• Bumped django-all-auth from 0.46.0 to 0.51.0 to fix mild security issues (see the change log of django-all-auth for more information)
• The @classmethod decorator was mistakenly forgotten and hence missing from the following methods of openwisp_users.apps.OpenwispUsersConfig:
  • update_organizations_dict
  • create_organization_owner
• Fixed a broken example in the DRF Permission Classes section of the documentation

• Updated fur translations

Features

• Added UsersAuthenticationBackend class that allows users to authenticate using either email, phone_number or username.
• Added the possibility to filter users by their organization in the user administration section.
• Added REST API endpoints for openwisp-users.
• Added various Django REST Framework mixins and utilities which allow to implement.
• Added DRF permission classes.
• Added passwordless authentication backend for REST APIs.
• Added OrganizationInvitation model.
• Added email verification success view.
• Added logout success view.

Changes

• Authentication REST API endpoints are now enabled by default.
• Following changes have been made to the User model:
  • Increased max length of User.location field.
  • Added User.birth_date field.
  • Added User.notes field.
  • Added User.language field.
  • Made User.email case insensitive. Email addresses will always get converted to lower case before storage and comparison.
• Updated OrganizationOwnerInline to use raw_id field for organization_user field.
• Updated OrganizationUserInline to use autocomplete field for organization field.
• Backward incompatible: removed custom permission helpers.
• Backward incompatible: the REST API endpoint /api/v1/user/token/ has been changed to /api/v1/users/token/ for consistency with the rest of the API.

Dependencies:

• Dropped support for Django 2.2.x.
• Dropped support for Python 3.6.
• Added support for Python 3.8 and Python 3.9.
• Added support for Django 3.2.x and 4.0.x.
• Bumped django-allauth~=0.46.0.
• Bumped django-organizations~=2.0.1
• Bumped django-phonenumber-field~=6.0.0.
• Bumped openwisp-utils~=1.0.0.
• Bumped swapper~=1.3.0
• Added django-sesame~=2.4.0.

Bugfixes

• Fixed internal server error on /accounts/login/" page
• Fixed error on restoring "Group" object with django-reversion.
• Fixed error on visiting Django admin URL for non-existing users.
• Fixed organization managers could escalate their privileges to superuser.

Changes

• Updated django-allauth to 0.44.x
• Copied the template account/login.html from django-allauth in order to remove the sign up link, which we do not support
• Updated django-extensions to 3.1

Bugfixes

• Updating django-allauth to 0.44.x also fixes an issue affecting OpenWISP Users in production deployment (experienced in ansible-openwisp2)

Features

N/A.

Changes

• [change] Extend admin/base_site.html in confirm_email.html
• [change] Updated to openwisp-utils 0.7 and switched to new register_menu_items
• [change] Removed typographic error in settings which was maintained for backward compatibility
• [change] Removed deprecated organizations_pk

Bugfixes

• [fix] Fix email confirmation when link is invalid
• [docs] Fixed several broken links in "Extend openwisp-users" section
• [fix] Allow swagger to show parameters of obtain token view

• [chores] Allow passing a string or uuid to the Organization membership helpers
• [fix] The OrganizationUser instance of an OrganizationOwner won't be allowed to be is_admin=False
• [fix] Fixed mutable class attribute in MultitenantAdminMixin
• [fix] Fixed exception when deleting OrganizationUser of an owner
• [fix] Fixed typographical error in organization name

Features

• [models] Added organizations_managed helper
• [models] Added organizations_owned helper

Changes

• [admin]: Potentially backward incompatible change: Multi-tenant admin classes now allow only org managers. Before this version, a user needed to be only org member to see items of that organization in the admin, but this is wrong! An OrganizationUser which has is_admin=False is only an end-user of that organization. Instead, an OrganizationUser which has is_admin=True is also a manager and only this type of user shall be allowed to manage items of the organization through the django admin site. This is needed in order to support users being simple end-users in one organization but administrators in others, otherwise a staff user who is administrator of one organization would be able to change also items of other organizations where they are only members and not managers.
• [dependencies] Added support for django 3.1
• [dependencies] django-phonenumber-field 5.0

• [deps] Updated openwisp-utils to 0.6.0
• [test] Added functions to add inline fields in extended app's integration testing

Features

• [models] Added swappable models and extensible classes
• [admin] Added support for organization owners
• [admin] Added default owner to each organization
• [api] Added ObtainTokenView REST API endpoint for bearer authentication
• [api] Added OPENWISP_USERS_AUTH_API and OPENWISP_USERS_AUTH_THROTTLE_RATE settings
• [api] Added Django REST Framework permission classes
• [models] Added Organization membership helpers
• [models] Added User permission helpers

Changes

• Enabled organization owner admin by default
• [dependencies] Upgraded django-allauth 0.42.0, django-extensions 3.0.2, openwisp-utils 0.5[rest] and phonenumbers 8.12.0

Bugfixes

• [admin] Fixed administrator edit/delete users of the same organization
• [admin] Fixed unique validation error on empty phone number

• [admin] Fixed regression that caused superusers to not be able to delete regular users
• [admin] Do not de-register socialaccount if not enabled