Cofoundry Versions Save

Features

• #543 Migrate to .NET 8
• #335 Support for webp and SVG image assets
• #537 DomainRepository: Patch: Better handling of nulls

Bug fixes

• #519 Concurrency issue in HtmlSanitizer
• #542 Not able to see pagination on asset picker pop up

Docs

• #316 Image Save Location
• #539 Null exception when calling app.UseCofoundry();

Bug fixes

• #538 UpdateDocumentAssetCommand: throwing permission error when executing with elevated permissions/system user execution context as BackgroundTask

Bug fixes

• #518 Used package ([email protected]) in Web Admin contains known vulnerabilities

Bug fixes

• #517 Remove google fonts to be GDPR compliant

Bug fixes

• #516 Add Page: Custom entity page triggers unresolvable validation error

Features

• #486 .NET6 Migration

Bug fixes

• #515 Admin Panel: Developer exception page no longer shows
• #508 Error Logging Plugin: Limit overflow on long fields

Docs

• #506 Document how to add TinyMCE Plugins

Bug fixes

• #513 REDIRECT TO SIGN-IN flag not saving
• #510 Admin Role appears able to edit Super Administrator

Bug fixes

• #507 Internal Server Error when attempting Delete

Features

• #505 ApiResponseHelper: Ability to execute a command and return a custom action result

Bug fixes

• #504 WebUserSessionService: GetUserIdByUserAreaCodeAsync should return null outside of a web request
• #503 ApiResponseHelper: RunWithResultAsync returns 404 instead of 400 on error

Features

Pages and Directories

• #187 Pages / Directories: Restrict by User Area
• #200 Pages / Directories: Increase maximum url slug length
• #464 Page Directories: "Name" property is superfluous
• #465 Pages / Directories: Naming of FullUrl inconsistent
• #288 Page & Custom Entity: Add update date
• #463 Page Directories: extract ChangePageUrlCommand from UpdatePageDirectoryCommand
• #462 Improve Page Message Publishing: Including changed urls and propagate directory changes
• #461 Page Directories: Publish Command Messages

User Areas

• #467 Users: Name should not be required
• #496 Users: Add "DisplayName"
• #495 UserMicroSummary: Remove FirstName, LastName, Email fields
• #490 Users: Deactivate
• #485 Users: Confirm Account
• #479 Self-service Password Reset: Rename to "Account Recovery" and audit/tidy
• #470 User Area Admin: Misc improvements

Configuration

• #493 AuthenticationSettings: Move to UserSettings.Authentication
• #477 UserArea: Make unique validation of emails optional
• #476 User Areas: Configurable Email and Username validation
• #468 Email Uniqueness: Support IDNs and improve uniqueness handling
• #499 Roles: Improve initialization

API Improvements

• #82 UserRepository, LoginService and missing queries/command
• #473 IAdvancedContentRepositoryUserRepository: Move "Current" out to own child repository
• #489 Rework the auth controller helpers, replacing with a solution based on the content repository
• #488 User Auth: Replace ILoginService with Queries and Commands
• #482 UserLoginInfoAuthenticationResult: Replace Error enum with a ValidationError with standardized error codes
• #487 Change uses of the term "Login" and "Logout" to "SignIn" and "SignOut"
• #281 Add message/event publishing for Users
• #474 Remove UserAccountDetails projection

Security

• #494 Users: Soft-deletes should anonymize data
• #492 UserLoginLog: Rename to UserAthentication and move rate limit settings to user settings
• #491 Users: Add duration padding to the execution of commands and queries succeptible to time-based enumeration attacks
• #480 User Admin: Force password reset
• #478 Users: Security stamp / session invalidation
• #469 User Areas: Configurable password policies
• #454 Migrate to ASP.NET Core Identity IPasswordHasher

Mail Templates

• #215 Allow admin mail templates to be easily overridden

Misc

• #405 Show friendly enumeration item names
• #415 Improved handling of AuthenticationFailedException in ApiResponseHelper.RunCommandAsync
• #497 ContentRepository: Add overloads to patch update commands
• #483 IDomainRepository.WithExecutionContext: Support passing in IUserContext
• #472 IUploadedFile: Improve the public API and document
• #484 Domain.Data: Specifiy DateTime properties as DateTimeKind.Utc
• #481 Remove obsolete APIs (pre v0.10)

Bugs

• #409 Improved error handling for serialization errors
• #458 Page Template has two Regions but Admin says it has none

Docs

• #162 Provide better documentation for authentication
• #190 User Areas: Samples and better documentation of creating user management screens
• #200 Add guide for setting up email via plugins
• #423 Configuring data protection system
• #419 Nested Transactions

Breaking changes

Term Changes (system wide)

• Term "PasswordReset" (self-service forgot-password style) changed to "AccountRecovery" to avoid confusion with passwords being reset by an administration user.
• Term "Login/Logged In" changed to "Sign in/signed in"

Models

• CustomEntityDetails.FullPath is now CustomEntityDetails.FullUrlPath
• IPageRoute.FullPath is now IPageRoute.FullUrlPath
• PageRoute.FullPath is now PageRoute.FullUrlPath
• CustomEntityPage.FullPath is now CustomEntityPage.FullUrlPath
• PageSummary.FullPath is now PageSummary.FullUrlPath
• CurrentUserViewHelperContext.IsLoggedInis now CurrentUserViewHelperContext.IsSignedIn

