2FAuth/changelog.md

Change log

[3.2] - 2022-07-13

Added

• Support of Google Authenticator migration data: QR codes generated by the G-Auth export feature can be flashed/uploaded to import their data into 2FAuth. (Import doc, #74)
• Partial support of STEAM TOTP. See the Steam Guard doc for detailed informations about this support (#30)

Changed

• Pages now have a unique title
• Signing in while already authenticated no longer display the "Already authenticated" error message (#88)
• The Auto lock feature now forwards to a dedicated page to ensure proper logout and prevent CSRF token mismatch error (see issue #73) that still occurred in certain situation

Fixed

• issue #90 Empty page after deletion of all accounts
• issue #97 Secret's format selector should not clear the locked field in edit form

[3.1.1] - 2022-05-31

Fixed

• issue #85, issue #86 Invalid OTP generated after the 2FA account has been saved to db

[3.1.0] - 2022-05-20

Added

• PROXY_LOGOUT_URL environment variable to specify a custom logout url when using an auth proxy
• Locked/Unlocked state for the Secret field in the 2FA account Edit form to prevent undesirable edit.

Fixed

• Fix OAuth setting view returning an error when auth is handled by a proxy
• issue #57 Can't save icons or upload QR codes - Docker installation
• issue #81 Unable to create configured logger. Using emergency logger
• issue #82 Autolock feature should be disabled while auth is handled by a proxy
• issue #84 Reverse-proxy-guard authenticates request without valid headers configuration

[3.0.2] - 2022-05-14

Added

• Mail settings section in the docker readme by @aronmal

Fixed

• issue #72 2FA secret passed as plain text rejected by form validation
• issue #73 CSRF token mismatch
• issue #78 Add tags other then latest when pushing images to dockerhub

[3.0.1] - 2022-05-11

Fixed

• issue #68 2fauth not run after update
• issue #71 Cannot view old TOTP entries on latest Docker Image
• Missing login information on the demo website

[3.0.0] - 2022-05-09

Finally, here is version 3.0!

This is a milestone in the 2FAuth development that greatly enhances 2FAuth under the hoods and comes with a brand new documentation.

New

• 2FAuth now exposes a REST API following the OpenAPI 3.1 specification that allows connexion with third parties (see the API doc)
• Support of the Web Authentication standard, aka WebAuthn, to login using a security device like a Yubikey or FaceID
• Support of authentication proxy to bypass the 2FAuth auth login
• Heroku setup to deploy 2FAuth using the Deploy to Heroku button

Also added

• Ability to delete the user account and reset 2FAuth
• The content of any non-2FA QR code can be copied or followed (in case of an HTTP link)
• PHP 8.0 support

Changed

• 2Fauth now uses the browser language preference by default.
• The current group is now clickable in the group selector
• Upgrade to Laravel 8

Fixed

• issue #45 Account or Service field containing colon breaks the Test feature in the advanced form
• issue #47 Account creation fails when otpauth service parameter is missing
• issue #50 Email password reset does not work
• issue #51 Cannot delete a group with accounts (MySQL only)
• issue #52 null "Default group" setting after group delete
• issue #57 Can't save icons or upload QR codes - Docker installation

Removed

• PHP 7.3 support

[2.1.0] - 2021-03-04

Added

• German translation, thanks to @chenmichael

[2.0.2] - 2020-12-04

Fixed

• issue #20 Issues using 'Protect sensible data'

[2.0.1] - 2020-12-03

Fixed

• issue #18 Install using MySQL causes exception
• issue #17 Capitalization of email address during login should not matter
• issue #15 Applied group filter is not removed if the group is deleted
• issue #14 Cache is not refreshed automatically after group changes
• Missing footer links at first start
• Missing redirection after registration

[2.0.0] - 2020-11-29

2FAuth goes to v2.0!

This release comes with multiple improvements and a lot of changes under the hood. Don't forget to backup your database before you upgrade. Have fun :)

Added

• Add Groups to enhance accounts management
• New advanced form to define fully customized accounts without QR code
• New user option to skip the submitting page
• New DB protection option to encrypt sensitive 2FA data
• QR code generation of recorded accounts
• Support of the OTP image parameter when a QR code is imported

Changed

• Performance improvement thanks to data caching
• Show Register/Login forms and their links only when relevant
• Let the user choose between all available submitting methods (livescan, qrcode upload, advanced form)
• Translations are now managed on Crowdin.com/2fauth. You master some foreign languages? Why not help translate 2FAuth, your help would be welcome.

Fixed

• issue #13 Long Service name push content out of viewport
• issue #11 Token generation do not loop if TOTP period is different from 30s
• issue #9 Upload QR code in standard form return a 422 missing uri field

[1.3.1] - 2020-10-12

Changed

• Upgrade to Laravel 7.0
• Drop PHP 7.2 support
• Enable the Request reset password form in Demo mode but inactivated

Fixed

• Fix missing notifications in Auth views

[1.3.0] - 2020-10-09

Added

• Application lock on security code copy or after a fixed period of inactivity
• Notify user that https is required in order to use camera streaming to flash QR code
• Notify user that the security code has been copied to clipboard when user click it
• Show selected accounts count in Manage view
• New option to show/hide icons in accounts list

Changed

• More mobile friendly Close button for modal
• More advanced notification component
• Fixed header to keep Search field and Delete button always visible
• Switches replaced by checkboxes in Settings

Fixed

• Hide context around iPhone X+ notch
• Unwanted access to restricted pages as guest

[1.2.0] - 2020-09-18

Added

• QR Code scan using live stream when a camera is detected. Previous QR Code scanner remains available as fallback method or can be forced in Settings.
• New alternative layouts: List or Grid
• Accounts can be reordered

Changed

• Notification banner (when saving settings) now has a fixed position

[1.1.0] - 2020-03-23

Added

• Demonstration mode with restricted features and ability to reset content with an artisan command
• Option to close token popup when the code is pasted (by clicking/taping on it)

Changed

• Options default values can now be set in config/app
• Generated assets are now part of the repo to ease deployement

Fixed

• Option labels attached to wrong checkboxes