Skip to content

Latest commit

 

History

History
86 lines (48 loc) · 4.55 KB

CHANGELOG.md

File metadata and controls

86 lines (48 loc) · 4.55 KB
Raw

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[0.4.0] - [UNRELEASED]

Fixed

  • Define permission class for API views (#19 by nijel)
  • Make WebAuthnCredentialManager inherit from DeviceManager (#23 by nijel)
  • Clarify username_field_selector example in README (#20 by nijel)
  • Clarify custom credential model usage (#26 by jmichalicek)

[0.3.0] - 2024-08-03

Changed

  • The built-in Passkey registration and verification views error handling has been reworked. (#12 by Stormheg)

Fixed

  • A regression in v0.2.0 was fixed were AuthenticationDisabled would incorrectly be raised. (Issue #10 by jmichalicek; fixed in #12 by Stormheg)
  • Support for CSRF_USE_SESSIONS = True was added. (Issue #14 by nijel; fixed in #15 by nijel and Stormheg)
  • An issue that prevented MySQL from being used as the database backend was fixed. (Issue #17 by nijel; fixed in #18 by Stormheg)

Removed

  • The unused RegistrationDisabled, AuthenticationDisabled, and LoginRequired exceptions are removed. (#12 by Stormheg)

[0.2.0] - 2024-07-18

Changed

  • Support for having multiple AUTHENTICATION_BACKENDS was added. (#8 by jmichalicek)
    • Action required: add django_otp_webauthn.backends.WebAuthnBackend to your AUTHENTICATION_BACKENDS setting if you want to use passwordless login.

[0.1.3] - 2024-07-01

Added

  • The default manager for the WebAuthnCredential model now includes a as_credential_descriptors method to make it easier to format the credentials for use in custom implementations.

Fixed

  • A bug was fixed with Python 3.11 and older that caused an exception when authenticating with a WebAuthn credential. (#6 by jmichalicek)

Changed

  • The http://localhost:8000 default value for OTP_WEBAUTHN_ALLOWED_ORIGINS was removed.
  • Use more appropriate examples for the OTP_WEBAUTHN_* settings in the README.
  • Update admonition in the README to reflect the current state of the project. We have moved from don't use in production to use at your own risk.

[0.1.2] - 2024-06-12

Fixed

  • The helper classes' get_credential_display_name and get_credential_name methods are now correctly called. Previously, the users' full name was being used as the credential name, bypassing above methods.

Changed

  • Set discoverable credential policy to required at registration time when OTP_WEBAUTHN_ALLOW_PASSWORDLESS_LOGIN is set to True. This is to ensure a credential capable of passwordless login is created.

New

  • Make is easier to override the helper class using the new OTP_WEBAUTHN_HELPER_CLASS setting. Pass it a dotted path to your custom helper class and it will be used instead of the default one.

[0.1.1] - 2024-05-26

Fixed

  • An issue with the button label not showing any text was fixed.

Changed

  • WebAuthnCredential now inherits from django_otp.models.TimestampMixin to add a created_at and last_used_at fields. Subsequently, this raises the minimum django-otp version to 1.4.0+.

Maintenance

  • Switch to hatch for managing the project.

[0.1.0] - 2024-05-12

  • Initial release.