π The odd versions are not released into production.
- [FranceConnect+]
- Lowered CSP in service provider mock, allowing javascript execution
- [eIDASBridge]
- TLS encryption between bridge and Apache Cache-ignite
- [FranceConnect+]
- Dynamic link to the support form, on error pages, to carry relevant information
- [eIDASBridge]
- Allow connection to service provider having low security requirements
- [FranceConnect+]
- Added link to support form when an error occurs
- [eIDASBridge]
- Sub is now pairwised with the service provider country code
- [UserDashboard]
- Added BDD tests to validate the notification sent when the IdPs preferences are changed
- [SupportForm]
- Added platform name to the contact form to differentiate FC from FC+
- Added cache control on metadata routes
- Updated local stack app certificates
- [PartnerDashboard]
- Moved "service providers" components into the partners directory
- Updated react-router-dom to v6
- [FranceConnect+]
- Removed unused "phone_number" and "address" claims
- [UserDashboard]
- Added business logs
- Prevented users from blocking the currently used IdP
- [PartnerDashboard]
- Added pagination on mobile viewport
- Added service providers details page
- [FranceConnect+]
- Added port and client provided source IP to business logs
-
[UserDashboard]
- Fixed a display glitch in mobile menu
-
[FranceConnect+]
- Updated link to tracks application in notification email
-
Refactored folders hierarchy to improve code sharing through react applications
- [UserDashboard]
- Improved control on user inputs
- Improved development stack defaults fixtures
- Improved UI, especially on mobile
- Improved UX on expired session
- Upgraded NPM dependencies
- [UserDashboard]
- Fixed claim / label mapping that would cause the application to crash π
π΄π΄π΄π΄π΄π΄ Nothing here because of holidays π΄π΄π΄π΄π΄π΄
- [UserDashboard]
- Implemented more BDD tests on the user login history page
- Fixed an error regarding null claims on the user login history page
- Added the future Yris IdP logo
- Integrated the pagination component to the user login history page
- Splitted a MongoDb consumer per platform (FranceConnect low and FranceConnect high level of assurance) to provide a better network isolation
- Added a warning message when a user disables all his idp to ensure he has at least one idp to connect to
- Added an information message in order for the user to explicitly decide whether or not the future IdPs should be authorized when starting to block IdPs in the user preferences.
- Referenced issues in severals
@todo
comments - Added a storyBook instance on dev stack, to ease React component development
- [UserDashboard]
- Fixed multiple typos
- Prevent users from disabling access to all Identity Providers
- Enhanced users traces display
- Moved email shipment from preferences consumer to UserDashboard backend
- Update Redux wrapper for all front app
- React Pagination component
- Fixed the way the docker-stack script retrieves NodeJS containers.
- [FranceConnect+] [AgentConnect]
- Enhanced handling of business logs rotation
-
[Partners]
- Simple login page
-
[User Dashboard]
- Enabled BDD tests execution on integration environment
- Added BDD tests for user preferences management from administration applications
-
[User Dashboard] [AgentConnect] [Partners]
- Refactored react applications to use official France Design System
- [AgentConnect] The
amr
claim is now tested with BDDs in the sandbox environment - [User Dashboard] Visual regression testing has been implemented
- [User Dashboard]
- The user-preferences consumer can be used to fetch current user's preferences (for support application)
- Human readable IdP name is now displayed instead of technical name on user connection history
- IP location is now resolved at display time if not already present in user history
- Scopes are now grouped by family on the backend in user's connection history page
- [Partners Dashboard]
- Implemented first BDDs
- Added CI configuration
- [AgentConnect]
- Added
alg
property in jwks endpoints, to ease key selection for partners.
- Added
- Fixed a bug in unit tests making the CI unstable.
- [User Dashboard]
- Added explanations about idp management in user dashboard.
- Styled the layout of the notification email for idp management.
