mirrors/flexisip-account-manager
1
0
Fork 0
mirror of https://gitlab.linphone.org/BC/public/flexisip-account-manager.git synced 2026-01-17 01:58:07 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix FLEXIAPI-396 Remove the CHANGELOG.md file (redundant with the Git history)...

Browse source
This commit is contained in:
Timothée Jaussoin 2025-10-07 10:04:37 +00:00
parent d9b0f83e5d
commit 84fdb380d7
2 changed files with 126 additions and 366 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

350
CHANGELOG.md
View file

@ -1,240 +1,142 @@
# Flexisip Account Manager Changelog
# Releases
v2.0
----
- Fix FLEXIAPI-371 Add documentation for the Wizard page
- Fix FLEXIAPI-205 Remove the deprecated endpoints, compatibility code documentation and tests. Drop the confirmation_key accounts column and activation_expirations table
- Fix FLEXIAPI-206 Upgrade to Laravel 10, PHP 8.1 minimum and bump all the related dependencies, drop Debian 11 Bullseye
- Fix FLEXIAPI-220 Migrate SIP Domains to Spaces
- Fix GH-15 Add password import from CSV
- Fix FLEXIAPI-242 Add stricter validation for the AccountCreationToken Push Notification endpoint
- Fix FLEXIAPI-241 Add a /push-notification endpoint to send custom push notifications to the Flexisip Pusher
- Fix FLEXIAPI-244 Remove faulty middleware
- Fix FLEXIAPI-250 Allow Spaces to be declared without a subdomain
- Fix FLEXIAPI-252 Update the hCaptcha Laravel library, use file instead of cookies to store the session to prevent empty errors bags
- Fix FLEXIAPI-254 Allow no data on POST requests to not trigger the ValidateJSON middleware
- Fix FLEXIAPI-255 Create a INSTALL.md tutorial and log FlexisipPusherConnector errors
- Fix FLEXIAPI-257 Return a more coherent message when search API endpoints returns a 404
- Fix FLEXIAPI-260 Return 404 and not 403 if the contact is already in the list or missing when removing it
- Fix FLEXIAPI-262 Bypass the JWT auth if we have an API Key
- Fix FLEXIAPI-264 Add -k|api_key_ip parameter to accounts:create-admin-account to set/clear the related API Key restriction
- Fix FLEXIAPI-256 Publish an empty string while deleting a device on Redis to force the refresh on the other clients
- Fix FLEXIAPI-268 Allow pn-param in Apple format for the push notifications endpoints
- Fix FLEXIAPI-269 Update the IsNotPhoneNumber rule to use a better phone number validator
- Fix FLEXIAPI-258 Move DotEnv instance configurations in the Spaces table
- Fix FLEXIAPI-270 Call the static $apnsTypes attribute in FlexisipPusherConnector
- Fix FLEXIAPI-271 Handle properly reversed attributes in objects
- Fix FLEXIAPI-237 Add internationalisation support in the app
- Fix FLEXIAPI-261 Remove the TURN part in the XML provisioning (and only keep the API endpoint)
- Fix FLEXIAPI-275 Add names in Spaces
- Fix FLEXIAPI-278 Complete and reorganize the Markdown documentation
- Fix FLEXIAPI-233 Add External Accounts (new version)
- Fix FLEXIAPI-277 Restrict authorized ini keys that can be set to prevent conflict with the existing ones set in the UI
- Fix FLEXIAPI-272 Add Space based email server integration
- Fix FLEXIAPI-284 Add configurable admin API Keys
- Fix FLEXIAPI-232 Add provisioning email + important redesign of the contacts page
- Fix FLEXIAPI-287 Refactor the emails templates
- Fix FLEXIAPI-286 Send an account_recovery_token using a push notification and protect the account recovery using phone page with the account_recovery_token
- Fix FLEXIAPI-293 Remove the (long) outdated general documentation
- Fix FLEXIAPI-224 Add a console script to send Space Expiration emails
- Fix FLEXIAPI-297 Fix PrId and CallId validations
- Fix FLEXIAPI-305 Add specific error page for Space Expiration
- Fix FLEXIAPI-169 Added missing selinux label to log files and storage directory
- Fix FLEXIAPI-313 Fix the admin device deletion link, recover the missing...
