Releases: openwisp/openwisp-radius
Releases · openwisp/openwisp-radius
1.1.0 [2024-11-21]
Features
- Added integration with OpenWISP Monitoring to collect and visualize metrics for user-signups and RADIUS traffic.
- Added support for Change of Authorization (CoA).
- Added MonthlyTrafficCounter and MonthlySubscriptionTrafficCounter.
- Added API endpoint to fetch user's latest PhoneToken status.
- Added OPENWISP_RADIUS_SMS_COOLDOWN to configure cooldown time for requesting a new PhoneToken.
- Extended
OPENWISP_USERS_EXPORT_USERS_COMMAND_CONFIG
to include registration method and verification status. - Added MAC address authentication for roaming users.
- Added OPENWISP_RADIUS_SMS_MESSAGE_TEMPLATE setting to customize SMS messages.
- Added OPENWISP_RADIUS_USER_ADMIN_RADIUSTOKEN_INLINE setting to display RadiusTokenInline in UserAdmin.
- Added OPENWISP_RADIUS_UNVERIFY_INACTIVE_USERS setting to unverify users after a defined period of inactivity.
- Added OPENWISP_RADIUS_DELETE_INACTIVE_USERS setting to delete inactive users after a specified period.
- Added API endpoint to return user's RADIUS usage.
- Supported password expiration feature from openwisp-users.
- Added initial support for Gigaword RADIUS attributes.
- Added
LoginAdditionalInfoView
to collection additional user details in SAML sign-up flow. - Added autocomplete support for filters in the admin interface.
Changes
Backward incompatible changes
- Renamed
delete_old_users
command todelete_old_radiusbatch_users
. - The OPENWISP_RADIUS_BATCH_DELETE_EXPIRED setting now expects days instead of months.
Deprecation warnings
- Using the
default
key inOPENWISP_RADIUS_PASSWORD_RESET_URLS
is deprecated. Use__all__
instead. - Using organization slugs for key in
OPENWISP_RADIUS_CALLED_STATION_IDS
are deprecated. Use organization IDs instead. - In
delete_old_radiusbatch_users
management command, the--older-than-months
option is deprecated. Use--older-than-days
instead.
Dependencies
- Bumped
weasyprint~=59.0
. - Bumped
pydyf~=0.10.0
. - Bumped
dj-rest-auth~=6.0.0
. - Bumped
openwisp-utils[rest,celery]~=1.1.1
. - Bumped
openwisp-users~=1.1.0
. - Bumped
django-private-storage~=3.1.0
. - Bumped
django-ipware~=5.0.0
. - Bumped
djangosaml2~=1.9.2
. - Added support for Django
4.1.x
and4.2.x
. - Added support for Python
3.10
. - Dropped support for Python
3.7
. - Dropped support for Django
3.0.x
and3.1.x
.
Other changes
- The
cleanup_stale_radacct
management command now uses the session'supdate_time
to determine staleness, falling back tostart_time
ifupdate_time
is unavailable. - Stopped sending login email notifications when accounting framed protocol is
PPP
. - Send login emails only to users with verified email addresses.
- Grouped SMS features in the organization admin.
- Allowed counter's check method to return
None
to prevent adding a reply to the response. - The email received from the IdP in SAML registration will be flagged as verified.
Bugfixes
- Fixed validation for organization's password reset URLs.
- Fixed saving
RadiusCheck
/RadiusReply
objects without an organization returning a 500 HTTP response. - Fixed handling of accounting stop requests with empty octets.
- Prevented user registration with landline numbers.
- Ignored [IntegrityError]{.title-ref} on duplicate accounting start requests.
- Removed default values from fallback fields.
- User need to have required model permissions to perform admin actions.
1.0.2 [2022-12-05]
Bugfixes
- Made private storage backend configurable
- Updated API views to use
filterset_class
instead offilter_class
(required bydjango-filter==22.1
) - Fixed organization cache bug in SAML ACS view: A forceful update of the user's organization cache is done before performing post-login operations to avoid issues occurring due to outdated cache.
- Added missing Furlan translation for sesame link validity
- Use storage backend method for deleting
RadiusBatch.csvfile
: The previous implementation used theos
module for deleting resisdual csv files. This causes issues when the project uses a file storage backend other than based on file system. - Added error handling in RadiusBatch admin change view: Accessing admin change view of a non-existent RadiusBatch object resulted in Server Error 500 because the
DoesNotExist
conditioned was not handled. - Load image using
static()
in RegisteredUserInline.get_is_verified - Use
path
URL kwarg in "serve_private_file" URL pattern - Honor
DISPOSABLE_RADIUS_USER_TOKEN
in accounting stop API view: The accounting stop REST API operation was not taking into account theOPENWISP_RADIUS_DISPOSABLE_RADIUS_USER_TOKEN
setting when disabling the auth capability of the radius token.
