logo

#Version 2.6.49

Released 2021-06-15

Enhancement: Update Kaigara version (#1296)

Feature: Update Kaigara version to 0.1.23

Feature: Ability to reset all users sessions after password reset

Feature: Add IP country for admin user activities api

Fix user default language

Fix: Document worker

Fix: Add full match for state triggers

Fix: Add country to user activities

Script for creating labels for a list of users (#1289)

  • script for creating labels

Co-authored-by: dinesh-skyach <dinesh.chohda@skyach.com> Co-authored-by: Camille <cmeulien@heliostech.fr> Co-authored-by: josadcha <josadcha@heliostech.fr>

#Version 3.0.13

Released 2021-06-15

Fix user default language

#Version 3.0.12

Released 2021-05-27

Fix: add peatio/swagger endpoint to athuz pass rules

#Version 3.0.11

Released 2021-05-27

Feature: add new 'reporter' role

#Version 3.0.10

Released 2021-05-17

Feature: Separate request domain and protocol

Feature: Admin document endpoint

#Version 3.0.9

Released 2021-04-30

Enhancement: Require captcha only for users without 2fa

#Version 3.0.8

Released 2021-04-20

Enhancement: Update Kaigara version (#1294)

Enhancement: Update goci version to 0.1.11

Enhancement: Update goci version (#1286)

Enhancement: Update Kaigara version (#1277)

Feature: Ability to reset all users sessions after password reset

Feature: Add IP country for admin user activities api

Feature: Bump version to 3.0.0

Feature: Add ability to use ERB templates in mailer.yml

Feature: Add ability to read JWT private key from string (#1272)

  • Bump mimemagic to 0.3.10

Co-authored-by: Camille Meulien <cmeulien@heliostech.fr>

Fix: Update tests

Fix: Document worker

Fix: Add full match for state triggers

Fix: Add country to user activities

Fix: JWT_PRIVATE_KEY from env

#Version 2.6.48

Released 2021-04-20

Fix: Document worker

#Version 2.6.47

Released 2021-04-19

Enhancement: Update Kaigara version (#1296)

Feature: Update Kaigara version to 0.1.23

Feature: Ability to reset all users sessions after password reset

Feature: Add IP country for admin user activities api

Fix: Add full match for state triggers

Fix: Add country to user activities

Script for creating labels for a list of users (#1289)

  • script for creating labels

Co-authored-by: dinesh-skyach <dinesh.chohda@skyach.com> Co-authored-by: Camille <cmeulien@heliostech.fr> Co-authored-by: josadcha <josadcha@heliostech.fr>

#Version 3.0.7

Released 2021-04-19

Enhancement: Update Kaigara version (#1294)

Enhancement: Update goci version to 0.1.11

Enhancement: Update goci version (#1286)

Enhancement: Update Kaigara version (#1277)

Feature: Ability to reset all users sessions after password reset

Feature: Add IP country for admin user activities api

Feature: Bump version to 3.0.0

Feature: Add ability to use ERB templates in mailer.yml

Feature: Add ability to read JWT private key from string (#1272)

  • Bump mimemagic to 0.3.10

Co-authored-by: Camille Meulien <cmeulien@heliostech.fr>

Fix: Document worker

Fix: Add full match for state triggers

Fix: Add country to user activities

Fix: JWT_PRIVATE_KEY from env

#Version 2.6.46

Released 2021-04-19

Enhancement: Update Kaigara version (#1296)

Feature: Update Kaigara version to 0.1.23

Feature: Ability to reset all users sessions after password reset

Feature: Add IP country for admin user activities api

Fix: Add full match for state triggers

Fix: Add country to user activities

#Version 3.0.6

Released 2021-04-16

Enhancement: Update goci version to 0.1.11

Enhancement: Update goci version (#1286)

Enhancement: Update Kaigara version (#1277)

Feature: Ability to reset all users sessions after password reset

Feature: Add IP country for admin user activities api

Feature: Bump version to 3.0.0

Feature: Add ability to use ERB templates in mailer.yml

Feature: Add ability to read JWT private key from string (#1272)

  • Bump mimemagic to 0.3.10

Co-authored-by: Camille Meulien <cmeulien@heliostech.fr>

Fix: Add full match for state triggers

Fix: Add country to user activities

Fix: JWT_PRIVATE_KEY from env

#Version 2.6.45

Released 2021-04-16

Add CSRF token in API key documentation (#1169)

  • Add CSRF token in API key documentation

Add ability for admin to read activity

Add PostgreSQL support

Add migration tasks to version 2.6

Add kycaid.md (#1141)

Add security.md (#1138)

Add secret encrypted to api keys model

Add renew process to vault initializer

Adding barong export task

Bump kaigara to 0.1.21

Bump master version to 2.6.0

Change naming to barong.postmaster.event.mailer and turn off manual_ack for events

Deep_symbolize_keys for VerificationsWorker KYC (#1139)

Enhancement: Add ability to create service account with specific level (#1263)

Enhancement: Bump Kaigara version to 0.1.22

Enhancement: Bump Kaigara version to 0.1.22

Enhancement: Change log for private key loading

Enhancement: Add Kaigara installation to the Dockerfile

Enhancement: Add response types for documentation

Enhancement: Add ability to disable encryption on API level (#1220)

  • Enhancement: Add ability to disable encryption

Enhancement: update sdk-citools version for Drone CI

Enhancement: Add permissions:load rake task (#1197)

Co-authored-by: Valentine Shatravenko <vshatravenko@heliostech.fr>

Enhancement: Update SDK version to 2.6.6

Enhancement: Make APIKey kid field unique

Feature: Update Kaigara version to 0.1.23

Feature: Ability to reset all users sessions after password reset

Feature: Add IP country for admin user activities api

Feature: Add the support for ERB in management_api.yml (#1267)

Feature: Add username to user's model (#1234)

Co-authored-by: Oleksandr Khlopiachyi <akhlopiachyi@heliostech.fr>

Feature: Add management API endpoints to create/update APIkeys

Feature: Add ability to update owner_uid (#1247)

  • Feature: Add ability to update owner_uid

Co-authored-by: Anna Kulakova <akulakova@heliostech.fr>

Feature: Add ability to register first user with superadmin role

Feature: Auth0 support (#1245)

  • Add Auth0 support for users signup and signin

Feature: Add Document to abilities

Feature: add ordering parameter to get labels endpoint

Feature: Add CI step to update the global version (#1230)

Feature: Mailer improvements (#1202)

  • Add retry mechanism to mailer
  • Add a development guide to use mailer locally
  • Fix event-api loading problem in development environment
  • Remove Spring

Co-authored-by: Chumak Nadiia <chumaknadya19@gmail.com>

Feature: Blocklogin restrictions (#1213) (#1214)

  • Feature: Blocklogin restrictions (#1213)

  • Destroy user sessions

  • Add specs and docs

  • Fix: Restrictions specs

Feature: add the ability to update user email by superadmin

Feature: Add rake task for deleting activities && Add documentation

Feature: Add read/delete phones for management API

Feature: Add management API for phone creation

Feature: Add key expiration time and rotation tasks (#1157)

  • Feature: Expire keys stored in memory to avoid memory leak

Feature: Mask last_name, dob, doc_number, phone_number on API level

Feature: Add encryption on profile, phone and document models (#1150)

  • Feature: Add encryption on profile and phone models using symmetric key and weekly based salt

Co-authored-by: Camille <cmeulien@heliostech.fr>

Feature: ability to customize email template logo (#1114)

Fix: Add full match for state triggers

Fix: Add country to user activities

Fix: Prevent label duplication

Fix: mng API to create service account without owner_uid (#1260)

Fix dead links in README 2.6

Fix: Prevent nil error on phone submasking in case of wrong migration

Fix: default ordering for labels to asc

Fix: Missing model annotation after migration

Fix: Reject from retry when JWT:VerificationError raised

Fix: Record activity log after mysql connection lost

Fix: Unify mailer language keys && Add backtrace

Fix: Delete redundant permissions (#1178)

Fix: Docs generation

Fix restriction seed function

Fix: ApiKey creating only on account holder active state && Refactoring

Fix: Add string length limit for encrypted fields

Fix: Skip validation on encrypted migration

Fix: Delete mask fields on management API

Fix: Mailer exit on lost db connection (#1149)

Fix vault initializer

Fix: don't raise error on production if BARONG_VAULT_TOKEN is missing

Fix: Redis sidekiq connection

Fix: Handle Document <-> Facial verification KYCAID (#1134)

Handle OpenURI::HTTPError 404 && avoid OpenURI StringIO creation (#1132)

  • decrease OpenURI::Buffer::StringMax to 0 to force Temfile creation
  • rescue OpenURI::HTTPError in KYCAID workers

Improve the vault token renew process

  • Add logs displaying vault token renew process status
  • Fails from the start if something is wrong in production

Introduce service accounts (#1137)

  • Introduce service accounts
  • Add ability to update user role via Management API

Remove the default value of vault_token (#1151)

  • Remove the default value of vault_token

Update mailer.md

Update ability of compliance and accountant

Compliance and accountant should be able to see Market, Engine, Currency

Update abilities.yml

Update authz rules

Update seeds.yml

Update Barong README and documentation

Update jwt-multisig to 1.0.4

Update vault policies documentation

Update rails to 5.2.4.4 (#1145)

  • Update rails to 5.2.4.4 to reduce vulnerabilities

Co-authored-by: Camille <cmeulien@heliostech.fr>

Update dependencies to latest

Updating SDK tools to 2.6.5

YAML configuration of admins abilities (#1127)

  • Ability to configure admins abilities in abilities.yml
  • Multiple admin roles can be defined with fine access restrictions
  • Use bundler 2.1 and update ruby to 2.6.6

Co-authored-by: Camille Meulien <cmeulien@heliostech.fr>

#Version 2.5.21

Released 2021-04-09

Add CSRF token in API key documentation

Deep_symbolize_keys for VerificationsWorker KYC (#1140)

Enhancement: Update sdk tools version

Enhancement: Add logo and useful links to the README [CI SKIP]

Feature: Ability to reset all users sessions after password reset

Fix: Unify mailer language keys && Add backtrace

Fix: Delete redundant permissions (#1180)

Fix restriction seed function

Fix: Mailer exit on lost db connection (#1152)

Fix: Redis sidekiq connection

Fix: Handle Document <-> Facial verification KYCAID (#1136)

Handle OpenURI::HTTPError 404 && avoid OpenURI StringIO creation (#1133)

  • decrease OpenURI::Buffer::StringMax to 0 to force Temfile creation
  • rescue OpenURI::HTTPError in KYCAID workers

#Version 2.6.44

Released 2021-04-08

Add CSRF token in API key documentation (#1169)

  • Add CSRF token in API key documentation

Add ability for admin to read activity

Add PostgreSQL support

Add migration tasks to version 2.6

Add kycaid.md (#1141)

Add security.md (#1138)

Add secret encrypted to api keys model

Add renew process to vault initializer

Add structure.sql (#1131)

Add ability for admin to create comments (#1121)

Co-authored-by: denisfd <fedorchenko999@gmail.com>

Add private label otp enabled for user (#1084)

Adding barong export task

Apply fixes for kycaid integration

Bump kaigara to 0.1.21

Bump master version to 2.6.0

Bump master version to 2.5.0

Change naming to barong.postmaster.event.mailer and turn off manual_ack for events

Deep_symbolize_keys for VerificationsWorker KYC (#1139)

Enhancement: Add ability to create service account with specific level (#1263)

Enhancement: Bump Kaigara version to 0.1.22

Enhancement: Bump Kaigara version to 0.1.22

Enhancement: Change log for private key loading

Enhancement: Add Kaigara installation to the Dockerfile

Enhancement: Add response types for documentation

Enhancement: Add ability to disable encryption on API level (#1220)

  • Enhancement: Add ability to disable encryption

Enhancement: update sdk-citools version for Drone CI

Enhancement: Add permissions:load rake task (#1197)

Co-authored-by: Valentine Shatravenko <vshatravenko@heliostech.fr>

Enhancement: Update SDK version to 2.6.6

Enhancement: Make APIKey kid field unique

Enhancement: api_keys and users endpoints improvements

  • Add ordering to admin users endpoint
  • Add ordering to admin api_keys endpoint
  • Add ordering to resource api_keys endpoint

Enhancement: JWT expirating and Cache expiration policy improve

  • Change hardcoded 3600 seconds to BARONG_JWT_EXPIRE_TIME env
  • Fix missing expires_in for utilized_tokens
  • Add related specs
  • Rework jwt.decode_and_verify to return uniq error on different validation

Enhancement: raise error on Mysql2::Error::ConnectionError in the mailer

Enhancement: Add ability to use dots, ~ and – in city and address

Enhancement: remove lang param from APIs, stick to user.language logic

Enhancement: add management API - create profile, update :data field

Enhancement: remove api_key signature blacklisting

Enhancement: allow only latest requested token on reset_pass (#1054)

Enhancement: Add created_at and updated_at to profile entities

Feature: Update Kaigara version to 0.1.23

Feature: Ability to reset all users sessions after password reset

Feature: Add IP country for admin user activities api

Feature: Add the support for ERB in management_api.yml (#1267)

Feature: Add username to user's model (#1234)

Co-authored-by: Oleksandr Khlopiachyi <akhlopiachyi@heliostech.fr>

Feature: Add management API endpoints to create/update APIkeys

Feature: Add ability to update owner_uid (#1247)

  • Feature: Add ability to update owner_uid

Co-authored-by: Anna Kulakova <akulakova@heliostech.fr>

Feature: Add ability to register first user with superadmin role

Feature: Auth0 support (#1245)

  • Add Auth0 support for users signup and signin

Feature: Add Document to abilities

Feature: add ordering parameter to get labels endpoint

Feature: Add CI step to update the global version (#1230)

Feature: Mailer improvements (#1202)

  • Add retry mechanism to mailer
  • Add a development guide to use mailer locally
  • Fix event-api loading problem in development environment
  • Remove Spring

Co-authored-by: Chumak Nadiia <chumaknadya19@gmail.com>

Feature: Blocklogin restrictions (#1213) (#1214)

  • Feature: Blocklogin restrictions (#1213)

  • Destroy user sessions

  • Add specs and docs

  • Fix: Restrictions specs

Feature: add the ability to update user email by superadmin

Feature: Add rake task for deleting activities && Add documentation

Feature: Add read/delete phones for management API

Feature: Add management API for phone creation

Feature: Add key expiration time and rotation tasks (#1157)

  • Feature: Expire keys stored in memory to avoid memory leak

Feature: Mask last_name, dob, doc_number, phone_number on API level

Feature: Add encryption on profile, phone and document models (#1150)

  • Feature: Add encryption on profile and phone models using symmetric key and weekly based salt

Co-authored-by: Camille <cmeulien@heliostech.fr>

Feature: ability to customize email template logo (#1114)

Feature: add filters for /resource/users/activity/all endpoint

Feature: post admin/profiles, 2-admin profile approval (#1120)

Feature: Add redis cluster support

Feature: Add email filters (#1085)

Feature: admin endpoint to retrieve user api keys

Feature: introduce category of restrictions, restrictions as firewall (#1061)

Feature: introduce akamai support, add barong_gateway switch

Feature: Add Sentry error tracking system (#1053)

Feature: PUT resource/users/me data field (#1050)

Fix: Add country to user activities

Fix: Prevent label duplication

Fix: mng API to create service account without owner_uid (#1260)

Fix dead links in README 2.6

Fix: Prevent nil error on phone submasking in case of wrong migration

Fix: default ordering for labels to asc

Fix: Missing model annotation after migration

Fix: Reject from retry when JWT:VerificationError raised

Fix: Record activity log after mysql connection lost

Fix: Unify mailer language keys && Add backtrace

Fix: Delete redundant permissions (#1178)

Fix: Docs generation

Fix restriction seed function

Fix: ApiKey creating only on account holder active state && Refactoring

Fix: Add string length limit for encrypted fields

Fix: Skip validation on encrypted migration

Fix: Delete mask fields on management API

Fix: Mailer exit on lost db connection (#1149)

Fix vault initializer

Fix: don't raise error on production if BARONG_VAULT_TOKEN is missing

Fix: Redis sidekiq connection

Fix: Handle Document <-> Facial verification KYCAID (#1134)

Fix: display only uniq list of users with profiles in search request (#1081)

Fix: remove failed login activity on empty otp (#1066)

Fix: Add docs && changelog generation on master branch (#1049)

Handle OpenURI::HTTPError 404 && avoid OpenURI StringIO creation (#1132)

  • decrease OpenURI::Buffer::StringMax to 0 to force Temfile creation
  • rescue OpenURI::HTTPError in KYCAID workers

Improve the vault token renew process

  • Add logs displaying vault token renew process status
  • Fails from the start if something is wrong in production

Introduce service accounts (#1137)

  • Introduce service accounts
  • Add ability to update user role via Management API

KYCAID integration

  • Introduce kyc_provider env
  • Add sidekiq support
  • KYCService as a switcher between kyc modules
  • Introduce KYCAID module
  • Applicant, Document, Address workers
  • Addresses resource API module
  • Public module of API, kyc_callback, duplicate general config API
  • Add applicant_id:string to profiles table
  • Add identificator:string to documents table
  • Add doc_category:string to documents table
  • Add related tests and documentation

Refactor: fix typo in emails, remove inline attachment (#1059)

Refactor: push cloudflare IPs list to rails trusted proxies

Release: 2-4-stable :tada:

Remove the default value of vault_token (#1151)

  • Remove the default value of vault_token

Update mailer.md

Update ability of compliance and accountant

Compliance and accountant should be able to see Market, Engine, Currency

Update abilities.yml

Update authz rules

Update seeds.yml

Update Barong README and documentation

Update jwt-multisig to 1.0.4

Update vault policies documentation

Update rails to 5.2.4.4 (#1145)

  • Update rails to 5.2.4.4 to reduce vulnerabilities

Co-authored-by: Camille <cmeulien@heliostech.fr>

Update dependencies to latest

Update gems

Update .drone.yml (#1073)

Add globbing for building any stable branch

Updating SDK tools to 2.6.5

YAML configuration of admins abilities (#1127)

  • Ability to configure admins abilities in abilities.yml
  • Multiple admin roles can be defined with fine access restrictions
  • Use bundler 2.1 and update ruby to 2.6.6

Co-authored-by: Camille Meulien <cmeulien@heliostech.fr>

#Version 2.4.17

Released 2021-04-08

Add CSRF token in API key documentation (#1171)

  • Add CSRF token in API key documentation

Add private label otp enabled for user (#1076)

Enhancement: Update sdk tools version

Enhancement: Add logo and useful links to the README [CI SKIP]

Enhancement: raise error on Mysql2::Error::ConnectionError in the mailer

Enhancement: JWT expirating and Cache expiration policy improve

  • Change hardcoded 3600 seconds to BARONG_JWT_EXPIRE_TIME env
  • Fix missing expires_in for utilized_tokens
  • Add related specs
  • Rework jwt.decode_and_verify to return uniq error on different validation

Enhancement: Add ability to use dots, ~ and – in city and address

Enhancement: remove lang param from APIs, stick to user.language logic

Enhancement: add management API - create profile, update :data field

Enhancement: remove api_key signature blacklisting

Enhancement: allow only latest requested token on reset_pass (#1054)

Enhancement: Add created_at and updated_at to profile entities

Feature: Ability to reset all users sessions after password reset

Feature: admin endpoint to retrieve user api keys

Feature: introduce category of restrictions, restrictions as firewall (#1061)

Feature: introduce akamai support, add barong_gateway switch

Feature: Add Sentry error tracking system (#1053)

Feature: PUT resource/users/me data field (#1050)

Fix: Mailer exit on lost db connection (#1153)

Fix: display only uniq list of users with profiles in search request (#1082)

Fix: remove failed login activity on empty otp (#1066)

Fix: Add docs && changelog generation on master branch (#1049)

Refactor: fix typo in emails, remove inline attachment (#1059)

Refactor: push cloudflare IPs list to rails trusted proxies (#1047)

Release: 2-4-stable :tada:

#Version 3.0.5

Released 2021-04-08

Enhancement: Update goci version to 0.1.11

Enhancement: Update goci version (#1286)

Enhancement: Update Kaigara version (#1277)

Feature: Ability to reset all users sessions after password reset

Feature: Add IP country for admin user activities api

Feature: Bump version to 3.0.0

Feature: Add ability to use ERB templates in mailer.yml

Feature: Add ability to read JWT private key from string (#1272)

  • Bump mimemagic to 0.3.10

Co-authored-by: Camille Meulien <cmeulien@heliostech.fr>

Fix: Add country to user activities

Fix: JWT_PRIVATE_KEY from env

#Version 2.6.43

Released 2021-04-08

Add CSRF token in API key documentation (#1169)

  • Add CSRF token in API key documentation

Add ability for admin to read activity

Add PostgreSQL support

Add migration tasks to version 2.6

Add kycaid.md (#1141)

Add security.md (#1138)

Add secret encrypted to api keys model

Add renew process to vault initializer

Add structure.sql (#1131)

Add ability for admin to create comments (#1121)

Co-authored-by: denisfd <fedorchenko999@gmail.com>

Add private label otp enabled for user (#1084)

Adding barong export task

Apply fixes for kycaid integration

Bump kaigara to 0.1.21

Bump master version to 2.6.0

Bump master version to 2.5.0

Change naming to barong.postmaster.event.mailer and turn off manual_ack for events

Deep_symbolize_keys for VerificationsWorker KYC (#1139)

Enhancement: Add ability to create service account with specific level (#1263)

Enhancement: Bump Kaigara version to 0.1.22

Enhancement: Bump Kaigara version to 0.1.22

Enhancement: Change log for private key loading

Enhancement: Add Kaigara installation to the Dockerfile

Enhancement: Add response types for documentation

Enhancement: Add ability to disable encryption on API level (#1220)

  • Enhancement: Add ability to disable encryption

Enhancement: update sdk-citools version for Drone CI

Enhancement: Add permissions:load rake task (#1197)

Co-authored-by: Valentine Shatravenko <vshatravenko@heliostech.fr>

Enhancement: Update SDK version to 2.6.6

Enhancement: Make APIKey kid field unique

Enhancement: api_keys and users endpoints improvements

  • Add ordering to admin users endpoint
  • Add ordering to admin api_keys endpoint
  • Add ordering to resource api_keys endpoint

Enhancement: JWT expirating and Cache expiration policy improve

  • Change hardcoded 3600 seconds to BARONG_JWT_EXPIRE_TIME env
  • Fix missing expires_in for utilized_tokens
  • Add related specs
  • Rework jwt.decode_and_verify to return uniq error on different validation

Enhancement: raise error on Mysql2::Error::ConnectionError in the mailer

Enhancement: Add ability to use dots, ~ and – in city and address

Enhancement: remove lang param from APIs, stick to user.language logic

Enhancement: add management API - create profile, update :data field

Enhancement: remove api_key signature blacklisting

Enhancement: allow only latest requested token on reset_pass (#1054)

Enhancement: Add created_at and updated_at to profile entities

Feature: Ability to reset all users sessions after password reset

Feature: Add IP country for admin user activities api

Feature: Add the support for ERB in management_api.yml (#1267)

Feature: Add username to user's model (#1234)

Co-authored-by: Oleksandr Khlopiachyi <akhlopiachyi@heliostech.fr>

Feature: Add management API endpoints to create/update APIkeys

Feature: Add ability to update owner_uid (#1247)

  • Feature: Add ability to update owner_uid

Co-authored-by: Anna Kulakova <akulakova@heliostech.fr>

Feature: Add ability to register first user with superadmin role

Feature: Auth0 support (#1245)

  • Add Auth0 support for users signup and signin

Feature: Add Document to abilities

Feature: add ordering parameter to get labels endpoint

Feature: Add CI step to update the global version (#1230)

Feature: Mailer improvements (#1202)

  • Add retry mechanism to mailer
  • Add a development guide to use mailer locally
  • Fix event-api loading problem in development environment
  • Remove Spring

Co-authored-by: Chumak Nadiia <chumaknadya19@gmail.com>

Feature: Blocklogin restrictions (#1213) (#1214)

  • Feature: Blocklogin restrictions (#1213)

  • Destroy user sessions

  • Add specs and docs

  • Fix: Restrictions specs

Feature: add the ability to update user email by superadmin

Feature: Add rake task for deleting activities && Add documentation

Feature: Add read/delete phones for management API

Feature: Add management API for phone creation

Feature: Add key expiration time and rotation tasks (#1157)

  • Feature: Expire keys stored in memory to avoid memory leak

Feature: Mask last_name, dob, doc_number, phone_number on API level

Feature: Add encryption on profile, phone and document models (#1150)

  • Feature: Add encryption on profile and phone models using symmetric key and weekly based salt

Co-authored-by: Camille <cmeulien@heliostech.fr>

Feature: ability to customize email template logo (#1114)

Feature: add filters for /resource/users/activity/all endpoint

Feature: post admin/profiles, 2-admin profile approval (#1120)

Feature: Add redis cluster support

Feature: Add email filters (#1085)

Feature: admin endpoint to retrieve user api keys

Feature: introduce category of restrictions, restrictions as firewall (#1061)

Feature: introduce akamai support, add barong_gateway switch

Feature: Add Sentry error tracking system (#1053)

Feature: PUT resource/users/me data field (#1050)

Fix: Add country to user activities

Fix: Prevent label duplication

Fix: mng API to create service account without owner_uid (#1260)

Fix dead links in README 2.6

Fix: Prevent nil error on phone submasking in case of wrong migration

Fix: default ordering for labels to asc

Fix: Missing model annotation after migration

Fix: Reject from retry when JWT:VerificationError raised

Fix: Record activity log after mysql connection lost

Fix: Unify mailer language keys && Add backtrace

Fix: Delete redundant permissions (#1178)

Fix: Docs generation

Fix restriction seed function

Fix: ApiKey creating only on account holder active state && Refactoring

Fix: Add string length limit for encrypted fields

Fix: Skip validation on encrypted migration

Fix: Delete mask fields on management API

Fix: Mailer exit on lost db connection (#1149)

Fix vault initializer

Fix: don't raise error on production if BARONG_VAULT_TOKEN is missing

Fix: Redis sidekiq connection

Fix: Handle Document <-> Facial verification KYCAID (#1134)

Fix: display only uniq list of users with profiles in search request (#1081)

Fix: remove failed login activity on empty otp (#1066)

Fix: Add docs && changelog generation on master branch (#1049)

Handle OpenURI::HTTPError 404 && avoid OpenURI StringIO creation (#1132)

  • decrease OpenURI::Buffer::StringMax to 0 to force Temfile creation
  • rescue OpenURI::HTTPError in KYCAID workers

Improve the vault token renew process

  • Add logs displaying vault token renew process status
  • Fails from the start if something is wrong in production

Introduce service accounts (#1137)

  • Introduce service accounts
  • Add ability to update user role via Management API

KYCAID integration

  • Introduce kyc_provider env
  • Add sidekiq support
  • KYCService as a switcher between kyc modules
  • Introduce KYCAID module
  • Applicant, Document, Address workers
  • Addresses resource API module
  • Public module of API, kyc_callback, duplicate general config API
  • Add applicant_id:string to profiles table
  • Add identificator:string to documents table
  • Add doc_category:string to documents table
  • Add related tests and documentation

Refactor: fix typo in emails, remove inline attachment (#1059)

Refactor: push cloudflare IPs list to rails trusted proxies

Release: 2-4-stable :tada:

Remove the default value of vault_token (#1151)

  • Remove the default value of vault_token

Update mailer.md

Update ability of compliance and accountant

Compliance and accountant should be able to see Market, Engine, Currency

Update abilities.yml

Update authz rules

Update seeds.yml

Update Barong README and documentation

Update jwt-multisig to 1.0.4

Update vault policies documentation

Update rails to 5.2.4.4 (#1145)

  • Update rails to 5.2.4.4 to reduce vulnerabilities

Co-authored-by: Camille <cmeulien@heliostech.fr>

Update dependencies to latest

Update gems

Update .drone.yml (#1073)

Add globbing for building any stable branch

Updating SDK tools to 2.6.5

YAML configuration of admins abilities (#1127)

  • Ability to configure admins abilities in abilities.yml
  • Multiple admin roles can be defined with fine access restrictions
  • Use bundler 2.1 and update ruby to 2.6.6

Co-authored-by: Camille Meulien <cmeulien@heliostech.fr>

#Version 2.4.16

Released 2021-04-08

Add CSRF token in API key documentation (#1171)

  • Add CSRF token in API key documentation

Add private label otp enabled for user (#1076)

Enhancement: Update sdk tools version

Enhancement: Add logo and useful links to the README [CI SKIP]

Enhancement: raise error on Mysql2::Error::ConnectionError in the mailer

Enhancement: JWT expirating and Cache expiration policy improve

  • Change hardcoded 3600 seconds to BARONG_JWT_EXPIRE_TIME env
  • Fix missing expires_in for utilized_tokens
  • Add related specs
  • Rework jwt.decode_and_verify to return uniq error on different validation

Enhancement: Add ability to use dots, ~ and – in city and address

Enhancement: remove lang param from APIs, stick to user.language logic

Enhancement: add management API - create profile, update :data field

Enhancement: remove api_key signature blacklisting

Enhancement: allow only latest requested token on reset_pass (#1054)

Enhancement: Add created_at and updated_at to profile entities

Feature: Ability to reset all users sessions after password reset

Feature: admin endpoint to retrieve user api keys

Feature: introduce category of restrictions, restrictions as firewall (#1061)

Feature: introduce akamai support, add barong_gateway switch

Feature: Add Sentry error tracking system (#1053)

Feature: PUT resource/users/me data field (#1050)

Fix: Mailer exit on lost db connection (#1153)

Fix: display only uniq list of users with profiles in search request (#1082)

Fix: remove failed login activity on empty otp (#1066)

Fix: Add docs && changelog generation on master branch (#1049)

Refactor: fix typo in emails, remove inline attachment (#1059)

Refactor: push cloudflare IPs list to rails trusted proxies (#1047)

Release: 2-4-stable :tada:

#Version 3.0.4

Released 2021-04-08

Enhancement: Update goci version to 0.1.11

#Version 3.0.3

Released 2021-04-08

Enhancement: Update goci version (#1286)

