APIO Core

Appearance

2.14.0

User Management

  • Support the possibility to disable the user password (#136)
  • Prevent users to pick too weak passwords at change / reset password (#153)
  • Expose user activity (#212)

Audit

  • Audit users created via nodes and remove password from the user object before audit (#145)
  • Do not store the configuration in clear text in the audit records (#152)
  • Record the username in the audit records and keep it while the user is deleted (#166)
  • Produce a log line on login attempt with password (#205)

Security

  • Include succeeded calls in rate limit calculations on unauthorized API's (#150)
  • Support IP Whitelisting at user level (#135)
  • Encrypt internally the user M2M token (#174)
  • Add support of SNI for HTTPS calls (#187)
  • Remove trusted locations on 2FA reset (#193)
  • Obfuscate the password in the datastore DSN URI if present (#189)
  • Allow to force users to change their password at next login if their current password doesn't match the current configuration (#202)
  • Increase login attempts recorded to 15 (#201)
  • Include 2FA login attempts (#210)
  • Increase the length for new M2M tokens (from 64 to 128) (#219)
  • Export password rules also for authenticated users (#229)

Workflows

  • Add support for timezones manipulation in the template engine (#154)
  • Add a node which requires a user to confirm an action (#119)
  • Support custom routes body formatted as HTTP Form or Multipart (turned into documents) (#185)
  • [http_call] Support HTTP body as Form or Multipart
  • [sql] Support lists of strings and integers as argument variables (aa636f30)
  • [import] Fix import of working versions (#223)
  • [export] Do not follow when a sub-workflow is only a template and triggers a table dump (#227)
  • Audit workflow activation event (f1531f)
  • Put the context table in a dedicated tab in the instance details page (#234)
  • Show the version commit date (#238)
  • [cleanup_cache] Add a node to cleanup the cache (#243)

Job Scheduler

  • Extend the persistence period for the jobs (10 min. to 3h)
  • Expose the field day_of_week in the cron timer

Provisioning UI

  • Remove local users management (#184)
  • Filter provisioning UI menu entries based on user profile (#194)
  • Support customer reporting (#8 ongoing)

Callbacks

  • Set content type header to 'application/json'
  • Add a flag to marshal request event in the user callback (to match old behaviour 0.x) (#231)

Upgrade Note

To have the trust flag properly used when the user logs in with 2FA, the field User trusted locations (days) in the cleanup configuration must be set to a value greater than 0.

This is not mandatory but recommended to avoid the user to be prompted for 2FA at each login.