- Fix FLEXIAPI-318 Fix email recovery validation
- Fix FLEXIAPI-319 Fix the admin device deletion link, recover the missing method
- Fix FLEXIAPI-321 Disable the account creation button when the Space is full for admins
- Fix FLEXIAPI-322 Api Keys documentation
- Fix FLEXIAPI-328 Set realm on Space creation, limit the update if some accounts are present
- Fix FLEXIAPI-325 Add endpoints to send the password reset and provisioning emails
- Fix FLEXIAPI-332 Check if the first line was untouched and that the number of columns is exact on each lines
- Fix FLEXIAPI-329 Use correct routes for accounts devices
- Fix FLEXIAPI-330 Remove the ConfirmedRegistration email and related code
- Fix FLEXIAPI-324 Add an app setup wizard page
- Fix FLEXIAPI-335 Safari rendering issues with font icons
- Fix FLEXIAPI-336 Fix broken ph icons
- Fix FLEXIAPI-333 Remove HTML buttons because they cannot be rendered in "old" Outlook versions
- Fix FLEXIAPI-337 Generate the provisioning URLs based on the user space
- Fix FLEXIAPI-326 Rework email templates and translations
- Fix FLEXIAPI-340 Fix the space resolution when getting the realm on Accounts
- Fix FLEXIAPI-341 Allow realm to be empty when creating a Space
- Fix FLEXIAPI-342 Enforce password change when the External Account domain is changed
- Fix FLEXIAPI-346 Complete the supporting text for the provisioning ini field
- Fix FLEXIAPI-350 Fix wrongly assigned variables in some views
- Fix FLEXIAPI-351 Fix import of CSV generated on Windows
- Fix FLEXIAPI-352 Add missing errors box in the password change form
- Fix FLEXIAPI-356 Cleanup and reorganize the pipeline to mutualize some things and save time
- Fix FLEXIAPI-355 Add withoutGlobalScope() to the Account ContactVcardList resolver
- Fix FLEXIAPI-354 Fix contact deletion
- Fix FLEXIAPI-360 Add rules on some jobs to only run them in the Gitlab pipeline when needed
- Fix FLEXIAPI-362 Return an empty object and not an empty array in the vcards-storage index endpoint to prevent some parsing issues in the clients
- Fix FLEXIAPI-312 Add Redis publish event when updating the externalAccount to ping the Flexisip B2BUA
- Fix FLEXIAPI-363 Send the Redis publish event when the externalAccount is deleted to ping the Flexisip B2BUA
- Fix FLEXIAPI-364 Fix a faulty redirection in the ExternalAccount controller
- Fix FLEXIAPI-361 Prepare the 2.0 release
- Fix FLEXIAPI-372 Remove SESSION_DRIVER and CACHE_DRIVER and enforce them to file
- Fix FLEXIAPI-375 Fix VcardsStorage table UUID size, recover the UUID from the stored vCard
- Fix FLEXIAPI-378 Return a valid JSON containing the vCard and not the raw vCard in VcardsStorage controller
- Fix FLEXIAPI-385 Use domains and not hosts in the EmailServer endpoints as defined in the API documentation
- Fix FLEXIAPI-391 Add missing account view attribute in the actions.delete view
- Fix FLEXIAPI-392 Fix the recover_by_code view and use the account space object
- Fix FLEXIAPI-394 Apply SpaceCheck on all the pages and URLs, backport from 2.1
All notable changes to this project will be documented in this file.
v1.6
----
- Fix FLEXIAPI-192 Add DotEnv configuration to allow the expiration of tokens and codes in the app
- Fix FLEXIAPI-196 Add a phone validation system by country code with configuration panels and related tests and documentation
- Fix FLEXIAPI-203 Implement domain based Linphone configuration, add documentation, complete API endpoints, complete provisioning XML
- Fix FLEXIAPI-208 Add SMS templates documentation
- Fix FLEXIAPI-211 Add a JSON validation middleware + test
- Fix FLEXIAPI-212 Add CoTURN credentials support in the provisioning
- Fix FLEXIAPI-213 Add TURN credentials support in the API as defined in draft-uberti-behave-turn-rest-00
- Fix FLEXIAPI-216 Implement the RFC 8898 partially... for HTTP
- Fix FLEXIAPI-239 Ensure to return the correct error codes as stated in the RFC6750 section 3.1
- Fix FLEXIAPI-238 Replace Material Icons with Phosphor
- Fix FLEXIAPI-240 Update the Docker images
The format is based on [Keep a Changelog](https://keepachangelog.com/).
