to invokeHook, fixing pool exhaustion (#1465) (b536d36)
  • refactor resource owner password grant (#1443) (e63ad6f)
  • use dummy instance id to improve performance on refresh token queries (#1454) (656474e)

Bug Fixes

  • expose provider under amr in access token (#1456) (e9f38e7)
  • improve MFA QR Code resilience so as to support providers like 1Password (#1455) (6522780)
  • refactor request params to use generics (#1464) (e1cdf5c)
  • revert refactor resource owner password grant (#1466) (fa21244)
  • update file name so migration to Drop IP Address is applied (#1447) (f29e89d)

2.143.0 (2024-02-19)

Features

Bug Fixes

2.142.0 (2024-02-14)

Features

2.141.0 (2024-02-13)

Features

2.140.0 (2024-02-13)

Features

  • deprecate existing webhook implementation (#1417) (5301e48)
  • update publish.yml checkout repository so there is access to Dockerfile (#1419) (7cce351)

2.139.2 (2024-02-08)

Bug Fixes

  • improve perf in account linking (#1394) (8eedb95)
  • OIDC provider validation log message (#1380) (27e6b1f)
  • only create or update the email / phone identity after it's been verified (#1403) (2d20729)
  • only create or update the email / phone identity after it's been verified (again) (#1409) (bc6a5b8)
  • unmarshal is_private_email correctly (#1402) (47df151)
  • use pattern for semver docker image tags (#1411) (14a3aeb)

Reverts

  • "fix: only create or update the email / phone identity after i… (#1407) (ff86849)