1.0.1 [2022-05-10]
- Fixed a bug in the organization radius settings form which was causing it
to not display some default values correctly - Fixed a bug in allowed mobile prefix implementation:
the implementation was joining the globally allowed prefixes
and the prefixes allowed at org level, with the result
that disabling a prefix at org level was not possible - Called-station-ID command: log with warning instead of
warn
orerror
:- warn > warning (warn is deprecated)
- use warning instead of errors for more temporary connection issues cases
1.0.0 [2022-04-18]
Version 1.0.0 [2022-04-18]
Features
- Allowed to login via API with email or phone number
- Allowed freeradius authorize with email or phone number
- Allowed the usage of subnets in
OPENWISP_RADIUS_FREERADIUS_ALLOWED_HOSTS - Made the fields containing personal data of users which are exposed
in the registration API configurable (allowed, mandatory, disabled)
via the OPENWISP_RADIUS_OPTIONAL_REGISTRATION_FIELDS setting or the
admin interface - Allow to disable registration API via the
OPENWISP_RADIUS_REGISTRATION_API_ENABLED setting or the admin
interface - Added throttling of API requests
- Added OPENWISP_RADIUS_API_BASEURL setting
- Add identity verification feature, configurable via the
OPENWISP_RADIUS_NEEDS_IDENTITY_VERIFICATION or via admin
interface - Added utilities for implementing new registration and identity
verification methods - Added captive portal mock views to ease development and
debugging - Add possibility to filter users by registration method in the admin
interface - Added SAML registration method to implement captive portal
authentication via Single Sign On (SSO) - Added management command and celery task to delete unverified
users - Added translations of user facing API responses in Italian, German,
Slovenian and Furlan - Added Convert RADIUS accounting CALLED-STATION-ID feature,
celery task and management command, with the possibility of
triggering it on accounting creation (see
OPENWISP_RADIUS_CONVERT_CALLED_STATION_ON_CREATE) - Added an equivalent of the FreeRADIUS sqlcounter feature to the
REST API - Added emission of django signal to FreeRADIUS accounting view:
radius_accounting_success - Added possibility to send email to the user an they start a new
radius accounting session - Added organization level settings and related admin interface
functionality to enable/disable SAML and social login: - Added setting to avoid updating username from SAML:
OPENWISP_RADIUS_SAML_UPDATES_PRE_EXISTING_USERNAME
Changes
Backward incompatible changes
- Updated prefixes of REST API URLs:
- API endpoints dedicated to FreeRADIUS have moved to
/api/v1/freeradius/
- the rest of the API endpoints have moved to
/api/v1/radius/
- API endpoints dedicated to FreeRADIUS have moved to
- Allowed
username
andphone_number
in password reset API, the
endpoint now accepts the "input" parameter instead of "email" - Removed customizations for checks and password hashing because they
are unmaintained, any user needing these customizations is advised
to implement them as a third party app - Improved REST API to change password: inherited
PasswordChangeView
of openwisp-users to add support for the current-password field in
password change view
Dependencies
- Added support for Django 3.2 and 4.0
- Dropped support for Django 2.2
- Upgraded celery to 5.2.x
- Updated and tested Django REST Framework to 3.13.0
- Added support for Python 3.8, 3.9
- Removed support for Python 3.6
Other changes
- Moved AccountingView to freeradius endpoints
- Relaxed default values for the SMS token settings
- Switched to new navigation menu and new OpenWISP theme
- Allowed users to sign up to multiple organizations
- Update username when phone number is changed if username is equal to
the phone number - Update stop time and termination to
None
ifstatus_type
is
Interim-Update
- Send password reset emails using HTML theme: leverage the new
openwisp-utils send_email function to send an HTML version of
the reset password email based on the configurable email HTML theme
of OpenWISP - Save the user preferred language in obtain and validate token views
- Added validation check to prevent invalid username in batch user
creation - Allowed to set the Password Reset URL setting via the admin
interface - Added soft limits to celery tasks for background operations
- Generalized the implementation of the fallback model fields which
allow overriding general settings for each organization
Bugfixes
- Fixed login template of openwisp-admin-theme
- Fixed swagger API docs collision with openwisp-users
- Ensured each user can be member of a group only once
- Radius check and reply should check for organization membership
ValidateAuthTokenView
: showphone_number
asnull
ifNone
- Freeradius API: properly handle interaction between multiple orgs:
an user trying to authorize using the authorization data of an org
for which they are not member of must be rejected - Fixed radius user group creation with multiple orgs
- Added validation of phone number uniqueness in the registration API
- Fixed issues with translatable strings:
- we don't translate log lines anymore because these won't be
shown to end users gettext
does not work with fstrings, therefore the use of
str.format()
has been restored- improved some user facing strings
- we don't translate log lines anymore because these won't be
- Fixed Accounting-On and Accounting-Of accounting requests with blank
usernames - Delete any cached radius token key on phone number change
- Fixed handling of interim-updates for closed sessions: added
handling of "Interim-Updates" for RadiusAccounting sessions that are
closed by OpenWISP when user logs into another organization - Flag user as verified in batch user creation
- Added validation which prevents the creation of duplicated
check/reply attributes
0.2.1 [2020-12-14]
- Increased openwisp-users and openwisp-utils versions to be consistent with the OpenWISP 2020-12 release
- Increased dj-rest-auth to 2.1.2 and weasyprint to 52
0.2.0 [2020-12-11]
Features
- Changing the phone number via the API now keeps track of previous phone numbers used by the user to comply with ISP legal requirements
Changes
- Obtain Auth Token View API endpoint: added
is_active
attribute to response - Obtain Auth Token View API endpoint: if the user attempting to authenticate is inactive, the API will return HTTP status code 401 along with the auth token and
is_active
attribute - Validate Auth Token View API endpoint: added
is_active
,phone_number
andemail
to response data - When changing phone number, user is flagged as inactive only after the phone token is created and sent successfully
- All API endpoints related to phone token and SMS sending are now disabled (return 403 HTTP response) if SMS verification not enabled at organization level
Bugfixes
- Removed
static()
call from media assets - Fixed password reset for inactive users
- Fixed default password reset URL value and added docs
- Documentation: fixed several broken internal links
0.1.0 [2020-09-10]
- administration web interface
- support for freeradius 3.0
- multi-tenancy
- REST API
- integration with rlm_rest module of freeradius
- possibility of registering new users via API
- social login support
- mobile phone verification via SMS tokens
- possibility to import users from CSV files
- possibility to generate users for events
- management commands and/or celery tasks to perform clean up operations and periodic tasks
- possibility to extend the base classes and swap models to add custom functionality without changing the core code