#Version 3.0.2

Released 2021-04-08

Enhancement: Update Kaigara version (#1277)

Feature: Add IP country for admin user activities api

Feature: Bump version to 3.0.0

Feature: Add ability to use ERB templates in mailer.yml

Feature: Add ability to read JWT private key from string (#1272)

  • Bump mimemagic to 0.3.10

Co-authored-by: Camille Meulien <cmeulien@heliostech.fr>

Fix: Add country to user activities

Fix: JWT_PRIVATE_KEY from env

#Version 2.6.42

Released 2021-04-08

Fix: Add country to user activities

#Version 2.6.41

Released 2021-04-07

Feature: Add IP country for admin user activities api

#Version 3.0.1

Released 2021-04-07

Feature: Add IP country for admin user activities api

#Version 3.0.0

Released 2021-04-06

Enhancement: Update Kaigara version (#1277)

Feature: Bump version to 3.0.0

Feature: Add ability to use ERB templates in mailer.yml

Feature: Add ability to read JWT private key from string (#1272)

  • Bump mimemagic to 0.3.10

Co-authored-by: Camille Meulien <cmeulien@heliostech.fr>

Feature: Add the support for ERB in management_api.yml (#1267)

Fix: JWT_PRIVATE_KEY from env

#Version 2.6.40

Released 2021-03-25

Fix: Prevent label duplication

#Version 2.6.39

Released 2021-03-23

Feature: Add username to user's model (#1234)

Co-authored-by: Oleksandr Khlopiachyi <akhlopiachyi@heliostech.fr>

#Version 2.6.38

Released 2021-03-22

Enhancement: Add ability to create service account with specific level (#1263)

#Version 2.6.37

Released 2021-03-18

Enhancement: Bump Kaigara version to 0.1.22

Enhancement: Bump Kaigara version to 0.1.22

#Version 2.6.36

Released 2021-03-18

Bump kaigara to 0.1.21

#Version 2.6.35

Released 2021-03-10

Fix: mng API to create service account without owner_uid (#1260)

#Version 2.6.34

Released 2021-03-10

Enhancement: Change log for private key loading

#Version 2.6.33

Released 2021-03-03

Enhancement: Add Kaigara installation to the Dockerfile

Fix dead links in README 2.6

Update mailer.md

#Version 2.6.32

Released 2021-02-26

Feature: Add management API endpoints to create/update APIkeys

#Version 2.6.31

Released 2021-02-22

Feature: Add ability to update owner_uid (#1247)

  • Feature: Add ability to update owner_uid

Co-authored-by: Anna Kulakova <akulakova@heliostech.fr>

#Version 2.6.30

Released 2021-02-16

Feature: Add ability to register first user with superadmin role

#Version 2.6.29

Released 2021-02-12

Feature: Auth0 support (#1245)

  • Add Auth0 support for users signup and signin

#Version 2.6.28

Released 2021-02-12

Feature: Add Document to abilities

#Version 2.6.27

Released 2021-02-05

Fix: Prevent nil error on phone submasking in case of wrong migration

#Version 2.6.26

Released 2021-01-28

Fix: default ordering for labels to asc

#Version 2.6.25

Released 2021-01-27

Feature: add ordering parameter to get labels endpoint

#Version 2.6.24

Released 2021-01-22

Feature: Add CI step to update the global version (#1230)

#Version 2.6.23

Released 2021-01-21

Fix: Missing model annotation after migration

#Version 2.6.22

Released 2021-01-19

Enhancement: Add response types for documentation

#Version 2.6.21

Released 2021-01-18

Feature: Mailer improvements (#1202)

  • Add retry mechanism to mailer
  • Add a development guide to use mailer locally
  • Fix event-api loading problem in development environment
  • Remove Spring

Co-authored-by: Chumak Nadiia <chumaknadya19@gmail.com>

Fix: Reject from retry when JWT:VerificationError raised

#Version 2.6.20

Released 2021-01-15

Fix: Record activity log after mysql connection lost

#Version 2.6.19

Released 2021-01-15

Enhancement: Add ability to disable encryption on API level (#1220)

  • Enhancement: Add ability to disable encryption

#Version 2.6.18

Released 2020-12-29

Ability to update and delete users profiles (#913)

Update profile API

Co-authored-by: chumaknadya <chumaknadya19@gmail.com> Co-authored-by: mnaichuk <mnaichuk@heliostech.fr>

Add CSRF token in API key documentation (#1169)

  • Add CSRF token in API key documentation

Add ability for admin to read activity

Add PostgreSQL support

Add migration tasks to version 2.6

Add kycaid.md (#1141)

Add security.md (#1138)

Add secret encrypted to api keys model

Add renew process to vault initializer

Add structure.sql (#1131)

Add ability for admin to create comments (#1121)

Co-authored-by: denisfd <fedorchenko999@gmail.com>

Add private label otp enabled for user (#1084)

Add ability to configure upload-related configuration (#1016)

Add description field to labels

Add cloudflare middleware to improve remote_ip (#965)

  • Add fetch CloudFlare IPv4 & IPv6 ip range lists in dockerfile
  • Switch to pure remote_ip in Grape module
  • Introduce CloudFlareMiddleware as a lib class
  • Design CloudFlareMiddleware class to exclude proxy ips
  • Add comments and explanations for CloudFlareMiddleware
  • Add default config/cloudflare_ips.yml

Add topic to CU on admin/permissions

Add redis - hiredis dependency, specify driver in dev env (#951)

Add ability to configure aws_signature_version && endpoint (#947)

Add session autorenew

Add the support of twilio verify API (#928)

  • Support of twilio verify API

Add missing labels event api documentation

Add system.session.create event with user and request_ip data (#916)

Add AliCloud Uploader (#926)

  • Print backtrace on 500

  • Add Ali uploader

  • Disable fetching uploader from env

Add ability to disable 2fa (#925)

Add ability to skip label creation on doc save (#922)

Add ability to restrict by geoip (#920)

  • Add ability to restrict by geoip

    • City
    • Country
    • Continent
  • Remove city

  • Update Dockerfile

Add :upload in list of params to be filtered

Add AliCloud Carrierwave storage provider (#911)

Add state to Profile model (#910)

Add endpoint for delete restriction (#902)

Add Management API: push document for user

Add validation for referral && Add ability to get referral uid

Add Resctrictions (#891)

Add rake task for load users and balances (#885)

Add ability to configure sms content for phone verification (#877)

  • Refactor phones_spec to improve readability

Adding barong export task

Allow blank doc_expire for documents controllers

Allow pending user to open session (#881)

Apply fixes for kycaid integration

Avoid no method error UTC for nil entities (#921)

Bump master version to 2.6.0

Bump master version to 2.5.0

Bump nokogiri from 1.10.5 to 1.10.8 (#1023)

Bumps nokogiri from 1.10.5 to 1.10.8.

Signed-off-by: dependabot[bot] <support@github.com>

Bump rack from 2.0.7 to 2.0.8 (#987)

Bumps rack from 2.0.7 to 2.0.8.

Signed-off-by: dependabot[bot] <support@github.com>

Bump puma from 3.12.1 to 3.12.2 (#982)

Bumps puma from 3.12.1 to 3.12.2.

Signed-off-by: dependabot[bot] <support@github.com>

Bump excon from 0.67.0 to 0.71.0 (#984)

Bumps excon from 0.67.0 to 0.71.0.

Signed-off-by: dependabot[bot] <support@github.com>

Change naming to barong.postmaster.event.mailer and turn off manual_ack for events

Create roadmap.md

Deep_symbolize_keys for VerificationsWorker KYC (#1139)

Define DocumentTypes class for flexible doc type configuration (#935)

Enhancement: update sdk-citools version for Drone CI

Enhancement: Add permissions:load rake task (#1197)

Co-authored-by: Valentine Shatravenko <vshatravenko@heliostech.fr>

Enhancement: Update SDK version to 2.6.6

Enhancement: Make APIKey kid field unique

Enhancement: api_keys and users endpoints improvements

  • Add ordering to admin users endpoint
  • Add ordering to admin api_keys endpoint
  • Add ordering to resource api_keys endpoint

Enhancement: JWT expirating and Cache expiration policy improve

  • Change hardcoded 3600 seconds to BARONG_JWT_EXPIRE_TIME env
  • Fix missing expires_in for utilized_tokens
  • Add related specs
  • Rework jwt.decode_and_verify to return uniq error on different validation

Enhancement: raise error on Mysql2::Error::ConnectionError in the mailer

Enhancement: Add ability to use dots, ~ and – in city and address

Enhancement: remove lang param from APIs, stick to user.language logic

Enhancement: add management API - create profile, update :data field

Enhancement: remove api_key signature blacklisting

Enhancement: allow only latest requested token on reset_pass (#1054)

Enhancement: Add created_at and updated_at to profile entities

Enhancement: Redeploy on master.devkube.com on every master push (#1038)

Enhancement: disallow using nonce in api key twice (#1030)

Enhancement: avoid errors on missing configurations (#1033)

Enhancement: raise fatal error if cant connect to redis in production (#1032)

Enhancement: security updates (#1021)

  • Make default protection with captcha on email send endpoints
  • Allow to configurate endpoints you want to protect with captcha
  • Prevent user enumeration on identity/* endpoints

Enhancement: minor fixes and improvments (#1020)

  • Change log level in lib to debug
  • Fix documentation junk
  • Protect from empty POST PATCH body in activity logger
  • Add common private ips filtering along to cloudflare ips

Enhancement: improve log coverage, fix log_level config in prod env (#1008)

Enhancement: improve twilio client error mapping (#988)

Enhancement: referral_uid as optional param in users management API (#990)

Enhancement: improve date validation with :required_docs_expire false (#989)

Enhancement: always render 201 on reset_password API (#985)

Enhauncement: Configuration unifying & documentation (#1001)

  • BREACKINGCHANGE: now all configuration ENVs starts with BARONG

Enhauncement: rework captcha policy, add documentation (#994)

Event API changes: remove blocking check for on_update events (#933)

Feature: Blocklogin restrictions (#1213) (#1214)

  • Feature: Blocklogin restrictions (#1213)

  • Destroy user sessions

  • Add specs and docs

  • Fix: Restrictions specs

Feature: add the ability to update user email by superadmin

Feature: Add rake task for deleting activities && Add documentation

Feature: Add read/delete phones for management API

Feature: Add management API for phone creation

Feature: Add key expiration time and rotation tasks (#1157)

  • Feature: Expire keys stored in memory to avoid memory leak

Feature: Mask last_name, dob, doc_number, phone_number on API level

Feature: Add encryption on profile, phone and document models (#1150)

  • Feature: Add encryption on profile and phone models using symmetric key and weekly based salt

Co-authored-by: Camille <cmeulien@heliostech.fr>

Feature: ability to customize email template logo (#1114)

Feature: add filters for /resource/users/activity/all endpoint

Feature: post admin/profiles, 2-admin profile approval (#1120)

Feature: Add redis cluster support

Feature: Add email filters (#1085)

Feature: admin endpoint to retrieve user api keys

Feature: introduce category of restrictions, restrictions as firewall (#1061)

Feature: introduce akamai support, add barong_gateway switch

Feature: Add Sentry error tracking system (#1053)

Feature: PUT resource/users/me data field (#1050)

Feature: new email templates (#1041)

Feature: Ability to send emails (#959)

  • Feature: Ability to send emails

  • Feature: new email template (#1036)

Co-authored-by: Yehor <ychumak@heliostech.fr> Co-authored-by: Andrew Peresada <kohelbekker@gmail.com> Co-authored-by: Louis <lbellet@openware.com>

Feature: Add ability to support multiple profiles (#1015)

Co-authored-by: Chumak Nadiia <chumaknadya19@gmail.com>

Feature: rework password validation policy (#1006)

Feature: Make processes and threads configurable (#1005)

Feature: introduce CSRF protection (#986)

Feature: GET /identity/configs - tiny configurations endpoint (#1004)

Feature: add DataStorages

  • Add data_storages table, model, related validations
  • Add resource/data_storage API
  • Include data_storages in extended api enitities
  • Add automate label on every data_storage record with key = title
  • Add data_storage_titles configuration to barong.yml
  • Add ability to whitelist titles
  • Add freezed BLACKLISTED_TITLES array
  • Add specs

Feature: new drone steps for telegram notification and docs (#974)

Feature: add configuration and troubleshooting docs (#970)

Feature: Update the CI to use SDK for version bumps (#969)

Feature: allow # \ () & ' : " in profile residental address field (#950)

Feature Ability to change UID prefix with BARONG_UID_PREFIX=ABC

Feature: Add redeploy on devkube step to drone (#874)

Fix: Unify mailer language keys && Add backtrace

Fix: Delete redundant permissions (#1178)

Fix: Docs generation

Fix restriction seed function

Fix: ApiKey creating only on account holder active state && Refactoring

Fix: Add string length limit for encrypted fields

Fix: Skip validation on encrypted migration

Fix: Delete mask fields on management API

Fix: Mailer exit on lost db connection (#1149)

Fix vault initializer

Fix: don't raise error on production if BARONG_VAULT_TOKEN is missing

Fix: Redis sidekiq connection

Fix: Handle Document <-> Facial verification KYCAID (#1134)

Fix: display only uniq list of users with profiles in search request (#1081)

Fix: remove failed login activity on empty otp (#1066)

Fix: Add docs && changelog generation on master branch (#1049)

Fix: Association issue (#1039)

Fix: get rid of wrong unicode symbol

Fix: password_min_entropy expose in /configs issue

Fix: add missing redis_url in Barong::App.config (#1007)

Fix: changes in recaptcha verification behaviour (#1002)

  • Specify secret_key to avoid captcha env configuration misunderstanding

Fix: Support new MaxmindDB download policy (#999)

  • Fix: Support new MaxmindDB download policy

  • Fix dates in specs

  • Enhauncement: update sdk version

Co-authored-by: chumaknadya <chumaknadya19@gmail.com>

Fix: Update Drone CI pipelines for master branch (#979)

Fix: Rake task for notification updated (#976)

Fix structure of event API messages (#912)

Fix rollback to pending state, add missing data in entities (#914)

fix: Gemfile & Gemfile.lock to reduce vulnerabilities (#1040)

The following vulnerabilities are fixed with an upgrade:

fix: Gemfile & Gemfile.lock to reduce vulnerabilities (#1027)

The following vulnerabilities are fixed with an upgrade:

Flexible state - labels flow (#907)

  • Add data json field to user model
  • Add activation_requirements
  • Add state_triggers
  • Add session opening on signup
  • Allow pending users to pass AuthZ
  • Switch to state-label dependency and related
  • Rename discarded to deleted, remove old code
  • Remove keys limits, limit data to 1024 chars, add locked and new yml format
  • Remove extended, fix specs, fix ALL state calculating, change yml format
  • Open session on email confirmation
  • Change data position in DB, add validate_length_of
  • Improve test coverage

Get rid of 'serialize: JSON', accept 'metadata' as json instead of pure hash (#930)

Handle OpenURI::HTTPError 404 && avoid OpenURI StringIO creation (#1132)

  • decrease OpenURI::Buffer::StringMax to 0 to force Temfile creation
  • rescue OpenURI::HTTPError in KYCAID workers

Handle Vault errors on POST /api/v2/resource/api_keys (#918)

Improve the vault token renew process

  • Add logs displaying vault token renew process status
  • Fails from the start if something is wrong in production

Introduce service accounts (#1137)

  • Introduce service accounts
  • Add ability to update user role via Management API

Introduce MockPhoneVerifyService (#941)

  • Introduce MockPhoneVerify service

  • Change verify_code returning value type to bool

  • Clean TwilioSmsSendService micro code

  • Make phone always accept code with 'mock' MockPhoneVerifyService

KYCAID integration

  • Introduce kyc_provider env
  • Add sidekiq support
  • KYCService as a switcher between kyc modules
  • Introduce KYCAID module
  • Applicant, Document, Address workers
  • Addresses resource API module
  • Public module of API, kyc_callback, duplicate general config API
  • Add applicant_id:string to profiles table
  • Add identificator:string to documents table
  • Add doc_category:string to documents table
  • Add related tests and documentation

Make labels acts_as_eventable on: [create update] (#936)

Profile act as eventable on update

Protect superadmin against changes from non-superadmin users (#955)

  • Remove redis-store gem

Refactor: fix typo in emails, remove inline attachment (#1059)

Refactor: push cloudflare IPs list to rails trusted proxies

Release: 2-4-stable :tada:

Remove the default value of vault_token (#1151)

  • Remove the default value of vault_token

Reorganize docs && add password_hashing.md (#964)

Server side sessions via cache_store (#949)

Resolve session expiration and improve cookie hijacking issues by comparing ip network and user_agent

  • Return '.to_i' value for integer types in 'Barong::App.config'
  • Add 'hiredis' gem
  • Refactor session opening
  • Add additional 'IP' and 'Agent' fields in session
  • Switch from cookie_store to cache_store
  • Add additional AuthZ step 'validate_session!'
  • Introduce additional 'IP' and 'Agent' validations
  • Rework 'expire_time' logic
  • Add renew 'expire_time' logic on every private request
  • Add '/auth/sessions_spec' tests module

Session related improvements (#977)

  • Comment out standard rails development cache configurations
  • Force production and development envs to use rediscache_store as session and cache_ store
  • Make session name to be configurable through BARONG_SESSION_NAME env
  • Cosmetic improvments in sessions_store.rb due to code style rules
  • Remove session[:init] in auth to avoid initing empty sessions (apikey)

Setup redeploy on devkube (#1035)

Simple GET levels requirements endpoint for admin (#932)

Simple rake task to create users and api keys (#816)

  • Simple rake task to create users and api keys
  • Updating gems and ruby version and corrections
  • now event api use the keystore

Small fixes in document and profile model (#887) (#901)

  • Allow ; / , . in profile residential address field
  • Allow required_docs_expire to accept string instead bool

Support 'with replace' policy on labels update (#915)

UPDATES: sessions delete, permissions update, log error on 500 (#917)

  • Add ability to change all fields in permissions

  • Return 404 on sessions delete if session is not valid

  • Log Error on 500

Unify params by extending Grape::Helpers (#968)

  • Move :page and :limit to API::V2 as :pagination_filters
  • Move :from and :to to API::V2 as :timeperiod_filters
  • Move :topic, :action, :uid, :email to API::V2::Admin as :activity_attributes

Update ability of compliance and accountant

Compliance and accountant should be able to see Market, Engine, Currency

Update abilities.yml

Update authz rules

Update seeds.yml

Update Barong README and documentation

Update jwt-multisig to 1.0.4

Update vault policies documentation

Update rails to 5.2.4.4 (#1145)

  • Update rails to 5.2.4.4 to reduce vulnerabilities

Co-authored-by: Camille <cmeulien@heliostech.fr>

Update dependencies to latest

Update gems

Update .drone.yml (#1073)

Add globbing for building any stable branch

Update loofah && nokogiri && rack-cors versions (#975)

Update storage-related gems (#957)

  • Update carrierwave to version 2.0.2
  • Add fog-core gem version 2.1.0
  • Update fog-aws to 3.5.2
  • Update fog-google 1.9.1
  • Update fog-aliyun 0.3.5
  • Add minio to backend.yml

Update ruby to 2.6.5 for security reasons

Update seeds.yml (#934)

Update Barong::App validations (#904)

Update nokogiri version (Command injection) (#906)

Update models' annotations (#895)

Update to ruby 2.6.3 and rails 5.2.3, fix binstubs issue

Updating SDK tools to 2.6.5

Updating gem multisign and jwt [ci skip]

Use uid instead of id on profile update && delete api

Use CGI::escape instead of pure url in documents event api

Use Barong::App.config.barong_uid_prefix in referral validation (#923)

YAML configuration of admins abilities (#1127)

  • Ability to configure admins abilities in abilities.yml
  • Multiple admin roles can be defined with fine access restrictions
  • Use bundler 2.1 and update ruby to 2.6.6

Co-authored-by: Camille Meulien <cmeulien@heliostech.fr>

#Version 2.2.26

Released 2020-12-24

Add ability to configure aws_signature_version && endpoint (#947) (#960)

Add ability to configure sms content for phone verification (#877)

  • Refactor phones_spec to improve readability

Enhancement: Update sdk tools version

Extend doc_type inclusion list, make validation case insensitive (#884)

Small fixes in document and profile model (#887)

  • Allow ; / , . in profile residential address field
  • Allow required_docs_expire to accept string instead bool

Update Barong::App validations (#904) (#962)

Update drone for build images for branch 2-2-stable

#Version 2.5.20

Released 2020-12-24

Add CSRF token in API key documentation

Add structure.sql (#1131)

Add ability for admin to create comments (#1121)

Co-authored-by: denisfd <fedorchenko999@gmail.com>

Add private label otp enabled for user (#1084)

Add ability to configure upload-related configuration (#1016)

Add description field to labels

Apply fixes for kycaid integration

Bump master version to 2.5.0

Bump nokogiri from 1.10.5 to 1.10.8 (#1023)

Bumps nokogiri from 1.10.5 to 1.10.8.

Signed-off-by: dependabot[bot] <support@github.com>

Bump rack from 2.0.7 to 2.0.8 (#987)

Bumps rack from 2.0.7 to 2.0.8.

Signed-off-by: dependabot[bot] <support@github.com>

Bump puma from 3.12.1 to 3.12.2 (#982)

Bumps puma from 3.12.1 to 3.12.2.

Signed-off-by: dependabot[bot] <support@github.com>

Bump excon from 0.67.0 to 0.71.0 (#984)

Bumps excon from 0.67.0 to 0.71.0.

Signed-off-by: dependabot[bot] <support@github.com>

Create roadmap.md

Deep_symbolize_keys for VerificationsWorker KYC (#1140)

Enhancement: Update sdk tools version

Enhancement: Add logo and useful links to the README [CI SKIP]

Enhancement: api_keys and users endpoints improvements

  • Add ordering to admin users endpoint
  • Add ordering to admin api_keys endpoint
  • Add ordering to resource api_keys endpoint

Enhancement: JWT expirating and Cache expiration policy improve

  • Change hardcoded 3600 seconds to BARONG_JWT_EXPIRE_TIME env
  • Fix missing expires_in for utilized_tokens
  • Add related specs
  • Rework jwt.decode_and_verify to return uniq error on different validation

Enhancement: raise error on Mysql2::Error::ConnectionError in the mailer

Enhancement: Add ability to use dots, ~ and – in city and address

Enhancement: remove lang param from APIs, stick to user.language logic

Enhancement: add management API - create profile, update :data field

Enhancement: remove api_key signature blacklisting

Enhancement: allow only latest requested token on reset_pass (#1054)

Enhancement: Add created_at and updated_at to profile entities

Enhancement: Redeploy on master.devkube.com on every master push (#1038)

Enhancement: disallow using nonce in api key twice (#1030)

Enhancement: avoid errors on missing configurations (#1033)

Enhancement: raise fatal error if cant connect to redis in production (#1032)

Enhancement: security updates (#1021)

  • Make default protection with captcha on email send endpoints
  • Allow to configurate endpoints you want to protect with captcha
  • Prevent user enumeration on identity/* endpoints

Enhancement: minor fixes and improvments (#1020)

  • Change log level in lib to debug
  • Fix documentation junk
  • Protect from empty POST PATCH body in activity logger
  • Add common private ips filtering along to cloudflare ips

Enhancement: improve log coverage, fix log_level config in prod env (#1008)

Enhancement: improve twilio client error mapping (#988)

Enhancement: referral_uid as optional param in users management API (#990)

Enhancement: improve date validation with :required_docs_expire false (#989)

Enhancement: always render 201 on reset_password API (#985)

Enhauncement: Configuration unifying & documentation (#1001)

  • BREACKINGCHANGE: now all configuration ENVs starts with BARONG

Enhauncement: rework captcha policy, add documentation (#994)

Feature: add filters for /resource/users/activity/all endpoint

Feature: post admin/profiles, 2-admin profile approval (#1120)

Feature: Add redis cluster support

Feature: Add email filters (#1085)

Feature: admin endpoint to retrieve user api keys

Feature: introduce category of restrictions, restrictions as firewall (#1061)

Feature: introduce akamai support, add barong_gateway switch

Feature: Add Sentry error tracking system (#1053)

Feature: PUT resource/users/me data field (#1050)

Feature: new email templates (#1041)

Feature: Ability to send emails (#959)

  • Feature: Ability to send emails

  • Feature: new email template (#1036)

Co-authored-by: Yehor <ychumak@heliostech.fr> Co-authored-by: Andrew Peresada <kohelbekker@gmail.com> Co-authored-by: Louis <lbellet@openware.com>

Feature: Add ability to support multiple profiles (#1015)

Co-authored-by: Chumak Nadiia <chumaknadya19@gmail.com>

Feature: rework password validation policy (#1006)

Feature: Make processes and threads configurable (#1005)

Feature: introduce CSRF protection (#986)

Feature: GET /identity/configs - tiny configurations endpoint (#1004)

Feature: add DataStorages

  • Add data_storages table, model, related validations
  • Add resource/data_storage API
  • Include data_storages in extended api enitities
  • Add automate label on every data_storage record with key = title
  • Add data_storage_titles configuration to barong.yml
  • Add ability to whitelist titles
  • Add freezed BLACKLISTED_TITLES array
  • Add specs

Feature: new drone steps for telegram notification and docs (#974)

fix: Gemfile & Gemfile.lock to reduce vulnerabilities (#1040)

The following vulnerabilities are fixed with an upgrade:

fix: Gemfile & Gemfile.lock to reduce vulnerabilities (#1027)

The following vulnerabilities are fixed with an upgrade:

Fix: Unify mailer language keys && Add backtrace

Fix: Delete redundant permissions (#1180)

Fix restriction seed function

Fix: Mailer exit on lost db connection (#1152)

Fix: Redis sidekiq connection

Fix: Handle Document <-> Facial verification KYCAID (#1136)

Fix: display only uniq list of users with profiles in search request (#1081)

Fix: remove failed login activity on empty otp (#1066)

Fix: Add docs && changelog generation on master branch (#1049)

Fix: Association issue (#1039)

Fix: get rid of wrong unicode symbol

Fix: password_min_entropy expose in /configs issue

Fix: add missing redis_url in Barong::App.config (#1007)

Fix: changes in recaptcha verification behaviour (#1002)

  • Specify secret_key to avoid captcha env configuration misunderstanding

Fix: Support new MaxmindDB download policy (#999)

  • Fix: Support new MaxmindDB download policy

  • Fix dates in specs

  • Enhauncement: update sdk version

Co-authored-by: chumaknadya <chumaknadya19@gmail.com>

Fix: Update Drone CI pipelines for master branch (#979)

Fix: Rake task for notification updated (#976)

Handle OpenURI::HTTPError 404 && avoid OpenURI StringIO creation (#1133)

  • decrease OpenURI::Buffer::StringMax to 0 to force Temfile creation
  • rescue OpenURI::HTTPError in KYCAID workers

KYCAID integration

  • Introduce kyc_provider env
  • Add sidekiq support
  • KYCService as a switcher between kyc modules
  • Introduce KYCAID module
  • Applicant, Document, Address workers
  • Addresses resource API module
  • Public module of API, kyc_callback, duplicate general config API
  • Add applicant_id:string to profiles table
  • Add identificator:string to documents table
  • Add doc_category:string to documents table
  • Add related tests and documentation

Refactor: fix typo in emails, remove inline attachment (#1059)

Refactor: push cloudflare IPs list to rails trusted proxies

Release: 2-4-stable :tada:

Session related improvements (#977)

  • Comment out standard rails development cache configurations
  • Force production and development envs to use rediscache_store as session and cache_ store
  • Make session name to be configurable through BARONG_SESSION_NAME env
  • Cosmetic improvments in sessions_store.rb due to code style rules
  • Remove session[:init] in auth to avoid initing empty sessions (apikey)

Setup redeploy on devkube (#1035)

Update gems

Update .drone.yml (#1073)

Add globbing for building any stable branch

#Version 2.3.51

Released 2020-12-24

Add ability to configure upload-related configuration (#1017)

Enhancement: Update sdk tools version

Enhancement: Minor fixes and improvements (#1019)

  • Filter out common private IPs along with Cloudflare IPs
  • Improve log coverage in debug mode
  • Protect from empty body in POST PATCH requests in activity logger

Enhauncement: rework captcha policy, add documentation (#994)

Feature: rework password validation policy (#1006)

Feature: Add docs generated step in drone pipeline (#978)

Fix: small changes in profile flow (#1126)

Fix: changes in recaptcha verification behaviour (#1002)

  • Specify secret_key to avoid captcha env configuration misunderstanding

Fix: Support new MaxmindDB download policy (#1000)

  • Fix: Support new MaxmindDB download policy

  • Fix dates in specs

  • Enhauncement: update sdk version

Co-authored-by: chumaknadya <chumaknadya19@gmail.com>

Refactor: push cloudflare IPs list to rails trusted proxies (#1046)

Session related improvements

  • Comment out standard rails development cache configurations
  • Force production and development envs to use rediscache_store as session and cache_ store
  • Make session name to be configurable through BARONG_SESSION_NAME env
  • Cosmetic improvments in sessions_store.rb due to code style rules
  • Remove session[:init] in auth to avoid initing empty sessions (apikey)

#Version 2.6.17

Released 2020-12-24

Add CSRF token in API key documentation (#1169)

  • Add CSRF token in API key documentation

Add ability for admin to read activity

Add PostgreSQL support

Add migration tasks to version 2.6

Add kycaid.md (#1141)

Add security.md (#1138)

Add secret encrypted to api keys model

Add renew process to vault initializer

Adding barong export task

Bump master version to 2.6.0

Change naming to barong.postmaster.event.mailer and turn off manual_ack for events

Deep_symbolize_keys for VerificationsWorker KYC (#1139)

Enhancement: update sdk-citools version for Drone CI

Enhancement: Add permissions:load rake task (#1197)

Co-authored-by: Valentine Shatravenko <vshatravenko@heliostech.fr>

Enhancement: Update SDK version to 2.6.6

Enhancement: Make APIKey kid field unique

Feature: add the ability to update user email by superadmin

Feature: Add rake task for deleting activities && Add documentation

Feature: Add read/delete phones for management API

Feature: Add management API for phone creation

Feature: Add key expiration time and rotation tasks (#1157)

