Change Log

2.3.39 (2019-10-15)

Full Changelog

Merged pull requests:

  • Update storage-related gems #957 (ec)
  • Protect superadmin against changes from non-superadmin users #955 (ec)

2.3.38 (2019-10-15)

Full Changelog

2.3.37 (2019-10-11)

Full Changelog

Merged pull requests:

  • Server side sessions implementation (cache store) #949 (ec)

2.3.36 (2019-10-10)

Full Changelog

Merged pull requests:

  • Feature: allow # \ () & ' : " in profile residental address field #950 (ymasiuk)

2.3.35 (2019-10-07)

Full Changelog

Merged pull requests:

  • Add ability to configure aws_signature_version && endpoint #947 (ec)

2.3.34 (2019-10-02)

Full Changelog

Merged pull requests:

  • Update ruby to 2.6.5 for security reasons #946 (ec)
  • Profile act as eventable on update #945 (ec)

2.3.33 (2019-09-26)

Full Changelog

Merged pull requests:

  • Use uid instead of id on profile update && delete api #943 (ec)

2.3.32 (2019-09-23)

Full Changelog

Merged pull requests:

  • Use CGI::escape instead of pure url in documents event api #942 (ec)

2.3.31 (2019-09-23)

Full Changelog

Closed issues:

  • Missing model.user.updated event description #931
  • Expose levels configuration #929
  • Update Label#create and Label#update in admin and management API #896

Merged pull requests:

  • Introduce MockPhoneVerifyService #941 (ec)

2.3.30 (2019-09-20)

Full Changelog

Merged pull requests:

2.3.29 (2019-09-20)

Full Changelog

Merged pull requests:

  • Add missing labels event api documentation #937 (ec)

2.3.28 (2019-09-18)

Full Changelog

Merged pull requests:

  • Make labels acts_as_eventable on: [create update] #936 (ec)

2.3.27 (2019-09-18)

Full Changelog

Merged pull requests:

  • Define DocumentTypes class for flexible doc type configuration #935 (ec)

2.3.26 (2019-09-17)

Full Changelog

Merged pull requests:

  • Update seeds.yml #934 (ec)
  • Event API changes: remove blocking check for on_update events #933 (ec)
  • Simple GET levels requirements endpoint for admin #932 (ec)
  • Get rid of serialize: JSON, accept metadata as json instead of pure hash #930 (ec)

2.3.25 (2019-09-17)

Full Changelog

Closed issues:

  • Missing enable of OTP in rake task #890
  • Missing storage_region env config for carrierwave #880
  • Missing check on vault connection while creating api_key #879

Merged pull requests:

  • Add system.session.create event with user and request_ip data #916 (chumaknadya)

2.3.24 (2019-09-12)

Full Changelog

Merged pull requests:

  • Allow blank doc_expire for documents controllers #927 (dnfd)
  • Add AliCloud Uploader #926 (dnfd)

2.3.23 (2019-09-07)

Full Changelog

Merged pull requests:

  • Add ability to disable 2fa #925 (dnfd)
  • Use Barong::App.config.barong_uid_prefix in referral validation #923 (ec)
  • Add ability to skip label creation on doc save #922 (dnfd)
  • Avoid no method error UTC for nil entities #921 (ec)

2.3.21 (2019-09-05)

Full Changelog

Merged pull requests:

  • Add ability to restrict by geoip #920 (dnfd)

2.3.20 (2019-09-05)

Full Changelog

Merged pull requests:

  • Handle Vault errors on POST /api/v2/resource/api_keys #918 (dnfd)

2.3.19 (2019-09-05)

Full Changelog

Merged pull requests:

  • Fix structure of event API messages #912 (shal)

2.3.18 (2019-09-05)

Full Changelog

Merged pull requests:

  • Add :upload in list of params to be filtered #919 (ec)

2.3.17 (2019-09-04)

Full Changelog

Merged pull requests:

  • UPDATES: sessions delete, permissions update, log error on 500 #917 (chumaknadya)

2.3.16 (2019-09-04)

Full Changelog

Merged pull requests:

  • Support 'if not exist - create' logic on labels update #915 (ec)
  • Fix rollback to pending state, add missing :data in entities #914 (ec)
  • Add AliCloud Carrierwave storage provider #911 (dnfd)

2.3.15 (2019-09-03)

Full Changelog

Merged pull requests:

  • Switch to State - Label dependency #907 (ec)

2.3.14 (2019-09-03)

Full Changelog

Merged pull requests:

  • Ability to update and delete users profiles #913 (ec)

2.3.13 (2019-09-02)

Full Changelog

Merged pull requests:

  • Ability create Profile with empty fields. Add state to Profile model. #910 (mnaichuk)

2.3.12 (2019-09-02)

Full Changelog

Merged pull requests:

  • Update Barong::App validations #904 (dnfd)

2.3.11 (2019-08-26)

Full Changelog

Merged pull requests:

  • Update nokogiri version (Command injection) #906 (dnfd)

2.3.10 (2019-08-22)

Full Changelog

Closed issues:

  • How to configure session expire time? #900

Merged pull requests:

2.3.9 (2019-08-19)

Full Changelog

Merged pull requests:

  • Small fixes in document and profile model (#887) #901 (ec)

2.3.8 (2019-08-19)

Full Changelog

Merged pull requests:

  • Update models' annotations #895 (dnfd)

2.3.7 (2019-08-19)

Full Changelog

Merged pull requests:

  • Updating to ruby 2.6.3 and rails 5.2.3 #867 (mod)

2.3.6 (2019-08-15)

Full Changelog

Merged pull requests:

  • Management API to push documents for user #894 (ec)
  • Add ability to configure uid prefix #893 (ec)

2.3.5 (2019-08-15)

Full Changelog

Merged pull requests:

2.3.4 (2019-08-09)

Full Changelog

Closed issues:

  • Permissions are not checked #889
  • event_api_jwt_private_key Error #888

Merged pull requests:

  • Simple rake task to create users and api keys #816 (ec)

2.3.3 (2019-08-02)

Full Changelog

2.2.25 (2019-08-02)

Full Changelog

Merged pull requests:

  • Allow additional symbols ' / , : in residential address && Switch to string in required_docs_expire config #887 (ec)
  • Add rake task for load users and referrals #885 (mnaichuk)