Queries

• GetUserLoginInfoIfAuthenticatedQuery now returns UserLoginInfoAuthenticationResult instead of UserLoginInfo directly and now includes checks for max login attempt validation.
• Role queries such as GetRoleByIdQuery now return null if an id is specified but no role is found. The original behavior returned the anonymous role, which was unintentional; specifying null as the Id however still returns the anonymous role as intended.
• GetEntityDependencySummaryByRelatedEntity is now GetEntityDependencySummaryByRelatedEntityId (naming consistency)
• IsEmailUniqueQuery is now IsUserEmailAddressUniqueQuery
• GetUserLoginInfoIfAuthenticatedQuery is now AuthenticateUserCredentialsQuery
• GetUpdateCommandQuery is now GetPatchableCommandQuery
• GetUpdateCommandByIdQuery is now GetPatchableCommandByIdQuery

Commands

• AddCofoundryUserCommand has been removed and replaced with the more generic AddUserWithTemporaryPassword.
• Url updating parts of UpdatePageDirectoryCommand replaced with dedicated UpdatePageUrlCommand
• CompleteUserPasswordResetCommand is now CompleteUserPasswordResetRequestCommand
• InitiatePasswordResetRequestCommand is now InitiateUserPasswordResetRequestCommand
• CompleteUserAccountRecoveryByEmailCommand.SendNotification has been removed and replaced with a config setting Cofoundry:Users:Password:SendNotificationOnUpdate
• UpdateUnauthenticatedUserPasswordCommand is now UpdateUserPasswordByCredentialsCommand
• UpdateCurrentUserAccountCommand is now UpdateCurrentUserCommand

Content Repository

• IAdvancedContentreporsitory.Users().AddUserCommandAsync is now IAdvancedContentreporsitory.Users().AddUserWithTemporaryPasswordAsync
• ContentRepository.Users().AddUserWithTemporaryPasswordAsync() is now ContentRepository.Users().AddWithTemporaryPasswordAsync()
• ContentRepository.Users().UpdateUserAsync() is now ContentRepository.Users().UpdateAsync()
• ContentRepository.Users().DeleteUserAsync() is now ContentRepository.Users().DeleteAsync()
• IAdvancedRepository.Users().IsEmailUniqueAsync is now IAdvancedRepository.Users().IsEmailAddressUniqueAsync
• IContentRepository.CustomEntities().GetByDefinitionCode(string).AsRenderSummary() is now AsRenderSummaries()

Auth

• IAuthConfiguration has been updated to make it easier to override specific parts of the configuration. See the class for more details.
• CofoundryAuthenticationConstants.FormatAuthenticationScheme is now AuthenticationSchemes.UserArea
• IUserAreaDefinition.IsDefaultAuthSchema is now IUserAreaDefinition.IsDefaultAuthScheme (typo)
• AuthenticationFailedException has been removed as it is unused. If an action is not permitted use NotPermittedException instead.

Misc

• IUserAreaDefinitionRepository.GetByCode renamed IUserAreaDefinitionRepository.GetRequiredByCode to be consistent with other definition repositories
• Much of Cofoundry.Web.Identity has changed, but should still be familiar. If you're using these do check out the new samples and docs
• When rendering text mail templates, any html encoding performed by the Razor parser will be decoded so you no longer need to account for this in mail templates by using Html.Raw()
• ISecurityTokenGenerationService removed.
• ILoggedInPermissionCheckHandler is now ISignedInPermissionCheckHandler
• ICofoundryMailTemplateHelper has been moved to namespace Cofoundry.Domain.MailTemplates

Settings:

• Cofoundry:Authentication:NumHoursPasswordResetLinkValid is now set via Cofoundry:Users:AccountRecovery:ExpireAfter
• Cofoundry:Authentication:MaxsernameAttemptsBoundaryInMinutes is now set via Cofoundry:Users:Authentication:UsernameRateLimit:Window
• Cofoundry:Authentication:MaxUsernameAttempts is now set via Cofoundry:Users:Authentication:UsernameRateLimit:Quantity
• Cofoundry:Authentication:MaxIPAttemptsBoundaryInMinutes is now set via Cofoundry:Users:Authentication:IPAddressRateLimit:Window
• Cofoundry:Authentication:MaxIPAttempts is now set via Cofoundry:Users:Authentication:IPAddressRateLimit:Quantity
• Cofoundry:Authentication:CookieNamespace is now set via Cofoundry:Users:Cookie:Namespace

Obsolete APIs removed:

• IAsyncCommandHandler: Use ICommandHandler instead
• IAsyncQueryHandler: Use IQueryHandler instead
• DbModelBuilderExtensions.UseDefaultConfig: Replaced with HasAppSchema() because no other configuration takes place here
• ImageScaleMode.UpscaleOnly: Not used/implemented
• ICustomEntityRepository: Use the new IContentRepository instead.
• IDocumentAssetRepository: Use the new IContentRepository instead.
• IImageAssetRepository: Use the new IContentRepository instead.
• IPageBlockTypeRepository: Use the new IContentRepository instead.
• IPageDirectoryRepository: Use the new IContentRepository instead.
• IPageRepository: Use the new IContentRepository instead.
• IRoleRepository: Use the new IContentRepository instead.
• IUserRepository: Use the new IContentRepository instead.