#Barong 2.1.0 (April 22, 2019)


Release includes significant new features, numerous functional fixes and stabilizing patches. Barong 2.2.0 comes without views, controllers, huge dependencies, but with clean, fast and readable API. Release is optimized, more compact and elegant version of OAuth server concept. Since we've removed dependencies like devise a lot of the flow was not only recoded but implemented in fully new way.

This release notes is must-read for migrating from 2.0 version.

Release is NOT compatible with 1.9 or older versions of barong

New features

  • #655: Reworked (complaining to 1.9) seed feature. Supports seeding levels, users with optional parameters and labels

  • #679: Adds an ability to upload N number of documents. Maximum number can be configured by ENV

  • #665: Support of GeeTest captcha and captcha configuration

  • #681: Move all admin functionality to API

  • #686: New authorize endpoint (White- and Black- listing features, Rails Metal based (optimized), api keys and cookies logic)

  • #716: Ability to specify and control CORS policy

  • #726: Support asian language characters, rework validations

  • #734: Add tokens blacklisting feature. Additional checks to avoid reusing tokens

  • 741: Unify errors format to prepare base for translations


  • #677: Improve activities coverage
  • #688: Add change password endpoint
  • #693: Change multiple docs uploading logic from object to array to become compatible with browser files transfering policy
  • #697: Add label on profile adding without level increase to strictly
  • #709: Add referral_id to users table and as an optional param on signup
  • #707: Update to ruby 2.6.0
  • #745: Add event API documentation with examples
  • #767: Add language field in reset pass and confirm acc events
  • #763: User controller improvements Fixed inconsistent indentation in user controller Rework POST '/get' request to allow to receive email and phone num ** Added several additional tests
  • #771: Add pagination on /resource/users/activity endpoint
  • #769: Search on user fields, admin API
  • #785: Add Entities::Activity model, include it Entities::UserWithFullInfo
  • #789: Use 'paginate' on api/v2/admin/users/search
  • #804: DESC order in user activity API
  • #807: Allow to list API Keys without providing OTP code
  • #809: Update rails-related gems versions in favor of vulnerability alerts


  • #658: Fix share cookies for development, fix Bump
  • #664: Fix user activity api endpoint bug https://github.com/rubykube/barong/issues/663
  • #674: Added missing validations on password update functionality
  • #675: Fix unhandled totp errors
  • #683: Hotfix for whitelisting public peatio and barong routes
  • #684: Add missing link_config script(required for deployment process)
  • #685: Update the production database configuration with DATABASE_NAME from env
  • #694: Add missing event with confirmation token on signup
  • #699: Add carrierwave config for production
  • #702: Small fixes (drone ci, event api updated_at bug)
  • #706: Add missing users entity on login and /me
  • #718: Move ActionDispatch::Session::CookieStore to sessions controller
  • #720: Add ability to configure expire_after time through env variable, fix hardcoded one
  • #724: Fix change password api action from post to put
  • #713: Split swagger doc into restful and management)
  • #737: Add storage envs in config store and update fetch logic
  • #730: Fix change code on phone initialize, remove code from logs
  • #739: Fix Barong::CORS load problem in production env
  • #742: Add missing user details in 2fa login response
  • #749: Fix session_id check & add bypass session lazy load
  • #753: Change default set-cookie header policy on authz to :skip
  • #757: Take only data from Vault::Secret object && minor refactoring
  • #747: Phone API improvements (additional error)
  • #760: Add additional error on login in case of banned user
  • #768: Add more API Key validations, fix error on creating with invalid algo
  • #772: Split activity no records error to wrong_topic and no_activity
  • #776: Use destroy instead of delete to enable missing validations
  • #805: Move event api jwt private key to Barong::App.config store