2.2.24 (2019-07-31)

Full Changelog

Merged pull requests:

  • Extend doc_type inclusion list, make validation case insensitive #884 (ec)

2.2.23 (2019-07-31)

Full Changelog

Closed issues:

  • Make phone code message configurable #876
  • Add verb PATCH to available verbs for admin audit #868

Merged pull requests:

  • Add ability to get referral uid && Expose referral_uid in user, user_with_profile, user_with_full_info entities #882 (chumaknadya)

2.3.2 (2019-07-26)

Full Changelog

Merged pull requests:

  • Allow pending user to open session #881 (ec)
  • Add ability to configure phone verification sms content #877 (ec)

2.3.1 (2019-07-25)

Full Changelog

Closed issues:

  • An error occurred while installing mysql2 (0.5.2), and Bundler cannot continue. Make sure that gem install mysql2 -v '0.5.2' --source 'https://rubygems.org/' succeeds before bundling. #873

Merged pull requests:

  • Feature: Add redeploy on devkube step to drone #874 (alinetskyi)
  • [ci skip] Release 2.2.0 #836 (ec)

2.2.22 (2019-07-17)

Full Changelog

Merged pull requests:

  • Add optional :extended UserWithFullInfo entity in post /get management #872 (ec)
  • Make documents act_as_eventable on create #871 (ec)

2.2.21 (2019-07-16)

Full Changelog

Closed issues:

  • [To Confirm] Strange admin activity creation behavior on UID filtering requests #869
  • ActionController::InvalidAuthenticityToken in SessionsController#confirm #866

Merged pull requests:

  • Add verb PATCH and ALL for admin audit && Update permission seeds #870 (chumaknadya)
  • Make profile act_as_eventable on create #865 (ec)
  • Add filter/users in labels management api module #864 (ec)
  • Update Readme #862 (liutenko)
  • Support pagination & timestamp filtering on post '/list' management API #861 (ec)

2.2.20 (2019-06-27)

Full Changelog

Merged pull requests:

  • Move to active storage #858 (ec)
  • Fix /api/v2/admin/users/update #857 (dnfd)

2.2.19 (2019-06-25)

Full Changelog

Closed issues:

  • add public api version check #848
  • Split endpoints admin/users #847
  • Admin activities duplicated in user activities for admin users #845

Merged pull requests:

2.2.18 (2019-06-24)

Full Changelog

2.2.17 (2019-06-24)

Full Changelog

2.2.16 (2019-06-24)

Full Changelog

Merged pull requests:

  • Add missing data field in activity logger #853 (ec)
  • Changes in admin API module #850 (ec)

2.2.15 (2019-06-23)

Full Changelog

Merged pull requests:

  • Split and refactor auth spec, add sync auditor for test env #852 (ec)
  • Add GET /identity/version endpoint #851 (ec)

2.2.14 (2019-06-14)

Full Changelog

Merged pull requests:

  • AUDIT: support PATCH, add default topic, action, seeds #844 (ec)

2.2.13 (2019-06-13)

Full Changelog

Merged pull requests:

2.2.12 (2019-06-10)

Full Changelog

2.2.11 (2019-06-10)

Full Changelog

Closed issues:

  • BUG: Barong and Postmaster do not communicate well #818
  • Feature Request: Configurable roles and permissions #813
  • Expose Referral ID in API #802
  • Implement api keys scope logic #779
  • API Keys seed feature #778
  • Add readable logs in AuthZ lib #777
  • Admin feature: delete nil / unverified records from DB #758
  • Assymetric api keys support #732

Merged pull requests:

  • Disable APIKeys when user state or otp changes #829 (dnfd)

2.2.10 (2019-06-10)

Full Changelog

Merged pull requests:

  • Use FullInfo instead of WithProfile to add documents array in response #842 (ec)
  • Remove activities from full_info entity #841 (ec)
  • Fix nil language problem in case of empty string and upcased param #840 (ec)
  • Return empty array instead of 404 error after filtering #839 (ec)

2.2.9 (2019-06-05)

Full Changelog

2.2.8 (2019-06-04)

Full Changelog

Merged pull requests:

  • Add filters feature support on doc pending endpoint #837 (ec)

2.2.7 (2019-05-28)

Full Changelog

Merged pull requests:

2.2.6 (2019-05-28)

Full Changelog

2.2.5 (2019-05-28)

Full Changelog

Merged pull requests:

2.2.4 (2019-05-28)

Full Changelog

2.2.3 (2019-05-27)

Full Changelog

Closed issues:

  • Barong api session create don't return tokens #832
  • Admin api list users with pending documents #799
  • Automate documentation updating (v2) #784
  • Move all envs to config.store #736
  • [Barong v2; Feature request] handle document expired date. #666

Merged pull requests:

  • Update seeds.yml #838 (pkucherenk0)
  • Add metrics namespace in admin module #834 (ec)
  • Add endpoint to list all user's phones #831 (dnfd)
  • Added admin endpoints to get activities #828 (gfedorenko)
  • Add management otp sign endpoint and specs #827 (ec)
  • Avoid nil language bug on user creation event #820 (ec)
  • Permissions & roles, seed feature and authz logic #819 (ec)

2.2.2 (2019-05-13)

Full Changelog

Merged pull requests:

  • Added API call to get users with pending documents #826 (gfedorenko)

2.2.1 (2019-05-09)

Full Changelog

Closed issues:

  • Internal Error when clicking on email confirmation #821
  • How to generate OTP using barong? #817
  • Allow user to close his account #812

Merged pull requests:

  • Add GET /labels/list to return key, value, scope of all existing labels #824 (ec)
  • Make :doc_expire an optional field #823 (ec)
  • [ci skip] Release 2.1.0 #822 (ec)
  • Add DELETE /resource/users/me to allow user to block his account #811 (ec)

2.1.4 (2019-04-09)

Full Changelog

Merged pull requests:

  • Add opportunity to get list of users by management API #815 (ymasiuk)
  • Move event api jwt private key to Barong::App.config store #805 (ec)
  • Add auto-generating doc support #795 (ec)
  • Allow to configure multiple CORS at barong #790 (ec)

2.1.3 (2019-03-19)