  • Feature: Expire keys stored in memory to avoid memory leak

Feature: Mask last_name, dob, doc_number, phone_number on API level

Feature: Add encryption on profile, phone and document models (#1150)

  • Feature: Add encryption on profile and phone models using symmetric key and weekly based salt

Co-authored-by: Camille <cmeulien@heliostech.fr>

Feature: ability to customize email template logo (#1114)

Fix: Unify mailer language keys && Add backtrace

Fix: Delete redundant permissions (#1178)

Fix: Docs generation

Fix restriction seed function

Fix: ApiKey creating only on account holder active state && Refactoring

Fix: Add string length limit for encrypted fields

Fix: Skip validation on encrypted migration

Fix: Delete mask fields on management API

Fix: Mailer exit on lost db connection (#1149)

Fix vault initializer

Fix: don't raise error on production if BARONG_VAULT_TOKEN is missing

Fix: Redis sidekiq connection

Fix: Handle Document <-> Facial verification KYCAID (#1134)

Handle OpenURI::HTTPError 404 && avoid OpenURI StringIO creation (#1132)

  • decrease OpenURI::Buffer::StringMax to 0 to force Temfile creation
  • rescue OpenURI::HTTPError in KYCAID workers

Improve the vault token renew process

  • Add logs displaying vault token renew process status
  • Fails from the start if something is wrong in production

Introduce service accounts (#1137)

  • Introduce service accounts
  • Add ability to update user role via Management API

Remove the default value of vault_token (#1151)

  • Remove the default value of vault_token

Update ability of compliance and accountant

Compliance and accountant should be able to see Market, Engine, Currency

Update abilities.yml

Update authz rules

Update seeds.yml

Update Barong README and documentation

Update jwt-multisig to 1.0.4

Update vault policies documentation

Update rails to 5.2.4.4 (#1145)

  • Update rails to 5.2.4.4 to reduce vulnerabilities

Co-authored-by: Camille <cmeulien@heliostech.fr>

Update dependencies to latest

Updating SDK tools to 2.6.5

YAML configuration of admins abilities (#1127)

  • Ability to configure admins abilities in abilities.yml
  • Multiple admin roles can be defined with fine access restrictions
  • Use bundler 2.1 and update ruby to 2.6.6

Co-authored-by: Camille Meulien <cmeulien@heliostech.fr>

#Version 2.5.19

Released 2020-12-24

Add CSRF token in API key documentation

Add structure.sql (#1131)

Add ability for admin to create comments (#1121)

Co-authored-by: denisfd <fedorchenko999@gmail.com>

Add private label otp enabled for user (#1084)

Apply fixes for kycaid integration

Bump master version to 2.5.0

Deep_symbolize_keys for VerificationsWorker KYC (#1140)

Enhancement: Add logo and useful links to the README [CI SKIP]

Enhancement: api_keys and users endpoints improvements

  • Add ordering to admin users endpoint
  • Add ordering to admin api_keys endpoint
  • Add ordering to resource api_keys endpoint

Enhancement: JWT expirating and Cache expiration policy improve

  • Change hardcoded 3600 seconds to BARONG_JWT_EXPIRE_TIME env
  • Fix missing expires_in for utilized_tokens
  • Add related specs
  • Rework jwt.decode_and_verify to return uniq error on different validation

Enhancement: raise error on Mysql2::Error::ConnectionError in the mailer

Enhancement: Add ability to use dots, ~ and – in city and address

Enhancement: remove lang param from APIs, stick to user.language logic

Enhancement: add management API - create profile, update :data field

Enhancement: remove api_key signature blacklisting

Enhancement: allow only latest requested token on reset_pass (#1054)

Enhancement: Add created_at and updated_at to profile entities

Feature: add filters for /resource/users/activity/all endpoint

Feature: post admin/profiles, 2-admin profile approval (#1120)

Feature: Add redis cluster support

Feature: Add email filters (#1085)

Feature: admin endpoint to retrieve user api keys

Feature: introduce category of restrictions, restrictions as firewall (#1061)

Feature: introduce akamai support, add barong_gateway switch

Feature: Add Sentry error tracking system (#1053)

Feature: PUT resource/users/me data field (#1050)

Fix: Unify mailer language keys && Add backtrace

Fix: Delete redundant permissions (#1180)

Fix restriction seed function

Fix: Mailer exit on lost db connection (#1152)

Fix: Redis sidekiq connection

Fix: Handle Document <-> Facial verification KYCAID (#1136)

Fix: display only uniq list of users with profiles in search request (#1081)

Fix: remove failed login activity on empty otp (#1066)

Fix: Add docs && changelog generation on master branch (#1049)

Handle OpenURI::HTTPError 404 && avoid OpenURI StringIO creation (#1133)

  • decrease OpenURI::Buffer::StringMax to 0 to force Temfile creation
  • rescue OpenURI::HTTPError in KYCAID workers

KYCAID integration

  • Introduce kyc_provider env
  • Add sidekiq support
  • KYCService as a switcher between kyc modules
  • Introduce KYCAID module
  • Applicant, Document, Address workers
  • Addresses resource API module
  • Public module of API, kyc_callback, duplicate general config API
  • Add applicant_id:string to profiles table
  • Add identificator:string to documents table
  • Add doc_category:string to documents table
  • Add related tests and documentation

Refactor: fix typo in emails, remove inline attachment (#1059)

Refactor: push cloudflare IPs list to rails trusted proxies

Release: 2-4-stable :tada:

Update gems

Update .drone.yml (#1073)

Add globbing for building any stable branch

#Version 2.4.15

Released 2020-12-24

Add CSRF token in API key documentation (#1171)

  • Add CSRF token in API key documentation

Add private label otp enabled for user (#1076)

Enhancement: Add logo and useful links to the README [CI SKIP]

Enhancement: raise error on Mysql2::Error::ConnectionError in the mailer

Enhancement: JWT expirating and Cache expiration policy improve

  • Change hardcoded 3600 seconds to BARONG_JWT_EXPIRE_TIME env
  • Fix missing expires_in for utilized_tokens
  • Add related specs
  • Rework jwt.decode_and_verify to return uniq error on different validation

Enhancement: Add ability to use dots, ~ and – in city and address

Enhancement: remove lang param from APIs, stick to user.language logic

Enhancement: add management API - create profile, update :data field

Enhancement: remove api_key signature blacklisting

Enhancement: allow only latest requested token on reset_pass (#1054)

Enhancement: Add created_at and updated_at to profile entities

Feature: admin endpoint to retrieve user api keys

Feature: introduce category of restrictions, restrictions as firewall (#1061)

Feature: introduce akamai support, add barong_gateway switch

Feature: Add Sentry error tracking system (#1053)

Feature: PUT resource/users/me data field (#1050)

Fix: Mailer exit on lost db connection (#1153)

Fix: display only uniq list of users with profiles in search request (#1082)

Fix: remove failed login activity on empty otp (#1066)

Fix: Add docs && changelog generation on master branch (#1049)

Refactor: fix typo in emails, remove inline attachment (#1059)

Refactor: push cloudflare IPs list to rails trusted proxies (#1047)

Release: 2-4-stable :tada:

#Version 2.6.16

Released 2020-12-22

Add ability for admin to read activity

Update ability of compliance and accountant

Compliance and accountant should be able to see Market, Engine, Currency

#Version 2.6.15

Released 2020-12-22

Add PostgreSQL support

Add migration tasks to version 2.6

Add kycaid.md (#1141)

Add security.md (#1138)

Add secret encrypted to api keys model

Add renew process to vault initializer

Adding barong export task

Bump master version to 2.6.0

Change naming to barong.postmaster.event.mailer and turn off manual_ack for events

Deep_symbolize_keys for VerificationsWorker KYC (#1139)

Enhancement: update sdk-citools version for Drone CI

Enhancement: Add permissions:load rake task (#1197)

Co-authored-by: Valentine Shatravenko <vshatravenko@heliostech.fr>

Enhancement: Update SDK version to 2.6.6

Enhancement: Make APIKey kid field unique

Feature: add the ability to update user email by superadmin

Feature: Add rake task for deleting activities && Add documentation

Feature: Add read/delete phones for management API

Feature: Add management API for phone creation

Feature: Add key expiration time and rotation tasks (#1157)

  • Feature: Expire keys stored in memory to avoid memory leak

Feature: Mask last_name, dob, doc_number, phone_number on API level

Feature: Add encryption on profile, phone and document models (#1150)

  • Feature: Add encryption on profile and phone models using symmetric key and weekly based salt

Co-authored-by: Camille <cmeulien@heliostech.fr>

Feature: ability to customize email template logo (#1114)

Fix: Unify mailer language keys && Add backtrace

Fix: Delete redundant permissions (#1178)

Fix: Docs generation

Fix restriction seed function

Fix: ApiKey creating only on account holder active state && Refactoring

Fix: Add string length limit for encrypted fields

Fix: Skip validation on encrypted migration

Fix: Delete mask fields on management API

Fix: Mailer exit on lost db connection (#1149)

Fix vault initializer

Fix: don't raise error on production if BARONG_VAULT_TOKEN is missing

Fix: Redis sidekiq connection

Fix: Handle Document <-> Facial verification KYCAID (#1134)

Handle OpenURI::HTTPError 404 && avoid OpenURI StringIO creation (#1132)

  • decrease OpenURI::Buffer::StringMax to 0 to force Temfile creation
  • rescue OpenURI::HTTPError in KYCAID workers

Improve the vault token renew process

  • Add logs displaying vault token renew process status
  • Fails from the start if something is wrong in production

Introduce service accounts (#1137)

  • Introduce service accounts
  • Add ability to update user role via Management API

Remove the default value of vault_token (#1151)

  • Remove the default value of vault_token

Update abilities.yml

Update authz rules

Update seeds.yml

Update Barong README and documentation

Update jwt-multisig to 1.0.4

Update vault policies documentation

Update rails to 5.2.4.4 (#1145)

  • Update rails to 5.2.4.4 to reduce vulnerabilities

Co-authored-by: Camille <cmeulien@heliostech.fr>

Update dependencies to latest

Updating SDK tools to 2.6.5

YAML configuration of admins abilities (#1127)

  • Ability to configure admins abilities in abilities.yml
  • Multiple admin roles can be defined with fine access restrictions
  • Use bundler 2.1 and update ruby to 2.6.6

Co-authored-by: Camille Meulien <cmeulien@heliostech.fr>

#Version 2.5.18

Released 2020-12-21

Deep_symbolize_keys for VerificationsWorker KYC (#1140)

Enhancement: Add logo and useful links to the README [CI SKIP]

Fix: Unify mailer language keys && Add backtrace

Fix: Delete redundant permissions (#1180)

Fix restriction seed function

Fix: Mailer exit on lost db connection (#1152)

Fix: Redis sidekiq connection

Fix: Handle Document <-> Facial verification KYCAID (#1136)

Handle OpenURI::HTTPError 404 && avoid OpenURI StringIO creation (#1133)

  • decrease OpenURI::Buffer::StringMax to 0 to force Temfile creation
  • rescue OpenURI::HTTPError in KYCAID workers

#Version 2.6.14

Released 2020-12-18

Fix: Unify mailer language keys && Add backtrace

#Version 2.6.13

Released 2020-12-18

Update abilities.yml

#Version 2.6.12

Released 2020-12-18

Enhancement: Add permissions:load rake task (#1197)

Co-authored-by: Valentine Shatravenko <vshatravenko@heliostech.fr>

#Version 2.6.11

Released 2020-12-18

Update authz rules

#Version 2.6.10

Released 2020-12-17

Enhancement: Update SDK version to 2.6.6

#Version 2.6.9

Released 2020-12-16

Fix: Delete redundant permissions (#1178)

#Version 2.6.8

Released 2020-12-15

Fix: Docs generation

#Version 2.6.7

Released 2020-12-15

Updating SDK tools to 2.6.5

#Version 2.6.6

Released 2020-12-15

Update seeds.yml

#Version 2.6.5

Released 2020-12-08

#Version 2.6.4

Released 2020-12-04

#Version 2.6.3

Released 2020-12-04

Feature: add the ability to update user email by superadmin

#Version 2.6.2

Released 2020-12-04

Feature: Add rake task for deleting activities && Add documentation

#Version 2.6.1

Released 2020-11-04

Add PostgreSQL support

Add migration tasks to version 2.6

Add kycaid.md (#1141)

Add security.md (#1138)

Add secret encrypted to api keys model

Add renew process to vault initializer

Adding barong export task

Bump master version to 2.6.0

Change naming to barong.postmaster.event.mailer and turn off manual_ack for events

Deep_symbolize_keys for VerificationsWorker KYC (#1139)

Enhancement: Make APIKey kid field unique

Feature: Add read/delete phones for management API

Feature: Add management API for phone creation

Feature: Add key expiration time and rotation tasks (#1157)

  • Feature: Expire keys stored in memory to avoid memory leak

Feature: Mask last_name, dob, doc_number, phone_number on API level

Feature: Add encryption on profile, phone and document models (#1150)

  • Feature: Add encryption on profile and phone models using symmetric key and weekly based salt

Co-authored-by: Camille <cmeulien@heliostech.fr>

Feature: ability to customize email template logo (#1114)

Fix restriction seed function

Fix: ApiKey creating only on account holder active state && Refactoring

Fix: Add string length limit for encrypted fields

Fix: Skip validation on encrypted migration

Fix: Delete mask fields on management API

Fix: Mailer exit on lost db connection (#1149)

Fix vault initializer

Fix: don't raise error on production if BARONG_VAULT_TOKEN is missing

Fix: Redis sidekiq connection

Fix: Handle Document <-> Facial verification KYCAID (#1134)

Handle OpenURI::HTTPError 404 && avoid OpenURI StringIO creation (#1132)

  • decrease OpenURI::Buffer::StringMax to 0 to force Temfile creation
  • rescue OpenURI::HTTPError in KYCAID workers

Improve the vault token renew process

  • Add logs displaying vault token renew process status
  • Fails from the start if something is wrong in production

Introduce service accounts (#1137)

  • Introduce service accounts
  • Add ability to update user role via Management API

Remove the default value of vault_token (#1151)

  • Remove the default value of vault_token

Update Barong README and documentation

Update jwt-multisig to 1.0.4

Update vault policies documentation

Update rails to 5.2.4.4 (#1145)

  • Update rails to 5.2.4.4 to reduce vulnerabilities

Co-authored-by: Camille <cmeulien@heliostech.fr>

Update dependencies to latest

YAML configuration of admins abilities (#1127)

  • Ability to configure admins abilities in abilities.yml
  • Multiple admin roles can be defined with fine access restrictions
  • Use bundler 2.1 and update ruby to 2.6.6

Co-authored-by: Camille Meulien <cmeulien@heliostech.fr>

#Version 2.5.17

Released 2020-11-03

Deep_symbolize_keys for VerificationsWorker KYC (#1140)

Enhancement: Add logo and useful links to the README [CI SKIP]

Fix restriction seed function

Fix: Mailer exit on lost db connection (#1152)

Fix: Redis sidekiq connection

Fix: Handle Document <-> Facial verification KYCAID (#1136)

Handle OpenURI::HTTPError 404 && avoid OpenURI StringIO creation (#1133)

  • decrease OpenURI::Buffer::StringMax to 0 to force Temfile creation
  • rescue OpenURI::HTTPError in KYCAID workers

#Version 2.6.0

Released 2020-10-16

Add PostgreSQL support

Add migration tasks to version 2.6

Add kycaid.md (#1141)

Add security.md (#1138)

Add secret encrypted to api keys model

Add renew process to vault initializer

Add structure.sql (#1131)

Add ability for admin to create comments (#1121)

Co-authored-by: denisfd <fedorchenko999@gmail.com>

Add private label otp enabled for user (#1084)

Adding barong export task

Apply fixes for kycaid integration

Bump master version to 2.6.0

Bump master version to 2.5.0

Change naming to barong.postmaster.event.mailer and turn off manual_ack for events

Deep_symbolize_keys for VerificationsWorker KYC (#1139)

Enhancement: Make APIKey kid field unique

Enhancement: api_keys and users endpoints improvements

  • Add ordering to admin users endpoint
  • Add ordering to admin api_keys endpoint
  • Add ordering to resource api_keys endpoint

Enhancement: JWT expirating and Cache expiration policy improve

  • Change hardcoded 3600 seconds to BARONG_JWT_EXPIRE_TIME env
  • Fix missing expires_in for utilized_tokens
  • Add related specs
  • Rework jwt.decode_and_verify to return uniq error on different validation

Enhancement: raise error on Mysql2::Error::ConnectionError in the mailer

Enhancement: Add ability to use dots, ~ and – in city and address

Enhancement: remove lang param from APIs, stick to user.language logic

Enhancement: add management API - create profile, update :data field

Enhancement: remove api_key signature blacklisting

Enhancement: allow only latest requested token on reset_pass (#1054)

Enhancement: Add created_at and updated_at to profile entities

Feature: Add read/delete phones for management API

Feature: Add management API for phone creation

Feature: Add key expiration time and rotation tasks (#1157)

  • Feature: Expire keys stored in memory to avoid memory leak

Feature: Mask last_name, dob, doc_number, phone_number on API level

Feature: Add encryption on profile, phone and document models (#1150)

  • Feature: Add encryption on profile and phone models using symmetric key and weekly based salt

Co-authored-by: Camille <cmeulien@heliostech.fr>

Feature: ability to customize email template logo (#1114)

Feature: add filters for /resource/users/activity/all endpoint

Feature: post admin/profiles, 2-admin profile approval (#1120)

Feature: Add redis cluster support

Feature: Add email filters (#1085)

Feature: admin endpoint to retrieve user api keys

Feature: introduce category of restrictions, restrictions as firewall (#1061)

Feature: introduce akamai support, add barong_gateway switch

Feature: Add Sentry error tracking system (#1053)

Feature: PUT resource/users/me data field (#1050)

Fix: ApiKey creating only on account holder active state && Refactoring

Fix: Add string length limit for encrypted fields

Fix: Skip validation on encrypted migration

Fix: Delete mask fields on management API

Fix: Mailer exit on lost db connection (#1149)

Fix vault initializer

Fix: don't raise error on production if BARONG_VAULT_TOKEN is missing

Fix: Redis sidekiq connection

Fix: Handle Document <-> Facial verification KYCAID (#1134)

Fix: display only uniq list of users with profiles in search request (#1081)

Fix: remove failed login activity on empty otp (#1066)

Fix: Add docs && changelog generation on master branch (#1049)

Handle OpenURI::HTTPError 404 && avoid OpenURI StringIO creation (#1132)

  • decrease OpenURI::Buffer::StringMax to 0 to force Temfile creation
  • rescue OpenURI::HTTPError in KYCAID workers

Improve the vault token renew process

  • Add logs displaying vault token renew process status
  • Fails from the start if something is wrong in production

Introduce service accounts (#1137)

  • Introduce service accounts
  • Add ability to update user role via Management API

KYCAID integration

  • Introduce kyc_provider env
  • Add sidekiq support
  • KYCService as a switcher between kyc modules
  • Introduce KYCAID module
  • Applicant, Document, Address workers
  • Addresses resource API module
  • Public module of API, kyc_callback, duplicate general config API
  • Add applicant_id:string to profiles table
  • Add identificator:string to documents table
  • Add doc_category:string to documents table
  • Add related tests and documentation

Refactor: fix typo in emails, remove inline attachment (#1059)

Refactor: push cloudflare IPs list to rails trusted proxies

Release: 2-4-stable :tada:

Remove the default value of vault_token (#1151)

  • Remove the default value of vault_token

Update Barong README and documentation

Update jwt-multisig to 1.0.4

Update vault policies documentation

Update rails to 5.2.4.4 (#1145)

  • Update rails to 5.2.4.4 to reduce vulnerabilities

Co-authored-by: Camille <cmeulien@heliostech.fr>

Update dependencies to latest

Update gems

Update .drone.yml (#1073)

Add globbing for building any stable branch

YAML configuration of admins abilities (#1127)

  • Ability to configure admins abilities in abilities.yml
  • Multiple admin roles can be defined with fine access restrictions
  • Use bundler 2.1 and update ruby to 2.6.6

Co-authored-by: Camille Meulien <cmeulien@heliostech.fr>

#Version 2.4.14

Released 2020-10-06

Add private label otp enabled for user (#1076)

Enhancement: raise error on Mysql2::Error::ConnectionError in the mailer

Enhancement: JWT expirating and Cache expiration policy improve

  • Change hardcoded 3600 seconds to BARONG_JWT_EXPIRE_TIME env
  • Fix missing expires_in for utilized_tokens
  • Add related specs
  • Rework jwt.decode_and_verify to return uniq error on different validation

Enhancement: Add ability to use dots, ~ and – in city and address

Enhancement: remove lang param from APIs, stick to user.language logic

Enhancement: add management API - create profile, update :data field

Enhancement: remove api_key signature blacklisting

Enhancement: allow only latest requested token on reset_pass (#1054)

Enhancement: Add created_at and updated_at to profile entities

Feature: admin endpoint to retrieve user api keys

Feature: introduce category of restrictions, restrictions as firewall (#1061)

Feature: introduce akamai support, add barong_gateway switch

Feature: Add Sentry error tracking system (#1053)

Feature: PUT resource/users/me data field (#1050)

Fix: Mailer exit on lost db connection (#1153)

Fix: display only uniq list of users with profiles in search request (#1082)

Fix: remove failed login activity on empty otp (#1066)

Fix: Add docs && changelog generation on master branch (#1049)

Refactor: fix typo in emails, remove inline attachment (#1059)

Refactor: push cloudflare IPs list to rails trusted proxies (#1047)

Release: 2-4-stable :tada:

#Version 2.5.16

Released 2020-10-06

Fix: Mailer exit on lost db connection (#1152)

#Version 2.5.15

Released 2020-09-11

Fix: Redis sidekiq connection

#Version 2.5.14

Released 2020-08-28

Deep_symbolize_keys for VerificationsWorker KYC (#1140)

#Version 2.5.13

Released 2020-08-18

Fix: Handle Document <-> Facial verification KYCAID (#1136)

#Version 2.5.12

Released 2020-08-14

Handle OpenURI::HTTPError 404 && avoid OpenURI StringIO creation (#1133)

  • decrease OpenURI::Buffer::StringMax to 0 to force Temfile creation
  • rescue OpenURI::HTTPError in KYCAID workers

#Version 2.5.11

Released 2020-08-06

Add structure.sql (#1131)

#Version 2.5.10

Released 2020-08-03

Add ability for admin to create comments (#1121)

Co-authored-by: denisfd <fedorchenko999@gmail.com>

Add private label otp enabled for user (#1084)

Add ability to configure upload-related configuration (#1016)

Add description field to labels

Apply fixes for kycaid integration

Bump master version to 2.5.0

Bump nokogiri from 1.10.5 to 1.10.8 (#1023)

Bumps nokogiri from 1.10.5 to 1.10.8.

Signed-off-by: dependabot[bot] <support@github.com>

Bump rack from 2.0.7 to 2.0.8 (#987)

Bumps rack from 2.0.7 to 2.0.8.

Signed-off-by: dependabot[bot] <support@github.com>

Bump puma from 3.12.1 to 3.12.2 (#982)

Bumps puma from 3.12.1 to 3.12.2.

Signed-off-by: dependabot[bot] <support@github.com>

Bump excon from 0.67.0 to 0.71.0 (#984)

Bumps excon from 0.67.0 to 0.71.0.

Signed-off-by: dependabot[bot] <support@github.com>

Create roadmap.md

Enhancement: api_keys and users endpoints improvements

  • Add ordering to admin users endpoint
  • Add ordering to admin api_keys endpoint
  • Add ordering to resource api_keys endpoint

Enhancement: JWT expirating and Cache expiration policy improve

  • Change hardcoded 3600 seconds to BARONG_JWT_EXPIRE_TIME env
  • Fix missing expires_in for utilized_tokens
  • Add related specs
  • Rework jwt.decode_and_verify to return uniq error on different validation

Enhancement: raise error on Mysql2::Error::ConnectionError in the mailer

Enhancement: Add ability to use dots, ~ and – in city and address

Enhancement: remove lang param from APIs, stick to user.language logic

Enhancement: add management API - create profile, update :data field

Enhancement: remove api_key signature blacklisting

Enhancement: allow only latest requested token on reset_pass (#1054)

Enhancement: Add created_at and updated_at to profile entities

Enhancement: Redeploy on master.devkube.com on every master push (#1038)

Enhancement: disallow using nonce in api key twice (#1030)

Enhancement: avoid errors on missing configurations (#1033)

Enhancement: raise fatal error if cant connect to redis in production (#1032)

Enhancement: security updates (#1021)

  • Make default protection with captcha on email send endpoints
  • Allow to configurate endpoints you want to protect with captcha
  • Prevent user enumeration on identity/* endpoints

Enhancement: minor fixes and improvments (#1020)

  • Change log level in lib to debug
  • Fix documentation junk
  • Protect from empty POST PATCH body in activity logger
  • Add common private ips filtering along to cloudflare ips

Enhancement: improve log coverage, fix log_level config in prod env (#1008)

Enhancement: improve twilio client error mapping (#988)

Enhancement: referral_uid as optional param in users management API (#990)

Enhancement: improve date validation with :required_docs_expire false (#989)

Enhancement: always render 201 on reset_password API (#985)

Enhauncement: Configuration unifying & documentation (#1001)

  • BREACKINGCHANGE: now all configuration ENVs starts with BARONG

Enhauncement: rework captcha policy, add documentation (#994)

Feature: add filters for /resource/users/activity/all endpoint

Feature: post admin/profiles, 2-admin profile approval (#1120)

Feature: Add redis cluster support

Feature: Add email filters (#1085)

Feature: admin endpoint to retrieve user api keys

Feature: introduce category of restrictions, restrictions as firewall (#1061)

Feature: introduce akamai support, add barong_gateway switch

Feature: Add Sentry error tracking system (#1053)

Feature: PUT resource/users/me data field (#1050)

Feature: new email templates (#1041)

Feature: Ability to send emails (#959)

  • Feature: Ability to send emails

  • Feature: new email template (#1036)

Co-authored-by: Yehor <ychumak@heliostech.fr> Co-authored-by: Andrew Peresada <kohelbekker@gmail.com> Co-authored-by: Louis <lbellet@openware.com>

Feature: Add ability to support multiple profiles (#1015)

Co-authored-by: Chumak Nadiia <chumaknadya19@gmail.com>

Feature: rework password validation policy (#1006)

Feature: Make processes and threads configurable (#1005)

Feature: introduce CSRF protection (#986)

Feature: GET /identity/configs - tiny configurations endpoint (#1004)

Feature: add DataStorages

  • Add data_storages table, model, related validations
  • Add resource/data_storage API
  • Include data_storages in extended api enitities
  • Add automate label on every data_storage record with key = title
  • Add data_storage_titles configuration to barong.yml
  • Add ability to whitelist titles
  • Add freezed BLACKLISTED_TITLES array
  • Add specs

Feature: new drone steps for telegram notification and docs (#974)

Fix: display only uniq list of users with profiles in search request (#1081)

Fix: remove failed login activity on empty otp (#1066)

Fix: Add docs && changelog generation on master branch (#1049)

Fix: Association issue (#1039)

Fix: get rid of wrong unicode symbol

Fix: password_min_entropy expose in /configs issue

Fix: add missing redis_url in Barong::App.config (#1007)

Fix: changes in recaptcha verification behaviour (#1002)

  • Specify secret_key to avoid captcha env configuration misunderstanding

Fix: Support new MaxmindDB download policy (#999)

  • Fix: Support new MaxmindDB download policy

  • Fix dates in specs

  • Enhauncement: update sdk version

Co-authored-by: chumaknadya <chumaknadya19@gmail.com>

Fix: Update Drone CI pipelines for master branch (#979)

Fix: Rake task for notification updated (#976)

fix: Gemfile & Gemfile.lock to reduce vulnerabilities (#1040)

The following vulnerabilities are fixed with an upgrade:

fix: Gemfile & Gemfile.lock to reduce vulnerabilities (#1027)

The following vulnerabilities are fixed with an upgrade:

KYCAID integration

  • Introduce kyc_provider env
  • Add sidekiq support
  • KYCService as a switcher between kyc modules
  • Introduce KYCAID module
  • Applicant, Document, Address workers
  • Addresses resource API module
  • Public module of API, kyc_callback, duplicate general config API
  • Add applicant_id:string to profiles table
  • Add identificator:string to documents table
  • Add doc_category:string to documents table
  • Add related tests and documentation

Refactor: fix typo in emails, remove inline attachment (#1059)

Refactor: push cloudflare IPs list to rails trusted proxies

Release: 2-4-stable :tada:

Session related improvements (#977)

  • Comment out standard rails development cache configurations
  • Force production and development envs to use rediscache_store as session and cache_ store
  • Make session name to be configurable through BARONG_SESSION_NAME env
  • Cosmetic improvments in sessions_store.rb due to code style rules
  • Remove session[:init] in auth to avoid initing empty sessions (apikey)

Setup redeploy on devkube (#1035)

Update gems

Update .drone.yml (#1073)

Add globbing for building any stable branch

#Version 2.3.50

Released 2020-07-31

Add ability to configure upload-related configuration (#1017)

Enhancement: Minor fixes and improvements (#1019)

  • Filter out common private IPs along with Cloudflare IPs
  • Improve log coverage in debug mode
  • Protect from empty body in POST PATCH requests in activity logger

Enhauncement: rework captcha policy, add documentation (#994)

Feature: rework password validation policy (#1006)

Feature: Add docs generated step in drone pipeline (#978)

Fix: small changes in profile flow (#1126)

Fix: changes in recaptcha verification behaviour (#1002)

  • Specify secret_key to avoid captcha env configuration misunderstanding

Fix: Support new MaxmindDB download policy (#1000)

  • Fix: Support new MaxmindDB download policy

  • Fix dates in specs

  • Enhauncement: update sdk version

Co-authored-by: chumaknadya <chumaknadya19@gmail.com>

Refactor: push cloudflare IPs list to rails trusted proxies (#1046)

Session related improvements

  • Comment out standard rails development cache configurations
  • Force production and development envs to use rediscache_store as session and cache_ store
  • Make session name to be configurable through BARONG_SESSION_NAME env
  • Cosmetic improvments in sessions_store.rb due to code style rules
  • Remove session[:init] in auth to avoid initing empty sessions (apikey)

#Version 2.5.9

Released 2020-07-30

Add ability for admin to create comments (#1121)

Co-authored-by: denisfd <fedorchenko999@gmail.com>

#Version 2.5.8

Released 2020-07-30

Feature: post admin/profiles, 2-admin profile approval (#1120)

#Version 2.5.7

Released 2020-07-27

Add private label otp enabled for user (#1084)

Apply fixes for kycaid integration

Bump master version to 2.5.0

Enhancement: api_keys and users endpoints improvements

  • Add ordering to admin users endpoint
  • Add ordering to admin api_keys endpoint
  • Add ordering to resource api_keys endpoint

Enhancement: JWT expirating and Cache expiration policy improve

  • Change hardcoded 3600 seconds to BARONG_JWT_EXPIRE_TIME env
  • Fix missing expires_in for utilized_tokens
  • Add related specs
  • Rework jwt.decode_and_verify to return uniq error on different validation

Enhancement: raise error on Mysql2::Error::ConnectionError in the mailer

Enhancement: Add ability to use dots, ~ and – in city and address

Enhancement: remove lang param from APIs, stick to user.language logic

Enhancement: add management API - create profile, update :data field

Enhancement: remove api_key signature blacklisting

Enhancement: allow only latest requested token on reset_pass (#1054)

Enhancement: Add created_at and updated_at to profile entities

Feature: Add redis cluster support

Feature: Add email filters (#1085)

Feature: admin endpoint to retrieve user api keys

Feature: introduce category of restrictions, restrictions as firewall (#1061)

Feature: introduce akamai support, add barong_gateway switch

Feature: Add Sentry error tracking system (#1053)

Feature: PUT resource/users/me data field (#1050)

Fix: display only uniq list of users with profiles in search request (#1081)

Fix: remove failed login activity on empty otp (#1066)

Fix: Add docs && changelog generation on master branch (#1049)

KYCAID integration

  • Introduce kyc_provider env
  • Add sidekiq support
  • KYCService as a switcher between kyc modules
  • Introduce KYCAID module
  • Applicant, Document, Address workers
  • Addresses resource API module
  • Public module of API, kyc_callback, duplicate general config API
  • Add applicant_id:string to profiles table
  • Add identificator:string to documents table
  • Add doc_category:string to documents table
  • Add related tests and documentation

Refactor: fix typo in emails, remove inline attachment (#1059)

Refactor: push cloudflare IPs list to rails trusted proxies

Release: 2-4-stable :tada:

Update gems

Update .drone.yml (#1073)

Add globbing for building any stable branch

#Version 2.4.13

Released 2020-07-24

Add private label otp enabled for user (#1076)

Enhancement: raise error on Mysql2::Error::ConnectionError in the mailer

Enhancement: JWT expirating and Cache expiration policy improve

  • Change hardcoded 3600 seconds to BARONG_JWT_EXPIRE_TIME env
  • Fix missing expires_in for utilized_tokens
  • Add related specs
  • Rework jwt.decode_and_verify to return uniq error on different validation

Enhancement: Add ability to use dots, ~ and – in city and address

Enhancement: remove lang param from APIs, stick to user.language logic

Enhancement: add management API - create profile, update :data field

Enhancement: remove api_key signature blacklisting

Enhancement: allow only latest requested token on reset_pass (#1054)

Enhancement: Add created_at and updated_at to profile entities

Feature: admin endpoint to retrieve user api keys

Feature: introduce category of restrictions, restrictions as firewall (#1061)

Feature: introduce akamai support, add barong_gateway switch

Feature: Add Sentry error tracking system (#1053)

Feature: PUT resource/users/me data field (#1050)

Fix: display only uniq list of users with profiles in search request (#1082)

Fix: remove failed login activity on empty otp (#1066)

Fix: Add docs && changelog generation on master branch (#1049)

Refactor: fix typo in emails, remove inline attachment (#1059)

Refactor: push cloudflare IPs list to rails trusted proxies (#1047)

Release: 2-4-stable :tada:

#Version 2.5.6

Released 2020-07-24

Enhancement: api_keys and users endpoints improvements

  • Add ordering to admin users endpoint
  • Add ordering to admin api_keys endpoint
  • Add ordering to resource api_keys endpoint

Feature: Add redis cluster support

#Version 2.5.5

Released 2020-06-24

Add private label otp enabled for user (#1084)

Add ability to configure upload-related configuration (#1016)

Add description field to labels

Bump master version to 2.5.0

Bump nokogiri from 1.10.5 to 1.10.8 (#1023)

Bumps nokogiri from 1.10.5 to 1.10.8.