v1.5
---
- Fix FLEXIAPI-202 Add account parameter to the redirection in the destroy admin route
- Fix FLEXIAPI-195 Fix LiblinphoneTesterAccoutSeeder to fit with the latest Account related changes
- Fix FLEXIAPI-193 Typo
- Fix FLEXIAPI-192 Clear and upgrade properly the account dictionary entries if the entries are already existing
- Fix FLEXIAPI-191 Add quotes for the pn-prid parameter in FlexisipPusherConnector
- Fix FLEXIAPI-186 Ensure that empty objects are serialized in JSON as objects and not empty arrays
- Fix FLEXIAPI-185 Return null if the account dictionary is empty in the API
- Fix FLEXIAPI-184 Append phone_change_code and email_change_code to the admin /accounts/<id> endpoint if they are available
- Fix FLEXIAPI-183 Complete the account hooks on the dictionnary actions
- Fix FLEXIAPI-182 Replace APP_SUPER_ADMINS_SIP_DOMAINS with a proper spaces table, API endpoints, UI panels, console command, tests and documentation
- Fix FLEXIAPI-181 Replace APP_ADMINS_MANAGE_MULTI_DOMAINS with APP_SUPER_ADMINS_SIP_DOMAINS
- Fix FLEXIAPI-180 Fix the token and activation flow for the provisioning with token endpoint when the header is missing
- Fix FLEXIAPI-179 Add Localization support as a Middleware that handles Accept-Language HTTP header
- Fix FLEXIAPI-178 Show the unused code in the Activity tab of the accounts in the admin panel
- Fix FLEXIAPI-177 Complete vcards-storage and devices related endpoints with their User/Admin ones
- Fix FLEXIAPI-176 Improve logs for the deprecated endpoints and AccountCreationToken related serialization
- Fix FLEXIAPI-175 and FLEXISIP-231 Rewrite the Redis contacts parser to handle properly SIP uris (thanks @thibault.lemaire !)
- Fix FLEXIAPI-174 Check if the phone is valid before trying to recover it (deprecated endpoint)
- Fix FLEXIAPI-173 Wrong route in validateEmail (deprecated)
- Fix FLEXIAPI-171 Fix README documentation for CreateAdminAccount
- Fix FLEXIAPI-170 Fix undefined variable apiKey in CreateAdminAccount
- Fix FLEXIAPI-168 Add POST /accounts/me/email to confirm the email change
- Fix FLEXIAPI-167 Add the handling of a custom identifier for the JWT tokens on top of the email one
- Fix FLEXIAPI-166 Reimplement the deprecated email validation URL
- Fix FLEXIAPI-165 Remove for now text/vcard header constraint
- Fix FLEXIAPI-164 Add vcards-storage endpoints
- Fix FLEXIAPI-163 Complete AccountService hooks
- Fix FLEXIAPI-162 Drop the aliases table and migrate the data to the phone column
- Fix FLEXIAPI-161 Complete the Dictionary tests to cover the collection accessor
- Fix FLEXIAPI-159 Add the account_creation_tokens/consume endpoint
- Fix FLEXIAPI-158 Restrict the phone number change API endpoint to return 403 if the account doesn't have a validated Account Creation Token
- Fix FLEXIAPI-156 Disable the Phone change web form when PHONE_AUTHENTICATION is disabled
- Fix FLEXIAPI-155 Add a new accountServiceAccountUpdatedHook and accountServiceAccountDeletedHook
- Fix FLEXIAPI-153 Add phone and email to be changed in the Activity panel
- Fix FLEXIAPI-152 API Key usage clarification
- Fix FLEXIAPI-151 Migrate to hCaptcha
- Fix FLEXIAPI-150 Use the same account_id parameter for both API and Web routes
- Fix FLEXIAPI-149 Add a toggle to disable phone check on username for admin endpoints and forms
- Fix FLEXIAPI-148 Reuse AccountService in the POST /api/accounts admin endpoint
- FIX FLEXIAPI-146 Allow users to manage their own devices
- Fix FLEXIAPI-145 Put back the 'code' parameter as an alias for the 'confirmation_key' for the activateEmail and activatePhone endpoints
- Fix FLEXIAPI-144 Introduce APP_FLEXISIP_PUSHER_FIREBASE_KEYSMAP as a replacement for APP_FLEXISIP_PUSHER_FIREBASE_KEY
- Fix FLEXIAPI-143 JWT Authentication layer on the API
- Fix FLEXIAPI-142 PUT /accounts endpoint doesn't allow overiding values anymore
- Fix FLEXIAPI-140 Fix the display_name attribute in the Vcard4 render
- Fix FLEXIAPI-139 Refactor the email and phone API documentation