Full Changelog

Closed issues:

  • Update Gemfile.lock to fix github vulnerabilities alert #808
  • Private key is invalid #798
  • Recaptcha not working #797
  • Ask #796
  • limit rows on activity not work #793
  • add domain info inside events #792
  • How to use file Local file storage in production env? #764
  • Routing error #752
  • Fix documentation #748
  • Drop confirm_password check on change password endpoing #744
  • Configuration mail #729
  • Rework errors to be strict to one standard #728
  • Generate changelog #715
  • Ability to specify multiple cors in 1.8 #708
  • [Feature Request] Add the ability to search user by email on barong admin page #635

Merged pull requests:

  • Update rails-related gems versions in favor of vulnerability alerts #809 (ec)
  • Allow to list API Keys without providing OTP code #807 (ec)
  • API user activity sort desc #804 (mkalenska)
  • Add ability to search users by labels #800 (mkalenska)
  • Improve language support in event API, add domain info inside event #791 (ec)

2.1.2 (2019-03-01)

Full Changelog

Merged pull requests:

  • Use 'paginate' on api/v2/admin/users/search #789 (ec)

2.1.1 (2019-03-01)

Full Changelog

Closed issues:

  • withCredentials error #788
  • Include Activity info in response on endpoint: GET admin/users/:uid #785

Merged pull requests:

  • Add Entities::Activity model, include it Entities::UserWithFullInfo #786 (ec)

2.1.0 (2019-02-27)

Full Changelog

Merged pull requests:

  • Start 2.1 development[ci skip] #787 (ec)
  • Update REST API documentation to v2.0.51[ci skip] #783 (ec)

2.0.51 (2019-02-26)

Full Changelog

Merged pull requests:

  • Feature/validation errors #774 (ec)

2.0.50 (2019-02-26)

Full Changelog

Merged pull requests:

  • Remove "-alpha" from version name #782 (ec)
  • Account api improvements (management module) #773 (ec)

2.0.49-alpha (2019-02-25)

Full Changelog

Merged pull requests:

  • Search implementation (admin api) #769 (ec)

2.0.48-alpha (2019-02-25)

Full Changelog

Merged pull requests:

  • Configure api-pagination tool, add api keys pagination #780 (ec)

2.0.47-alpha (2019-02-25)

Full Changelog

Closed issues:

  • [TO CHECK] Level is not recalculated on labels delete #775

Merged pull requests:

  • Use destroy instead of delete to enable missing validations #776 (ec)

2.0.46-alpha (2019-02-20)

Full Changelog

Closed issues:

  • Split activity error #743

Merged pull requests:

  • Split activity no records error to wrong_topic and no_activity #772 (ec)

2.0.45-alpha (2019-02-20)

Full Changelog

Merged pull requests:

  • Add pagination on /resource/users/activity endpoint #771 (ec)

2.0.44-alpha (2019-02-18)

Full Changelog

Closed issues:

  • authz unexpected behaivor with incorrect api_key #770
  • Api keys error #761

Merged pull requests:

  • Add more API Key validations, fix error on creating with invalid algo #768 (ec)

2.0.43-alpha (2019-02-15)

Full Changelog

Closed issues:

  • Allow user get on a base of additional fields (not only uid) #762

Merged pull requests:

  • User controller improvements (management module) #763 (ec)

2.0.42-alpha (2019-02-15)

Full Changelog

Merged pull requests:

  • Add language field in reset pass and confirm acc events #767 (ec)

2.0.41-alpha (2019-02-07)

Full Changelog

Closed issues:

  • Return specific error for banned users #754

Merged pull requests:

  • Add additional error on login in case of banned user #760 (ec)

2.0.40-alpha (2019-02-07)

Full Changelog

Closed issues:

  • Phone api improvement #746
  • Event api doc v2 #735

Merged pull requests:

  • Phone API improvements #747 (ec)
  • Added event API documentation with examples #745 (ec)
  • API errors unifying #741 (ec)

2.0.39-alpha (2019-02-06)

Full Changelog

Closed issues:

  • Vault secret is an object and not assignable to string. #756
  • Remove unnecessary call merge func #755

Merged pull requests:

  • Take only data from Vault::Secret object && minor refactoring #757 (ec)

2.0.38-alpha (2019-02-05)

Full Changelog

Merged pull requests:

  • Change default set-cookie header policy on authz to :skip #753 (ec)

2.0.37-alpha (2019-01-31)

Full Changelog

Closed issues:

  • Session_id doesnt have any influence on session authorizer #751
  • Session_id doesnt have any influence on session. #750
  • Missing 'present user, with: API::V2::Entities::User' in response on 2fa login #740

Merged pull requests:

  • Fix session_id check & add bypass session lazy load #749 (ec)

2.0.36-alpha (2019-01-25)

Full Changelog

Merged pull requests:

  • Add missing user details in 2fa login response #742 (ec)

2.0.35-alpha (2019-01-22)

Full Changelog

Closed issues:

  • CORS problem in production environment #738

Merged pull requests:

  • Fix Barong::CORS load problem in production env #739 (ec)

2.0.34-alpha (2019-01-21)

Full Changelog

Merged pull requests:

  • Configure redis and add JTI blacklisting #734 (ec)

2.0.33-alpha (2019-01-21)

Full Changelog

Closed issues:

  • Invalid session cookies returns on session logout #733
  • Password Reset Token doesn't expire #727
  • logging phone verification code may not be secure #647

Merged pull requests:

  • Fix change code on phone initialize, remove code from logs #730 (ec)

2.0.32-alpha (2019-01-21)

Full Changelog

Closed issues:

  • Split swagger docs to management and restfull api #712

Merged pull requests:

  • Add storage envs in config store and update fetch logic #737 (ec)

2.0.31-alpha (2019-01-16)

Full Changelog

Closed issues:

  • Admin api to promote member to admin or decrease #719
  • Admin api to disable users 2fa #717
  • Add Cors middleware to v2 branch #711
  • Make session to be created only in sessions controller #710

Merged pull requests:

  • Split swagger doc into restful and management #713 (ec)

2.0.30-alpha (2019-01-16)

Full Changelog

2.0.29-alpha (2019-01-16)

Full Changelog

2.0.28-alpha (2019-01-16)