Signed-off-by: dependabot[bot] <support@github.com>

Bump rack from 2.0.7 to 2.0.8 (#987)

Bumps rack from 2.0.7 to 2.0.8.

Signed-off-by: dependabot[bot] <support@github.com>

Bump puma from 3.12.1 to 3.12.2 (#982)

Bumps puma from 3.12.1 to 3.12.2.

Signed-off-by: dependabot[bot] <support@github.com>

Bump excon from 0.67.0 to 0.71.0 (#984)

Bumps excon from 0.67.0 to 0.71.0.

Signed-off-by: dependabot[bot] <support@github.com>

Create roadmap.md

Enhancement: JWT expirating and Cache expiration policy improve

  • Change hardcoded 3600 seconds to BARONG_JWT_EXPIRE_TIME env
  • Fix missing expires_in for utilized_tokens
  • Add related specs
  • Rework jwt.decode_and_verify to return uniq error on different validation

Enhancement: raise error on Mysql2::Error::ConnectionError in the mailer

Enhancement: Add ability to use dots, ~ and – in city and address

Enhancement: remove lang param from APIs, stick to user.language logic

Enhancement: add management API - create profile, update :data field

Enhancement: remove api_key signature blacklisting

Enhancement: allow only latest requested token on reset_pass (#1054)

Enhancement: Add created_at and updated_at to profile entities

Enhancement: Redeploy on master.devkube.com on every master push (#1038)

Enhancement: disallow using nonce in api key twice (#1030)

Enhancement: avoid errors on missing configurations (#1033)

Enhancement: raise fatal error if cant connect to redis in production (#1032)

Enhancement: security updates (#1021)

  • Make default protection with captcha on email send endpoints
  • Allow to configurate endpoints you want to protect with captcha
  • Prevent user enumeration on identity/* endpoints

Enhancement: minor fixes and improvments (#1020)

  • Change log level in lib to debug
  • Fix documentation junk
  • Protect from empty POST PATCH body in activity logger
  • Add common private ips filtering along to cloudflare ips

Enhancement: improve log coverage, fix log_level config in prod env (#1008)

Enhancement: improve twilio client error mapping (#988)

Enhancement: referral_uid as optional param in users management API (#990)

Enhancement: improve date validation with :required_docs_expire false (#989)

Enhancement: always render 201 on reset_password API (#985)

Enhauncement: Configuration unifying & documentation (#1001)

  • BREACKINGCHANGE: now all configuration ENVs starts with BARONG

Enhauncement: rework captcha policy, add documentation (#994)

Feature: Add email filters (#1085)

Feature: admin endpoint to retrieve user api keys

Feature: introduce category of restrictions, restrictions as firewall (#1061)

Feature: introduce akamai support, add barong_gateway switch

Feature: Add Sentry error tracking system (#1053)

Feature: PUT resource/users/me data field (#1050)

Feature: new email templates (#1041)

Feature: Ability to send emails (#959)

  • Feature: Ability to send emails

  • Feature: new email template (#1036)

Co-authored-by: Yehor <ychumak@heliostech.fr> Co-authored-by: Andrew Peresada <kohelbekker@gmail.com> Co-authored-by: Louis <lbellet@openware.com>

Feature: Add ability to support multiple profiles (#1015)

Co-authored-by: Chumak Nadiia <chumaknadya19@gmail.com>

Feature: rework password validation policy (#1006)

Feature: Make processes and threads configurable (#1005)

Feature: introduce CSRF protection (#986)

Feature: GET /identity/configs - tiny configurations endpoint (#1004)

Feature: add DataStorages

  • Add data_storages table, model, related validations
  • Add resource/data_storage API
  • Include data_storages in extended api enitities
  • Add automate label on every data_storage record with key = title
  • Add data_storage_titles configuration to barong.yml
  • Add ability to whitelist titles
  • Add freezed BLACKLISTED_TITLES array
  • Add specs

Feature: new drone steps for telegram notification and docs (#974)

Fix: display only uniq list of users with profiles in search request (#1081)

Fix: remove failed login activity on empty otp (#1066)

Fix: Add docs && changelog generation on master branch (#1049)

Fix: Association issue (#1039)

Fix: get rid of wrong unicode symbol

Fix: password_min_entropy expose in /configs issue

Fix: add missing redis_url in Barong::App.config (#1007)

Fix: changes in recaptcha verification behaviour (#1002)

  • Specify secret_key to avoid captcha env configuration misunderstanding

Fix: Support new MaxmindDB download policy (#999)

  • Fix: Support new MaxmindDB download policy

  • Fix dates in specs

  • Enhauncement: update sdk version

Co-authored-by: chumaknadya <chumaknadya19@gmail.com>

Fix: Update Drone CI pipelines for master branch (#979)

Fix: Rake task for notification updated (#976)

fix: Gemfile & Gemfile.lock to reduce vulnerabilities (#1040)

The following vulnerabilities are fixed with an upgrade:

fix: Gemfile & Gemfile.lock to reduce vulnerabilities (#1027)

The following vulnerabilities are fixed with an upgrade:

Refactor: fix typo in emails, remove inline attachment (#1059)

Refactor: push cloudflare IPs list to rails trusted proxies

Release: 2-4-stable :tada:

Session related improvements (#977)

  • Comment out standard rails development cache configurations
  • Force production and development envs to use rediscache_store as session and cache_ store
  • Make session name to be configurable through BARONG_SESSION_NAME env
  • Cosmetic improvments in sessions_store.rb due to code style rules
  • Remove session[:init] in auth to avoid initing empty sessions (apikey)

Setup redeploy on devkube (#1035)

Update .drone.yml (#1073)

Add globbing for building any stable branch

#Version 2.3.49

Released 2020-06-12

Add ability to configure upload-related configuration (#1017)

Enhancement: Minor fixes and improvements (#1019)

  • Filter out common private IPs along with Cloudflare IPs
  • Improve log coverage in debug mode
  • Protect from empty body in POST PATCH requests in activity logger

Enhauncement: rework captcha policy, add documentation (#994)

Feature: rework password validation policy (#1006)

Feature: Add docs generated step in drone pipeline (#978)

Fix: changes in recaptcha verification behaviour (#1002)

  • Specify secret_key to avoid captcha env configuration misunderstanding

Fix: Support new MaxmindDB download policy (#1000)

  • Fix: Support new MaxmindDB download policy

  • Fix dates in specs

  • Enhauncement: update sdk version

Co-authored-by: chumaknadya <chumaknadya19@gmail.com>

Refactor: push cloudflare IPs list to rails trusted proxies (#1046)

Session related improvements

  • Comment out standard rails development cache configurations
  • Force production and development envs to use rediscache_store as session and cache_ store
  • Make session name to be configurable through BARONG_SESSION_NAME env
  • Cosmetic improvments in sessions_store.rb due to code style rules
  • Remove session[:init] in auth to avoid initing empty sessions (apikey)

#Version 2.4.12

Released 2020-06-04

Add private label otp enabled for user (#1076)

Enhancement: Add ability to use dots, ~ and – in city and address

Enhancement: remove lang param from APIs, stick to user.language logic

Enhancement: add management API - create profile, update :data field

Enhancement: remove api_key signature blacklisting

Enhancement: allow only latest requested token on reset_pass (#1054)

Enhancement: Add created_at and updated_at to profile entities

Feature: admin endpoint to retrieve user api keys

Feature: introduce category of restrictions, restrictions as firewall (#1061)

Feature: introduce akamai support, add barong_gateway switch

Feature: Add Sentry error tracking system (#1053)

Feature: PUT resource/users/me data field (#1050)

Fix: display only uniq list of users with profiles in search request (#1082)

Fix: remove failed login activity on empty otp (#1066)

Fix: Add docs && changelog generation on master branch (#1049)

Refactor: fix typo in emails, remove inline attachment (#1059)

Refactor: push cloudflare IPs list to rails trusted proxies (#1047)

Release: 2-4-stable :tada:

#Version 2.5.4

Released 2020-06-04

Enhancement: Add ability to use dots, ~ and – in city and address

#Version 2.5.3

Released 2020-06-03

#Version 2.5.2

Released 2020-06-01

Add private label otp enabled for user (#1084)

Bump master version to 2.5.0

Enhancement: remove lang param from APIs, stick to user.language logic

Enhancement: add management API - create profile, update :data field

Enhancement: remove api_key signature blacklisting

Enhancement: allow only latest requested token on reset_pass (#1054)

Enhancement: Add created_at and updated_at to profile entities

Feature: Add email filters (#1085)

Feature: admin endpoint to retrieve user api keys

Feature: introduce category of restrictions, restrictions as firewall (#1061)

Feature: introduce akamai support, add barong_gateway switch

Feature: Add Sentry error tracking system (#1053)

Feature: PUT resource/users/me data field (#1050)

Fix: display only uniq list of users with profiles in search request (#1081)

Fix: remove failed login activity on empty otp (#1066)

Fix: Add docs && changelog generation on master branch (#1049)

Refactor: fix typo in emails, remove inline attachment (#1059)

Refactor: push cloudflare IPs list to rails trusted proxies

Release: 2-4-stable :tada:

Update .drone.yml (#1073)

Add globbing for building any stable branch

#Version 2.4.11

Released 2020-06-01

Add private label otp enabled for user (#1076)

Enhancement: remove lang param from APIs, stick to user.language logic

Enhancement: add management API - create profile, update :data field

Enhancement: remove api_key signature blacklisting

Enhancement: allow only latest requested token on reset_pass (#1054)

Enhancement: Add created_at and updated_at to profile entities

Feature: admin endpoint to retrieve user api keys

Feature: introduce category of restrictions, restrictions as firewall (#1061)

Feature: introduce akamai support, add barong_gateway switch

Feature: Add Sentry error tracking system (#1053)

Feature: PUT resource/users/me data field (#1050)

Fix: display only uniq list of users with profiles in search request (#1082)

Fix: remove failed login activity on empty otp (#1066)

Fix: Add docs && changelog generation on master branch (#1049)

Refactor: fix typo in emails, remove inline attachment (#1059)

Refactor: push cloudflare IPs list to rails trusted proxies (#1047)

Release: 2-4-stable :tada:

#Version 2.5.1

Released 2020-05-28

Add private label otp enabled for user (#1084)

Fix: display only uniq list of users with profiles in search request (#1081)

#Version 2.5.0

Released 2020-05-18

Bump master version to 2.5.0

Enhancement: remove lang param from APIs, stick to user.language logic

Enhancement: add management API - create profile, update :data field

Enhancement: remove api_key signature blacklisting

Enhancement: allow only latest requested token on reset_pass (#1054)

Enhancement: Add created_at and updated_at to profile entities

Feature: admin endpoint to retrieve user api keys

Feature: introduce category of restrictions, restrictions as firewall (#1061)

Feature: introduce akamai support, add barong_gateway switch

Feature: Add Sentry error tracking system (#1053)

Feature: PUT resource/users/me data field (#1050)

Fix: remove failed login activity on empty otp (#1066)

Fix: Add docs && changelog generation on master branch (#1049)

Refactor: fix typo in emails, remove inline attachment (#1059)

Refactor: push cloudflare IPs list to rails trusted proxies

Release: 2-4-stable :tada:

Update .drone.yml (#1073)

Add globbing for building any stable branch

#Version 2.4.10

Released 2020-05-18

Feature: admin endpoint to retrieve user api keys

#Version 2.4.9

Released 2020-05-18

Feature: introduce category of restrictions, restrictions as firewall (#1061)

#Version 2.4.8

Released 2020-05-18

Enhancement: remove lang param from APIs, stick to user.language logic

#Version 2.4.7

Released 2020-05-18

Enhancement: add management API - create profile, update :data field

#Version 2.4.6

Released 2020-05-18

Fix: remove failed login activity on empty otp (#1066)

#Version 2.4.5

Released 2020-04-30

Enhancement: remove api_key signature blacklisting

Feature: introduce akamai support, add barong_gateway switch

#Version 2.4.4

Released 2020-04-30

Refactor: fix typo in emails, remove inline attachment (#1059)

#Version 2.4.3

Released 2020-04-30

Enhancement: allow only latest requested token on reset_pass (#1054)

#Version 2.4.2

Released 2020-04-20

Feature: Add Sentry error tracking system (#1053)

Feature: PUT resource/users/me data field (#1050)

Fix: Add docs && changelog generation on master branch (#1049)

#Version 2.4.1

Released 2020-04-01

Add ability to configure upload-related configuration (#1016)

Add description field to labels

Bump nokogiri from 1.10.5 to 1.10.8 (#1023)

Bumps nokogiri from 1.10.5 to 1.10.8.

Signed-off-by: dependabot[bot] <support@github.com>

Bump rack from 2.0.7 to 2.0.8 (#987)

Bumps rack from 2.0.7 to 2.0.8.

Signed-off-by: dependabot[bot] <support@github.com>

Bump puma from 3.12.1 to 3.12.2 (#982)

Bumps puma from 3.12.1 to 3.12.2.

Signed-off-by: dependabot[bot] <support@github.com>

Bump excon from 0.67.0 to 0.71.0 (#984)

Bumps excon from 0.67.0 to 0.71.0.

Signed-off-by: dependabot[bot] <support@github.com>

Create roadmap.md

Enhancement: Add created_at and updated_at to profile entities

Enhancement: Redeploy on master.devkube.com on every master push (#1038)

Enhancement: disallow using nonce in api key twice (#1030)

Enhancement: avoid errors on missing configurations (#1033)

Enhancement: raise fatal error if cant connect to redis in production (#1032)

Enhancement: security updates (#1021)

  • Make default protection with captcha on email send endpoints
  • Allow to configurate endpoints you want to protect with captcha
  • Prevent user enumeration on identity/* endpoints

Enhancement: minor fixes and improvments (#1020)

  • Change log level in lib to debug
  • Fix documentation junk
  • Protect from empty POST PATCH body in activity logger
  • Add common private ips filtering along to cloudflare ips

Enhancement: improve log coverage, fix log_level config in prod env (#1008)

Enhancement: improve twilio client error mapping (#988)

Enhancement: referral_uid as optional param in users management API (#990)

Enhancement: improve date validation with :required_docs_expire false (#989)

Enhancement: always render 201 on reset_password API (#985)

Enhauncement: Configuration unifying & documentation (#1001)

  • BREACKINGCHANGE: now all configuration ENVs starts with BARONG

Enhauncement: rework captcha policy, add documentation (#994)

Feature: new email templates (#1041)

Feature: Ability to send emails (#959)

  • Feature: Ability to send emails

  • Feature: new email template (#1036)

Co-authored-by: Yehor <ychumak@heliostech.fr> Co-authored-by: Andrew Peresada <kohelbekker@gmail.com> Co-authored-by: Louis <lbellet@openware.com>

Feature: Add ability to support multiple profiles (#1015)

Co-authored-by: Chumak Nadiia <chumaknadya19@gmail.com>

Feature: rework password validation policy (#1006)

Feature: Make processes and threads configurable (#1005)

Feature: introduce CSRF protection (#986)

Feature: GET /identity/configs - tiny configurations endpoint (#1004)

Feature: add DataStorages

  • Add data_storages table, model, related validations
  • Add resource/data_storage API
  • Include data_storages in extended api enitities
  • Add automate label on every data_storage record with key = title
  • Add data_storage_titles configuration to barong.yml
  • Add ability to whitelist titles
  • Add freezed BLACKLISTED_TITLES array
  • Add specs

Feature: new drone steps for telegram notification and docs (#974)

Fix: Association issue (#1039)

Fix: get rid of wrong unicode symbol

Fix: password_min_entropy expose in /configs issue

Fix: add missing redis_url in Barong::App.config (#1007)

Fix: changes in recaptcha verification behaviour (#1002)

  • Specify secret_key to avoid captcha env configuration misunderstanding

Fix: Support new MaxmindDB download policy (#999)

  • Fix: Support new MaxmindDB download policy

  • Fix dates in specs

  • Enhauncement: update sdk version

Co-authored-by: chumaknadya <chumaknadya19@gmail.com>

Fix: Update Drone CI pipelines for master branch (#979)

Fix: Rake task for notification updated (#976)

fix: Gemfile & Gemfile.lock to reduce vulnerabilities (#1040)

The following vulnerabilities are fixed with an upgrade:

fix: Gemfile & Gemfile.lock to reduce vulnerabilities (#1027)

The following vulnerabilities are fixed with an upgrade:

Refactor: push cloudflare IPs list to rails trusted proxies (#1047)

Release: 2-4-stable :tada:

Session related improvements (#977)

  • Comment out standard rails development cache configurations
  • Force production and development envs to use rediscache_store as session and cache_ store
  • Make session name to be configurable through BARONG_SESSION_NAME env
  • Cosmetic improvments in sessions_store.rb due to code style rules
  • Remove session[:init] in auth to avoid initing empty sessions (apikey)

Setup redeploy on devkube (#1035)

#Version 2.3.48

Released 2020-04-01

Add ability to configure upload-related configuration (#1017)

Enhancement: Minor fixes and improvements (#1019)

  • Filter out common private IPs along with Cloudflare IPs
  • Improve log coverage in debug mode
  • Protect from empty body in POST PATCH requests in activity logger

Enhauncement: rework captcha policy, add documentation (#994)

Feature: Add docs generated step in drone pipeline (#978)

Fix: changes in recaptcha verification behaviour (#1002)

  • Specify secret_key to avoid captcha env configuration misunderstanding

Fix: Support new MaxmindDB download policy (#1000)

  • Fix: Support new MaxmindDB download policy

  • Fix dates in specs

  • Enhauncement: update sdk version

Co-authored-by: chumaknadya <chumaknadya19@gmail.com>

Refactor: push cloudflare IPs list to rails trusted proxies (#1046)

Session related improvements

  • Comment out standard rails development cache configurations
  • Force production and development envs to use rediscache_store as session and cache_ store
  • Make session name to be configurable through BARONG_SESSION_NAME env
  • Cosmetic improvments in sessions_store.rb due to code style rules
  • Remove session[:init] in auth to avoid initing empty sessions (apikey)

#Version 2.4.0

Released 2020-03-31

Add ability to configure upload-related configuration (#1016)

Add description field to labels

Bump nokogiri from 1.10.5 to 1.10.8 (#1023)

Bumps nokogiri from 1.10.5 to 1.10.8.

Signed-off-by: dependabot[bot] <support@github.com>

Bump rack from 2.0.7 to 2.0.8 (#987)

Bumps rack from 2.0.7 to 2.0.8.

Signed-off-by: dependabot[bot] <support@github.com>

Bump puma from 3.12.1 to 3.12.2 (#982)

Bumps puma from 3.12.1 to 3.12.2.

Signed-off-by: dependabot[bot] <support@github.com>

Bump excon from 0.67.0 to 0.71.0 (#984)

Bumps excon from 0.67.0 to 0.71.0.

Signed-off-by: dependabot[bot] <support@github.com>

Create roadmap.md

Enhancement: Add created_at and updated_at to profile entities

Enhancement: Redeploy on master.devkube.com on every master push (#1038)

Enhancement: disallow using nonce in api key twice (#1030)

Enhancement: avoid errors on missing configurations (#1033)

Enhancement: raise fatal error if cant connect to redis in production (#1032)

Enhancement: security updates (#1021)

  • Make default protection with captcha on email send endpoints
  • Allow to configurate endpoints you want to protect with captcha
  • Prevent user enumeration on identity/* endpoints

Enhancement: minor fixes and improvments (#1020)

  • Change log level in lib to debug
  • Fix documentation junk
  • Protect from empty POST PATCH body in activity logger
  • Add common private ips filtering along to cloudflare ips

Enhancement: improve log coverage, fix log_level config in prod env (#1008)

Enhancement: improve twilio client error mapping (#988)

Enhancement: referral_uid as optional param in users management API (#990)

Enhancement: improve date validation with :required_docs_expire false (#989)

Enhancement: always render 201 on reset_password API (#985)

Enhauncement: Configuration unifying & documentation (#1001)

  • BREACKINGCHANGE: now all configuration ENVs starts with BARONG

Enhauncement: rework captcha policy, add documentation (#994)

Feature: new email templates (#1041)

Feature: Ability to send emails (#959)

  • Feature: Ability to send emails

  • Feature: new email template (#1036)

Co-authored-by: Yehor <ychumak@heliostech.fr> Co-authored-by: Andrew Peresada <kohelbekker@gmail.com> Co-authored-by: Louis <lbellet@openware.com>

Feature: Add ability to support multiple profiles (#1015)

Co-authored-by: Chumak Nadiia <chumaknadya19@gmail.com>

Feature: rework password validation policy (#1006)

Feature: Make processes and threads configurable (#1005)

Feature: introduce CSRF protection (#986)

Feature: GET /identity/configs - tiny configurations endpoint (#1004)

Feature: add DataStorages

  • Add data_storages table, model, related validations
  • Add resource/data_storage API
  • Include data_storages in extended api enitities
  • Add automate label on every data_storage record with key = title
  • Add data_storage_titles configuration to barong.yml
  • Add ability to whitelist titles
  • Add freezed BLACKLISTED_TITLES array
  • Add specs

Feature: new drone steps for telegram notification and docs (#974)

Fix: Association issue (#1039)

Fix: get rid of wrong unicode symbol

Fix: password_min_entropy expose in /configs issue

Fix: add missing redis_url in Barong::App.config (#1007)

Fix: changes in recaptcha verification behaviour (#1002)

  • Specify secret_key to avoid captcha env configuration misunderstanding

Fix: Support new MaxmindDB download policy (#999)

  • Fix: Support new MaxmindDB download policy

  • Fix dates in specs

  • Enhauncement: update sdk version

Co-authored-by: chumaknadya <chumaknadya19@gmail.com>

Fix: Update Drone CI pipelines for master branch (#979)

Fix: Rake task for notification updated (#976)

fix: Gemfile & Gemfile.lock to reduce vulnerabilities (#1040)

The following vulnerabilities are fixed with an upgrade:

fix: Gemfile & Gemfile.lock to reduce vulnerabilities (#1027)

The following vulnerabilities are fixed with an upgrade:

Release: 2-4-stable :tada:

Session related improvements (#977)

  • Comment out standard rails development cache configurations
  • Force production and development envs to use rediscache_store as session and cache_ store
  • Make session name to be configurable through BARONG_SESSION_NAME env
  • Cosmetic improvments in sessions_store.rb due to code style rules
  • Remove session[:init] in auth to avoid initing empty sessions (apikey)

Setup redeploy on devkube (#1035)

#Version 2.3.47

Released 2020-02-19

Enhancement: Minor fixes and improvements (#1019)

  • Filter out common private IPs along with Cloudflare IPs
  • Improve log coverage in debug mode
  • Protect from empty body in POST PATCH requests in activity logger

#Version 2.3.46

Released 2020-02-18

Add ability to configure upload-related configuration (#1017)

#Version 2.3.45

Released 2020-01-23

Enhauncement: rework captcha policy, add documentation (#994)

Fix: changes in recaptcha verification behaviour (#1002)

  • Specify secret_key to avoid captcha env configuration misunderstanding

#Version 2.3.44

Released 2020-01-08

Fix: Support new MaxmindDB download policy (#1000)

  • Fix: Support new MaxmindDB download policy

  • Fix dates in specs

  • Enhauncement: update sdk version

Co-authored-by: chumaknadya <chumaknadya19@gmail.com>

#Version 2.3.43

Released 2019-11-22

Session related improvements

  • Comment out standard rails development cache configurations
  • Force production and development envs to use rediscache_store as session and cache_ store
  • Make session name to be configurable through BARONG_SESSION_NAME env
  • Cosmetic improvments in sessions_store.rb due to code style rules
  • Remove session[:init] in auth to avoid initing empty sessions (apikey)

#Version 2.3.42

Released 2019-11-22

Feature: Add docs generated step in drone pipeline (#978)

#Version 2.3.41

Released 2019-11-19

Add cloudflare middleware to improve remote_ip (#965)

  • Add fetch CloudFlare IPv4 & IPv6 ip range lists in dockerfile
  • Switch to pure remote_ip in Grape module
  • Introduce CloudFlareMiddleware as a lib class
  • Design CloudFlareMiddleware class to exclude proxy ips
  • Add comments and explanations for CloudFlareMiddleware
  • Add default config/cloudflare_ips.yml

Feature: add configuration and troubleshooting docs (#970)

Feature: Update the CI to use SDK for version bumps (#969)

Reorganize docs && add password_hashing.md (#964)

Unify params by extending Grape::Helpers (#968)

  • Move :page and :limit to API::V2 as :pagination_filters
  • Move :from and :to to API::V2 as :timeperiod_filters
  • Move :topic, :action, :uid, :email to API::V2::Admin as :activity_attributes

Update loofah && nokogiri && rack-cors versions (#975)

#Version 2.3.40

Released 2019-10-30

Add topic to CU on admin/permissions

#Version 2.3.39

Released 2019-10-15

Protect superadmin against changes from non-superadmin users (#955)

  • Remove redis-store gem

Update storage-related gems (#957)

  • Update carrierwave to version 2.0.2
  • Add fog-core gem version 2.1.0
  • Update fog-aws to 3.5.2
  • Update fog-google 1.9.1
  • Update fog-aliyun 0.3.5
  • Add minio to backend.yml

#Version 2.3.38

Released 2019-10-15

Add redis - hiredis dependency, specify driver in dev env (#951)

Remove redis-store

#Version 2.3.37

Released 2019-10-11

push test

Server side sessions via cache_store (#949)

Resolve session expiration and improve cookie hijacking issues by comparing ip network and user_agent

  • Return '.to_i' value for integer types in 'Barong::App.config'
  • Add 'hiredis' gem
  • Refactor session opening
  • Add additional 'IP' and 'Agent' fields in session
  • Switch from cookie_store to cache_store
  • Add additional AuthZ step 'validate_session!'
  • Introduce additional 'IP' and 'Agent' validations
  • Rework 'expire_time' logic
  • Add renew 'expire_time' logic on every private request
  • Add '/auth/sessions_spec' tests module