- Fix FLEXIAPI-138 Add ip and user_agent columns to all the tokens and code tables, fill the values when required and display them in the admin
- Fix FLEXIAPI-136 Refactor the Web Panel toggle mechanism and move it to a proper Middleware
- Fix FLEXIAPI-135 Merge the admins table in the accounts table
- Fix FLEXIAPI-134 Add a system to detect and block abusive accounts
- Fix FLEXIAPI-133 Use the correct breadcrumb on create and fix a password
- Fix FLEXIAPI-132 Refactor the Provisioning to remove proxy_default_values
- Fix #143 Ensure that the ProvisioningToken model behave likes all the other Consommable
- Fix #141 Add a new hook system for the Account Service
- Fix #138 Add a dictionary attached to the accounts
- Fix #137 Migrate the icons from Material Icons to Material Symbols
- Fix #135 Refactor the password algorithms code
- Fix #134 Create an Activity view in the Admin > Accounts panel
- Fix #133 Make the MySQL connection unstrict
- Fix #132 Move the provisioning_tokens and recovery_codes to dedicated table
- Fix #130 Drop the group column in the Accounts table
## [2.0]
v1.4.9
------
- Complete the missing changelog
### Added
v1.4.8
------
- Fix FLEXIAPI-166 Reimplement the deprecated email validation URL
- Fix FLEXIAPI-140 Select the display_name attribute from the database to inject...
- **Spaces:** A new way to manage your SIP domains and hosts. A Space is defined by a unique SIP Domain and Host pair.
- **New mandatory DotEnv variable** `APP_ROOT_HOST`, replaces `APP_URL` and `APP_SIP_DOMAIN` that are now configured using the new dedicated Artisan script. It defines the root hostname where all the Spaces will be configured. All the Spaces will be as subdomains of `APP_ROOT_HOST` except one that can be equal to `APP_ROOT_HOST`. Example: if `APP_ROOT_HOST=myhost.com` the Spaces hosts will be `myhost.com`, `alpha.myhost.com` , `beta.myhost.com`...
- **New DotEnv variable:** `APP_ACCOUNT_RECOVERY_TOKEN_EXPIRATION_MINUTES=0` Number of minutes before expiring the recovery tokens
- **New Artisan script** `php artisan spaces:create-update {sip_domain} {host} {name} {--super}`, replaces `php artisan sip_domains:create-update {sip_domain} {--super}`. Can create a Space or update a Space Host base on its Space SIP Domain.
- **Push Notification endpoint** Add a /push-notification endpoint to send custom push notifications to the Flexisip Pusher
- **Add internationalisation support in the app** The web panels are now available in French and English
- **Add External Accounts** In the API and web panels, allowing users to setup an external account that can be used in another service like the B2BUA
- **Add configurable admin API Keys** Allowing admins to setup non-expiring services API Keys
- **Add provisioning email** A user can now receive a custom generated email with all the provisioning related information
- **Add API endpoints to send the password reset and provisioning emails**
- **Add an app setup wizard page** Static web page inviting the users to download the app if it is not installed yet
v1.4.7
------
- Fix FLEXIAPI-175 and FLEXISIP-231 Rewrite the Redis contacts parser to handle properly SIP uris (thanks @thibault.lemaire !)
### Changed
v1.4.6
------
- Fix FLEXIAPI-142 PUT /accounts endpoint doesn't allow overiding values anymore
- Fix typos and dependencies
- **Complete and reorganize the Markdown documentation**
- **Refactor the emails templates** All the emails were modernized and are now generated in HTML
v1.4.5
------
- Fix FLEXIAPI-132 Refactor the Provisioning to remove proxy_default_values
### Removed
v1.4.4
------
- Fix FLEXIAPI-136 Refactor the Web Panel toggle mechanism and move it to a proper Middleware
- **Remove the deprecated endpoints** The endpoints inherited from XMLRPC are now completely removed, the following variable can be removed:
- APP_DANGEROUS_ENDPOINTS
- APP_PROJECT_URL
- **Removing and moving DotEnv instance environnement variables to the Spaces** The following DotEnv variables were removed. You can now configure them directly in the designated spaces after the migration.