Full Changelog

Merged pull requests:

  • Add admin api functionality on user update #722 (ec)

2.0.27-alpha (2019-01-16)

Full Changelog

Closed issues:

  • Change password endpoint action should be put instead of post #723

Merged pull requests:

  • Fix change password api action from post to put #724 (m-an)

2.0.26-alpha (2019-01-16)

Full Changelog

Merged pull requests:

  • Change regex validations to support different language characters #726 (ec)
  • Add an ability to specify CORS(multiple) #716 (ec)

2.0.25-alpha (2019-01-16)

Full Changelog

Merged pull requests:

  • Updating to ruby 2.6.0 #707 (mod)
  • Add ability to lock account, add filter for state on admin index #701 (ec)

2.0.24-alpha (2019-01-11)

Full Changelog

Closed issues:

  • Documents label bug #714

Merged pull requests:

  • Add expirable session #720 (m-an)
  • Move ActionDispatch::Session::CookieStore to sessions controller #718 (ec)

2.0.23-alpha (2019-01-09)

Full Changelog

Closed issues:

  • Multi-label levels #680

Merged pull requests:

  • Add referral_id to users table and as an optional param on signup #709 (ec)

2.0.22-alpha (2019-01-03)

Full Changelog

Closed issues:

  • Event API model.user.updated bug #690

Merged pull requests:

  • Add users entity on login and /me #706 (ec)
  • Small fixes of event api and lock feature #705 (ec)
  • Small fixes of event api and lock feature #704 (ec)
  • Add ability to lock account, add filter for state on admin index #700 (ec)

2.0.21-alpha (2018-12-26)

Full Changelog

Closed issues:

  • CarrierWave::Storage::Fog unitialized constant in prod mode #698

Merged pull requests:

  • Small fixes (drone ci, event api updated_at bug) #702 (ec)

v2.0.20-alpha (2018-12-25)

Full Changelog

Closed issues:

Merged pull requests:

v2.0.19-alpha (2018-12-24)

Full Changelog

Merged pull requests:

  • Admin update label func and resourse api labels CRUD #696 (ec)

v2.0.18-alpha (2018-12-24)

Full Changelog

Merged pull requests:

  • Add label on profile adding without level increase #697 (ec)

v2.0.17-alpha (2018-12-24)

Full Changelog

Merged pull requests:

  • Update the Drone CI to replace Travis and DockerHub #695 (vshatravenko)
  • AuthZ move to controller and lib #686 (ec)

2.0.16-alpha (2018-12-20)

Full Changelog

Merged pull requests:

  • Added missing event with confirmation token on signup #694 (ec)

2.0.15-alpha (2018-12-19)

Full Changelog

Closed issues:

  • RuntimeError: No EVENT_API_JWT_PRIVATE_KEY found in env! #692
  • remove ability to save the same phone numbers for user #689
  • Call for change password #687
  • GeeTest.com captcha integration on Barong v2 #659
  • Ability to fetch my login history from API #524

Merged pull requests:

  • Change multiple docs uploading logic from object to array #693 (ec)

2.0.14-alpha (2018-12-17)

Full Changelog

Closed issues:

  • [Barong v2] Levels update issue #676

Merged pull requests:

2.0.13-alpha (2018-12-12)

Full Changelog

Merged pull requests:

  • Update the production database configuration with DATABASE_NAME from env #685 (vshatravenko)

2.0.12-alpha (2018-12-11)

Full Changelog

Merged pull requests:

2.0.11-alpha (2018-12-10)

Full Changelog

Merged pull requests:

  • Hotfix for whitelisting public peatio and barong routes #683 (ec)
  • Hotfix for whitelisting public peatio and barong routes #682 (ec)
  • Add base swagger configuration and documentation for API #669 (ec)

2.0.10-alpha (2018-12-10)

Full Changelog

2.0.9-alpha (2018-12-09)

Full Changelog

Closed issues:

  • [Barong v2] User activity api endpoint improvments #663
  • [Barong v2] Document upload multi pictures feature request #661
  • [Barong v2] Document upload limit #660

2.0.8-alpha (2018-12-05)

Full Changelog

Merged pull requests:

2.0.7-alpha (2018-12-05)

Full Changelog

Merged pull requests:

  • Fix unhandled totp errors #675 (ec)

2.0.6-alpha (2018-12-05)

Full Changelog

Closed issues:

  • [Barong v2] Add possibility to disable captcha in dev environment, for login and sign in. #668
  • [Barong v2] Api_Keys endpoint response with 500 internal server error #662

Merged pull requests:

  • Add codeclimate config file #678 (ec)

1.8.42 (2018-12-04)

Full Changelog

2.0.5-alpha (2018-12-04)

Full Changelog

Closed issues:

  • [Barong v1.9,2] Hard password, password reset bug. #667
  • User documents are publicly visible by default (carrierwave / fog) #581

Merged pull requests:

  • Unlock account after 1 hour of being locked #650 (m-an)

1.9.1 (2018-12-04)

Full Changelog

Merged pull requests:

  • Make documents invisible publicly by changing fog policy #673 (ec)
  • Make documents invisible publicly by changing fog policy #672 (ec)

1.8.41 (2018-12-03)

Full Changelog

Closed issues:

  • how to create new account by api? #670
  • [Bug] Devise:Lockable:time Not working for User/api/V1 #636

Merged pull requests:

2.0.4-alpha (2018-11-29)

Full Changelog

Merged pull requests:

1.8.40 (2018-11-27)

Full Changelog

Merged pull requests:

2.0.3-alpha (2018-11-26)

Full Changelog

2.0.2-alpha (2018-11-25)

Full Changelog

Merged pull requests:

2.0.1-alpha (2018-11-25)

Full Changelog

Merged pull requests:

1.9.0 (2018-11-24)

Full Changelog

1.8.39 (2018-11-21)

Full Changelog

1.8.38 (2018-11-21)

Full Changelog

Merged pull requests:

  • Add RabbitMQ middleware for event api #653 (vpetrusenko)
  • Add rack-attack and some API usage limits #652 (dnfd)
  • Fix account unlocking (account should be unlocked after 1 hour by default) #649 (m-an)

1.8.37 (2018-11-17)

Full Changelog

Closed issues:

  • wrong customer id or password,please try again #631
  • How to edit devise_error_messages? #628
  • mini_racer can't be installed on Macos10.14 #615
  • Rework Auth API documentation #602
  • Error During Compilation #584
  • (barong) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected #559
  • Document Upload - We're sorry, but something went wrong. - ArgumentError ( is not a recognized provider) #555
  • JWT Tokens #546
  • Barong API Key Scopes not utilised in Peatio #540
  • "Sign In With Barong" button is not shown #530
  • How to get BARONG_CLIENT_ID, etc? #529
  • User should be allowed to access their login history and receive email confirmation if they login from an unknown IP. #436

Merged pull requests:

1.8.36 (2018-10-17)

Full Changelog

Closed issues:

  • How to custom dns? #621
  • bundle exec rake db:create db:migrate - no implicit conversion of nil into String #620
  • Vault::TOTP#vaildate NoMethodError (undefined method `data' for true:TrueClass) #606
  • Create scopes in api_key as string instead array #585
  • Remove/clean session API method #577
  • Incorrect work variable SKIP_EMAILS #572
  • Social Sign In/Up Support #547
  • 404 Error on api /v1/profiles/me when user's profile not found #534
  • Merge login systems into 1 end-point with cookie #523
  • Events API Rabbitmq middleware #518
  • Support latest GDPR requiremts #510
  • File uploaded, but system message is "error" type instead of "success" #310
  • There is no SMS throttling (possible to send as many SMS I as want) #89

Merged pull requests:

  • Add grape logger middleware #639 (alinetskyi)
  • update bootstrap gem : 4.1.2 instead 4.0.0 #634 (Ohill)
  • Fix bootstrap vulnerability by upgrading gem to 4.1.2 version #633 (Ohill)
  • Fix issue with jwt in dev mode #630 (shal)
  • Fix issue with hardcoded JWT_SHARED_SECRET_KEY #629 (shal)
  • Define minimum password length in ENV #626 (alinetskyi)
  • Add grape logger middleware #624 (rxx)
  • Set cookies from /api/sessions #622 (rxx)
  • Fix: DEPRECATION WARNING #619 (ronaldoaraujo)
  • Allow to configure scopes from env #618 (rxx)
  • Verify captcha serverside if it's enabled #617 (chumaknadya)
  • Allow to configure smtp url address #616 (rxx)
  • Save scopes in APIKey as serialized array (closes #585) #597 (ysv)
  • Update api_keys.md #592 (calj)
  • README.md update steps to get project running #578 (skatkov)

1.8.35 (2018-09-21)

Full Changelog

Merged pull requests:

  • Add ROOT_DOMAIN for configure sessions #612 (rxx)
  • Add ROOT_DOMAIN for configure sessions #611 (rxx)
  • Dont let not active accounts to sign in #600 (rxx)
  • barong fixing security flags in docs #596 (imarakhovskiy)

1.8.34 (2018-09-21)

Full Changelog

Merged pull requests:

1.8.33 (2018-09-21)

Full Changelog

Merged pull requests:

  • Verify captcha serverside if it's enabled #610 (rxx)

1.8.32 (2018-09-20)

Full Changelog

Merged pull requests:

  • Fix message error #609 (mnaichuk)
  • Dont let not active accounts to sign in #608 (rxx)
  • #PPBB-45: Allow to configure multiple CORS at barong #607 (rxx)

1.8.31 (2018-09-19)

Full Changelog

1.8.30 (2018-09-15)

Full Changelog

Closed issues:

  • Update rails gem to 5.2 #573

Merged pull requests:

  • Create jwt by session #599 (rxx)
  • Merge latest changes from 1-8-stable to master #598 (rxx)
  • Update gem dependences #595 (rxx)
  • Fix doorkeeper CVE-2018-1000211 vulnerability #590 (rxx)
  • Fix doorkeeper CVE-2018-1000211 vulnerability #589 (rxx)
  • Add endpoint to create and import accounts with managment api #587 (rxx)
  • Update api keys docs #586 (mnaichuk)
  • Update ruby and rails versions (closes #573) #582 (shal)
  • Create correct labels when seed accounts #579 (shal)

1.8.29 (2018-07-23)

Full Changelog

Closed issues:

  • User session is maintained when signing out from 1 of the 2 apps #571
  • Signed in user gets message from previous user activity #570

Merged pull requests:

1.8.28 (2018-07-18)

Full Changelog

Merged pull requests:

  • Revert "Generate api on bump stage" #569 (rxx)
  • Allow pdf on barong form #568 (rxx)
  • Generate api on bump stage #567 (rxx)
  • Feature/vault security #566 (rxx)

1.8.27 (2018-07-16)

Full Changelog

Closed issues:

  • Otp sign request unexpected behavior #545
  • Add validation to "Document number" on the new document upload page #497

Merged pull requests:

  • Add restrictions for expire_in and number of documents #565 (rxx)
  • Get all labels with managment api #564 (rxx)

1.8.26 (2018-07-10)

Full Changelog

Closed issues:

  • The server Barong(1.8-stable) doesnot send sms code at all. #562

Merged pull requests:

  • Countries alpha2 alpha3 #563 (rxx)
  • Return understandable vault error, log full message #561 (rxx)

1.8.25 (2018-07-06)

Full Changelog

Merged pull requests:

  • Create correct labels when seed accounts #560 (rxx)
  • Fix CVE-2018-3760 bug #557 (rxx)

1.8.24 (2018-07-04)

Full Changelog

Merged pull requests:

1.8.23 (2018-07-03)

Full Changelog

Closed issues:

  • Fix issue with lockable on sessions api #479
  • Ability to limit rate on login API #440

Merged pull requests:

  • Add validations to document #551 (rxx)
  • All new patches from 1-8-stable upto 1.8.22 #543 (rxx)

1.8.22 (2018-06-26)

Full Changelog

Merged pull requests:

1.8.21 (2018-06-25)

Full Changelog

Merged pull requests:

1.8.20 (2018-06-22)

Full Changelog

Closed issues:

  • Add ability to run without Vault and show warning #346

Merged pull requests:

  • Add email for Event API system.account.reset_password_token, system.account.unlock_token events, system.document.verified, system.document.rejected #550 (mitjok)

