1.1.0 [2024-11-20]

Features

• Added support for password expiration, allowing user passwords to automatically expire after a set period.
• Added multi-tenant Django filters.
• Added MultitenantOrgFilter to add autocomplete filter in ModelAdmin.
• Added export-users command line utility to export users.
• Added ProtectedApiMixin.
• Added PasswordReuseValidator which prevents users from reusing their current password when setting a new one.
• Allowed creating users with a verified email via REST API.

Changes

• Added autocomplete fields in OrganizationOwner admin.
• Enabled OrganizationUserAdmin by default.

Dependencies:

• Bumped django-organizations~=2.4.1.
• Bumped django-extensions~=3.2.3.
• Bumped django-allauth[socialaccount]~=0.63.6.
• Bumped django-phonenumber-field~=8.13.48.
• Bumped django-reversion~=5.1.0.
• Bumped phonenumbers~=8.13.48.
• Bumped django-sesame~=3.2.2.
• Bumped openwisp-utils[rest,celery]~=1.1.1.
• Added support for Django 4.1.x and 4.2.x.
• Added support for Python 3.10.
• Dropped support for Python 3.7.
• Dropped support for Django 3.0.x and 3.1.x.

Bugfixes

• User need to have required model permissions to perform admin actions.
• Don't allow organization admin to create shared object.
• Fixed user's organization cache invalidation.
• Invalidate org membership cache when organization's active status changes.
• Fixed an issue where the organization admin would see multiple entries for the same user in the user changelist.
• Fixed admin unregistration failures for EmailAddress and TokenProxy models.
• Fixed an IntegrityError that occurred when adding the first user to an organization via Organization.add_user.
• Fixed UsersAuthenticationBackend to support phone numbers with leading zero.
• Prevented users registered via social login from setting a password.

1.0.2 [2022-06-28]

• Bumped django-all-auth from 0.46.0 to 0.51.0 to fix mild security issues (see the change log of django-all-auth for more information)
• The @classmethod decorator was mistakenly forgotten and hence missing from the following methods of openwisp_users.apps.OpenwispUsersConfig:
  • update_organizations_dict
  • create_organization_owner
• Fixed a broken example in the DRF Permission Classes section
  of the documentation

1.0.1 [2022-05-24]

• Updated fur translations

1.0.0 [2022-03-19]

Features

• Added UsersAuthenticationBackend class that allows users to authenticate using either email, phone_number or username.
• Added the possibility to filter users by their organization in the user administration section.
• Added REST API endpoints for openwisp-users.
• Added various Django REST Framework mixins and utilities which allow to implement.
• Added DRF permission classes.
• Added passwordless authentication backend for REST APIs.
• Added OrganizationInvitation model.
• Added email verification success view.
• Added logout success view.

Changes

• Authentication REST API endpoints are now enabled by default.
• Following changes have been made to the User model:
  • Increased max length of User.location field.
  • Added User.birth_date field.
  • Added User.notes field.
  • Added User.language field.
  • Made User.email case insensitive. Email addresses will always
    get converted to lower case before storage and comparison.
• Updated OrganizationOwnerInline to use raw_id field for organization_user field.
• Updated OrganizationUserInline to use autocomplete field for organization field.
• Backward incompatible: removed custom permission helpers.
• Backward incompatible: the REST API endpoint /api/v1/user/token/ has been changed to /api/v1/users/token/ for consistency with the rest of the API.

Dependencies:

• Dropped support for Django 2.2.x.
• Dropped support for Python 3.6.
• Added support for Python 3.8 and Python 3.9.
• Added support for Django 3.2.x and 4.0.x.
• Bumped django-allauth~=0.46.0.
• Bumped django-organizations~=2.0.1
• Bumped django-phonenumber-field~=6.0.0.
• Bumped openwisp-utils~=1.0.0.
• Bumped swapper~=1.3.0
• Added django-sesame~=2.4.0.

Bugfixes

• Fixed internal server error on /accounts/login/" page
• Fixed error on restoring "Group" object with django-reversion.
• Fixed error on visiting Django admin URL for non-existing users.
• Fixed organization managers could escalate their privileges to superuser.

0.5.1 [2020-12-13]

Changes

• Updated django-allauth to 0.44.x
• Copied the template account/login.html from django-allauth in order to remove the sign up link, which we do not support
• Updated django-extensions to 3.1

Bugfixes

• Updating django-allauth to 0.44.x also fixes an issue affecting OpenWISP Users in production deployment (experienced in ansible-openwisp2)

0.5.0 [2020-11-18]

Features

N/A.

Changes

• [change] Extend admin/base_site.html in confirm_email.html
• [change] Updated to openwisp-utils 0.7 and switched to new
  register_menu_items
• [change] Removed typographic error in settings which was
  maintained for backward compatibility
• [change] Removed deprecated organizations_pk

Bugfixes

• [fix] Fix email confirmation when link is invalid
• [docs] Fixed several broken links in "Extend openwisp-users"
  section
• [fix] Allow swagger to show parameters of obtain token view

Version 0.4.1 [2020-10-08]

• [chores] Allow passing a string or uuid to the Organization membership helpers
• [fix] The OrganizationUser instance of an OrganizationOwner won't be allowed to be is_admin=False
• [fix] Fixed mutable class attribute in MultitenantAdminMixin
• [fix] Fixed exception when deleting OrganizationUser of an owner
• [fix] Fixed typographical error in organization name

0.4.0 [2020-08-23]

Features

• [models] Added organizations_managed helper
• [models] Added organizations_owned helper

Changes

• [admin]: Potentially backward incompatible change:
  Multi-tenant admin classes now allow only org managers. Before this
  version, a user needed to be only org member to see items of that
  organization in the admin, but this is wrong! An OrganizationUser
  which has is_admin=False is only an end-user of that organization.
  Instead, an OrganizationUser which has is_admin=True is also a
  manager and only this type of user shall be allowed to manage items
  of the organization through the django admin site. This is needed in
  order to support users being simple end-users in one organization
  but administrators in others, otherwise a staff user who is
  administrator of one organization would be able to change also items
  of other organizations where they are only members and not managers.
• [dependencies] Added support for django 3.1
• [dependencies] django-phonenumber-field 5.0

0.3.1 [2020-08-17]

• [deps] Updated openwisp-utils to 0.6.0
• [test] Added functions to add inline fields in extended app's integration testing

0.3.0 [2020-08-14]

Features

• [models] Added swappable models and extensible classes
• [admin] Added support for organization owners
• [admin] Added default owner to each organization
• [api] Added ObtainTokenView REST API endpoint for bearer authentication
• [api] Added OPENWISP_USERS_AUTH_API and OPENWISP_USERS_AUTH_THROTTLE_RATE settings
• [api] Added Django REST Framework permission classes
• [models] Added Organization membership helpers
• [models] Added User permission helpers

Changes

• Enabled organization owner admin by default
• [dependencies] Upgraded django-allauth 0.42.0, django-extensions 3.0.2, openwisp-utils 0.5[rest] and phonenumbers 8.12.0

Bugfixes

• [admin] Fixed administrator edit/delete users of the same organization
• [admin] Fixed unique validation error on empty phone number