#Version 2.3.36

Released 2019-10-10

Feature: allow # \ () & ' : " in profile residental address field (#950)

#Version 2.3.35

Released 2019-10-07

Add ability to configure aws_signature_version && endpoint (#947)

#Version 2.3.34

Released 2019-10-02

Profile act as eventable on update

Update ruby to 2.6.5 for security reasons

#Version 2.3.33

Released 2019-09-26

Use uid instead of id on profile update && delete api

#Version 2.3.32

Released 2019-09-23

Use CGI::escape instead of pure url in documents event api

#Version 2.3.31

Released 2019-09-23

Introduce MockPhoneVerifyService (#941)

  • Introduce MockPhoneVerify service

  • Change verify_code returning value type to bool

  • Clean TwilioSmsSendService micro code

  • Make phone always accept code with 'mock' MockPhoneVerifyService

#Version 2.3.30

Released 2019-09-20

Add session autorenew

Add the support of twilio verify API (#928)

  • Support of twilio verify API

#Version 2.3.29

Released 2019-09-20

Add missing labels event api documentation

#Version 2.3.28

Released 2019-09-18

Make labels acts_as_eventable on: [create update] (#936)

#Version 2.3.27

Released 2019-09-18

Define DocumentTypes class for flexible doc type configuration (#935)

#Version 2.3.26

Released 2019-09-17

Event API changes: remove blocking check for on_update events (#933)

Get rid of 'serialize: JSON', accept 'metadata' as json instead of pure hash (#930)

Simple GET levels requirements endpoint for admin (#932)

Update seeds.yml (#934)

#Version 2.3.25

Released 2019-09-17

Add system.session.create event with user and request_ip data (#916)

#Version 2.3.24

Released 2019-09-12

Add AliCloud Uploader (#926)

  • Print backtrace on 500

  • Add Ali uploader

  • Disable fetching uploader from env

Allow blank doc_expire for documents controllers

#Version 2.3.23

Released 2019-09-07

Add ability to disable 2fa (#925)

Add ability to skip label creation on doc save (#922)

Avoid no method error UTC for nil entities (#921)

Use Barong::App.config.barong_uid_prefix in referral validation (#923)

#Version 2.3.21

Released 2019-09-05

Add ability to restrict by geoip (#920)

  • Add ability to restrict by geoip

    • City
    • Country
    • Continent
  • Remove city

  • Update Dockerfile

#Version 2.3.20

Released 2019-09-05

Handle Vault errors on POST /api/v2/resource/api_keys (#918)

#Version 2.3.19

Released 2019-09-05

Fix structure of event API messages (#912)

#Version 2.3.18

Released 2019-09-05

Add :upload in list of params to be filtered

#Version 2.3.17

Released 2019-09-04

UPDATES: sessions delete, permissions update, log error on 500 (#917)

  • Add ability to change all fields in permissions

  • Return 404 on sessions delete if session is not valid

  • Log Error on 500

#Version 2.3.16

Released 2019-09-04

Add AliCloud Carrierwave storage provider (#911)

Fix rollback to pending state, add missing data in entities (#914)

Support 'with replace' policy on labels update (#915)

#Version 2.3.15

Released 2019-09-03

Flexible state - labels flow (#907)

  • Add data json field to user model
  • Add activation_requirements
  • Add state_triggers
  • Add session opening on signup
  • Allow pending users to pass AuthZ
  • Switch to state-label dependency and related
  • Rename discarded to deleted, remove old code
  • Remove keys limits, limit data to 1024 chars, add locked and new yml format
  • Remove extended, fix specs, fix ALL state calculating, change yml format
  • Open session on email confirmation
  • Change data position in DB, add validate_length_of
  • Improve test coverage

#Version 2.3.14

Released 2019-09-03

Ability to update and delete users profiles (#913)

Update profile API

Co-authored-by: chumaknadya <chumaknadya19@gmail.com> Co-authored-by: mnaichuk <mnaichuk@heliostech.fr>

#Version 2.3.13

Released 2019-09-02

Add state to Profile model (#910)

#Version 2.3.12

Released 2019-09-02

Update Barong::App validations (#904)

#Version 2.3.11

Released 2019-08-26

Update nokogiri version (Command injection) (#906)

#Version 2.3.10

Released 2019-08-22

Add endpoint for delete restriction (#902)

#Version 2.3.9

Released 2019-08-19

Small fixes in document and profile model (#887) (#901)

  • Allow ; / , . in profile residential address field
  • Allow required_docs_expire to accept string instead bool

#Version 2.3.8

Released 2019-08-19

Update models' annotations (#895)

Update to ruby 2.6.3 and rails 5.2.3, fix binstubs issue

#Version 2.3.7

Released 2019-08-19

Add Management API: push document for user

Add validation for referral && Add ability to get referral uid

#Version 2.3.6

Released 2019-08-15

Feature Ability to change UID prefix with BARONG_UID_PREFIX=ABC

#Version 2.3.5

Released 2019-08-15

Add Resctrictions (#891)

Updating gem multisign and jwt [ci skip]

#Version 2.3.4

Released 2019-08-09

Simple rake task to create users and api keys (#816)

  • Simple rake task to create users and api keys
  • Updating gems and ruby version and corrections
  • now event api use the keystore

#Version 2.3.3

Released 2019-08-02

Add rake task for load users and balances (#885)

Add ability to configure sms content for phone verification (#877)

  • Refactor phones_spec to improve readability

Allow pending user to open session (#881)

Feature: Add redeploy on devkube step to drone (#874)

#Version 2.2.25

Released 2019-08-02

Small fixes in document and profile model (#887)

  • Allow ; / , . in profile residential address field
  • Allow required_docs_expire to accept string instead bool

#Version 2.2.24

Released 2019-07-31

Extend doc_type inclusion list, make validation case insensitive (#884)

#Version 2.2.23

Released 2019-07-31

Add ability to configure sms content for phone verification (#877)

  • Refactor phones_spec to improve readability

Update drone for build images for branch 2-2-stable

#Version 2.3.2

Released 2019-07-26

Add ability to configure sms content for phone verification (#877)

  • Refactor phones_spec to improve readability

Allow pending user to open session (#881)

#Version 2.3.1

Released 2019-07-25

Feature: Add redeploy on devkube step to drone (#874)

#Version 2.2.22

Released 2019-07-17

Add optional :extended UserWithFullInfo entity in /get management API (#872)

Make documents act_as_eventable on create (#871)

#Version 2.2.21

Released 2019-07-16

Add filter/users in labels management api module (#864)

Add model.profile.created event (#865)

Add verb PATCH and ALL for admin audit && Update permission seeds (#870)

Support pagination && filtering on post '/list' management API (#861)

Update Readme

Replace Peatio.tech links with Openware.com

#Version 2.2.20

Released 2019-06-27

Fix /api/v2/admin/users/update (#857)

#Version 2.2.19

Released 2019-06-25

Generate docs in CI

Use JSON logs in production

Pull Requests

Merge pull request #849 from rubykube/feature/json_logs

#Version 2.2.18

Released 2019-06-24

Added GET /identity/version endpoint

#Version 2.2.17

Released 2019-06-24

Changes in admin API module

  • Split user update endpoint into /role and /update (state, 2fa) endpoints
  • Return only user activity on GET /activities and only admin on GET /activities/admin
  • Return encoded(dictionary) error if permission update fails
  • Return encoded(dictionary) error if user update fails
  • Return encoded(dictionary) error if label update fails

#Version 2.2.16

Released 2019-06-24

Add missing data field in activity logger

#Version 2.2.15

Released 2019-06-23

Split and refactor auth spec, add sync auditor for test env

#Version 2.2.14

Released 2019-06-14

AUDIT: support PATCH, add default topic, action, seeds (#844)

#Version 2.2.13

Released 2019-06-13

Add admin activities based on audit logic (#835)

  • Introduce new permission action 'audit'
  • Introduce new activity type - 'admin'
  • Rework activities table to be compatible with 'admin' and 'user' types
  • Add Auditor class and job running in thread
  • Add new relationship has_one 'target' for activity
  • Add activities '/admin' endpoint
  • Add filters for admin activities
  • Improve AuthZ and admin api test coverage

#Version 2.2.12

Released 2019-06-10

Disable APIKeys when user state or otp changes

#Version 2.2.11

Released 2019-06-10

Add configuration for :doc_expire

#Version 2.2.10

Released 2019-06-10

Fix nil language problem in case of empty string and upcased param

Remove activities from full_info entity

Return empty array instead of 404 error after filtering

Use FullInfo instead of WithProfile to add documents array in response

#Version 2.2.9

Released 2019-06-05

Update seeds.yml (#838)

  • Update seed so authorized users be able to get to peatio native admin panel.

#Version 2.2.8

Released 2019-06-04

Add filters feature support on doc pending endpoint

#Version 2.2.7

Released 2019-05-28

Add users filtering feature in admin module (#833)

#Version 2.2.6

Released 2019-05-28

Add metrics namespace in admin module

#Version 2.2.5

Released 2019-05-28

Add ability to get extended info of users with profile (#830)

#Version 2.2.4

Released 2019-05-28

Add GET admin/activities and filtering feature

#Version 2.2.3

Released 2019-05-27

Add management otp sign endpoint and specs (#827)

Add endpoint to list all user's phones (#831)

Avoid nil language bug on user creation event (#820)

GET /labels/list to return main attributes of existing labels

Permissions Model, Auth logic, Seed, CRUD admin API (#819)

Major Feature: Barong RBAC give the ability to create new roles and block specific routes, it is also recommended to verify roles at the microservice level.

#Version 2.2.2

Released 2019-05-13

Added API call to get users with pending documents (#826)

  • Added API call to get users with pending documents

  • Changed route for call to users/documents/pending

  • Added ordering by labels.updated_at

#Version 2.2.1

Released 2019-05-09

Add DELETE /resource/users/me to allow user to block his account (#811)

#Version 2.1.4

Released 2019-04-09

Add the ability to get list of users by management API & small refactoring (#815)

Add auto-generating doc support (#795)

  • Add bin/gendocs script
  • Update documentation format with general format from script
  • Replace hardcoded version with Barong::Application::VERSION
  • Add additional step in drone.yml to use gendocs

Move event api jwt private key to Barong::App.config_store (#805)

#Version 2.1.3

Released 2019-03-19

API user activity sort desc (#804)

Add ability to search users by labels (#800)

Allow to list API Keys without providing OTP code (#807)

Improve language support in event api, add domain info inside event (#791)

Update rails-related gems versions in favor of github alerts (#809)

#Version 2.1.2

Released 2019-03-01

Use 'paginate' on api/v2/admin/users/search (#789)

#Version 2.1.1

Released 2019-03-01

Add Entities::Activity model, include it Entities::UserWithFullInfo (#786)

#Version 2.1.0

Released 2019-02-27

Start 2.1 development[ci skip] (#787)

Update REST API documentation to v2.0.51[ci skip] (#783)

#Version 2.0.51

Released 2019-02-26

Grape and Active Record validation errors handling and unifying (#774)

#Version 2.0.50

Released 2019-02-26

Remove -alpha from version name (#782)

#Version 2.0.49-alpha

Released 2019-02-25

Add v2/admin/users/search endpoint (#769)

#Version 2.0.48-alpha

Released 2019-02-25

Configure api-pagination tool, add api keys pagination (#780)

#Version 2.0.47-alpha

Released 2019-02-25

Use destroy instead of delete to enable missing validations (#776)

#Version 2.0.46-alpha

Released 2019-02-20

Split activity error to wrong topic and no activity (#772)

#Version 2.0.45-alpha

Released 2019-02-20

Add pagination on /resource/users/activity endpoint (#771)

#Version 2.0.44-alpha

Released 2019-02-18

Add more API Key validations, fix error on creating with invalid algo (#768)

#Version 2.0.43-alpha

Released 2019-02-15

User controller improvements (management module) (#763)

  • Fixed inconsistent indentation in user controller
  • Rework POST '/get' request to allow to receive email and phone num
  • Added several additional tests

#Version 2.0.42-alpha

Released 2019-02-15

Add language field in reset pass and confirm acc events (#767)

#Version 2.0.41-alpha

Released 2019-02-07

Add additional error on login in case of banned user (#760)

#Version 2.0.40-alpha

Released 2019-02-07

Added event api documentation with examples (#745)

Phone API improvements (#747)

Unify errors format in API controllers and Auth lib (#741)

#Version 2.0.39-alpha

Released 2019-02-06

Take only data from Vault::Secret object && minor refactoring (#757)

#Version 2.0.38-alpha

Released 2019-02-05

Change default ActionDispatch::Session set-cookie header policy on authz to :skip (#753)

#Version 2.0.37-alpha

Released 2019-01-31

Fix session_id check & add bypass session lazy load

#Version 2.0.36-alpha

Released 2019-01-25

Add missing user details in 2fa login response

#Version 2.0.35-alpha

Released 2019-01-22

Fix Barong::CORS load problem in production env

#Version 2.0.34-alpha

Released 2019-01-21

Initialize and configure redis && fix reusable token bug (#734)

#Version 2.0.33-alpha

Released 2019-01-21

Add storage envs in config store and update fetch logic

Fix change code on phone initialize, remove code from logs (#730)

#Version 2.0.32-alpha

Released 2019-01-21

Add storage envs in config store and update fetch logic

Pull Requests

Merge pull request #737 from rubykube/fix/storage-envs

#Version 2.0.31-alpha

Released 2019-01-16

Move ActionDispatch::Session::CookieStore to sessions controller

Update and split documentation to rest and management

Pull Requests

Merge pull request #713 from rubykube/feature/split-docs

#Version 2.0.30-alpha

Released 2019-01-16

Move AuthZ endpoint to metal-based controller

#Version 2.0.29-alpha

Released 2019-01-16

Add an ability to specify CORS headers

#Version 2.0.28-alpha

Released 2019-01-16

Add admin api functionality on user update (#722)

  • Ability to disable user 2fa
  • Ability to change user role
  • Refactor functionality code into one flexible post endpoint

#Version 2.0.27-alpha

Released 2019-01-16

Fix change password api action from post to put (#724)

#Version 2.0.26-alpha

Released 2019-01-16

Change regex validations to support non-eng characters (#726)

#Version 2.0.25-alpha

Released 2019-01-16

Update to ruby 2.6.0 (#707)

#Version 2.0.24-alpha

Released 2019-01-11

Add configurable session expire time (#720)

#Version 2.0.23-alpha

Released 2019-01-09

Add referral_id to users table && as an optional param on signup (#709)

#Version 2.0.22-alpha

Released 2019-01-03

Add users entity on login and /me (#706)

#Version 2.0.21-alpha

Released 2018-12-26

Small fixes (drone ci, event api updated_at bug) (#702)

#Version v2.0.20-alpha

Released 2018-12-25

Add carrierwave config for production

Pull Requests

Merge pull request #699 from rubykube/fix/storage

#Version v2.0.19-alpha

Released 2018-12-24

Add update label update for admin module, CRUD for resource

Pull Requests

Merge pull request #696 from rubykube/feature/user-labels

#Version v2.0.18-alpha

Released 2018-12-24

Add label on profile adding without level increase (#697)

  • Add label on profile adding without level increase

#Version v2.0.17-alpha

Released 2018-12-24

Update the Drone CI to replace Travis and DockerHub (#695)

  • Remove Travis-related vars from rake release

  • Add a bump and tag CI job

  • Add a Docker build and push CI job

  • Update the CI to trigger tests only on pull-requests

  • Add bump and tag to drone

  • Add redeployment flow

#Version 2.0.16-alpha

Released 2018-12-20

Added missing event with confirmation token on signup * Fix codeclimate

#Version 2.0.15-alpha

Released 2018-12-19

Admin api module, basic functions coverage

Change multiple docs uploading logic from object to array

Pull Requests

Merge pull request #681 from rubykube/feature/admin-api

Merge pull request #665 from bodiasuprun/master

#Version 2.0.14-alpha

Released 2018-12-17

Add change password enpoint, related activity record and spec

Pull Requests

Merge pull request #688 from rubykube/feature/change_password_endpoint

#Version 2.0.13-alpha

Released 2018-12-12

Added swagger config and documentation for API

Update the production database configuration with DATABASE_NAME from env

#Version 2.0.12-alpha

Released 2018-12-11

Add link_config script

#Version 2.0.11-alpha

Released 2018-12-10

Changing done steps

Hotfix for whitelisting public peatio and barong routes

#Version 2.0.10-alpha

Released 2018-12-10

Add ability to upload multiple documents

Add ability to upload multiple documents

#Version 2.0.9-alpha

Released 2018-12-09

Drone job missing vault service

#Version 2.0.8-alpha

Released 2018-12-05

Improve activities coverage

#Version 2.0.7-alpha

Released 2018-12-05

Fix unhandled totp errors (#675)

#Version 2.0.6-alpha

Released 2018-12-05

APIKeys spec and related configuration

Add codeclimate config file (#678)

Add bump gem

Add password reset workflow

Add user confirmation workflow

Add Activity model, validations & base specs

Add Activity model & base specs

Add strong password validation Use strong_password gem to check simplicity Add a custom validator to check required symbols

Add managment_api Add jwt initializer Add entities Add tools Add Profile entity Modify user model Modify user factory * Fix spec for users and labels

Add identity user api module && support of captcha Add signup logic Verify captcha serverside Require captcha on signup Optional captcha on signin

Add ability to use twilio in test and development

Add Labels API

Add JWT generator

Add JWT auth

Add sessions_spec

Add Dockerfile

Add Travis file

Add Event API

Co-authored-by: alinetskyi <artem.linetskyi@gmail.conf>

Added missing validations on password update func (#674)

Added Api Keys model, CRUD API, SecretStorage service

Adding Documents API

Adding profile grape resource

Adding KeyStore lib

Have fixed grape api spec helpers

Adding templates

Adding Label Model

Adding Base Grape API

with General Endpoint ping and time

Adding Document model (#3)

Adding Profile model

Adding Level model

Adding User model

Adding backend and db config

AuthZ modifications (#26)

Bump improvements

Change API prefix logic, fix specs, add vault doc

Delete send_real_sms.rb

Enabling sessions#authorize endpoint

Fix activities (#664)

Fix share cookies for development, fix Bump (#658)

Fixes for test and integration environment

Fixing an issue on route :any

Fixing password presence validation

Generate JWT token for apikeys

Hot fixing sessions

Initialize Vault, add TOTPService and Security(2FA) API

Make documents unvisible publicly by changing fog config (#672)

Minor improvements to middleware

Optimizing Dockerfile and removing asset pipeline

Phone model & related API & basic config store logic Add phone model Add class phones in resource api module Add test coverage for phone api Add Barong:App lib as secret key and config storage

rails generate rspec:install

rails new --database=mysql --skip-turbolinks --skip-coffee --skip-test barong

Record activity on session

Rework AuthZ endpoint

Sessions API

Updating bump script

#Version 1.8.42

Released 2018-12-04

API tuning: Add security definitions and status code, fixed wrong messages (#488)

  • Travis allow other branches

  • Add security definitions Add status codes

API: Added registration and account confirmation scopes

Account unlock logic improvments (#650)

Add filter by lvl (#657)

Add phone verification rate limit for API

Add rack-attack and some API usage limits

Add RabbitMQ middleware for event api

Add grape logger middleware

Add ROOT_DOMAIN for configure sessions (#612)

Add import accounts endpoint

Add endpoint to create accounts with managment api

Add health check actions

Add human errors for cases when vault is down or code was used multiple times

Add restrictions for expire_in

Add email for Event API system.account.reset_password_token, system.account.unlock_token events, system.document.verified, system.document.rejected (#550)

  • Add email for Event API system.account.reset_password_token and system.account.unlock_token events

  • Fix documentation for AccountMailer events

  • Document verification Event API payload and docs updated to have email included

Add validations to document

Add account uid to system.notification.account (#537)

Add account get endpoint for managment API (#486)

Add validations for profile fields (#477)

Fix document expire validation Add datepicker and country_select for admin panel Squish spaces

Add endpoint for resend confirmations

Add otp sign endpoint (#527)

Add localization for grape required fields (#515)

Add CORS middleware (#516)

Add vault logging (#513)

Add new document type (#502)

Add api_key resource and generate jwt session (#441)

  • APIKeys feature
  • Update api_keys.md
  • Added opt validation
  • Add state
  • Disabled reek

Add sentry (#459)

Add condition for unconfirmed emails check (#448)

Add labels to admin panel with CRUD (#414)

Add reset password api (#371)

Extract api helpers to helpers module, style api according to peatio api module

Add specs for phone controller

Add '/v1' prefix for API::V1 routes

Add ability to define title

Add specs for confirmations controller, use public_suffix collection to find root level domain

Add confirmation api

Add shared context for doorkeeper auth, add spec for GET /api/account

Add .codeclimate.yml

Add 2FA docs (#251)

Add 2FA (#205)

  • Add OTP sign in
  • Fix login in tests; Add tests for OTP login

Add bot envs in travis.yml (#232)

Add chrome in .travis.yml & update chromedriver-helper (closes #213) (#215)

Add link for enabling 2FA (#172)

Add document validation (#149)

Add UID for Account (#132)

return unless uid blank

Add JWT support to chart (#120)

  • Add JWT support to chart

  • Fix Dockerfile after adding JWT support (#103)

  • Bump docker image and chart versions

Add missing </div> (#104)

Add RAILS_LOG_TO_STDOUT to the chart

Add checking of account lvl

Add helm chart to docker ignore files

Add BS4 for admin & navigation. (#16)

Add admin panel boilerplate (closes #12). (#14)

Add TravisCI configuration & RSpec + Capybara boilerplate. (#8)

Add rubocop.yml (#7)

add checking of current level

add increase lvl function (#59)

Added password strength validation (#455)

  • Added password strength validation

Added link_config script (#434)

Added event_api specs (#412)

  • Added event_api specs

  • Update event_api.md

Added 2FA api, added otp_enabled to accounts, refactored Vault::TOTP

Added specs for registrations api

Added phone validation tests

Added state for GET profile (#273)

Added get profile API call (#271)

Added autoauthorized application (#156)

  • Added autoauthorized application
  • Renamed column and file
  • Removed id and secret from seed.yml

Added GCS credentials to helm chartm and charts improvements (#93)

Added GCS credentials to helm charts

Added sender's name (#92)

Added some validations (#82)

  • Added some validations

  • Fixed and skiped tests

Added custom logo, header, footer support (#55)

Added favicon (#66)

Added meta tag for mobile view (#62)

Added profiles section to the admin panel (#50)

Added profiles section to the admin panel

Added ability to connect phone number to account (#27)

Added listing of accounts with ability to delete or edit (#22)

  • Added listing of accounts with ability to delete or edit

added focus on password input (#249)

Adding level flow (#421)

Feature/level logic with labels

Adding level definition (#409)

  • Adding level definition

  • Update seeds.rb

Adding excepection for eligible bump

Adding sneaker gem

Adding layout for profiles and documents (#38)

  • Adding layout for profiles and documents

Adding doorkeeper into the stack (#26)

  • doorkeeper:install & doorkeeper:migrate
  • add applications to admin navbar

Admin panel fixes (#165)

  • Fixes regarding with tables styles, Fixes regarding with redirecting in the application page, Fixes regarding with notifications styles

  • fixed table style on profile show, fixed notice on admin

  • fixed table styles, added email to profile show action

Allow pdf on barong form

Allow to use alpha2 and alpha3 country format in profile

Allow travis to build image without envs (#508)

Allow setting JWT secret key as pem file (#413)

change != to <

Change password security error message (#511)

Change license to Apache 2.0 (#79)

Changed devise logout path from delete to get request

Changed license in README (#95)

Changed datepicker and sms body (#69)

  • Changed datepicker and sms body

  • Fixed test

Changing seeds to users (#422)

Check 2FA on Barong session api (#522)

Check required environments on barong starting (#484)

  • Check required environments on barong starting

  • Travis allow other branches

Check vault health

Compute code coverage report (#542)

  • Compute code coverage report

Configure codeclimate (#348)

Configure codeclimate

Confirm 2FA code before enable otp

Confirm account by devise controller with whitelisted domain

Continue implement features regarding PR #118 (#193)

  • added roles to the controller, fixed db:load:fake task

  • fixed db:load:fake task

Create jwt by session

Create correct labels when seed accounts (#560)

Created normal readme (#64)

Creating a role for managing only profiles (#118)

  • added moderator role in the fake task
  • set up ability file, controllers, added role - compliance in db load fake
  • deleted base controller, fixed module controller
  • deleted dashboard controller and view, change link in admin navigation, revert module controller, change default route for admin account
  • fixed navigation in admin panel
  • added permission read to compliance role for viewing account index action

customer css helper (#52)

deleted icon from dropify input (#196)

Deploy (#37)

Deployment stuff improvements

Development & software operations: kite service, Dockerfile, charts, pipeline, Helm & other stuff. (#5)

Different gem subsets dynamic installation (#207)

Display cute notice when the registering email already taken (#70)

Do not trust public label when calculate level (#428)

Documents API

Dont let not active accounts to sign in (#600)

Downcase label key and value before save it (#472)

Downgrade fog-gem version (fix #311)

Enable devise lockable. (#467)

  • Fix db seed password, replace email validator

  • Enable devise lockable

Enable cops in .rubocop.yml

Events API, Plugins (#410)

  • Add ability to install Plugins

  • Add required gems

Extract api to user_api module (#407)

Add Label managment api

Feature: Add metadata to documents API (#464)

  • Added metadata field for document

  • Makes documents spec more readable

Feed existing account with labels corresponding their level [for migration from 1.7 to 1.8] (#498)

Fix phone verification rate limit for API

Fix message error

Fix doorkeeper CVE-2018-1000211 vulnerability

Fix CVE-2018-3760 bug

Fix wrong field in accounts/get (#552)

Fix labels bug with changing scope (#481)

Fix db:seed applications creation (#495)

  • Fix db:seed applications creation

  • Add tests for rake db:seed

Fix document types (#490)

Fix typo in phone exists message error (#487)

  • Fix typo in phone exists message error

  • Travis allow other branches

Fix issue with api datetime format (#453)

Fix function call (#426)

Fix API error messages (#416)

Fix domain to host (#424)

Fix errors in phones api (#393)

Fix missing PhoneUtils bug (#388)

Fix failing profile specs (#375)

Fix db:seed (#359)

Fix typo in error rescue (#357)

Fix vault specs, add capybara screenshot

Fix codeclimate

Fix codeclimate

Fix codeclimate

Fix phone verification issue

Fix specs

Fix travis version bump

Fix indentation and comments rubocop issues

Fix existing docs & Remove unused docs

Fix multiple issue with cloud storage configurations (#259)

Fix #225 (#227)

Fix all entered data which is lost when submitting form with invalid data (#231)

  • fixed reset form on page documents/new
  • fixed reset form on page profile/new

Fix issue in travis configuration

Fix invalid number notification color (fix #216) (#222)

Fix issue with resending unlock instructions for #147 (#206)

Fix for index redirecting

Fix for login (#143)

Fix tests due to new forms (#128)

Fix url in Readme (#122)

Fix for button (#100)

Fix for approving profile (#97)

Fix for js (#98)

Fix production mailer & move to helios-public (#47)

  • Rails production mailer setup & k8s env variables

  • Use helios-public instead of helios-stage

fix specs

fix lvl buttons

fix code style

add lvl buttons

Fixed all rubocop issues

Fixed bin/setup to work in correct order (#194)

  • Fixed bin/setup to work in correct order

  • Updated seeds; added ability to use default creds with workbench

  • Added generated Application credentials output
  • Updated default Application seed

Fixed tests (#192)

Fixed background (#63)

Fixed k8s secrets.yaml

Fixed mail sender email (#61)

Fixed barong host in chart (#57)

fixed all issues related with: git rebase, the tests, the document uploading features (#58)

fixed the tests (#43)

fixed the tests (#42)

fixed the views tests

Fixes docker image build

Fixes for workbench (#142)

Generate api on bump stage

generate API documentation (#158)

Get all labels with managment api

Get international number from phonelib directly (#504)

  • Get international number from phonelib directly

  • Use international phone on api phone validation

Google cloud upload (#90)

handle SMS_CONTENT env variable

Handle file size and extension on front-end side with dropify (#209)

Hotfix for rack_attack (#671)

Ignore yarn files

implement lvl for phones

Implement send code API (#423)

Implemented API endpoind for receiving JWT by account and password

Implemented ability to change password by API

Implemented API JWT renewal (#264)

  • Fixed expiring time in Doorkeeper-JWT

Improve some styles

improve lvl system

Include profile.state in jwt

Include name in jwt (#123)

Increase spec coverage (#378)

  • Add simplecov

  • Add specs for controllers

  • Add spec for vault totp

  • Fix tests

Increase max size of upload (#162)

increase to lvl 3 after confirmation

Initialize Devise missing views and routes (#9)

K8s (#15)

  • Update database secrets

  • K8s secret instance

  • Barong install or upgrade bash script

  • Use puma instead of rails s

Limit number of uploaded documents

Lockable in API (#544)

  • Lockable in API

  • add endpoint to send/resend unlock instructions

  • update docs

  • Profile validations update(fixes specs which was failing sometimes)

  • add endpoint to unlock account

Lockable for devise (closes #13) (#11)

Make db:seed more flexible (#404)

Make drag and drop for documents work (#154)

  • added drag and drop function to uploading document
  • fixed icons in the drag/drop area

Management api config generation from template (#539)

  • Generate management api from config

  • Install plugins and make yml files from templates

  • Put plugins template in standart place

Mark account as discarded istead of delete it (#451)

  • Mark account as discarded instead of deleting it

  • Disabled reek

Merge branch 'master' into feature/profiles_api

Merge remote-tracking branch 'origin/master' into feature/2fa_api

Merge remote-tracking branch 'origin/master' into feature/2fa_api

Merge branch 'master' into bugfix/phone_verification_without_code

Merge branch 'master' into bugfix/phone_verification_without_code

Merge branch 'master' into fix/loofah-update

Migrate application levels logic to use labels (#430)

Minor fixes for phones/new form (#150)

Added loader Confirm button disables till the code is sent Check if the phone nubber wasn't modefied after the code was sent

Minor fixes (#141)

Minor fixes to index page (#106)

  • Minor fixes to index page

Minor gem updates

Modify email and sender name (#140)

Mons web verification design (#53)

Adding verification design

Move all logic from profile show to accounts show. Show Phones and Account info (#460)

  • Remove state from profile

  • Fix labels issues

  • after-review improvements

  • Move all logic from profile show to accounts show (close #449)

  • Update code with requirements

  • Disabled reek

Move account registration to account endpoint

moved specs to v1 folder

Moved documentation files (#549)

  • Moved documentation files

Moving database.yml file

Moving field role and adding level

Notify user by email when his state changes (#372)

Pass email along with uid to vault (#257)

Prepare initial configuration and gemset: (#6)

  • Remove config/database.yml from Git.
  • Remove lot of unneeded gems.
  • Lock Ruby version.
  • remove Spring.