1.8.19 (2018-06-22)

Full Changelog

Merged pull requests:

  • Moved documentation files #549 (calj)
  • Compute code coverage report #542 (calj)

1.8.18 (2018-06-21)

Full Changelog

Closed issues:

  • Api endpoints to resend confirmation/unlock instructions #541
  • Bug with extra "0" in phone number #499

Merged pull requests:

  • Management api config generation from template #539 (mitjok)

1.8.17 (2018-06-15)

Full Changelog

Closed issues:

  • Reset password link with CUSTOM URL #538
  • A little error in API docs #536
  • API allows Login Without 2FA for a 2FA Enabled Account #526
  • Ability to disable 2FA from admin panel #521
  • Ability to let frontend to know that account has enabled 2FA #520
  • Management API: Add endpoints to fetch user information by uid #485
  • API: Add endpoints to resend confirmation #480
  • As an Admin I can disable / remove 2FA form a user #210
  • 2FA signing service specs #151

Merged pull requests:

  • Get international number from phonelib directly #504 (rxx)

1.8.16 (2018-06-15)

Full Changelog

Merged pull requests:

  • Add account uid to system.notification.account #537 (rxx)

1.8.15 (2018-06-14)

Full Changelog

Merged pull requests:

  • Check 2FA on Barong session api, stub vault request if vault server is down #522 (rxx)
  • Add account get endpoint for managment API #486 (rxx)

1.8.14 (2018-06-14)

Full Changelog

Merged pull requests:

  • Add validations for profile, add datepicker and country select for profile admin panel #477 (rxx)

1.8.13 (2018-06-12)

Full Changelog

Closed issues:

  • Event API has no raw devise token and has no ability to send reset password email #525
  • Level Mapping on admin Panel #517
  • On document varification user Level does not update to 3 #503
  • Optimization application #501
  • Ability to generate API key pair server-side #496
  • Changing already created labels scope from private to public is not changing the level of users account. #476
  • Can get stuck on the Phone verification step #466
  • Check all required ENV in production environment and raise for missing vars #457
  • Label's are supporting upper and lower cases. #454
  • Validation or informative message on Uploaded large jpg for kyc passport #444
  • Review all field types in forms #432
  • Broken automatic tagging #361
  • Captcha support for signup / login #356
  • ActionController::InvalidAuthenticityToken #349
  • Change success message from "created" to "uploaded" #334
  • Ability to define favicon for website #331
  • API to destroy session #286
  • Plugin API specs #201
  • Make a configuration class #200
  • Ability to login with Google Account #175

Merged pull requests:

  • Fix issues with levels #535 (rxx)
  • Feature/admin disable 2fa #533 (rxx)
  • Add otp sign endpoint #527 (rxx)

1.8.12 (2018-06-11)

Full Changelog

Merged pull requests:

  • Set events with correct devise tokens #528 (rxx)
  • Add localization for grape required fields #515 (rxx)
  • Fix labels bug with changing scope #481 (m-an)
  • Feature/add favicon to website #473 (rxx)

1.8.11 (2018-06-06)

Full Changelog

Closed issues:

  • Wrong customer ID or password,please try again. #509

Merged pull requests:

1.8.10 (2018-06-06)

Full Changelog

Closed issues:

  • Add additional document type for uploading documents (Utility Bill) #489

Merged pull requests:

1.8.9 (2018-06-05)

Full Changelog

Merged pull requests:

  • Remove identity from default configuration #505 (rxx)

1.5.2 (2018-06-04)

Full Changelog

1.8.8 (2018-06-04)

Full Changelog

Merged pull requests:

  • Change password security error message #511 (rxx)
  • Ci bump pagination 1 5 #471 (rxx)

1.8.7 (2018-06-04)

Full Changelog

Merged pull requests:

  • Remove env check. It does not work with docker build #514 (rxx)
  • Add vault logging #513 (rxx)

1.7.1 (2018-06-04)

Full Changelog

1.8.5 (2018-06-03)

Full Changelog

1.8.6 (2018-06-03)

Full Changelog

Closed issues:

  • Omission in the passport verification flow #500

Merged pull requests:

  • Allow travis to build image without envs #508 (rxx)
  • Update travis CI and fix version bumping #507 (shal)

1.8.4 (2018-05-31)

Full Changelog

1.8.3 (2018-05-31)

Full Changelog

1.8.2 (2018-05-30)

Full Changelog

Merged pull requests:

  • Add new document type #502 (rxx)
  • API tuning: Add security definitions and status code, fixed wrong messages #488 (rxx)
  • Check required environments on barong starting #484 (rxx)
  • Set correct document flash message #474 (rxx)
  • Downcase label key and value before save it #472 (rxx)

1.8.1 (2018-05-30)

Full Changelog

Closed issues:

  • error while uploading documents #493

Merged pull requests:

  • Add endpoint for resend confirmations #531 (rxx)
  • Feed existing account with labels corresponding their level [for migration from 1.7 to 1.8] #498 (m-an)
  • Fix db:seed applications creation #495 (calj)
  • Fix document types #490 (rxx)
  • Fix typo in phone exists message error #487 (rxx)
  • [ci skip] Start 1.9.0 development #475 (rxx)
  • ci/bump pagination patch for 1.7 #469 (rxx)

1.8.0 (2018-05-16)

Full Changelog

Closed issues:

  • Wrong session[:phone] == @phone_number comparison in phones_controller #462
  • API Key expiration #456
  • Barong Admin Panel: Move all logic from profile show to accounts show #449
  • Logic error connected with changes of critical label Key #445
  • Rewrite mailers due to state removal #443
  • Public labels can prevent creation of private labels with the same key value. #442
  • Deleting an user in Barong did not delete the user's phone or should user deletion be allowed? #437
  • Use jwt for API instead of Doorkeeper Access Token #433
  • Add /api/v1/phones/resend_code #418
  • Can't edit personal information after account creation #417
  • The server Barong does not send SMS for authorization of a mobile phone. #408
  • API, phone step can be skipped and get level 3 user #402
  • Enforce strong passwords #401
  • Phone verification 404 on a second attempt #400
  • The Gmail address registration issue #399
  • Validate fields, when send doc #398
  • User allowed to re-upload kYC doc and phone even after account is approved #397
  • No Email after KYC verification #396
  • Deleting an user in Barong did not delete the user's phone or should user deletion be allowed? 1.5 #395
  • Error 1.5 when uploading photo #394
  • Post to /api/V1/phones will return 500 when success #390
  • Add field "Nationality" on personal information step #387
  • Implement Event API #382
  • Add Ability to Confirm Email Verification via API #369
  • Re-write phone verification step using the api v1 #365
  • Vault 404 when enabling 2FA #355
  • User should be notified if he was rejected by admin #347
  • Use fog-google 1.3.3 #342
  • Indian number - endless search #340
  • db:seed fails #339
  • Redirection bug after uploading a document #333
  • Redirect user to platform after login #332
  • Error when uploading document #324
  • Unable to receive SMS to +38(091)XXX-XX-XX #322
  • Migrate from fog-aws to carrierwave-aws #321
  • Migrate from fog-google to carrierwave-google-storage #320
  • «Confirm» button is crazy #319
  • Logo couldn't be loaded #318
  • Ability to configure level dynamically #315
  • Log-Out issue #314
  • "Phone is invalid" with international code #313
  • After delete an account #307
  • Add first and last names to JWT token #292
  • no implicit conversion of nil into String #289
  • Specify an endpoint GET /account/sign_out to sign out the user from devise session #268
  • Unable to sign in/sign up #266
  • Specify API endpoint for JWT renewal #262
  • It is possible to set any state for account & profile #240
  • API should not respond with 2XX in case of invalid phone #217
  • Ability to manage trading tokens from barong #211
  • Email notification when user Approved #197
  • Implement new layout for barong emails #174
  • Admin can make himself a member #113
  • Add Sentry #76

Merged pull requests:

  • Enable devise lockable. #467 (rxx)
  • Feature: Add metadata to documents API #464 (rxx)
  • Release 1.8.0 #463 (rxx)
  • Bugfix/fix phone validation #461 (rxx)
  • Move all logic from profile show to accounts show. Show Phones and Account info #460 (rxx)
  • Add sentry #459 (rxx)
  • Update ci/bump.rb: add pagination for GitHub API (fixes bumping for older branches). #458 (rxx)
  • Added password strength validation #455 (gfedorenko)
  • Fix issue with api datetime format #453 (rxx)
  • Remove outdated deployment stuff #452 (ysv)
  • Mark account as discarded istead of delete it #451 (rxx)
  • Add condition for unconfirmed emails check on session#create api endpoint #448 (m-an)
  • Send emails if they are enabled. Add SKIP_EMAILS env #446 (rxx)
  • Add api_key resource and generate jwt session #441 (rxx)
  • Added link_config script #434 (ysv)
  • Show level and labels on account index page #431 (rxx)
  • Migrate application levels logic to use labels #430 (m-an)
  • Speed up docker image build #429 (ysv)
  • Do not trust public label when calculate level #428 (rxx)
  • Fix function call #426 (vpetrusenko)
  • Use SecureRandom in db:seed #425 (ysv)
  • Fix domain to host #424 (rxx)
  • Implement send code API #423 (vpetrusenko)
  • Changing seeds to users #422 (mod)
  • Feature/level logic with labels #421 (m-an)
  • Fix API error messages #416 (vpetrusenko)
  • Add labels to admin panel with CRUD #414 (vpetrusenko)
  • Allow setting JWT secret key as pem file #413 (dmk)
  • Added event_api specs #412 (rxx)
  • Events API, Plugins #410 (rxx)
  • Adding level definition #409 (mod)
  • Feature/managment api #407 (rxx)
  • Update 1.7.0 migration steps notes #405 (rxx)
  • Make db:seed more flexible #404 (dmk)
  • Fix errors in phones api #393 (rxx)
  • Feature/account confirm api #391 (rxx)
  • Fix missing PhoneUtils bug #389 (rxx)
  • Fix/bump eligible #381 (mod)
  • Start Barong 1.8.0 development! #370 (rxx)

1.7.0 (2018-04-20)

Full Changelog

Closed issues:

  • Make API call with restore password. #362
  • Setup code climate rules #344
  • I am able to confirm my phone without verification code #323
  • API endpoint to reset password #301
  • API endpoint for 2FA #300
  • Issues with verifying the phone number when working in Firefox #261
  • Recovery codes for two factor authentication #244
  • I scanned QR for 2FA. What's next? #237
  • Find a way to use service account instead of GCS secrets #185

Merged pull requests:

  • Fix missing PhoneUtils bug #388 (rxx)
  • #382: Event API #385 (rxx)
  • Release 1.7.0 #384 (rxx)
  • Fix phones controller #383 (dmk)
  • Fixing bump #379 (mod)
  • Increase spec coverage #378 (m-an)
  • Fix failing profile specs #377 (m-an)
  • Fix failing profile specs #376 (m-an)
  • Fix failing profile specs #375 (m-an)
  • Notify user by email when his state changes #374 (m-an)
  • Notify user by email when his state changes #373 (m-an)
  • Notify user by email when his state changes #372 (m-an)
  • Add reset password api #371 (rxx)
  • Restify api endpoints #368 (rxx)
  • User level is downgraded to 2 when his profile is rejected #367 (m-an)
  • User level is downgraded to 2 when his profile is rejected #366 (m-an)
  • User level is downgraded to 2 when his profile is rejected #360 (m-an)
  • Fix db:seed #359 (spavlishak)
  • Add ability to set uid and gid as docker build args #358 (gfedorenko)
  • Fix typo in error rescue #357 (m-an)
  • Bugfix/phone verification without code[1.5] #354 (rxx)
  • Fix phone verification issue[1.6] #353 (rxx)
  • Start Barong 1.7.0 development! #352 (m-an)
  • Fix phone verification issue #341 (rxx)
  • Feature/profiles api #336 (m-an)
  • Feature/2fa api #327 (rxx)

1.6.0 (2018-04-12)

Full Changelog

Closed issues:

  • Swagger docs #345
  • Add API for manage labels #306
  • API endpoint to create and validate phone #299

Merged pull requests:

1.3.1 (2018-04-11)

Full Changelog

Closed issues:

  • API for admin panel #280
  • Cannot upload document to GCP - Excon::Error::Socket (Broken pipe (Errno::EPIPE)): #278
  • Add API calls to manage user documents #275
  • Add an API call to update password of current user #274

Merged pull requests:

1.5.1 (2018-04-05)

Full Changelog

Closed issues:

  • Something went wrong when upload document photo #311
  • old Barong accounts #308
  • Your account has been disabled, contact admin if you have any problem. #295
  • Can’t verify Indian number #267
  • Username input throws exception #252
  • Email input is not focused at page load, after submit password input is not focused too. Low user experience #247
  • It is possible to register the same phone twice #239
  • English error at phone verification #238
  • If I submit second document after approval of first it is not displayed in admin panel #236
  • I can't upload files with UPPERCASE extension #235
  • Markup & CSS issue: page is jumping, very ugly #226
  • Undefined method «request_uri» at /security #219
  • Phone number is send with double «+» sign when performing verification #218
  • AWS S3 support #212
  • Phone is invalid when it isn't #138
  • 2 Factor Authentication #121

Merged pull requests:

1.5.0 (2018-03-23)

Full Changelog

Merged pull requests:

  • Changed devise logout path from delete to get request #269 (m-an)

1.3.0 (2018-03-23)

Full Changelog

Closed issues:

  • Add an api with profile information, like first and last names #272
  • Finish websites #178

Merged pull requests:

1.0.14 (2018-03-20)

Full Changelog

Merged pull requests:

  • Changed devise logout path from delete to get request #329 (m-an)
  • Added state for GET profile #273 (gfedorenko)
  • Added get profile API call #271 (gfedorenko)
  • Set account state along with profile state #270 (dmk)
  • Update travis CI script as rubykube/peatio#639 (closes #255) #256 (shal)

1.0.13 (2018-03-16)

Full Changelog

Closed issues:

  • Specify API endpoint for JWT revoke #263
  • Otp signing service specs #260
  • Update bump script as in peatio #255

Merged pull requests:

  • Fix multiple issue with cloud storage configurations #259 (shal)

1.0.12 (2018-03-13)

Full Changelog

Closed issues:

  • Extremely difficult to understand UID, use email instead #258
  • Update documentation for Barong interaction with client app #177
  • Implement fully working 2FA #146

Merged pull requests:

  • Use email as account name in Vault TOTP; allow setting issuer name in env #257 (gfedorenko)
  • #247 Add focus to email input at page load and password input #249 (amir-budaychiev)

1.0.11 (2018-03-09)

Full Changelog

Merged pull requests:

  • Update fog and carrierwave & cleanup (closes #212) #241 (shal)

1.0.10 (2018-03-07)

Full Changelog

Merged pull requests:

1.0.9 (2018-03-07)

Full Changelog

Closed issues:

  • Customization seems broken in latest master #248
  • [WIP] Update the JWT Session payload #245
  • All entered data is lost when submitting form with invalid data #223
  • It is possible to specify & submit DOB in future #220
  • Tag and bump patch on each master change #186
  • Input Authenticator Page #152
  • Fix issue with unlocking account #147

Merged pull requests:

  • Update the JWT Session payload #250 (dmk)

1.0.8 (2018-03-05)

Full Changelog

Merged pull requests:

  • Different gem subsets dynamic installation #207 (mitjok)

1.0.7 (2018-03-05)

Full Changelog

Closed issues:

  • After submitting document I am still at the same page. What's next? #225

Merged pull requests:

1.0.6 (2018-03-05)

Full Changelog

Merged pull requests:

1.0.5 (2018-03-05)

Full Changelog

Merged pull requests:

  • Fix all entered data which is lost when submitting form with invalid data #231 (amir-budaychiev)

1.0.4 (2018-03-05)

Full Changelog

Closed issues:

  • Document form doesn't work with valid data #224
  • Missing assets at /documents/new #221

Merged pull requests:

1.0.3 (2018-03-05)

Full Changelog

Closed issues:

  • Invalid background color for error message block in case of failed phone verification #216
  • Fix failing chrome-driver in travis #213
  • Fix dropify icon displaying #195
  • ActionView::Template::Error (couldn't find file 'dropify/src/js/dropify' with type 'application/javascript' #189
  • Add Vault to the stack #176
  • Add field "E-mail" in Profile #168
  • Refresh spec/models tests #167
  • Make admin panel fixes #160
  • Create a role for managing only profiles #108

Merged pull requests:

1.0.2 (2018-02-26)

Full Changelog

Merged pull requests:

1.0.1 (2018-02-23)

Full Changelog

Closed issues:

  • Put links and style pages #157
  • Disable submit phone button and show loader #148
  • Validate Document's size #145
  • Set Devise layout as application #144
  • Barong outputs warning when confirming email #137
  • Make drag and drop for documents work #125
  • Delete merged branchs #110
  • Document number doesn't have max length which results in 500 error when submitting form #87
  • Markup issues #84

Merged pull requests:

1.0.0 (2018-02-19)

Closed issues:

  • «Some fields are empty or invalid» when submitting KyC #136
  • Fix tests after redesign #126
  • Create dropdown for countries #124
  • Fix URL in readme #116
  • User has ability to get back to already passed step verification #115
  • Doc type dropdown awful #111
  • Fix role changement in admin panel #109
  • Fix license name in readme #94
  • Phone verification form doesn't check phone for uniqueness #88
  • It is possible to create document leaving all fields blank #86
  • break-word causes mail addresses to display ugly #85
  • Missing sender name for emails #83
  • Handle issue on phone verification step #75
  • Integration of omniauth-barong into barongClientTestApp #41
  • Rake task for creating application #40
  • Rake task for creating an admin user #39
  • Add .level field #34
  • Add ability to customize design #29
  • Adding KYC #28
  • Adding 2FA auth. with Google Auth. #25
  • Adding Phone verification system #24
  • Adding doorkeeper into the stack #23
  • CRUD for accounts #19
  • Prevent accounts from brute-force attack (devise lockable) #13
  • Create admin panel boilerplate #12
  • Create a light layout maybe using bootstrap #10
  • Dockerfile and pipeline for Barong #3
  • Ability to register with email and password #2
  • Create Account Migration #1

Merged pull requests:

* This Change Log was automatically generated by github_changelog_generator