- INSTANCE_COPYRIGHT
- INSTANCE_INTRO_REGISTRATION
- INSTANCE_CONFIRMED_REGISTRATION_TEXT
- INSTANCE_CUSTOM_THEME
- WEB_PANEL
- PUBLIC_REGISTRATION
- PHONE_AUTHENTICATION
- DEVICES_MANAGEMENT
- INTERCOM_FEATURES
- NEWSLETTER_REGISTRATION_ADDRESS
- ACCOUNT_PROXY_REGISTRAR_ADDRESS
- ACCOUNT_TRANSPORT_PROTOCOL_TEXT
- ACCOUNT_REALM
- ACCOUNT_PROVISIONING_RC_FILE
- ACCOUNT_PROVISIONING_OVERWRITE_ALL
- ACCOUNT_PROVISIONING_USE_X_LINPHONE_PROVISIONING_HEADER
- **Enforce the session and cache in the configuration** The following variables can be removed from your DotEnv file as well:
- SESSION_DRIVER
- CACHE_DRIVER
v1.4.3
------
- Fix FLEXIAPI-133 Use the correct breadcrumb on create and fix a password update related issue on update
### Migrate from [1.6]
v1.4.2
------
- Fix #135 Refactor the password algorithms code
1. Deploy the new version and migrate the database.
v1.4.1
------
- Fix #133 Make the MySQL connection unstrict
```
php artisan migrate
```
v1.4
----
- Redesign and refactoring of the main UI and panel flows
- Complete the statistics and add a specific API to get usage statistics from FlexiAPI
- Removal of XMLRPC
- Add RockyLinux 9 support
- Add Debian 12 to CI
- Fix #122 Add a new console command CreateFirstAdmin
- Fix #121 Only apply throttling to redeemed tokens
- Fix #123 Define a proper documentation for the provisioning flow
- Fix #124 Return 404 when the account is already provisioned or the provisioning_token not valid
- Fix #125 Remove the External Accounts feature
- Fix #19 Set all the ERROR confirmation_key to null in the accounts table
2. Set `APP_ROOT_HOST` in `.env` or as an environnement variable. And remove `APP_URL` and `APP_SIP_DOMAIN`
v1.3
----
- Fix #90 Deploy packages from release branches as well
- Fix #58 Fix the packaging process to use git describe as a reference
- Fix #58 Move the generated packages in the build directory, and fix the release and version format in the .spec
- Fix #58 Refactor and cleanup the .gitlab-ci file
- Move the minimum PHP version to 8.0
- Fix #47 Move the docker to an external repository
- Fix #83 Add php-redis-remi package
- Fix #85 Also package php-pecl-igbinary and php-pecl-msgpack from remi
- Fix #84 Remove CentOS7 from the pipeline
- Fix #80 Inject provisioning link and QRCode in the default email with a password_reset parameter
- Fix #79 Add a refresh_password parameter to the provisioning URLs
- Fix #78 Add a APP_ACCOUNTS_EMAIL_UNIQUE environnement setting
- Fix #30 Remove APP_EVERYONE_IS_ADMIN
```
APP_ROOT_HOST=myhost.com
```
v1.2
----
3. The migration script will automatically copy the `sip_domain` into `host` in the `spaces` table. You then have to "fix" the hosts and set them to equal or be subdomains of `APP_ROOT_HOST`.
- Introduce FlexiAPI built on Laravel to replace XMLRPC
- Deprecates XMLRPC (will be removed in the 2.0 release)
- Create a REST API to manage the accounts, related features and provisioning
- Create a user web panel for their account management, currently in testing phase (unstable)
- Create an admin web panel to manage accounts and related features
- Allow accounts to be exported as ExternalAccounts and imported in another Flexisip Account Manager instance
- Add various artisan console commands to maintain the data (cleaning up, importing, exporting, seeding)
- Add unit tests for the FlexiAIP REST API
- Rebuild the existing database using the Laravel migration scripts
```
php artisan spaces:create-update my.sip myhost.com "My Super Space" --super # You can set some Spaces as SuperSpaces, the admin will be able to manage the other spaces
php artisan spaces:create-update alpha.sip alpha.myhost.com "Alpha Space"
php artisan spaces:create-update beta.sip beta.myhost.com "Beta Space"
...