Profiles API

Added metadata field to Profiles, which stores JSON data and is using ActiveRecord::Store. Metadata fields are specified by env variable PROFILE_METADATA

Provide License (#21)

Put working links in footer

Made links in footer work Added basic layout on Change Password page

rails new --database=mysql --skip-turbolinks --skip-coffee barong

Rake task to generate swagger-slate docs (#204)

  • Rake task to generate swagger-slate docs

  • Run widdershins via 'node node_modules/widdershins/widdershins'

Refactor storages (#241)

  1. Clean up gems
  2. Add support for AWS
  3. Fix existing secrets
  4. Prepare helm chart for theme changes

Refactored phones

Release Barong v1.0.0

remove unneeded/useless tests/specs (#173)

Remove rack-cors (#519)

Remove identity from default configuration (#505)

  • Remove identity level from default configuration

  • Tune codeclimate

Remove env check. It does not work with docker build (#514)

Remove outdated deployment stuff (#452)

Remove invalid concourse pipeline and related stuff

Remove main-logo and useless <div>s (#182)

Removed minimum size limitation for document (#199)

Removed 'utility bill' from 'documents' dropdown options and changed notice for successeful email confirmation (#170)

  • Removed 'utility bill' from 'documents' dropdown options
  • Edited notice for successeful email confirmation

Removed unused views (#139)

  • Removed unused views

Removed unused controller

Removed unnecessary views (#56)

Removing logo

Replace Faker::Avatar.image to Faker::Company.logo due to server error

Rescue exception in managment api and application controller

Restify api endpoints (#368)

Return understandable vault error, log full message

Return if phone is already in db (#91)

Scaffold website table (#30)

bundle exec rails g model website domain:string:uniq title:string logo:string stylesheet:string header:text footer:text redirect_url:string state:string --force

bundle exec rails g scaffold admin/website domain:string title:string logo:string stylesheet:string header:text footer:text redirect_url:string state:string --model-name=website --no-migration --test-framework=rspec --stylesheet-engine=sass --no-javascripts --integration-tool=rspec

Scaffolding profile has_many documents

Send emails if they are enabled. Add SKIP_EMAILS env (#446)

Set events with correct devise tokens (#528)

Set correct document flash message (#474)

  • Set correct document flash message

  • Travis allow other branches

Set account state to active on email confirmation

Set account state along with profile state

Set new devise layout (#155)

Set devise secret on container build (#17)

  • Set device secret on container build

  • Docker DEVICE_SECRET_KEY env varible explanation

Show level and labels on account index page (#431)

Small fixes (#171)

Small improvements (#74)

Speed up docker build (#429)

Splitted profile-document form (#131)

  • Splitted profile-document form

Squish label fields (#535)

Add rake task for update level Show level mapping at admin panel

Start Barong 1.8.0 development! (#370)

Merge it after merge 1.7.0 Release branch

Start Barong 1.7.0 development!

Style improvements on documents, sign in/sign up, profiles, removing (#73)

header & fixing tests

Swapping migration version

Switch to grape (#153)

t # This is a combination of 2 commits.

Changed document reference from profile to account

Refactored documents api

Two Factor Auth (#78)

  • Added seed and QR-Code generation for 2FA support

Unifying styles in the admin panel (#105)

Unifying styles in the admin panel (#102)

  • Unified styling in the admin panel, added default filter for profiles section in the admin panel

  • Unified styling in the admin panel, added default filter for profiles section in the admin panel

Update gem dependences (#595)

Update api_keys.md

Update travis CI and fix version bumping (#507)

Update ci/bump.rb: add pagination for GitHub API (fixes bumping for older branches). (#458)

Update 1.7.0 migration steps notes (#405)

Update .travis.yml

Update Gemfile

Update the JWT Session payload (closes #245) (#250)

Update chart

Update oauth callback (#127)

  • Update oauth callback & README

update bootstrap gem : 4.1.2 instead 4.0.0

Updated loofah to 2.2.2

Updated documentation (#190)

Use SecureRandom in db:seed (#425)

Use simple serialize instead of Store for metadata field

Use JWT token for authentication (#103)

User level is downgraded to 2 when his profile is rejected (#360)

Validate dates (#228)

Verify captcha after 3 failed attempts on sign in

Verify captcha serverside is it's enabled

Reverts

Generate api on bump stage

Pull Requests

Merge pull request #609 from mnaichuk/fix/messages

Merge pull request #575 from rxx/fix_api_key_1_8

Merge pull request #569 from rxx/bugfix/fix_bump

Merge pull request #567 from rxx/feature/generate_api_from_bump

Merge pull request #568 from rxx/feature/pdf_upload

Merge pull request #566 from rxx/feature/vault_security

Merge pull request #564 from rxx/feature/managment_labels_list

Merge pull request #565 from rxx/bugfix/fix_expires_in

Merge pull request #561 from maksim-litvinov/bugfix/fix_vault_errors

Merge pull request #563 from maksim-litvinov/countries_alpha2_alpha3

Merge pull request #558 from maksim-litvinov/sprokets_bug_fix_18

Merge pull request #551 from maksim-litvinov/feature/add_document_validations

Merge pull request #554 from shingonoide/fixes_image_build

Merge pull request #336 from rubykube/feature/profiles_api

Merge pull request #327 from rubykube/feature/2fa_api

Merge pull request #341 from rubykube/bugfix/phone_verification_without_code

Merge pull request #352 from andreymakovenko/master

Merge pull request #287 from gfedorenko/fix/loofah-update

Merge pull request #279 from gfedorenko/fix/default-state

Merge pull request #270 from rubykube/fix/account-state

Merge pull request #233 from ashanaakh/bugfix/travis-fix

Merge pull request #180 from gfedorenko/fix/routing

Merge pull request #133 from gfedorenko/fix/footer

Merge pull request #134 from ashanaakh/fix/chart

Merge pull request #135 from mafarain/include_state

Merge pull request #81 from ashanaakh/logs

Merge pull request #71 from spavlishak/fixes/styles

Merge pull request #65 from vpetrusenko/level

Merge pull request #68 from ashanaakh/dockerignore/fix

#Version 2.0.5-alpha

Released 2018-12-04

APIKeys spec and related configuration

Add bump gem

Add password reset workflow

Add user confirmation workflow

Add Activity model, validations & base specs

Add Activity model & base specs

Add strong password validation Use strong_password gem to check simplicity Add a custom validator to check required symbols

Add managment_api Add jwt initializer Add entities Add tools Add Profile entity Modify user model Modify user factory * Fix spec for users and labels

Add identity user api module && support of captcha Add signup logic Verify captcha serverside Require captcha on signup Optional captcha on signin

Add ability to use twilio in test and development

Add Labels API

Add JWT generator

Add JWT auth

Add sessions_spec

Add Dockerfile

Add Travis file

Add Event API

Co-authored-by: alinetskyi <artem.linetskyi@gmail.conf>

Added Api Keys model, CRUD API, SecretStorage service

Adding Documents API

Adding profile grape resource

Adding KeyStore lib

Have fixed grape api spec helpers

Adding templates

Adding Label Model

Adding Base Grape API

with General Endpoint ping and time

Adding Document model (#3)

Adding Profile model

Adding Level model

Adding User model

Adding backend and db config

AuthZ modifications (#26)

Bump improvements

Change API prefix logic, fix specs, add vault doc

Delete send_real_sms.rb

Enabling sessions#authorize endpoint

Fix activities (#664)

Fix share cookies for development, fix Bump (#658)

Fixes for test and integration environment

Fixing an issue on route :any

Fixing password presence validation

Generate JWT token for apikeys

Hot fixing sessions

Initialize Vault, add TOTPService and Security(2FA) API

Make documents unvisible publicly by changing fog config (#672)

Minor improvements to middleware

Optimizing Dockerfile and removing asset pipeline

Phone model & related API & basic config store logic Add phone model Add class phones in resource api module Add test coverage for phone api Add Barong:App lib as secret key and config storage

rails generate rspec:install

rails new --database=mysql --skip-turbolinks --skip-coffee --skip-test barong

Record activity on session

Rework AuthZ endpoint

Sessions API

Updating bump script

#Version 1.9.1

Released 2018-12-04

API tuning: Add security definitions and status code, fixed wrong messages (#488)

  • Travis allow other branches

  • Add security definitions Add status codes

Add phone verification rate limit for API

Add rack-attack and some API usage limits

Add grape logger middleware

Add a stronger validation for passwords

Add ROOT_DOMAIN for configure sessions (#611)

Add import accounts endpoint

Add endpoint to create accounts with managment api

Add health check actions

Add human errors for cases when vault is down or code was used multiple times

Add restrictions for expire_in

Add validations to document

Add SMTP_ADDRESS and SMTP_PORT environment variable in development

Add email for Event API system.account.reset_password_token, system.account.unlock_token events, system.document.verified, system.document.rejected (#550)

  • Add email for Event API system.account.reset_password_token and system.account.unlock_token events

  • Fix documentation for AccountMailer events

  • Document verification Event API payload and docs updated to have email included

Add account uid to system.notification.account (#537)

Add account get endpoint for managment API (#486)

Add validations for profile fields (#477)

Fix document expire validation Add datepicker and country_select for admin panel Squish spaces

Add endpoint for resend confirmations

Add otp sign endpoint (#527)

Add localization for grape required fields (#515)

Add CORS middleware (#516)

Add vault logging (#513)

Add new document type (#502)

Allow to configure scopes from env (#618)

Allow to configure smtp url address (#616)

Allow pdf on barong form

Allow to use alpha2 and alpha3 country format in profile

Allow to configure multiple CORS at barong

Allow travis to build image without envs (#508)

barong fixing security flags in docs (#596)

Change password security error message (#511)

Check 2FA on Barong session api (#522)

Check required environments on barong starting (#484)

  • Check required environments on barong starting

  • Travis allow other branches

Compute code coverage report (#542)

  • Compute code coverage report

Create jwt by session

Create correct labels when seed accounts (#579)

Define minimum password length in ENV (#626)

Dont let not active accounts to sign in (#608)

Downcase label key and value before save it (#472)

Feed existing account with labels corresponding their level [for migration from 1.7 to 1.8] (#498)

Fix: DEPRECATION WARNING

Fix issue with jwt in dev mode (#630)

Fix issue with hardcoded JWT_SHARED_SECRET_KEY (#629)

Fix message error

Fix doorkeeper CVE-2018-1000211 vulnerability

Fix CVE-2018-3760 bug

Fix rubocop

Fix wrong field in accounts/get (#552)

Fix labels bug with changing scope (#481)

Fix db:seed applications creation (#495)

  • Fix db:seed applications creation

  • Add tests for rake db:seed

Fix document types (#490)

Fix typo in phone exists message error (#487)

  • Fix typo in phone exists message error

  • Travis allow other branches

Fixes docker image build

Generate api on bump stage

Get all labels with managment api

Get international number from phonelib directly (#504)

  • Get international number from phonelib directly

  • Use international phone on api phone validation

Limit number of uploaded documents

Lockable in API (#544)

  • Lockable in API

  • add endpoint to send/resend unlock instructions

  • update docs

  • Profile validations update(fixes specs which was failing sometimes)

  • add endpoint to unlock account

Make documents invisible publicly by changing fog config (#673)

Management api config generation from template (#539)

  • Generate management api from config

  • Install plugins and make yml files from templates

  • Put plugins template in standart place

Merge branch 'master' into fix-messages

Moved documentation files (#549)

  • Moved documentation files

Release Barong v1.9

Remove rack-cors (#519)

Remove identity from default configuration (#505)

  • Remove identity level from default configuration

  • Tune codeclimate

Remove env check. It does not work with docker build (#514)

Replace Faker::Avatar.image to Faker::Company.logo due to server error

Rescue exception in managment api and application controller

Return understandable vault error, log full message

Save scopes in APIKey as serialized array (closes #585) (#597)

Set cookies from /api/sessions

Set events with correct devise tokens (#528)

Set correct document flash message (#474)

  • Set correct document flash message

  • Travis allow other branches

Squish label fields (#535)

Add rake task for update level Show level mapping at admin panel

Unlock account after 1 hour of being locked (#649)

update bootstrap gem : 4.1.2 instead 4.0.0

Update api_keys.md (#592)

Update gem dependences (#595)

Update docs api_keys

Update project to rails v5.2.1

Update rails version to v5.2.1

Update ruby version to v2.5.1

Update api_keys.md

Update travis CI and fix version bumping (#507)

Verify captcha serverside if it's enabled (#617)

  • Verify captcha serverside is it's enabled

  • Verify captcha after 3 failed attempts on sign in

  • Don't check captcha is password is valid

Reverts

Generate api on bump stage

Pull Requests

Merge pull request #601 from mnaichuk/fix-messages

Merge pull request #557 from maksim-litvinov/sprocket_bug_fix

Merge pull request #543 from maksim-litvinov/master_update

#Version 1.8.41

Released 2018-12-03

API tuning: Add security definitions and status code, fixed wrong messages (#488)

  • Travis allow other branches

  • Add security definitions Add status codes

API: Added registration and account confirmation scopes

Add filter by lvl (#657)

Add phone verification rate limit for API

Add rack-attack and some API usage limits

Add RabbitMQ middleware for event api

Add grape logger middleware

Add ROOT_DOMAIN for configure sessions (#612)

Add import accounts endpoint

Add endpoint to create accounts with managment api

Add health check actions

Add human errors for cases when vault is down or code was used multiple times

Add restrictions for expire_in

Add email for Event API system.account.reset_password_token, system.account.unlock_token events, system.document.verified, system.document.rejected (#550)

  • Add email for Event API system.account.reset_password_token and system.account.unlock_token events

  • Fix documentation for AccountMailer events

  • Document verification Event API payload and docs updated to have email included

Add validations to document

Add account uid to system.notification.account (#537)

Add account get endpoint for managment API (#486)

Add validations for profile fields (#477)

Fix document expire validation Add datepicker and country_select for admin panel Squish spaces

Add endpoint for resend confirmations

Add otp sign endpoint (#527)

Add localization for grape required fields (#515)

Add CORS middleware (#516)

Add vault logging (#513)

Add new document type (#502)

Add api_key resource and generate jwt session (#441)

  • APIKeys feature
  • Update api_keys.md
  • Added opt validation
  • Add state
  • Disabled reek

Add sentry (#459)

Add condition for unconfirmed emails check (#448)

Add labels to admin panel with CRUD (#414)

Add reset password api (#371)

Extract api helpers to helpers module, style api according to peatio api module

Add specs for phone controller

Add '/v1' prefix for API::V1 routes

Add ability to define title

Add specs for confirmations controller, use public_suffix collection to find root level domain

Add confirmation api

Add shared context for doorkeeper auth, add spec for GET /api/account

Add .codeclimate.yml

Add 2FA docs (#251)

Add 2FA (#205)

  • Add OTP sign in
  • Fix login in tests; Add tests for OTP login

Add bot envs in travis.yml (#232)

Add chrome in .travis.yml & update chromedriver-helper (closes #213) (#215)

Add link for enabling 2FA (#172)

Add document validation (#149)

Add UID for Account (#132)

return unless uid blank

Add JWT support to chart (#120)

  • Add JWT support to chart

  • Fix Dockerfile after adding JWT support (#103)

  • Bump docker image and chart versions

Add missing </div> (#104)

Add RAILS_LOG_TO_STDOUT to the chart

Add checking of account lvl

Add helm chart to docker ignore files

Add BS4 for admin & navigation. (#16)

Add admin panel boilerplate (closes #12). (#14)

Add TravisCI configuration & RSpec + Capybara boilerplate. (#8)

Add rubocop.yml (#7)

add checking of current level

add increase lvl function (#59)

added focus on password input (#249)

Added password strength validation (#455)

  • Added password strength validation

Added link_config script (#434)

Added event_api specs (#412)

  • Added event_api specs

  • Update event_api.md

Added 2FA api, added otp_enabled to accounts, refactored Vault::TOTP

Added specs for registrations api

Added phone validation tests

Added state for GET profile (#273)

Added get profile API call (#271)

Added autoauthorized application (#156)

  • Added autoauthorized application
  • Renamed column and file
  • Removed id and secret from seed.yml

Added GCS credentials to helm chartm and charts improvements (#93)

Added GCS credentials to helm charts

Added sender's name (#92)

Added some validations (#82)

  • Added some validations

  • Fixed and skiped tests

Added custom logo, header, footer support (#55)

Added favicon (#66)

Added meta tag for mobile view (#62)

Added profiles section to the admin panel (#50)

Added profiles section to the admin panel

Added ability to connect phone number to account (#27)

Added listing of accounts with ability to delete or edit (#22)

  • Added listing of accounts with ability to delete or edit

Adding level flow (#421)

Feature/level logic with labels

Adding level definition (#409)

  • Adding level definition

  • Update seeds.rb

Adding excepection for eligible bump

Adding sneaker gem

Adding layout for profiles and documents (#38)

  • Adding layout for profiles and documents

Adding doorkeeper into the stack (#26)

  • doorkeeper:install & doorkeeper:migrate
  • add applications to admin navbar

Admin panel fixes (#165)

  • Fixes regarding with tables styles, Fixes regarding with redirecting in the application page, Fixes regarding with notifications styles

  • fixed table style on profile show, fixed notice on admin

  • fixed table styles, added email to profile show action

Allow pdf on barong form

Allow to use alpha2 and alpha3 country format in profile

Allow travis to build image without envs (#508)

Allow setting JWT secret key as pem file (#413)

Change password security error message (#511)

Change license to Apache 2.0 (#79)

change != to <

Changed devise logout path from delete to get request

Changed license in README (#95)

Changed datepicker and sms body (#69)

  • Changed datepicker and sms body

  • Fixed test

Changing seeds to users (#422)

Check 2FA on Barong session api (#522)

Check required environments on barong starting (#484)

  • Check required environments on barong starting

  • Travis allow other branches

Check vault health

Compute code coverage report (#542)

  • Compute code coverage report

Configure codeclimate (#348)

Configure codeclimate

Confirm 2FA code before enable otp

Confirm account by devise controller with whitelisted domain

Continue implement features regarding PR #118 (#193)

  • added roles to the controller, fixed db:load:fake task

  • fixed db:load:fake task

Create jwt by session

Create correct labels when seed accounts (#560)

Created normal readme (#64)

Creating a role for managing only profiles (#118)

  • added moderator role in the fake task
  • set up ability file, controllers, added role - compliance in db load fake
  • deleted base controller, fixed module controller
  • deleted dashboard controller and view, change link in admin navigation, revert module controller, change default route for admin account
  • fixed navigation in admin panel
  • added permission read to compliance role for viewing account index action

customer css helper (#52)

deleted icon from dropify input (#196)

Deploy (#37)

Deployment stuff improvements

Development & software operations: kite service, Dockerfile, charts, pipeline, Helm & other stuff. (#5)

Different gem subsets dynamic installation (#207)

Display cute notice when the registering email already taken (#70)

Do not trust public label when calculate level (#428)

Documents API

Dont let not active accounts to sign in (#600)

Downcase label key and value before save it (#472)

Downgrade fog-gem version (fix #311)

Enable devise lockable. (#467)

  • Fix db seed password, replace email validator

  • Enable devise lockable

Enable cops in .rubocop.yml

Events API, Plugins (#410)

  • Add ability to install Plugins

  • Add required gems

Extract api to user_api module (#407)

Add Label managment api

Feature: Add metadata to documents API (#464)

  • Added metadata field for document

  • Makes documents spec more readable

Feed existing account with labels corresponding their level [for migration from 1.7 to 1.8] (#498)

Fix phone verification rate limit for API

Fix message error

Fix doorkeeper CVE-2018-1000211 vulnerability

Fix CVE-2018-3760 bug

Fix wrong field in accounts/get (#552)

Fix labels bug with changing scope (#481)

Fix db:seed applications creation (#495)

  • Fix db:seed applications creation

  • Add tests for rake db:seed

Fix document types (#490)

Fix typo in phone exists message error (#487)

  • Fix typo in phone exists message error

  • Travis allow other branches

Fix issue with api datetime format (#453)

Fix function call (#426)

Fix API error messages (#416)

Fix domain to host (#424)

Fix errors in phones api (#393)

Fix missing PhoneUtils bug (#388)

Fix failing profile specs (#375)

Fix db:seed (#359)

Fix typo in error rescue (#357)

Fix vault specs, add capybara screenshot

Fix codeclimate

Fix codeclimate

Fix codeclimate

Fix phone verification issue

Fix specs

Fix travis version bump

Fix indentation and comments rubocop issues

Fix existing docs & Remove unused docs

Fix multiple issue with cloud storage configurations (#259)

Fix #225 (#227)

Fix all entered data which is lost when submitting form with invalid data (#231)

  • fixed reset form on page documents/new
  • fixed reset form on page profile/new

Fix issue in travis configuration

Fix invalid number notification color (fix #216) (#222)

Fix issue with resending unlock instructions for #147 (#206)

Fix for index redirecting

Fix for login (#143)

Fix tests due to new forms (#128)

Fix url in Readme (#122)

Fix for button (#100)

Fix for approving profile (#97)

Fix for js (#98)

Fix production mailer & move to helios-public (#47)

  • Rails production mailer setup & k8s env variables

  • Use helios-public instead of helios-stage

fix specs

fix lvl buttons

fix code style

add lvl buttons

Fixed all rubocop issues

Fixed bin/setup to work in correct order (#194)

  • Fixed bin/setup to work in correct order

  • Updated seeds; added ability to use default creds with workbench

  • Added generated Application credentials output
  • Updated default Application seed

Fixed tests (#192)

Fixed background (#63)

Fixed k8s secrets.yaml

Fixed mail sender email (#61)

Fixed barong host in chart (#57)

fixed all issues related with: git rebase, the tests, the document uploading features (#58)

fixed the tests (#43)

fixed the tests (#42)

fixed the views tests

Fixes docker image build

Fixes for workbench (#142)

Generate api on bump stage

generate API documentation (#158)

Get all labels with managment api

Get international number from phonelib directly (#504)

  • Get international number from phonelib directly

  • Use international phone on api phone validation

Google cloud upload (#90)

Handle file size and extension on front-end side with dropify (#209)

handle SMS_CONTENT env variable

Hotfix for rack_attack (#671)

Ignore yarn files

Implement send code API (#423)

implement lvl for phones

Implemented API endpoind for receiving JWT by account and password

Implemented ability to change password by API

Implemented API JWT renewal (#264)

  • Fixed expiring time in Doorkeeper-JWT

improve lvl system

Improve some styles

Include profile.state in jwt

Include name in jwt (#123)

increase to lvl 3 after confirmation

Increase spec coverage (#378)

  • Add simplecov

  • Add specs for controllers

  • Add spec for vault totp

  • Fix tests

Increase max size of upload (#162)

Initialize Devise missing views and routes (#9)

K8s (#15)

  • Update database secrets

  • K8s secret instance

  • Barong install or upgrade bash script

  • Use puma instead of rails s

Limit number of uploaded documents

Lockable in API (#544)

  • Lockable in API

  • add endpoint to send/resend unlock instructions

  • update docs

  • Profile validations update(fixes specs which was failing sometimes)

  • add endpoint to unlock account

Lockable for devise (closes #13) (#11)

Make db:seed more flexible (#404)

Make drag and drop for documents work (#154)

  • added drag and drop function to uploading document
  • fixed icons in the drag/drop area

Management api config generation from template (#539)

  • Generate management api from config

  • Install plugins and make yml files from templates

  • Put plugins template in standart place

Mark account as discarded istead of delete it (#451)

  • Mark account as discarded instead of deleting it

  • Disabled reek

Merge branch 'master' into feature/profiles_api

Merge remote-tracking branch 'origin/master' into feature/2fa_api

Merge remote-tracking branch 'origin/master' into feature/2fa_api

Merge branch 'master' into bugfix/phone_verification_without_code

Merge branch 'master' into bugfix/phone_verification_without_code

Merge branch 'master' into fix/loofah-update

Migrate application levels logic to use labels (#430)

Minor fixes for phones/new form (#150)

Added loader Confirm button disables till the code is sent Check if the phone nubber wasn't modefied after the code was sent

Minor fixes (#141)

Minor fixes to index page (#106)

  • Minor fixes to index page

Minor gem updates

Modify email and sender name (#140)

Mons web verification design (#53)

Adding verification design

Move all logic from profile show to accounts show. Show Phones and Account info (#460)

  • Remove state from profile

  • Fix labels issues

  • after-review improvements

  • Move all logic from profile show to accounts show (close #449)

  • Update code with requirements

  • Disabled reek

Move account registration to account endpoint

Moved documentation files (#549)

  • Moved documentation files

moved specs to v1 folder

Moving database.yml file

Moving field role and adding level

Notify user by email when his state changes (#372)

Pass email along with uid to vault (#257)

Prepare initial configuration and gemset: (#6)

  • Remove config/database.yml from Git.
  • Remove lot of unneeded gems.
  • Lock Ruby version.
  • remove Spring.

Profiles API

Added metadata field to Profiles, which stores JSON data and is using ActiveRecord::Store. Metadata fields are specified by env variable PROFILE_METADATA

Provide License (#21)

Put working links in footer

Made links in footer work Added basic layout on Change Password page

rails new --database=mysql --skip-turbolinks --skip-coffee barong

Rake task to generate swagger-slate docs (#204)

  • Rake task to generate swagger-slate docs

  • Run widdershins via 'node node_modules/widdershins/widdershins'

Refactor storages (#241)

  1. Clean up gems
  2. Add support for AWS
  3. Fix existing secrets
  4. Prepare helm chart for theme changes

Refactored phones

Release Barong v1.0.0

Remove rack-cors (#519)

Remove identity from default configuration (#505)

  • Remove identity level from default configuration

  • Tune codeclimate

Remove env check. It does not work with docker build (#514)

Remove outdated deployment stuff (#452)

Remove invalid concourse pipeline and related stuff

Remove main-logo and useless <div>s (#182)

remove unneeded/useless tests/specs (#173)

Removed minimum size limitation for document (#199)

Removed 'utility bill' from 'documents' dropdown options and changed notice for successeful email confirmation (#170)

  • Removed 'utility bill' from 'documents' dropdown options
  • Edited notice for successeful email confirmation

Removed unused views (#139)

  • Removed unused views

Removed unused controller

Removed unnecessary views (#56)

Removing logo

Replace Faker::Avatar.image to Faker::Company.logo due to server error

Rescue exception in managment api and application controller

Restify api endpoints (#368)

Return understandable vault error, log full message

Return if phone is already in db (#91)

Scaffold website table (#30)

bundle exec rails g model website domain:string:uniq title:string logo:string stylesheet:string header:text footer:text redirect_url:string state:string --force

bundle exec rails g scaffold admin/website domain:string title:string logo:string stylesheet:string header:text footer:text redirect_url:string state:string --model-name=website --no-migration --test-framework=rspec --stylesheet-engine=sass --no-javascripts --integration-tool=rspec

Scaffolding profile has_many documents

Send emails if they are enabled. Add SKIP_EMAILS env (#446)

Set events with correct devise tokens (#528)

Set correct document flash message (#474)

  • Set correct document flash message

  • Travis allow other branches

Set account state to active on email confirmation

Set account state along with profile state

Set new devise layout (#155)

Set devise secret on container build (#17)

  • Set device secret on container build

  • Docker DEVICE_SECRET_KEY env varible explanation

Show level and labels on account index page (#431)

Small fixes (#171)

Small improvements (#74)

Speed up docker build (#429)

Splitted profile-document form (#131)

  • Splitted profile-document form

Squish label fields (#535)

Add rake task for update level Show level mapping at admin panel

Start Barong 1.8.0 development! (#370)

Merge it after merge 1.7.0 Release branch

Start Barong 1.7.0 development!

Style improvements on documents, sign in/sign up, profiles, removing (#73)

header & fixing tests

Swapping migration version

Switch to grape (#153)

t # This is a combination of 2 commits.

