Skip to content

Commit

Permalink
Merge branch 'release' into 'master'
Browse files Browse the repository at this point in the history
Merge branch 'release' into 'master'

See merge request passbolt/passbolt-browser-extension!655
  • Loading branch information
cedricalfonsi committed Nov 3, 2023
2 parents a16529a + 4ec1a0f commit 221f3bf
Show file tree
Hide file tree
Showing 75 changed files with 3,787 additions and 1,421 deletions.
4 changes: 2 additions & 2 deletions .gitlab-ci/jobs/build.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
build:
stage: build
image: node:16
image: node:18
extends: .rules
artifacts:
when: always
Expand All @@ -22,7 +22,7 @@ build:
build_mv3:
stage: build
image: node:16
image: node:18
extends: .rules
artifacts:
when: always
Expand Down
6 changes: 3 additions & 3 deletions .gitlab-ci/jobs/test.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
tester:
stage: test
image: node:16
image: node:18
coverage: /Lines\s* [:] ([\d\.]+)%/
extends: .rules
script:
Expand All @@ -17,7 +17,7 @@ tester:

linter:
stage: test
image: node:16
image: node:18
extends: .rules
script:
- npm ci
Expand All @@ -26,7 +26,7 @@ linter:
audit:
allow_failure: true
stage: test
image: node:16
image: node:18
extends: .rules
script:
- npm audit
58 changes: 58 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,63 @@ All notable changes to this project will be documented in this file.
This project adheres to [Semantic Versioning](http://semver.org/).

## [Unreleased]
## [4.4.0-rc.0] - 2023-11-03
## Browser extension
### Added
- PB-25204 As a signed-in user I can create a standalone TOTP
- PB-25206 As a signed-in user I can add a TOTP to an existing password resource
- PB-25210 As a signed-in user I can edit a standalone TOTP
- PB-25224 As a signed-in user I can copy a TOTP
- PB-26088 As a signed-in user I can see standalone TOTP in the quickaccess
- PB-27600 As an administrator I want to suspend or unsuspend a user
- PB-27601 As a signed-in user I should see who is suspended in the ui
- PB-27773 As an administrator I can deny access to the mobile setup screen with RBAC
- PB-27898 As an administrator I should have the possibility to deny TOTP copy and preview actions with RBAC
- PB-27949 As a signed-in user I can see password with totp in the quickaccess
- PB-27950 As a user I can use generic OAuth2 as single sign on provider
- [FEATURE INACTIVE] PB-28263 As a user I can see the resource expiry status
- [FEATURE INACTIVE] PB-28265 As a user I can reset resource expiry date
- [FEATURE INACTIVE] PB-28266 As an administrator I can enable the password expiry feature
- [FEATURE INACTIVE] PB-28267 As an administrator I can set the email notifications of the password expiry feature

### Improved
- PB-19244 As a user with encrypted description resource type present when creating a resource using quickaccess the description should be encrypted by default
- PB-25560 As an administrator on the admin settings pages I can see the source of information
- PB-26002 As a user downloading my recovery kit I want to be warned about the critical character of this asset
- PB-26086 As an administrator generating an account recovery key for my organization I want to confirm the passphrase
- PB-26094 As an administrator having a passbolt trespassing the user limits I should see a better message
- PB-27668 As a user I'd like to know what the numbers by the heart mean
- PB-27922 As a user entering my passphrase I should see the entropy progressing
- PB-28183 As administrator I want to see warnings while synchronising the organisation users directory
- PB-28378 MFA screen should be display depending on the application

### Fixed
- PB-21625 As a user I shouldn't see apostrophe replaced by special characters
- PB-25279 As a user I should see in form call to action icon be well positioned
- PB-26000 As a user updating only a resource metadata I should not update the resource secret on the API
- PB-27784 As an administrator I should not see the account recovery enrollment twice
- PB-27794 Fix unsupported TOTP while decrypting TOTP on webapp
- PB-27894 As a user I should not see my username overpass the card in the login form
- PB-27947 Fix in-form menu generate password should not override all password fields but only new password fields
- PB-27954 Fix message after successful transfer to mobile
- PB-28170 Fix SMTP host from Sendgrid
- PB-28310 As a signed-in user I should not select or unselect a resource on TOTP click
- PB-28293 As a signed-in user I should be redirected when I click on the resource url in the information panel and contextual menu

### Maintenance
- PB-26121 Improve Styleguide coverage of password policies
- PB-27786 As a user I should not see my passphrase part of the breach if the field is empty
- PB-27945 Update web-ext lib to v7.8.0
- PB-27965 Upgrade node to v18
- PB-28148 Migrate development watcher to package.json scripts
- PB-28275 Upgrade @babel/traverse on styleguide as it has a critical security issue
- [FEATURE INACTIVE] PB-27605 As a signed-in user I can set up Yubikey as two-factor authentication on the client (previously done on the API served application)
- [FEATURE INACTIVE] PB-27606 As a signed-in user I can set up TOTP as two-factor authentication on the client (previously done on the API served application)
- [FEATURE INACTIVE] PB-27608 As a user I can sign in with TOTP and Yubikey as 2FA on the client (previously done on the API served application)