```
4. Configure your web server to point the `APP_ROOT_HOST` and subdomains to the app. See the related documentation in [`INSTALL.md` file](INSTALL.md#31-mandatory-app_root_host-variable).
5. Configure your Spaces.
6. (Optional) Import the old instance DotEnv environnement variables into a space.
7. Remove the instance based environnement variables (see **Changed** above) and configure them directly in the spaces using the API or Web Panel.
⚠️ Be careful, during this import only the project DotEnv file variables will be imported, other environnement (eg. set in Apache, nginx or Docker) will be ignored.
⚠️ The content of the `ACCOUNT_PROVISIONING_RC_FILE` will not be imported. You will have to extract the sections and lines that you want to use manually using the dedicated form or the API.
```
php artisan spaces:import-configuration-from-dot-env {sip_domain}
```
You can find more details regarding those steps in the [`INSTALL.md`](INSTALL.md) and [`README.md`](README.md) files.
## [1.6] - 2024-12-30
### Added
- **Allow the expiration of tokens and codes in the DotEnv configuration**
- **New DotEnv variables:** check all the new `*_EXPIRATION_MINUTES` for each token and code in `.env.example`
- **Phone validation system by country code:** all the provided phone numbers are now properly validated and some countries can be forbidden
- **SIP Domain management:** the account domains are now managed in a set of panels and API endpoints, this is the base of the upcoming space administration system
- **JSON validation in the API:** the provised JSON is now validated and returns an error if an issue is detected
- **CoTURN credentials support:** TURN credentials can now be generated and return through the provisioning feature
- **RFC 8898 Support**
## Changed
- **Replace Material Icons with Phosphor**
## Deprecated
- **Last major version supporting the deprecated endpoints of the API**
### Migrate from [1.5]
Nothing specific to do
## [1.5] - 2024-08-29
### Added
- **Account activity view:** new panel, available behind the Activity tab, will allow any admin to follow the activity of the accounts they manage.
- **Detect and block abusive accounts:** This activity tracking is coming with a related tool that is measuring the accounts activity and automatically block them if it detects some unusual behaviors on the service. An account can also directly be blocked and unblocked from the setting panel. Two new setting variables will allow you to fine tune those behaviors triggers.
- **New DotEnv variable:** `BLOCKING_TIME_PERIOD_CHECK=30` Time span on which the blocking service will proceed, in minutes
- **New DotEnv variable:** `BLOCKING_AMOUNT_EVENTS_AUTHORIZED_DURING_PERIOD=5` Amount of account events authorized during this period
- **OAuth JWT Authentication:** OAuth support with the handling of JWE tokens issues by a third party service such as Keycloack.
- **New DotEnv variable:** `JWT_RSA_PUBLIC_KEY_PEM=`
- **New DotEnv variable:** `JWT_SIP_IDENTIFIER=sip_identifier`
- **Super-domains and super-admins support:** Introduce SIP domains management. The app accounts are now divided by their domains with their own respective administrators that can only see and manage their own domain accounts and settings. On top of that it is possible to configure a SIP domain as a "super-domain" and then allow its admins to become "super-admins". Those super-admins will then be able to manage all the accounts handled by the instance and create/edit/delete the other SIP domains. Add new endpoints and a new super-admin role in the API to manage the SIP domains. SIP domains can also be created and updated directly from the console using a new artisan script (documented in the README);
- **New Artisan script:** `php artisan sip_domains:create-update {domain} {--super}`
- **Account Dictionary:** Each account can now handle a specific dictionary, configurable by the API or directly the web panel. This dictionary allows developers to store arbitrary `key -> value pairs` on each accounts.
- **Vcard storage:** Attach custom vCards on a dedicated account using new endpoints in the API. The published vCard are validated before being stored.
### Changed
- **User management of their own devices:** Allowing users will be able to manage its own devices. Specific API endpoints were also added to manage them directly from the clients.
- **Migration to hCaptcha:** Migrate from Google Recaptcha to hCaptcha in this release.