Changed document reference from profile to account

Refactored documents api

Two Factor Auth (#78)

  • Added seed and QR-Code generation for 2FA support

Unifying styles in the admin panel (#105)

Unifying styles in the admin panel (#102)

  • Unified styling in the admin panel, added default filter for profiles section in the admin panel

  • Unified styling in the admin panel, added default filter for profiles section in the admin panel

update bootstrap gem : 4.1.2 instead 4.0.0

Update gem dependences (#595)

Update api_keys.md

Update travis CI and fix version bumping (#507)

Update ci/bump.rb: add pagination for GitHub API (fixes bumping for older branches). (#458)

Update 1.7.0 migration steps notes (#405)

Update .travis.yml

Update Gemfile

Update the JWT Session payload (closes #245) (#250)

Update chart

Update oauth callback (#127)

  • Update oauth callback & README

Updated loofah to 2.2.2

Updated documentation (#190)

Use SecureRandom in db:seed (#425)

Use simple serialize instead of Store for metadata field

Use JWT token for authentication (#103)

User level is downgraded to 2 when his profile is rejected (#360)

Validate dates (#228)

Verify captcha after 3 failed attempts on sign in

Verify captcha serverside is it's enabled

Reverts

Generate api on bump stage

Pull Requests

Merge pull request #609 from mnaichuk/fix/messages

Merge pull request #575 from rxx/fix_api_key_1_8

Merge pull request #569 from rxx/bugfix/fix_bump

Merge pull request #567 from rxx/feature/generate_api_from_bump

Merge pull request #568 from rxx/feature/pdf_upload

Merge pull request #566 from rxx/feature/vault_security

Merge pull request #564 from rxx/feature/managment_labels_list

Merge pull request #565 from rxx/bugfix/fix_expires_in

Merge pull request #561 from maksim-litvinov/bugfix/fix_vault_errors

Merge pull request #563 from maksim-litvinov/countries_alpha2_alpha3

Merge pull request #558 from maksim-litvinov/sprokets_bug_fix_18

Merge pull request #551 from maksim-litvinov/feature/add_document_validations

Merge pull request #554 from shingonoide/fixes_image_build

Merge pull request #336 from rubykube/feature/profiles_api

Merge pull request #327 from rubykube/feature/2fa_api

Merge pull request #341 from rubykube/bugfix/phone_verification_without_code

Merge pull request #352 from andreymakovenko/master

Merge pull request #287 from gfedorenko/fix/loofah-update

Merge pull request #279 from gfedorenko/fix/default-state

Merge pull request #270 from rubykube/fix/account-state

Merge pull request #233 from ashanaakh/bugfix/travis-fix

Merge pull request #180 from gfedorenko/fix/routing

Merge pull request #133 from gfedorenko/fix/footer

Merge pull request #134 from ashanaakh/fix/chart

Merge pull request #135 from mafarain/include_state

Merge pull request #81 from ashanaakh/logs

Merge pull request #71 from spavlishak/fixes/styles

Merge pull request #65 from vpetrusenko/level

Merge pull request #68 from ashanaakh/dockerignore/fix

#Version 2.0.4-alpha

Released 2018-11-29

APIKeys spec and related configuration

Add bump gem

Add password reset workflow

Add user confirmation workflow

Add Activity model, validations & base specs

Add Activity model & base specs

Add strong password validation Use strong_password gem to check simplicity Add a custom validator to check required symbols

Add managment_api Add jwt initializer Add entities Add tools Add Profile entity Modify user model Modify user factory * Fix spec for users and labels

Add identity user api module && support of captcha Add signup logic Verify captcha serverside Require captcha on signup Optional captcha on signin

Add ability to use twilio in test and development

Add Labels API

Add JWT generator

Add JWT auth

Add sessions_spec

Add Dockerfile

Add Travis file

Add Event API

Co-authored-by: alinetskyi <artem.linetskyi@gmail.conf>

Added Api Keys model, CRUD API, SecretStorage service

Adding Documents API

Adding profile grape resource

Adding KeyStore lib

Have fixed grape api spec helpers

Adding templates

Adding Label Model

Adding Base Grape API

with General Endpoint ping and time

Adding Document model (#3)

Adding Profile model

Adding Level model

Adding User model

Adding backend and db config

AuthZ modifications (#26)

Bump improvements

Change API prefix logic, fix specs, add vault doc

Delete send_real_sms.rb

Enabling sessions#authorize endpoint

Fix activities (#664)

Fix share cookies for development, fix Bump (#658)

Fixes for test and integration environment

Fixing an issue on route :any

Fixing password presence validation

Generate JWT token for apikeys

Hot fixing sessions

Initialize Vault, add TOTPService and Security(2FA) API

Minor improvements to middleware

Optimizing Dockerfile and removing asset pipeline

Phone model & related API & basic config store logic Add phone model Add class phones in resource api module Add test coverage for phone api Add Barong:App lib as secret key and config storage

rails generate rspec:install

rails new --database=mysql --skip-turbolinks --skip-coffee --skip-test barong

Record activity on session

Rework AuthZ endpoint

Sessions API

Updating bump script

#Version 1.8.40

Released 2018-11-27

API tuning: Add security definitions and status code, fixed wrong messages (#488)

  • Travis allow other branches

  • Add security definitions Add status codes

API: Added registration and account confirmation scopes

Add filter by lvl (#657)

Add phone verification rate limit for API

Add rack-attack and some API usage limits

Add RabbitMQ middleware for event api

Add grape logger middleware

Add ROOT_DOMAIN for configure sessions (#612)

Add import accounts endpoint

Add endpoint to create accounts with managment api

Add health check actions

Add human errors for cases when vault is down or code was used multiple times

Add restrictions for expire_in

Add email for Event API system.account.reset_password_token, system.account.unlock_token events, system.document.verified, system.document.rejected (#550)

  • Add email for Event API system.account.reset_password_token and system.account.unlock_token events

  • Fix documentation for AccountMailer events

  • Document verification Event API payload and docs updated to have email included

Add validations to document

Add account uid to system.notification.account (#537)

Add account get endpoint for managment API (#486)

Add validations for profile fields (#477)

Fix document expire validation Add datepicker and country_select for admin panel Squish spaces

Add endpoint for resend confirmations

Add otp sign endpoint (#527)

Add localization for grape required fields (#515)

Add CORS middleware (#516)

Add vault logging (#513)

Add new document type (#502)

Add api_key resource and generate jwt session (#441)

  • APIKeys feature
  • Update api_keys.md
  • Added opt validation
  • Add state
  • Disabled reek

Add sentry (#459)

Add condition for unconfirmed emails check (#448)

Add labels to admin panel with CRUD (#414)

Add reset password api (#371)

Extract api helpers to helpers module, style api according to peatio api module

Add specs for phone controller

Add '/v1' prefix for API::V1 routes

Add ability to define title

Add specs for confirmations controller, use public_suffix collection to find root level domain

Add confirmation api

Add shared context for doorkeeper auth, add spec for GET /api/account

Add .codeclimate.yml

Add 2FA docs (#251)

Add 2FA (#205)

  • Add OTP sign in
  • Fix login in tests; Add tests for OTP login

Add bot envs in travis.yml (#232)

Add chrome in .travis.yml & update chromedriver-helper (closes #213) (#215)

Add link for enabling 2FA (#172)

Add document validation (#149)

Add UID for Account (#132)

return unless uid blank

Add JWT support to chart (#120)

  • Add JWT support to chart

  • Fix Dockerfile after adding JWT support (#103)

  • Bump docker image and chart versions

Add missing </div> (#104)

Add RAILS_LOG_TO_STDOUT to the chart

Add checking of account lvl

Add helm chart to docker ignore files

Add BS4 for admin & navigation. (#16)

Add admin panel boilerplate (closes #12). (#14)

Add TravisCI configuration & RSpec + Capybara boilerplate. (#8)

Add rubocop.yml (#7)

add checking of current level

add increase lvl function (#59)

added focus on password input (#249)

Added password strength validation (#455)

  • Added password strength validation

Added link_config script (#434)

Added event_api specs (#412)

  • Added event_api specs

  • Update event_api.md

Added 2FA api, added otp_enabled to accounts, refactored Vault::TOTP

Added specs for registrations api

Added phone validation tests

Added state for GET profile (#273)

Added get profile API call (#271)

Added autoauthorized application (#156)

  • Added autoauthorized application
  • Renamed column and file
  • Removed id and secret from seed.yml

Added GCS credentials to helm chartm and charts improvements (#93)

Added GCS credentials to helm charts

Added sender's name (#92)

Added some validations (#82)

  • Added some validations

  • Fixed and skiped tests

Added custom logo, header, footer support (#55)

Added favicon (#66)

Added meta tag for mobile view (#62)

Added profiles section to the admin panel (#50)

Added profiles section to the admin panel

Added ability to connect phone number to account (#27)

Added listing of accounts with ability to delete or edit (#22)

  • Added listing of accounts with ability to delete or edit

Adding level flow (#421)

Feature/level logic with labels

Adding level definition (#409)

  • Adding level definition

  • Update seeds.rb

Adding excepection for eligible bump

Adding sneaker gem

Adding layout for profiles and documents (#38)

  • Adding layout for profiles and documents

Adding doorkeeper into the stack (#26)

  • doorkeeper:install & doorkeeper:migrate
  • add applications to admin navbar

Admin panel fixes (#165)

  • Fixes regarding with tables styles, Fixes regarding with redirecting in the application page, Fixes regarding with notifications styles

  • fixed table style on profile show, fixed notice on admin

  • fixed table styles, added email to profile show action

Allow pdf on barong form

Allow to use alpha2 and alpha3 country format in profile

Allow travis to build image without envs (#508)

Allow setting JWT secret key as pem file (#413)

change != to <

Change password security error message (#511)

Change license to Apache 2.0 (#79)

Changed devise logout path from delete to get request

Changed license in README (#95)

Changed datepicker and sms body (#69)

  • Changed datepicker and sms body

  • Fixed test

Changing seeds to users (#422)

Check 2FA on Barong session api (#522)

Check required environments on barong starting (#484)

  • Check required environments on barong starting

  • Travis allow other branches

Check vault health

Compute code coverage report (#542)

  • Compute code coverage report

Configure codeclimate (#348)

Configure codeclimate

Confirm 2FA code before enable otp

Confirm account by devise controller with whitelisted domain

Continue implement features regarding PR #118 (#193)

  • added roles to the controller, fixed db:load:fake task

  • fixed db:load:fake task

Create jwt by session

Create correct labels when seed accounts (#560)

Created normal readme (#64)

Creating a role for managing only profiles (#118)

  • added moderator role in the fake task
  • set up ability file, controllers, added role - compliance in db load fake
  • deleted base controller, fixed module controller
  • deleted dashboard controller and view, change link in admin navigation, revert module controller, change default route for admin account
  • fixed navigation in admin panel
  • added permission read to compliance role for viewing account index action

customer css helper (#52)

deleted icon from dropify input (#196)

Deploy (#37)

Deployment stuff improvements

Development & software operations: kite service, Dockerfile, charts, pipeline, Helm & other stuff. (#5)

Different gem subsets dynamic installation (#207)

Display cute notice when the registering email already taken (#70)

Do not trust public label when calculate level (#428)

Documents API

Dont let not active accounts to sign in (#600)

Downcase label key and value before save it (#472)

Downgrade fog-gem version (fix #311)

Enable devise lockable. (#467)

  • Fix db seed password, replace email validator

  • Enable devise lockable

Enable cops in .rubocop.yml

Events API, Plugins (#410)

  • Add ability to install Plugins

  • Add required gems

Extract api to user_api module (#407)

Add Label managment api

Feature: Add metadata to documents API (#464)

  • Added metadata field for document

  • Makes documents spec more readable

Feed existing account with labels corresponding their level [for migration from 1.7 to 1.8] (#498)

fix specs

fix lvl buttons

fix code style

add lvl buttons

Fix phone verification rate limit for API

Fix message error

Fix doorkeeper CVE-2018-1000211 vulnerability

Fix CVE-2018-3760 bug

Fix wrong field in accounts/get (#552)

Fix labels bug with changing scope (#481)

Fix db:seed applications creation (#495)

  • Fix db:seed applications creation

  • Add tests for rake db:seed

Fix document types (#490)

Fix typo in phone exists message error (#487)

  • Fix typo in phone exists message error

  • Travis allow other branches

Fix issue with api datetime format (#453)

Fix function call (#426)

Fix API error messages (#416)

Fix domain to host (#424)

Fix errors in phones api (#393)

Fix missing PhoneUtils bug (#388)

Fix failing profile specs (#375)

Fix db:seed (#359)

Fix typo in error rescue (#357)

Fix vault specs, add capybara screenshot

Fix codeclimate

Fix codeclimate

Fix codeclimate

Fix phone verification issue

Fix specs

Fix travis version bump

Fix indentation and comments rubocop issues

Fix existing docs & Remove unused docs

Fix multiple issue with cloud storage configurations (#259)

Fix #225 (#227)

Fix all entered data which is lost when submitting form with invalid data (#231)

  • fixed reset form on page documents/new
  • fixed reset form on page profile/new

Fix issue in travis configuration

Fix invalid number notification color (fix #216) (#222)

Fix issue with resending unlock instructions for #147 (#206)

Fix for index redirecting

Fix for login (#143)

Fix tests due to new forms (#128)

Fix url in Readme (#122)

Fix for button (#100)

Fix for approving profile (#97)

Fix for js (#98)

Fix production mailer & move to helios-public (#47)

  • Rails production mailer setup & k8s env variables

  • Use helios-public instead of helios-stage

fixed all issues related with: git rebase, the tests, the document uploading features (#58)

fixed the tests (#43)

fixed the tests (#42)

fixed the views tests

Fixed all rubocop issues

Fixed bin/setup to work in correct order (#194)

  • Fixed bin/setup to work in correct order

  • Updated seeds; added ability to use default creds with workbench

  • Added generated Application credentials output
  • Updated default Application seed

Fixed tests (#192)

Fixed background (#63)

Fixed k8s secrets.yaml

Fixed mail sender email (#61)

Fixed barong host in chart (#57)

Fixes docker image build

Fixes for workbench (#142)

generate API documentation (#158)

Generate api on bump stage

Get all labels with managment api

Get international number from phonelib directly (#504)

  • Get international number from phonelib directly

  • Use international phone on api phone validation

Google cloud upload (#90)

handle SMS_CONTENT env variable

Handle file size and extension on front-end side with dropify (#209)

Ignore yarn files

Implement send code API (#423)

implement lvl for phones

Implemented API endpoind for receiving JWT by account and password

Implemented ability to change password by API

Implemented API JWT renewal (#264)

  • Fixed expiring time in Doorkeeper-JWT

Improve some styles

improve lvl system

Include profile.state in jwt

Include name in jwt (#123)

increase to lvl 3 after confirmation

Increase spec coverage (#378)

  • Add simplecov

  • Add specs for controllers

  • Add spec for vault totp

  • Fix tests

Increase max size of upload (#162)

Initialize Devise missing views and routes (#9)

K8s (#15)

  • Update database secrets

  • K8s secret instance

  • Barong install or upgrade bash script

  • Use puma instead of rails s

Limit number of uploaded documents

Lockable in API (#544)

  • Lockable in API

  • add endpoint to send/resend unlock instructions

  • update docs

  • Profile validations update(fixes specs which was failing sometimes)

  • add endpoint to unlock account

Lockable for devise (closes #13) (#11)

Make db:seed more flexible (#404)

Make drag and drop for documents work (#154)

  • added drag and drop function to uploading document
  • fixed icons in the drag/drop area

Management api config generation from template (#539)

  • Generate management api from config

  • Install plugins and make yml files from templates

  • Put plugins template in standart place

Mark account as discarded istead of delete it (#451)

  • Mark account as discarded instead of deleting it

  • Disabled reek

Merge branch 'master' into feature/profiles_api

Merge remote-tracking branch 'origin/master' into feature/2fa_api

Merge remote-tracking branch 'origin/master' into feature/2fa_api

Merge branch 'master' into bugfix/phone_verification_without_code

Merge branch 'master' into bugfix/phone_verification_without_code

Merge branch 'master' into fix/loofah-update

Migrate application levels logic to use labels (#430)

Minor fixes for phones/new form (#150)

Added loader Confirm button disables till the code is sent Check if the phone nubber wasn't modefied after the code was sent

Minor fixes (#141)

Minor fixes to index page (#106)

  • Minor fixes to index page

Minor gem updates

Modify email and sender name (#140)

Mons web verification design (#53)

Adding verification design

Move all logic from profile show to accounts show. Show Phones and Account info (#460)

  • Remove state from profile

  • Fix labels issues

  • after-review improvements

  • Move all logic from profile show to accounts show (close #449)

  • Update code with requirements

  • Disabled reek

Move account registration to account endpoint

moved specs to v1 folder

Moved documentation files (#549)

  • Moved documentation files

Moving database.yml file

Moving field role and adding level

Notify user by email when his state changes (#372)

Pass email along with uid to vault (#257)

Prepare initial configuration and gemset: (#6)

  • Remove config/database.yml from Git.
  • Remove lot of unneeded gems.
  • Lock Ruby version.
  • remove Spring.

Profiles API

Added metadata field to Profiles, which stores JSON data and is using ActiveRecord::Store. Metadata fields are specified by env variable PROFILE_METADATA

Provide License (#21)

Put working links in footer

Made links in footer work Added basic layout on Change Password page

rails new --database=mysql --skip-turbolinks --skip-coffee barong

Rake task to generate swagger-slate docs (#204)

  • Rake task to generate swagger-slate docs

  • Run widdershins via 'node node_modules/widdershins/widdershins'

Refactor storages (#241)

  1. Clean up gems
  2. Add support for AWS
  3. Fix existing secrets
  4. Prepare helm chart for theme changes

Refactored phones

Release Barong v1.0.0

Remove rack-cors (#519)

Remove identity from default configuration (#505)

  • Remove identity level from default configuration

  • Tune codeclimate

Remove env check. It does not work with docker build (#514)

Remove outdated deployment stuff (#452)

Remove invalid concourse pipeline and related stuff

Remove main-logo and useless <div>s (#182)

remove unneeded/useless tests/specs (#173)

Removed minimum size limitation for document (#199)

Removed 'utility bill' from 'documents' dropdown options and changed notice for successeful email confirmation (#170)

  • Removed 'utility bill' from 'documents' dropdown options
  • Edited notice for successeful email confirmation

Removed unused views (#139)

  • Removed unused views

Removed unused controller

Removed unnecessary views (#56)

Removing logo

Replace Faker::Avatar.image to Faker::Company.logo due to server error

Rescue exception in managment api and application controller

Restify api endpoints (#368)

Return understandable vault error, log full message

Return if phone is already in db (#91)

Scaffold website table (#30)

bundle exec rails g model website domain:string:uniq title:string logo:string stylesheet:string header:text footer:text redirect_url:string state:string --force

bundle exec rails g scaffold admin/website domain:string title:string logo:string stylesheet:string header:text footer:text redirect_url:string state:string --model-name=website --no-migration --test-framework=rspec --stylesheet-engine=sass --no-javascripts --integration-tool=rspec

Scaffolding profile has_many documents

Send emails if they are enabled. Add SKIP_EMAILS env (#446)

Set events with correct devise tokens (#528)

Set correct document flash message (#474)

  • Set correct document flash message

  • Travis allow other branches

Set account state to active on email confirmation

Set account state along with profile state

Set new devise layout (#155)

Set devise secret on container build (#17)

  • Set device secret on container build

  • Docker DEVICE_SECRET_KEY env varible explanation

Show level and labels on account index page (#431)

Small fixes (#171)

Small improvements (#74)

Speed up docker build (#429)

Splitted profile-document form (#131)

  • Splitted profile-document form

Squish label fields (#535)

Add rake task for update level Show level mapping at admin panel

Start Barong 1.8.0 development! (#370)

Merge it after merge 1.7.0 Release branch

Start Barong 1.7.0 development!

Style improvements on documents, sign in/sign up, profiles, removing (#73)

header & fixing tests

Swapping migration version

Switch to grape (#153)

t # This is a combination of 2 commits.

Changed document reference from profile to account

Refactored documents api

Two Factor Auth (#78)

  • Added seed and QR-Code generation for 2FA support

Unifying styles in the admin panel (#105)

Unifying styles in the admin panel (#102)

  • Unified styling in the admin panel, added default filter for profiles section in the admin panel

  • Unified styling in the admin panel, added default filter for profiles section in the admin panel

Update gem dependences (#595)

Update api_keys.md

Update travis CI and fix version bumping (#507)

Update ci/bump.rb: add pagination for GitHub API (fixes bumping for older branches). (#458)

Update 1.7.0 migration steps notes (#405)

Update .travis.yml

Update Gemfile

Update the JWT Session payload (closes #245) (#250)

Update chart

Update oauth callback (#127)

  • Update oauth callback & README

update bootstrap gem : 4.1.2 instead 4.0.0

Updated loofah to 2.2.2

Updated documentation (#190)

Use SecureRandom in db:seed (#425)

Use simple serialize instead of Store for metadata field

Use JWT token for authentication (#103)

User level is downgraded to 2 when his profile is rejected (#360)

Validate dates (#228)

Verify captcha after 3 failed attempts on sign in

Verify captcha serverside is it's enabled

Reverts

Generate api on bump stage

Pull Requests

Merge pull request #609 from mnaichuk/fix/messages

Merge pull request #575 from rxx/fix_api_key_1_8

Merge pull request #569 from rxx/bugfix/fix_bump

Merge pull request #567 from rxx/feature/generate_api_from_bump

Merge pull request #568 from rxx/feature/pdf_upload

Merge pull request #566 from rxx/feature/vault_security

Merge pull request #564 from rxx/feature/managment_labels_list

Merge pull request #565 from rxx/bugfix/fix_expires_in

Merge pull request #561 from maksim-litvinov/bugfix/fix_vault_errors

Merge pull request #563 from maksim-litvinov/countries_alpha2_alpha3

Merge pull request #558 from maksim-litvinov/sprokets_bug_fix_18

Merge pull request #551 from maksim-litvinov/feature/add_document_validations

Merge pull request #554 from shingonoide/fixes_image_build

Merge pull request #336 from rubykube/feature/profiles_api

Merge pull request #327 from rubykube/feature/2fa_api

Merge pull request #341 from rubykube/bugfix/phone_verification_without_code

Merge pull request #352 from andreymakovenko/master

Merge pull request #287 from gfedorenko/fix/loofah-update

Merge pull request #279 from gfedorenko/fix/default-state

Merge pull request #270 from rubykube/fix/account-state

Merge pull request #233 from ashanaakh/bugfix/travis-fix

Merge pull request #180 from gfedorenko/fix/routing

Merge pull request #133 from gfedorenko/fix/footer

Merge pull request #134 from ashanaakh/fix/chart

Merge pull request #135 from mafarain/include_state

Merge pull request #81 from ashanaakh/logs

Merge pull request #71 from spavlishak/fixes/styles

Merge pull request #65 from vpetrusenko/level

Merge pull request #68 from ashanaakh/dockerignore/fix

#Version 2.0.3-alpha

Released 2018-11-26

Set cookie for all subdomains

#Version 2.0.2-alpha

Released 2018-11-25

#Version 2.0.1-alpha

Released 2018-11-25

APIKeys spec and related configuration

Add bump gem

Add password reset workflow

Add user confirmation workflow

Add Activity model, validations & base specs

Add Activity model & base specs

Add strong password validation Use strong_password gem to check simplicity Add a custom validator to check required symbols

Add managment_api Add jwt initializer Add entities Add tools Add Profile entity Modify user model Modify user factory * Fix spec for users and labels

Add identity user api module && support of captcha Add signup logic Verify captcha serverside Require captcha on signup Optional captcha on signin

Add ability to use twilio in test and development

Add Labels API

Add JWT generator

Add JWT auth

Add sessions_spec

Add Dockerfile

Add Travis file

Add Event API

Co-authored-by: alinetskyi <artem.linetskyi@gmail.conf>

Added Api Keys model, CRUD API, SecretStorage service

Adding Documents API

Adding profile grape resource

Adding KeyStore lib

Have fixed grape api spec helpers

Adding templates

Adding Label Model

Adding Base Grape API

with General Endpoint ping and time

Adding Document model (#3)

Adding Profile model

Adding Level model

Adding User model

Adding backend and db config

AuthZ modifications (#26)

Bump improvements

Change API prefix logic, fix specs, add vault doc

Delete send_real_sms.rb

Enabling sessions#authorize endpoint

Fixes for test and integration environment

Fixing an issue on route :any

Fixing password presence validation

Generate JWT token for apikeys

Hot fixing sessions

Initialize Vault, add TOTPService and Security(2FA) API

Minor improvements to middleware

Optimizing Dockerfile and removing asset pipeline

Phone model & related API & basic config store logic Add phone model Add class phones in resource api module Add test coverage for phone api Add Barong:App lib as secret key and config storage

rails generate rspec:install

rails new --database=mysql --skip-turbolinks --skip-coffee --skip-test barong

Record activity on session

Rework AuthZ endpoint

Sessions API

Updating bump script

#Version 1.9.0

Released 2018-11-24

API tuning: Add security definitions and status code, fixed wrong messages (#488)

  • Travis allow other branches

  • Add security definitions Add status codes

Add phone verification rate limit for API

Add rack-attack and some API usage limits

Add grape logger middleware

Add a stronger validation for passwords

Add ROOT_DOMAIN for configure sessions (#611)

Add import accounts endpoint

Add endpoint to create accounts with managment api

Add health check actions

Add human errors for cases when vault is down or code was used multiple times

Add restrictions for expire_in

Add validations to document

Add SMTP_ADDRESS and SMTP_PORT environment variable in development

Add email for Event API system.account.reset_password_token, system.account.unlock_token events, system.document.verified, system.document.rejected (#550)

  • Add email for Event API system.account.reset_password_token and system.account.unlock_token events

  • Fix documentation for AccountMailer events

  • Document verification Event API payload and docs updated to have email included

Add account uid to system.notification.account (#537)

Add account get endpoint for managment API (#486)

Add validations for profile fields (#477)

Fix document expire validation Add datepicker and country_select for admin panel Squish spaces

Add endpoint for resend confirmations

Add otp sign endpoint (#527)

Add localization for grape required fields (#515)

Add CORS middleware (#516)

Add vault logging (#513)

Add new document type (#502)

Allow to configure scopes from env (#618)

Allow to configure smtp url address (#616)

Allow pdf on barong form

Allow to use alpha2 and alpha3 country format in profile

Allow to configure multiple CORS at barong

Allow travis to build image without envs (#508)

barong fixing security flags in docs (#596)

Change password security error message (#511)

Check 2FA on Barong session api (#522)

Check required environments on barong starting (#484)

  • Check required environments on barong starting

  • Travis allow other branches

Compute code coverage report (#542)

  • Compute code coverage report

Create jwt by session

Create correct labels when seed accounts (#579)

Define minimum password length in ENV (#626)

Dont let not active accounts to sign in (#608)

Downcase label key and value before save it (#472)

Feed existing account with labels corresponding their level [for migration from 1.7 to 1.8] (#498)

Fix: DEPRECATION WARNING

Fix issue with jwt in dev mode (#630)

Fix issue with hardcoded JWT_SHARED_SECRET_KEY (#629)

Fix message error

Fix doorkeeper CVE-2018-1000211 vulnerability

Fix CVE-2018-3760 bug

Fix rubocop

Fix wrong field in accounts/get (#552)

Fix labels bug with changing scope (#481)

Fix db:seed applications creation (#495)

  • Fix db:seed applications creation

  • Add tests for rake db:seed

Fix document types (#490)

Fix typo in phone exists message error (#487)

  • Fix typo in phone exists message error

  • Travis allow other branches

Fixes docker image build

Generate api on bump stage

Get all labels with managment api

Get international number from phonelib directly (#504)

  • Get international number from phonelib directly

  • Use international phone on api phone validation

Limit number of uploaded documents

Lockable in API (#544)

  • Lockable in API

  • add endpoint to send/resend unlock instructions

  • update docs

  • Profile validations update(fixes specs which was failing sometimes)

  • add endpoint to unlock account

Management api config generation from template (#539)

  • Generate management api from config

  • Install plugins and make yml files from templates

  • Put plugins template in standart place

Merge branch 'master' into fix-messages

Moved documentation files (#549)

  • Moved documentation files

Release Barong v1.9

Remove rack-cors (#519)

Remove identity from default configuration (#505)

  • Remove identity level from default configuration

  • Tune codeclimate

Remove env check. It does not work with docker build (#514)

Replace Faker::Avatar.image to Faker::Company.logo due to server error

Rescue exception in managment api and application controller

Return understandable vault error, log full message

Save scopes in APIKey as serialized array (closes #585) (#597)

Set cookies from /api/sessions

Set events with correct devise tokens (#528)

Set correct document flash message (#474)

  • Set correct document flash message

  • Travis allow other branches

Squish label fields (#535)

Add rake task for update level Show level mapping at admin panel

Unlock account after 1 hour of being locked (#649)

update bootstrap gem : 4.1.2 instead 4.0.0

Update api_keys.md (#592)

Update gem dependences (#595)

Update docs api_keys

Update project to rails v5.2.1

Update rails version to v5.2.1

Update ruby version to v2.5.1

Update api_keys.md

Update travis CI and fix version bumping (#507)

Verify captcha serverside if it's enabled (#617)

  • Verify captcha serverside is it's enabled

  • Verify captcha after 3 failed attempts on sign in

  • Don't check captcha is password is valid

Reverts

Generate api on bump stage

Pull Requests

Merge pull request #601 from mnaichuk/fix-messages

Merge pull request #557 from maksim-litvinov/sprocket_bug_fix

Merge pull request #543 from maksim-litvinov/master_update

#Version 1.8.39

Released 2018-11-21

Add phone verification rate limit for API

Add rack-attack and some API usage limits

Fix phone verification rate limit for API

#Version 1.8.38

Released 2018-11-21

Add RabbitMQ middleware for event api

#Version 1.8.37

Released 2018-11-17

Add grape logger middleware

handle SMS_CONTENT env variable

Replace Faker::Avatar.image to Faker::Company.logo due to server error

#Version 1.8.36

Released 2018-10-17

update bootstrap gem : 4.1.2 instead 4.0.0

#Version 1.8.35

Released 2018-09-21

Add ROOT_DOMAIN for configure sessions (#612)

Dont let not active accounts to sign in (#600)

#Version 1.8.34

Released 2018-09-21

#Version 1.8.33

Released 2018-09-21

Verify captcha after 3 failed attempts on sign in

Verify captcha serverside is it's enabled

#Version 1.8.32

Released 2018-09-20

Fix message error

Pull Requests

Merge pull request #609 from mnaichuk/fix/messages

#Version 1.8.31

Released 2018-09-19

Add import accounts endpoint

Add endpoint to create accounts with managment api

#Version 1.8.30

Released 2018-09-15

Create jwt by session

Fix doorkeeper CVE-2018-1000211 vulnerability

Update gem dependences (#595)

#Version 1.8.29

Released 2018-07-23

Update api_keys.md

Pull Requests

Merge pull request #575 from rxx/fix_api_key_1_8

#Version 1.8.28

Released 2018-07-18

Add health check actions

Add human errors for cases when vault is down or code was used multiple times

Allow pdf on barong form

Generate api on bump stage

Rescue exception in managment api and application controller

Reverts

Generate api on bump stage

Pull Requests

Merge pull request #569 from rxx/bugfix/fix_bump

Merge pull request #567 from rxx/feature/generate_api_from_bump

Merge pull request #568 from rxx/feature/pdf_upload

Merge pull request #566 from rxx/feature/vault_security

#Version 1.8.27

Released 2018-07-16

Add restrictions for expire_in

Get all labels with managment api

Limit number of uploaded documents

Pull Requests

Merge pull request #564 from rxx/feature/managment_labels_list

Merge pull request #565 from rxx/bugfix/fix_expires_in

#Version 1.8.26

Released 2018-07-10

Allow to use alpha2 and alpha3 country format in profile

Return understandable vault error, log full message

Pull Requests

Merge pull request #561 from maksim-litvinov/bugfix/fix_vault_errors

Merge pull request #563 from maksim-litvinov/countries_alpha2_alpha3

#Version 1.8.25

Released 2018-07-06

Create correct labels when seed accounts (#560)