### Security
- PB-25688 As a desktop app user I should sign the exported account kit with my private key

## [4.3.1] - 2023-09-28
### Fixed
- PB-27860 As a signed-in user I should be able to autofill from the quickaccess
Expand Down Expand Up @@ -1334,6 +1391,7 @@ self registration settings option in the left-side bar
- LU: Logged in user

[Unreleased]: https://github.com/passbolt/passbolt_browser_extension/compare/v4.2.0...HEAD
[4.4.0-rc.0]: https://github.com/passbolt/passbolt_browser_extension/compare/v4.3.1...v.4.4.0-rc.0
[4.3.1]: https://github.com/passbolt/passbolt_browser_extension/compare/v4.3.0...v.4.3.1
[4.3.0]: https://github.com/passbolt/passbolt_browser_extension/compare/v4.2.0...v.4.3.0
[4.2.0]: https://github.com/passbolt/passbolt_browser_extension/compare/v4.1.2...v.4.2.0
Expand Down
83 changes: 0 additions & 83 deletions Gruntfile.js
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,6 @@ module.exports = function (grunt) {
grunt.loadNpmTasks('grunt-shell');
grunt.loadNpmTasks('grunt-contrib-clean');
grunt.loadNpmTasks('grunt-contrib-copy');
grunt.loadNpmTasks('grunt-contrib-watch');

grunt.registerTask('default', ['bundle']);
grunt.registerTask('pre-dist', ['copy:styleguide']);
Expand Down Expand Up @@ -450,88 +449,6 @@ module.exports = function (grunt) {
"echo '\nZip and Crx files generated in " + path.dist_chrome_mv3 + "'"
].join(' && ')
}
},
/**
* Watch task run predefined tasks whenever watched file patterns are added, changed or deleted
* see. https://github.com/gruntjs/grunt-contrib-watch
*/
watch: {
background_page: {
files: [path.src_background_page + '**/*.js', 'node_modules/passbolt-styleguide/src/shared/**/*.js'],
tasks: ['shell:build_background_page_debug'],
options: { spawn: false }
},
service_worker: {
files: [`${path.src_background_page}**/*.js`, `${path.src_chrome_mv3}**/*.js`],
tasks: ['shell:build_service_worker_debug', 'copy:service_worker'],
options: { spawn: false }
},
content_script_app: {
files: [
path.src_content_scripts + 'js/app/AccountRecovery.js',
path.src_content_scripts + 'js/app/App.js',
path.src_content_scripts + 'js/app/Login.js',
path.src_content_scripts + 'js/app/Recover.js',
path.src_content_scripts + 'js/app/Setup.js'
],
tasks: ['shell:build_content_script_app'],
options: { spawn: false }
},
content_script_browser_integration: {
files: [path.src_content_scripts + 'js/app/BrowserIntegration.js'],
tasks: ['shell:build_content_script_browser_integration'],
options: { spawn: false }
},
content_script_public_website: {
files: [path.src_content_scripts + 'js/app/PublicWebsiteSignIn.js'],
tasks: ['shell:build_content_script_public_website'],
options: { spawn: false }
},
web_accessible_resources: {
files: [
path.src_web_accessible_resources + 'js/themes/*.js',
path.src_web_accessible_resources + '*.html'
],
tasks: ['copy:web_accessible_resources'],
options: { spawn: false }
},
web_accessible_resources_app: {
files: [
path.src_web_accessible_resources + 'js/app/AccountRecovery.js',
path.src_web_accessible_resources + 'js/app/App.js',
path.src_web_accessible_resources + 'js/app/Download.js',
path.src_web_accessible_resources + 'js/app/Login.js',
path.src_web_accessible_resources + 'js/app/QuickAccess.js',
path.src_web_accessible_resources + 'js/app/Recover.js',
path.src_web_accessible_resources + 'js/app/Setup.js',
path.src_web_accessible_resources + 'js/app/Setup.js'
],
tasks: ['shell:build_web_accessible_resources_app'],
options: { spawn: false }
},
web_accessible_resources_browser_integration: {
files: [
path.src_web_accessible_resources + 'js/app/InFormCallToAction.js',
path.src_web_accessible_resources + 'js/app/InFormMenu.js'
],
tasks: ['shell:build_web_accessible_resources_browser_integration'],
options: { spawn: false }
},
manifest_firefox: {
files: [path.src_firefox + 'manifest.json'],
tasks: ['copy:manifest_firefox'],
options: { spawn: false }
},
manifest_chrome: {
files: [path.src_chrome + 'manifest.json'],
tasks: ['copy:manifest_chrome'],
options: { spawn: false }
},
manifest_chrome_mv3: {
files: [path.src_chrome_mv3 + 'manifest.json'],
tasks: ['copy:manifest_chrome_mv3'],
options: { spawn: false }
}
}
});
};
71 changes: 66 additions & 5 deletions RELEASE_NOTES.md
Original file line number Diff line number Diff line change
@@ -1,9 +1,70 @@
Release song: https://www.youtube.com/watch?v=sc5iTNVEOAg
Release song: https://www.youtube.com/watch?v=6Ejga4kJUts

This is a small maintenance release of the browser extension only. It fixes a bug that prevented users from using the auto-fill feature from the quickaccess.
Version 4.4 (Release Candidate) of Passbolt is now available, packed full of improvements and new functionalities.