- **New DotEnv variable:** HCAPTCHA_SECRET=secret-key
- **New DotEnv variable:** HCAPTCHA_SITEKEY=site-key
- **Localization support:** The API is now accepting the `Accept-Language` header and adapt its internal localization to the client/browser one. For the moment only French and English are supported but more languages could be added in the future.

142
RELEASE.md
View file

@ -1,142 +0,0 @@
# Releases
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/).
## [2.0]
### Added
- **Spaces:** A new way to manage your SIP domains and hosts. A Space is defined by a unique SIP Domain and Host pair.
- **New mandatory DotEnv variable** `APP_ROOT_HOST`, replaces `APP_URL` and `APP_SIP_DOMAIN` that are now configured using the new dedicated Artisan script. It defines the root hostname where all the Spaces will be configured. All the Spaces will be as subdomains of `APP_ROOT_HOST` except one that can be equal to `APP_ROOT_HOST`. Example: if `APP_ROOT_HOST=myhost.com` the Spaces hosts will be `myhost.com`, `alpha.myhost.com` , `beta.myhost.com`...
- **New DotEnv variable:** `APP_ACCOUNT_RECOVERY_TOKEN_EXPIRATION_MINUTES=0` Number of minutes before expiring the recovery tokens
- **New Artisan script** `php artisan spaces:create-update {sip_domain} {host} {name} {--super}`, replaces `php artisan sip_domains:create-update {sip_domain} {--super}`. Can create a Space or update a Space Host base on its Space SIP Domain.
- **Push Notification endpoint** Add a /push-notification endpoint to send custom push notifications to the Flexisip Pusher
- **Add internationalisation support in the app** The web panels are now available in French and English
- **Add External Accounts** In the API and web panels, allowing users to setup an external account that can be used in another service like the B2BUA
- **Add configurable admin API Keys** Allowing admins to setup non-expiring services API Keys
- **Add provisioning email** A user can now receive a custom generated email with all the provisioning related information
- **Add API endpoints to send the password reset and provisioning emails**
- **Add an app setup wizard page** Static web page inviting the users to download the app if it is not installed yet
### Changed
- **Complete and reorganize the Markdown documentation**
- **Refactor the emails templates** All the emails were modernized and are now generated in HTML
### Removed
- **Remove the deprecated endpoints** The endpoints inherited from XMLRPC are now completely removed, the following variable can be removed:
- APP_DANGEROUS_ENDPOINTS
- APP_PROJECT_URL
- **Removing and moving DotEnv instance environnement variables to the Spaces** The following DotEnv variables were removed. You can now configure them directly in the designated spaces after the migration.
- INSTANCE_COPYRIGHT
- INSTANCE_INTRO_REGISTRATION
- INSTANCE_CONFIRMED_REGISTRATION_TEXT
- INSTANCE_CUSTOM_THEME
- WEB_PANEL
- PUBLIC_REGISTRATION
- PHONE_AUTHENTICATION
- DEVICES_MANAGEMENT
- INTERCOM_FEATURES
- NEWSLETTER_REGISTRATION_ADDRESS
- ACCOUNT_PROXY_REGISTRAR_ADDRESS
- ACCOUNT_TRANSPORT_PROTOCOL_TEXT
- ACCOUNT_REALM
- ACCOUNT_PROVISIONING_RC_FILE
- ACCOUNT_PROVISIONING_OVERWRITE_ALL
- ACCOUNT_PROVISIONING_USE_X_LINPHONE_PROVISIONING_HEADER
- **Enforce the session and cache in the configuration** The following variables can be removed from your DotEnv file as well:
- SESSION_DRIVER
- CACHE_DRIVER
### Migrate from [1.6]
1. Deploy the new version and migrate the database.
```
php artisan migrate
```
2. Set `APP_ROOT_HOST` in `.env` or as an environnement variable. And remove `APP_URL` and `APP_SIP_DOMAIN`
```
APP_ROOT_HOST=myhost.com
```
3. The migration script will automatically copy the `sip_domain` into `host` in the `spaces` table. You then have to "fix" the hosts and set them to equal or be subdomains of `APP_ROOT_HOST`.
```
php artisan spaces:create-update my.sip myhost.com "My Super Space" --super # You can set some Spaces as SuperSpaces, the admin will be able to manage the other spaces
php artisan spaces:create-update alpha.sip alpha.myhost.com "Alpha Space"
php artisan spaces:create-update beta.sip beta.myhost.com "Beta Space"
...
