APIO Core

Appearance

2.10.0

API

  • respond to reset password with a proper error message when the token is expired
  • trim spaces arround custom routes URL on creation and update
  • fix documents mime type whitelist check
  • trim spaces arround username on login requests

Clients

TCP

  • add experimental support for SSH connections
  • add experimental support for raw TCP connections

UI

  • auto-generate cell name for "join" and "or"
  • improve list of nodes with icons and labels
  • properly disable node attributes when readOnly flag is set
  • fix some missing keys in configuration panels
  • add some login spin's on login page
  • reduce the global margin using a container-fluid instead of grid system
  • support copy / paste on multiple nodes
  • add support for copy / paste, delete with ctrl-<key>, select multiple nodes
  • support templates as binary documents

Provisioning

  • fixed bugs with tenant trunking

Security

  • auto-create encryption keys
  • encrypt configuration with AES-GCM
  • re-encrypt documents from Fernet32 to AES-GCM
  • add TOTP as a new MFA to user
  • allow MFA to be enabled per user (and not only globally)

Workflows

  • add node "ftp" to operate with an SFTP remote server
  • add nodes "create_csv" and "create_excel_sheet" to generate files
  • support attachments in mails
  • expose node "powershell"
  • fix password generation by user creation node
  • fix body not loaded on external callbacks processing when they are received before the instance is saved
  • fix output of get_owner (use json iso hJson)
  • hide sensitive details from settings to workflow templates
    • SSO is unavailable
    • SMTP username / password
    • gateways / tcp_gateways / datastores contains only the list of session holders (no connection details anymore)
  • tolerate "body" not be a json valid in the "| json" filter
  • expose randint in the jinja template

Custom Routes

  • forbid public routes with a method different of GET
  • add a output JSON schema description on custom route to describe possible responses
  • generate automatically OpenAPI3 documention for custom routes on /api/v01/custom_routes.swagger.yml (no auth required)

Configuration

  • initialize the configuration when needed

Misc

  • fix superuser upsert

Upgrade Notes

  • Database migrations are run automatically by the server process.

    • Pass the flag -runMigration=false to disable it
    • Use the environment variable DB_MIGRATIONS_PATH to set a different location (default db/migrations)

  • Because some configuration items are not exposed anymore, this might break existing workflows containing references to settings...

2.10.1

  • Fix SRE connection pool for DRaaS authentication