Thank you for choosing passbolt and for your continued support.
With this release, users are able to manage TOTPs directly from the browser, providing an extended TOTP experience across all their devices. They can now be created, deleted, organised and shared with others just like any other resource type.

Another highlight of this release, administrators now have the ability to suspend/unsuspend users. This new feature will offer administrators with more control over access management of their instance. By example, they will be able to prevent access to the passbolt instance for users in temporary leave, therefore enforce company policies.

Admins of the PRO have an additional option for SSO: a generic OAuth 2.0 provider is now available, expanding your authentication options and providing even more versatility.

And that's not all – a number of fixes and enhancements have been implemented to improve user experience. Among them, notification emails are now aggregated in certain cases, including limiting emails when a user imports a large amount of passwords.

Upgrade to version 4.4 to take advantage of these improvements. Thank you for using and supporting passbolt!

## [4.4.0-rc.0] - 2023-11-03
## Browser extension
### Added
- PB-25204 As a signed-in user I can create a standalone TOTP
- PB-25206 As a signed-in user I can add a TOTP to an existing password resource
- PB-25210 As a signed-in user I can edit a standalone TOTP
- PB-25224 As a signed-in user I can copy a TOTP
- PB-26088 As a signed-in user I can see standalone TOTP in the quickaccess
- PB-27600 As an administrator I want to suspend or unsuspend a user
- PB-27601 As a sign in user I should see who is suspended in the ui
- PB-27773 As an administrator I can deny access to the mobile setup screen with RBAC
- PB-27898 As an administrator I should have the possibility to deny TOTP copy and preview actions with RBAC
- PB-27949 As a signed-in user I can see password with totp in the quickaccess
- PB-27950 As a user I can use generic OAuth2 as single sign on provider
- [FEATURE INACTIVE] PB-28263 As a user I can see the resource expiry status
- [FEATURE INACTIVE] PB-28265 As a user I can reset resource expiry date
- [FEATURE INACTIVE] PB-28266 As an administrator I can enable the password expiry feature
- [FEATURE INACTIVE] PB-28267 As an administrator I can set the email notifications of the password expiry feature

### Improved
- PB-19244 As a user with encrypted description resource type present when creating a resource using quickaccess the description should be encrypted by default
- PB-25560 As an administrator on the admin settings pages I can see the source of information
- PB-26002 As a user downloading my recovery kit I want to be warned about the critical character of this asset
- PB-26086 As an administrator generating an account recovery key for my organization I want to confirm the passphrase
- PB-26094 As an administrator having a passbolt trespassing the user limits I should see a better message
- PB-27668 As a user I'd like to know what the numbers by the heart mean
- PB-27922 As a user entering my passphrase I should see the entropy progressing
- PB-28183 As administrator I want to see warnings while synchronising the organisation users directory
- PB-28378 MFA screen should be display depending on the application

## [4.3.1] - 2023-09-28
### Fixed
- PB-27860 As a signed-in user I should be able to autofill from the quickaccess
- PB-21625 As a user I shouldn't see apostrophe replaced by special characters
- PB-25279 As a user I should see in form call to action icon be well positioned
- PB-26000 As a user updating only a resource metadata I should not update the resource secret on the API
- PB-27784 As an administrator I should not see the account recovery enrollment twice
- PB-27794 Fix unsupported TOTP while decrypting TOTP on webapp
- PB-27894 As a user I should not see my username overpass the card in the login form
- PB-27947 Fix in-form menu generate password should not override all password fields but only new password fields
- PB-27954 Fix message after successful transfer to mobile
- PB-28170 Fix SMTP host from Sendgrid
- PB-28310 As a signed-in user I should not select or unselect a resource on TOTP click
- PB-28293 As a signed-in user I should be redirected when I click on the resource url in the information panel and contextual menu

### Maintenance
- PB-26121 Improve Styleguide coverage of password policies
- PB-27786 As a user I should not see my passphrase part of the breach if the field is empty
- PB-27945 Update web-ext lib to v7.8.0
- PB-27965 Upgrade node to v18
- PB-28148 Migrate development watcher to package.json scripts
- PB-28275 Upgrade @babel/traverse on styleguide as it has a critical security issue
- [FEATURE INACTIVE] PB-27605 As a signed-in user I can set up Yubikey as two-factor authentication on the client (previously done on the API served application)
- [FEATURE INACTIVE] PB-27606 As a signed-in user I can set up TOTP as two-factor authentication on the client (previously done on the API served application)
- [FEATURE INACTIVE] PB-27608 As a user I can sign in with TOTP and Yubikey as 2FA on the client (previously done on the API served application)

### Security
- PB-25688 As a desktop app user I should sign the exported account kit with my private key
Loading

0 comments on commit 221f3bf

Please sign in to comment.