- [AgentConnect]
- Corrected a reflected XSS vulnerability
- The
docker-stack start-all
command now tries to launch only available apps - [User Dashboard]
- Implemented BDD tests for the idp-settings feature
- The
logger
library is now deprecated and will be reworked
- [User Dashboard]
- The user information are now persistent when navigating with the URL
- Limited to the minimum the identity scope that the dashboard has access to
- [FranceConnect+]
- Added missing feature to fixtures
- Added missing fonts to build
- Added missing logos to docker-stack
- Upgraded backend dependencies
- [AgentConnect]
- Implemented accessibility tests
- Multiple ES nodes are allowed in configuration
- [User Dashboard]
- User can now disconnect from the dashboard
- HTTP proxy is now supported
- Issuer URL is now given by the environment instead of static a string
- Synchronized logs mapping between FC and FC+
- Limited events sent by the consumer to user login events only
- [Partners Dashboard]
- Created the front and back applications
- Fixed linter
tsx
rules that were applied tots
files - [AgentConnect]
- Implemented visual regression tests
- SP can now request the IdP
amr
(Authentication Methods References)
- [User Dashboard]
- A notification email is now sent when the user preferences are edited
- Added CSRF protection when the user preferences are edited
- FC low legacy entries are now shown on the user connection log
- Fixed the "allowFutureIdp" property
- [AgentConnect]
- Research now works with the IdP name and not only the administration name
- Disconnection from AgentConnect now propagated to the IdP
- [eIDASBridge] Updated the DTO rules to match the european XML schema
- [Changelog v3.82] Added the missing changelog of the previous version
- [ElasticSearch] Added authentication
- [FranceConnect] Configured a dedicated mock user to test the connection history log and to avoid conflicts with other tests)
- [User Dashboard]
- The interface to enable / disable an IdP has been implemented
- Fix database architecture for IdP settings
- The application does not need anymore the secret to decrypt the IdPs' client secrets
- The application is now connected to the legacy database instead of FC+ one
- [AgentConnect] The error page is now handled by the frontend (REACT) instead of a backend rendering rendering
- [eIDASBridge] Updated the DTO rules to match the european XML schema
- Upgrade NodeJS to 14.19.0
- [FranceConnect] Changed the mock user used to test the user history log (the default (test / 123) one was used and it would later conflict with other tests)
- [User Dashboard] The user is now able to choose a default behavior (active / inactive) new IDPs joining FC
π§ As the team was busy working on legacy code there is sadly nothing to see here π’ π§
- [AgentConnect] Now the RIE consumer can use a GLOBAL_AGENT_HTTP_PROXY
- [AgentConnect]
- Rename
build:bridge-http-proxy
yarn command tobuild:bridge-http-proxy-rie
- Better error handling for
hybridge-http-proxy
- Rename
- Upgrade cypress to 9.2.0
- Upgrade NodeJS to 14.18.2
- [AgentConnect] Update integration test data
- [FranceConnect+] Add more accessibility and E2E to test its resilience
- [User Dashboard] The backend consumer can read and edit user preferences regarding IdPs
- Fixed notification mail compatibility with yahoo mailer
- [AgentConnect]
- A new scope and a new claim
idp_id
are now available for the SP to know which IdP was used by the agent - A new scope and a new claim
idp_acr
are now available for the SP to know which acr value was sent by the Idp - A new claim
amr
is now available for the SP to know which authentication method was used - Change browserlist configuration
- A new scope and a new claim
- [FranceConnect+] The mailer library use now SMTP instead of API
-
[FranceConnect+] Lowering the length constrains of the
nonce
parametter -
[eIDASBridge]
- The bridge now sends a "KeepAlive" packet to prevent the firewall from severing the connection of the FR Node to the Apache Ignite Cache
- Remove unused variable
sessionId
to use the one from the session library
- [AgentConnect] Some apps / libs names have been changed to better reflect their functions
- The NPM dependencies have been upgraded
- The units tests / linter and prettier of the front-end applications have been added to the CI (internal)
- Visual regressions are now watched through screenshot automatic testing
- [AgentConnect / Docker dev-stack] Add a Lemon LDAP IdP to the docker dev-stack
- [AgentConnect] Now AgentConnect can do a whole cinematic using rabbitMQ broker to connect to another isolated network
- [AgentConnect] Pages are now compliant with the french state design system
- [FranceConnect+] The business logs now track the right ids
- [Docker dev-stack] Fix a configuration that was not correctly mirroring the integration configuration
- Removed express complex objects query and body parsing as it is not used by the project
- Some old redundant E2E tests were removed as the BDD tests gain coverage
- New BDD tests have been added to cover all ACRs that could be sent by the IdPs
- New BDD tests have been added to ensure that all wanted encryption algorithms are configured properly
- [User Dashboard] Creation of API for partners to get and display the users history
- [User Dashboard] Users can now see the platform name were the event occurred in their history
- [AgentConnect] proxy-bridge app can now proxy requests to the rabbitMQ broker
- π Tell the guards to open up the gates ! As from today we are going Open Source π.