#Version 1.8.24

Released 2018-07-04

Fix CVE-2018-3760 bug

Pull Requests

Merge pull request #558 from maksim-litvinov/sprokets_bug_fix_18

#Version 1.8.23

Released 2018-07-03

Add validations to document

Pull Requests

Merge pull request #551 from maksim-litvinov/feature/add_document_validations

#Version 1.8.22

Released 2018-06-26

Fix wrong field in accounts/get (#552)

Lockable in API (#544)

  • Lockable in API

  • add endpoint to send/resend unlock instructions

  • update docs

  • Profile validations update(fixes specs which was failing sometimes)

  • add endpoint to unlock account

#Version 1.8.21

Released 2018-06-25

Fixes docker image build

Pull Requests

Merge pull request #554 from shingonoide/fixes_image_build

#Version 1.8.20

Released 2018-06-22

Add email for Event API system.account.reset_password_token, system.account.unlock_token events, system.document.verified, system.document.rejected (#550)

  • Add email for Event API system.account.reset_password_token and system.account.unlock_token events

  • Fix documentation for AccountMailer events

  • Document verification Event API payload and docs updated to have email included

#Version 1.8.19

Released 2018-06-22

Compute code coverage report (#542)

  • Compute code coverage report

Moved documentation files (#549)

  • Moved documentation files

#Version 1.8.18

Released 2018-06-21

Management api config generation from template (#539)

  • Generate management api from config

  • Install plugins and make yml files from templates

  • Put plugins template in standart place

#Version 1.8.17

Released 2018-06-15

Get international number from phonelib directly (#504)

  • Get international number from phonelib directly

  • Use international phone on api phone validation

#Version 1.8.16

Released 2018-06-15

Add account uid to system.notification.account (#537)

#Version 1.8.15

Released 2018-06-14

Add account get endpoint for managment API (#486)

Check 2FA on Barong session api (#522)

#Version 1.8.14

Released 2018-06-14

Add validations for profile fields (#477)

Fix document expire validation Add datepicker and country_select for admin panel Squish spaces

#Version 1.8.13

Released 2018-06-12

Add endpoint for resend confirmations

Add otp sign endpoint (#527)

Squish label fields (#535)

Add rake task for update level Show level mapping at admin panel

#Version 1.8.12

Released 2018-06-11

Add localization for grape required fields (#515)

Fix labels bug with changing scope (#481)

Set events with correct devise tokens (#528)

#Version 1.8.11

Released 2018-06-06

Remove rack-cors (#519)

#Version 1.8.10

Released 2018-06-06

Add CORS middleware (#516)

#Version 1.8.9

Released 2018-06-05

API tuning: Add security definitions and status code, fixed wrong messages (#488)

  • Travis allow other branches

  • Add security definitions Add status codes

API: Added registration and account confirmation scopes

Add vault logging (#513)

Add new document type (#502)

Add api_key resource and generate jwt session (#441)

  • APIKeys feature
  • Update api_keys.md
  • Added opt validation
  • Add state
  • Disabled reek

Add sentry (#459)

Add condition for unconfirmed emails check (#448)

Add labels to admin panel with CRUD (#414)

Add reset password api (#371)

Extract api helpers to helpers module, style api according to peatio api module

Add specs for phone controller

Add '/v1' prefix for API::V1 routes

Add ability to define title

Add specs for confirmations controller, use public_suffix collection to find root level domain

Add confirmation api

Add shared context for doorkeeper auth, add spec for GET /api/account

Add .codeclimate.yml

Added password strength validation (#455)

  • Added password strength validation

Added link_config script (#434)

Added event_api specs (#412)

  • Added event_api specs

  • Update event_api.md

Added 2FA api, added otp_enabled to accounts, refactored Vault::TOTP

Added specs for registrations api

Added phone validation tests

Adding level flow (#421)

Feature/level logic with labels

Adding level definition (#409)

  • Adding level definition

  • Update seeds.rb

Adding excepection for eligible bump

Allow travis to build image without envs (#508)

Allow setting JWT secret key as pem file (#413)

Change password security error message (#511)

Changed devise logout path from delete to get request

Changing seeds to users (#422)

Check required environments on barong starting (#484)

  • Check required environments on barong starting

  • Travis allow other branches

Check vault health

Configure codeclimate (#348)

Configure codeclimate

Confirm 2FA code before enable otp

Confirm account by devise controller with whitelisted domain

Do not trust public label when calculate level (#428)

Documents API

Downcase label key and value before save it (#472)

Downgrade fog-gem version (fix #311)

Enable devise lockable. (#467)

  • Fix db seed password, replace email validator

  • Enable devise lockable

Enable cops in .rubocop.yml

Events API, Plugins (#410)

  • Add ability to install Plugins

  • Add required gems

Extract api to user_api module (#407)

Add Label managment api

Feature: Add metadata to documents API (#464)

  • Added metadata field for document

  • Makes documents spec more readable

Feed existing account with labels corresponding their level [for migration from 1.7 to 1.8] (#498)

Fix db:seed applications creation (#495)

  • Fix db:seed applications creation

  • Add tests for rake db:seed

Fix document types (#490)

Fix typo in phone exists message error (#487)

  • Fix typo in phone exists message error

  • Travis allow other branches

Fix issue with api datetime format (#453)

Fix function call (#426)

Fix API error messages (#416)

Fix domain to host (#424)

Fix errors in phones api (#393)

Fix missing PhoneUtils bug (#388)

Fix failing profile specs (#375)

Fix db:seed (#359)

Fix typo in error rescue (#357)

Fix vault specs, add capybara screenshot

Fix codeclimate

Fix codeclimate

Fix codeclimate

Fix phone verification issue

Fix specs

Fix travis version bump

Fix indentation and comments rubocop issues

Fix existing docs & Remove unused docs

Fixed all rubocop issues

Ignore yarn files

Implement send code API (#423)

Implemented API endpoind for receiving JWT by account and password

Implemented ability to change password by API

Implemented API JWT renewal (#264)

  • Fixed expiring time in Doorkeeper-JWT

Increase spec coverage (#378)

  • Add simplecov

  • Add specs for controllers

  • Add spec for vault totp

  • Fix tests

Make db:seed more flexible (#404)

Mark account as discarded istead of delete it (#451)

  • Mark account as discarded instead of deleting it

  • Disabled reek

Merge branch 'master' into feature/profiles_api

Merge remote-tracking branch 'origin/master' into feature/2fa_api

Merge remote-tracking branch 'origin/master' into feature/2fa_api

Merge branch 'master' into bugfix/phone_verification_without_code

Merge branch 'master' into bugfix/phone_verification_without_code

Merge branch 'master' into fix/loofah-update

Migrate application levels logic to use labels (#430)

Move all logic from profile show to accounts show. Show Phones and Account info (#460)

  • Remove state from profile

  • Fix labels issues

  • after-review improvements

  • Move all logic from profile show to accounts show (close #449)

  • Update code with requirements

  • Disabled reek

Move account registration to account endpoint

moved specs to v1 folder

Moving database.yml file

Notify user by email when his state changes (#372)

Profiles API

Added metadata field to Profiles, which stores JSON data and is using ActiveRecord::Store. Metadata fields are specified by env variable PROFILE_METADATA

Refactored phones

Remove identity from default configuration (#505)

  • Remove identity level from default configuration

  • Tune codeclimate

Remove env check. It does not work with docker build (#514)

Remove outdated deployment stuff (#452)

Remove invalid concourse pipeline and related stuff

Restify api endpoints (#368)

Send emails if they are enabled. Add SKIP_EMAILS env (#446)

Set correct document flash message (#474)

  • Set correct document flash message

  • Travis allow other branches

Show level and labels on account index page (#431)

Speed up docker build (#429)

Start Barong 1.8.0 development! (#370)

Merge it after merge 1.7.0 Release branch

Start Barong 1.7.0 development!

t # This is a combination of 2 commits.

Changed document reference from profile to account

Refactored documents api

Update travis CI and fix version bumping (#507)

Update ci/bump.rb: add pagination for GitHub API (fixes bumping for older branches). (#458)

Update 1.7.0 migration steps notes (#405)

Update .travis.yml

Update Gemfile

Updated loofah to 2.2.2

Use SecureRandom in db:seed (#425)

Use simple serialize instead of Store for metadata field

User level is downgraded to 2 when his profile is rejected (#360)

Pull Requests

Merge pull request #336 from rubykube/feature/profiles_api

Merge pull request #327 from rubykube/feature/2fa_api

Merge pull request #341 from rubykube/bugfix/phone_verification_without_code

Merge pull request #352 from andreymakovenko/master

Merge pull request #287 from gfedorenko/fix/loofah-update

#Version 1.5.2

Released 2018-06-04

Adding excepection for eligible bump (#381)

Apply Patch: Fix phone verification issue Apply related changes

Changed devise logout path from delete to get request

Downgrade fog-gem version (fix #311)

Fix phones controller (#383)

Fix failing profile specs (#377)

Merge branch 'master' into account_signout

Moving database.yml file

Notify user by email when his state changes (#374)

Trying to fix bump (#379)

Update ci/bump.rb: add pagination for GitHub API (fixes bumping for older branches). (#458) (#471)

Update .travis.yml

Update Gemfile

User level is downgraded to 2 when his profile is rejected (#366)

Pull Requests

Merge pull request #354 from rubykube/bugfix/phone_verification_without_code_1-5

Merge pull request #269 from andreymakovenko/account_signout

#Version 1.8.8

Released 2018-06-04

Change password security error message (#511)

#Version 1.8.7

Released 2018-06-04

Add vault logging (#513)

Remove env check. It does not work with docker build (#514)

#Version 1.7.1

Released 2018-06-04

Add vault logging

#Version 1.8.5

Released 2018-06-03

#Version 1.8.6

Released 2018-06-03

API tuning: Add security definitions and status code, fixed wrong messages (#488)

  • Travis allow other branches

  • Add security definitions Add status codes

Add new document type (#502)

Allow travis to build image without envs (#508)

Check required environments on barong starting (#484)

  • Check required environments on barong starting

  • Travis allow other branches

Downcase label key and value before save it (#472)

Feed existing account with labels corresponding their level [for migration from 1.7 to 1.8] (#498)

Fix db:seed applications creation (#495)

  • Fix db:seed applications creation

  • Add tests for rake db:seed

Fix document types (#490)

Fix typo in phone exists message error (#487)

  • Fix typo in phone exists message error

  • Travis allow other branches

Set correct document flash message (#474)

  • Set correct document flash message

  • Travis allow other branches

Update travis CI and fix version bumping (#507)

#Version 1.8.4

Released 2018-05-31

#Version 1.8.3

Released 2018-05-31

Add new document type (#502)

#Version 1.8.2

Released 2018-05-30

API tuning: Add security definitions and status code, fixed wrong messages (#488)

  • Travis allow other branches

  • Add security definitions Add status codes

Check required environments on barong starting (#484)

  • Check required environments on barong starting

  • Travis allow other branches

Downcase label key and value before save it (#472)

Set correct document flash message (#474)

  • Set correct document flash message

  • Travis allow other branches

#Version 1.8.1

Released 2018-05-30

Feed existing account with labels corresponding their level [for migration from 1.7 to 1.8] (#498)

Fix db:seed applications creation (#495)

  • Fix db:seed applications creation

  • Add tests for rake db:seed

Fix document types (#490)

Fix typo in phone exists message error (#487)

  • Fix typo in phone exists message error

  • Travis allow other branches

#Version 1.8.0

Released 2018-05-16

Add api_key resource and generate jwt session (#441)

  • APIKeys feature
  • Update api_keys.md
  • Added opt validation
  • Add state
  • Disabled reek

Add sentry (#459)

Add condition for unconfirmed emails check (#448)

Add labels to admin panel with CRUD (#414)

Added password strength validation (#455)

  • Added password strength validation

Added link_config script (#434)

Added event_api specs (#412)

  • Added event_api specs

  • Update event_api.md

Adding level flow (#421)

Feature/level logic with labels

Adding level definition (#409)

  • Adding level definition

  • Update seeds.rb

Adding excepection for eligible bump

Allow setting JWT secret key as pem file (#413)

Changing seeds to users (#422)

Do not trust public label when calculate level (#428)

Enable devise lockable. (#467)

  • Fix db seed password, replace email validator

  • Enable devise lockable

Events API, Plugins (#410)

  • Add ability to install Plugins

  • Add required gems

Extract api to user_api module (#407)

Add Label managment api

Feature: Add metadata to documents API (#464)

  • Added metadata field for document

  • Makes documents spec more readable

Fix issue with api datetime format (#453)

Fix function call (#426)

Fix API error messages (#416)

Fix domain to host (#424)

Fix errors in phones api (#393)

Implement send code API (#423)

Make db:seed more flexible (#404)

Mark account as discarded istead of delete it (#451)

  • Mark account as discarded instead of deleting it

  • Disabled reek

Migrate application levels logic to use labels (#430)

Move all logic from profile show to accounts show. Show Phones and Account info (#460)

  • Remove state from profile

  • Fix labels issues

  • after-review improvements

  • Move all logic from profile show to accounts show (close #449)

  • Update code with requirements

  • Disabled reek

Remove outdated deployment stuff (#452)

Send emails if they are enabled. Add SKIP_EMAILS env (#446)

Show level and labels on account index page (#431)

Speed up docker build (#429)

Start Barong 1.8.0 development! (#370)

Merge it after merge 1.7.0 Release branch

Update ci/bump.rb: add pagination for GitHub API (fixes bumping for older branches). (#458)

Update 1.7.0 migration steps notes (#405)

Use SecureRandom in db:seed (#425)

#Version 1.7.0

Released 2018-04-20

Add reset password api (#371)

Extract api helpers to helpers module, style api according to peatio api module

Add specs for phone controller

Added 2FA api, added otp_enabled to accounts, refactored Vault::TOTP

Check vault health

Confirm 2FA code before enable otp

Fix missing PhoneUtils bug (#388)

Fix failing profile specs (#375)

Fix db:seed (#359)

Fix typo in error rescue (#357)

Fix vault specs, add capybara screenshot

Fix codeclimate

Fix codeclimate

Fix codeclimate

Fix phone verification issue

Increase spec coverage (#378)

  • Add simplecov

  • Add specs for controllers

  • Add spec for vault totp

  • Fix tests

Merge branch 'master' into feature/profiles_api

Merge remote-tracking branch 'origin/master' into feature/2fa_api

Merge remote-tracking branch 'origin/master' into feature/2fa_api

Merge branch 'master' into bugfix/phone_verification_without_code

Merge branch 'master' into bugfix/phone_verification_without_code

Notify user by email when his state changes (#372)

Profiles API

Added metadata field to Profiles, which stores JSON data and is using ActiveRecord::Store. Metadata fields are specified by env variable PROFILE_METADATA

Restify api endpoints (#368)

Start Barong 1.7.0 development!

Use simple serialize instead of Store for metadata field

User level is downgraded to 2 when his profile is rejected (#360)

Pull Requests

Merge pull request #336 from rubykube/feature/profiles_api

Merge pull request #327 from rubykube/feature/2fa_api

Merge pull request #341 from rubykube/bugfix/phone_verification_without_code

Merge pull request #352 from andreymakovenko/master

#Version 1.6.0

Released 2018-04-12

API: Added registration and account confirmation scopes

Add '/v1' prefix for API::V1 routes

Add ability to define title

Add specs for confirmations controller, use public_suffix collection to find root level domain

Add confirmation api

Add shared context for doorkeeper auth, add spec for GET /api/account

Add .codeclimate.yml

Add 2FA docs (#251)

Add 2FA (#205)

  • Add OTP sign in
  • Fix login in tests; Add tests for OTP login

added focus on password input (#249)

Added specs for registrations api

Added phone validation tests

Added state for GET profile (#273)

Added get profile API call (#271)

Changed devise logout path from delete to get request

Configure codeclimate (#348)

Configure codeclimate

Confirm account by devise controller with whitelisted domain

Different gem subsets dynamic installation (#207)

Documents API

Downgrade fog-gem version (fix #311)

Enable cops in .rubocop.yml

Fix specs

Fix travis version bump

Fix indentation and comments rubocop issues

Fix existing docs & Remove unused docs

Fix multiple issue with cloud storage configurations (#259)

Fix #225 (#227)

Fix all entered data which is lost when submitting form with invalid data (#231)

  • fixed reset form on page documents/new
  • fixed reset form on page profile/new

Fixed all rubocop issues

Ignore yarn files

Implemented API endpoind for receiving JWT by account and password

Implemented ability to change password by API

Implemented API JWT renewal (#264)

  • Fixed expiring time in Doorkeeper-JWT

Merge branch 'master' into fix/loofah-update

Move account registration to account endpoint

moved specs to v1 folder

Moving database.yml file

Pass email along with uid to vault (#257)

Refactor storages (#241)

  1. Clean up gems
  2. Add support for AWS
  3. Fix existing secrets
  4. Prepare helm chart for theme changes

Refactored phones

Remove invalid concourse pipeline and related stuff

Set account state to active on email confirmation

Set account state along with profile state

t # This is a combination of 2 commits.

Changed document reference from profile to account

Refactored documents api

Update .travis.yml

Update Gemfile

Update the JWT Session payload (closes #245) (#250)

Updated loofah to 2.2.2

Validate dates (#228)

Pull Requests

Merge pull request #287 from gfedorenko/fix/loofah-update

Merge pull request #279 from gfedorenko/fix/default-state

Merge pull request #270 from rubykube/fix/account-state

Merge pull request #233 from ashanaakh/bugfix/travis-fix

#Version 1.3.1

Released 2018-04-11

Add 2FA docs (#251)

Add 2FA (#205)

  • Add OTP sign in
  • Fix login in tests; Add tests for OTP login

Added state for GET profile (#273)

Added get profile API call (#271)

added focus on password input (#249)

Changed devise logout path from delete to get request

Different gem subsets dynamic installation (#207)

Fix multiple issue with cloud storage configurations (#259)

Fix #225 (#227)

Fix all entered data which is lost when submitting form with invalid data (#231)

  • fixed reset form on page documents/new
  • fixed reset form on page profile/new

Pass email along with uid to vault (#257)

Refactor storages (#241)

  1. Clean up gems
  2. Add support for AWS
  3. Fix existing secrets
  4. Prepare helm chart for theme changes

Set account state to active on email confirmation

Set account state along with profile state

Updated loofah to 2.2.2

Validate dates (#228)

Pull Requests

Merge pull request #290 from gfedorenko/fix/loofah-update

Merge pull request #288 from akhlopiachyi/1-3-stable-pull-request

#Version 1.5.1

Released 2018-04-05

Downgrade fog-gem version (fix #311)

Update Gemfile

#Version 1.5.0

Released 2018-03-23

Add 2FA docs (#251)

Add 2FA (#205)

  • Add OTP sign in
  • Fix login in tests; Add tests for OTP login

added focus on password input (#249)

Added state for GET profile (#273)

Added get profile API call (#271)

Changed devise logout path from delete to get request

Different gem subsets dynamic installation (#207)

Fix multiple issue with cloud storage configurations (#259)

Fix #225 (#227)

Fix all entered data which is lost when submitting form with invalid data (#231)

  • fixed reset form on page documents/new
  • fixed reset form on page profile/new

Merge branch 'master' into account_signout

Pass email along with uid to vault (#257)

Refactor storages (#241)

  1. Clean up gems
  2. Add support for AWS
  3. Fix existing secrets
  4. Prepare helm chart for theme changes

Set account state to active on email confirmation

Set account state along with profile state

Update the JWT Session payload (closes #245) (#250)

Validate dates (#228)

Pull Requests

Merge pull request #269 from andreymakovenko/account_signout

Merge pull request #279 from gfedorenko/fix/default-state

Merge pull request #270 from rubykube/fix/account-state

Merge pull request #233 from ashanaakh/bugfix/travis-fix

#Version 1.3.0

Released 2018-03-22

Add 2FA docs (#251)

Add 2FA (#205)

  • Add OTP sign in
  • Fix login in tests; Add tests for OTP login

Added state for GET profile (#273)

Added get profile API call (#271)

added focus on password input (#249)

Different gem subsets dynamic installation (#207)

Fix multiple issue with cloud storage configurations (#259)

Fix #225 (#227)

Fix all entered data which is lost when submitting form with invalid data (#231)

  • fixed reset form on page documents/new
  • fixed reset form on page profile/new

Pass email along with uid to vault (#257)

Refactor storages (#241)

  1. Clean up gems
  2. Add support for AWS
  3. Fix existing secrets
  4. Prepare helm chart for theme changes

Set account state to active on email confirmation

Set account state along with profile state

Validate dates (#228)

#Version 1.0.14

Released 2018-03-20

Added state for GET profile (#273)

Added get profile API call (#271)

Set account state along with profile state

Pull Requests

Merge pull request #270 from rubykube/fix/account-state

#Version 1.0.13

Released 2018-03-16

Fix multiple issue with cloud storage configurations (#259)

#Version 1.0.12

Released 2018-03-13

added focus on password input (#249)

Pass email along with uid to vault (#257)

#Version 1.0.11

Released 2018-03-09

Refactor storages (#241)

  1. Clean up gems
  2. Add support for AWS
  3. Fix existing secrets
  4. Prepare helm chart for theme changes

#Version 1.0.10

Released 2018-03-07

Add 2FA docs (#251)

#Version 1.0.9

Released 2018-03-07

Update the JWT Session payload (closes #245) (#250)

#Version 1.0.8

Released 2018-03-05

Different gem subsets dynamic installation (#207)

#Version 1.0.7

Released 2018-03-05

Fix #225 (#227)

#Version 1.0.6

Released 2018-03-05

Validate dates (#228)

#Version 1.0.5

Released 2018-03-05

Fix all entered data which is lost when submitting form with invalid data (#231)

  • fixed reset form on page documents/new
  • fixed reset form on page profile/new

#Version 1.0.4

Released 2018-03-05

Add 2FA (#205)

  • Add OTP sign in
  • Fix login in tests; Add tests for OTP login

#Version 1.0.3

Released 2018-03-05

Add bot envs in travis.yml (#232)

Add chrome in .travis.yml & update chromedriver-helper (closes #213) (#215)

Continue implement features regarding PR #118 (#193)

  • added roles to the controller, fixed db:load:fake task

  • fixed db:load:fake task

deleted icon from dropify input (#196)

Fix issue in travis configuration

Fix invalid number notification color (fix #216) (#222)

Fix issue with resending unlock instructions for #147 (#206)

Fixed bin/setup to work in correct order (#194)

  • Fixed bin/setup to work in correct order

  • Updated seeds; added ability to use default creds with workbench

  • Added generated Application credentials output
  • Updated default Application seed

Fixed tests (#192)

Handle file size and extension on front-end side with dropify (#209)

Rake task to generate swagger-slate docs (#204)

  • Rake task to generate swagger-slate docs

  • Run widdershins via 'node node_modules/widdershins/widdershins'

Removed minimum size limitation for document (#199)

Updated documentation (#190)

Pull Requests

Merge pull request #233 from ashanaakh/bugfix/travis-fix

#Version 1.0.2

Released 2018-02-26

Added autoauthorized application (#156)

  • Added autoauthorized application
  • Renamed column and file
  • Removed id and secret from seed.yml

Admin panel fixes (#165)

  • Fixes regarding with tables styles, Fixes regarding with redirecting in the application page, Fixes regarding with notifications styles

  • fixed table style on profile show, fixed notice on admin

  • fixed table styles, added email to profile show action

Creating a role for managing only profiles (#118)

  • added moderator role in the fake task
  • set up ability file, controllers, added role - compliance in db load fake
  • deleted base controller, fixed module controller
  • deleted dashboard controller and view, change link in admin navigation, revert module controller, change default route for admin account
  • fixed navigation in admin panel
  • added permission read to compliance role for viewing account index action

Remove main-logo and useless <div>s (#182)

#Version 1.0.1

Released 2018-02-23

Add link for enabling 2FA (#172)

Add document validation (#149)

Adding sneaker gem

Fix for index redirecting

Fixes for workbench (#142)

generate API documentation (#158)

Increase max size of upload (#162)

Make drag and drop for documents work (#154)

  • added drag and drop function to uploading document
  • fixed icons in the drag/drop area

Minor fixes for phones/new form (#150)

Added loader Confirm button disables till the code is sent Check if the phone nubber wasn't modefied after the code was sent

remove unneeded/useless tests/specs (#173)

Removed 'utility bill' from 'documents' dropdown options and changed notice for successeful email confirmation (#170)

  • Removed 'utility bill' from 'documents' dropdown options
  • Edited notice for successeful email confirmation

Removed unused views (#139)

  • Removed unused views

Removing logo

Set new devise layout (#155)

Small fixes (#171)

Switch to grape (#153)

Pull Requests

Merge pull request #180 from gfedorenko/fix/routing

#Version 1.0.0

Released 2018-02-19

add checking of current level

add increase lvl function (#59)

Add UID for Account (#132)

return unless uid blank

Add JWT support to chart (#120)

  • Add JWT support to chart

  • Fix Dockerfile after adding JWT support (#103)

  • Bump docker image and chart versions

Add missing </div> (#104)

Add RAILS_LOG_TO_STDOUT to the chart

Add checking of account lvl

Add helm chart to docker ignore files

Add BS4 for admin & navigation. (#16)

Add admin panel boilerplate (closes #12). (#14)

Add TravisCI configuration & RSpec + Capybara boilerplate. (#8)

Add rubocop.yml (#7)

Added GCS credentials to helm chartm and charts improvements (#93)

Added GCS credentials to helm charts

Added sender's name (#92)

Added some validations (#82)

  • Added some validations

  • Fixed and skiped tests

Added custom logo, header, footer support (#55)

Added favicon (#66)

Added meta tag for mobile view (#62)

Added profiles section to the admin panel (#50)

Added profiles section to the admin panel

Added ability to connect phone number to account (#27)

Added listing of accounts with ability to delete or edit (#22)

  • Added listing of accounts with ability to delete or edit

Adding layout for profiles and documents (#38)

  • Adding layout for profiles and documents

Adding doorkeeper into the stack (#26)

  • doorkeeper:install & doorkeeper:migrate
  • add applications to admin navbar

Change license to Apache 2.0 (#79)

change != to <

Changed license in README (#95)

Changed datepicker and sms body (#69)

  • Changed datepicker and sms body

  • Fixed test

Created normal readme (#64)

customer css helper (#52)

Deploy (#37)

Deployment stuff improvements

Development & software operations: kite service, Dockerfile, charts, pipeline, Helm & other stuff. (#5)

Display cute notice when the registering email already taken (#70)

Fix for login (#143)

Fix tests due to new forms (#128)

Fix url in Readme (#122)

Fix for button (#100)

Fix for approving profile (#97)

Fix for js (#98)

Fix production mailer & move to helios-public (#47)

  • Rails production mailer setup & k8s env variables

  • Use helios-public instead of helios-stage

fix specs

fix lvl buttons

fix code style

add lvl buttons

Fixed background (#63)

Fixed k8s secrets.yaml

Fixed mail sender email (#61)

Fixed barong host in chart (#57)

fixed all issues related with: git rebase, the tests, the document uploading features (#58)

fixed the tests (#43)

fixed the tests (#42)

fixed the views tests

Google cloud upload (#90)

implement lvl for phones

improve lvl system

Improve some styles

Include profile.state in jwt

Include name in jwt (#123)

increase to lvl 3 after confirmation

Initialize Devise missing views and routes (#9)

K8s (#15)

  • Update database secrets

  • K8s secret instance

  • Barong install or upgrade bash script

  • Use puma instead of rails s

Lockable for devise (closes #13) (#11)

Minor fixes (#141)

Minor fixes to index page (#106)

  • Minor fixes to index page

Minor gem updates

Modify email and sender name (#140)

Mons web verification design (#53)

Adding verification design

Moving field role and adding level

Prepare initial configuration and gemset: (#6)

  • Remove config/database.yml from Git.
  • Remove lot of unneeded gems.
  • Lock Ruby version.
  • remove Spring.

Provide License (#21)

Put working links in footer

Made links in footer work Added basic layout on Change Password page

rails new --database=mysql --skip-turbolinks --skip-coffee barong

Release Barong v1.0.0

Removed unused controller

Removed unnecessary views (#56)

Return if phone is already in db (#91)

Scaffold website table (#30)

bundle exec rails g model website domain:string:uniq title:string logo:string stylesheet:string header:text footer:text redirect_url:string state:string --force

bundle exec rails g scaffold admin/website domain:string title:string logo:string stylesheet:string header:text footer:text redirect_url:string state:string --model-name=website --no-migration --test-framework=rspec --stylesheet-engine=sass --no-javascripts --integration-tool=rspec

Scaffolding profile has_many documents

Set devise secret on container build (#17)

  • Set device secret on container build

  • Docker DEVICE_SECRET_KEY env varible explanation

Small improvements (#74)

Splitted profile-document form (#131)

  • Splitted profile-document form

Style improvements on documents, sign in/sign up, profiles, removing (#73)

header & fixing tests

Swapping migration version

Two Factor Auth (#78)

  • Added seed and QR-Code generation for 2FA support

Unifying styles in the admin panel (#105)

Unifying styles in the admin panel (#102)

  • Unified styling in the admin panel, added default filter for profiles section in the admin panel

  • Unified styling in the admin panel, added default filter for profiles section in the admin panel

Update chart

Update oauth callback (#127)

  • Update oauth callback & README

Use JWT token for authentication (#103)

Pull Requests

Merge pull request #133 from gfedorenko/fix/footer

Merge pull request #134 from ashanaakh/fix/chart

Merge pull request #135 from mafarain/include_state

Merge pull request #81 from ashanaakh/logs

Merge pull request #71 from spavlishak/fixes/styles

Merge pull request #65 from vpetrusenko/level

Merge pull request #68 from ashanaakh/dockerignore/fix