```
4. Configure your web server to point the `APP_ROOT_HOST` and subdomains to the app. See the related documentation in [`INSTALL.md` file](INSTALL.md#31-mandatory-app_root_host-variable).
5. Configure your Spaces.
6. (Optional) Import the old instance DotEnv environnement variables into a space.
7. Remove the instance based environnement variables (see **Changed** above) and configure them directly in the spaces using the API or Web Panel.
⚠️ Be careful, during this import only the project DotEnv file variables will be imported, other environnement (eg. set in Apache, nginx or Docker) will be ignored.
⚠️ The content of the `ACCOUNT_PROVISIONING_RC_FILE` will not be imported. You will have to extract the sections and lines that you want to use manually using the dedicated form or the API.
```
php artisan spaces:import-configuration-from-dot-env {sip_domain}
```
You can find more details regarding those steps in the [`INSTALL.md`](INSTALL.md) and [`README.md`](README.md) files.
## [1.6] - 2024-12-30
### Added
- **Allow the expiration of tokens and codes in the DotEnv configuration**
- **New DotEnv variables:** check all the new `*_EXPIRATION_MINUTES` for each token and code in `.env.example`
- **Phone validation system by country code:** all the provided phone numbers are now properly validated and some countries can be forbidden
- **SIP Domain management:** the account domains are now managed in a set of panels and API endpoints, this is the base of the upcoming space administration system
- **JSON validation in the API:** the provised JSON is now validated and returns an error if an issue is detected
- **CoTURN credentials support:** TURN credentials can now be generated and return through the provisioning feature
- **RFC 8898 Support**
## Changed
- **Replace Material Icons with Phosphor**
## Deprecated
- **Last major version supporting the deprecated endpoints of the API**
### Migrate from [1.5]
Nothing specific to do
## [1.5] - 2024-08-29
### Added
- **Account activity view:** new panel, available behind the Activity tab, will allow any admin to follow the activity of the accounts they manage.
- **Detect and block abusive accounts:** This activity tracking is coming with a related tool that is measuring the accounts activity and automatically block them if it detects some unusual behaviors on the service. An account can also directly be blocked and unblocked from the setting panel. Two new setting variables will allow you to fine tune those behaviors triggers.
- **New DotEnv variable:** `BLOCKING_TIME_PERIOD_CHECK=30` Time span on which the blocking service will proceed, in minutes
- **New DotEnv variable:** `BLOCKING_AMOUNT_EVENTS_AUTHORIZED_DURING_PERIOD=5` Amount of account events authorized during this period
- **OAuth JWT Authentication:** OAuth support with the handling of JWE tokens issues by a third party service such as Keycloack.
- **New DotEnv variable:** `JWT_RSA_PUBLIC_KEY_PEM=`
- **New DotEnv variable:** `JWT_SIP_IDENTIFIER=sip_identifier`
- **Super-domains and super-admins support:** Introduce SIP domains management. The app accounts are now divided by their domains with their own respective administrators that can only see and manage their own domain accounts and settings. On top of that it is possible to configure a SIP domain as a "super-domain" and then allow its admins to become "super-admins". Those super-admins will then be able to manage all the accounts handled by the instance and create/edit/delete the other SIP domains. Add new endpoints and a new super-admin role in the API to manage the SIP domains. SIP domains can also be created and updated directly from the console using a new artisan script (documented in the README);
- **New Artisan script:** `php artisan sip_domains:create-update {domain} {--super}`
- **Account Dictionary:** Each account can now handle a specific dictionary, configurable by the API or directly the web panel. This dictionary allows developers to store arbitrary `key -> value pairs` on each accounts.
- **Vcard storage:** Attach custom vCards on a dedicated account using new endpoints in the API. The published vCard are validated before being stored.
### Changed
- **User management of their own devices:** Allowing users will be able to manage its own devices. Specific API endpoints were also added to manage them directly from the clients.
- **Migration to hCaptcha:** Migrate from Google Recaptcha to hCaptcha in this release.
- **New DotEnv variable:** HCAPTCHA_SECRET=secret-key
- **New DotEnv variable:** HCAPTCHA_SITEKEY=site-key
- **Localization support:** The API is now accepting the `Accept-Language` header and adapt its internal localization to the client/browser one. For the moment only French and English are supported but more languages could be added in the future.