Native Changelog

Key 🔑 security ➕ new feature 🔧 update 🐞 bug fix

13 Sept 2021 v5.0.3

🐞unsigned error in push_token migration

8 Sept 2021 v5.0.3

🐞unsigned error in account_users migration

2 Sept 2021 v5.0.2 Beta

🐞updating own account in /users triggers permission level warning 🐞error closing child account when child belongs to multiple parents 🐞inviting multiple emails at once doesn't reflect in UI 🐞knex migration not working on digital ocean due to primary key constraint 🐞export Event component not working on digital ocean 🐞user/password test method updated to PUT 🐞deleting invites removes all invites from the UI 🔧updated mongo model for mongoose 6 🔧enabling 2fa requires entering code to confirm 🔧2fa backup code 🔧improved suspicious login algorithm to allow users to have 2 devices ➕ utility.assert to check for negative values and throw error

20 August 2021 v5.0.1 Beta

🐞suspicious sign in magic link had email instead of 🐞successful login after a blocked login doesn't enable user account 🐞registering a parent or child using email/password when already registered via social doesn't save the new password 🐞reset password flow breaks when 2fa is enabled 🐞auth.signin call broken in magic link view 🐞re-send user invite not sending deep linking url 🔧update password changed from PATCH to PUT 🔧signup view invite id changed from invite_id to id

18 August 2021 v5.0 Beta

🐞get method of model generated by toolbelt has conditional id selector 🐞await missing on user.account.add and user.account.delete (mongo only) 🐞socialController.handleCallback not adding social IDs if email is already registered with a parent account 🐞admin can't close their own account ➕added client side event tracking (analytics available in Power plan) ➕Two-factor authentication 🔧refactored authController with new authenticate function to remove duplicate code 🔧form has submitOnChange prop 🔧removed create-react-app dependancy 🔧updated packages

5 June 2021 v4.1

🔑fixed updating user permission updates owner permission 🐞domain not being injected into html email 🐞register a child user via social when email is already a child of another account fails auth

10 May 2021 v4.0 Beta

🔑 patched potential privilege escalation vulnerability in userController.update ➕ authenticate with social networks ➕ log errors + get notified via email ➕ static router for server side routes ➕ cryptography support ➕ invited users listed in invite table ➕ set the permission level when inviting a user ➕ delete or resend a user invite ➕ users can be attached to multiple accounts (new account_users table) ➕ child user can close their own account ➕ npmrc file to resolve installation issues with legacy-peer-deps in npm7 ➕ signout api endpoint to destory auth tokens 🔧 knexfile uses environment variables 🔧 added authController.signup to optimise authentication during signup 🔧 user.last_active is set in new GET /auth endpoint 🔧 moved user permissions into account_users table 🔧 enhanced privilege escalation security defence 🔧 pass input type of null to skip rendering input 🔧 picker uses a key/label pair 🔧 added extra security to reset password flow 🔧 rendering a button in the emails is optional 🔧 authController.signin refactored to handle both email/pass and social 🔧 jwt contains provider (facebook, twitter etc.) 🔧 list can render individual actions and custom actions per item 🔧 user model updated to handle social network ids 🔧 auth check when app loads now checks for social token, jwt, and subscription 🔧 moved authentication endpoints into new /api/auth file 🔧 improved jwt security by storing active token in db 🔧 replaced mailgun-js with raw api call (fixed vuln with package) 🔧 updated packages to latest versions 🐞 rejectUnauthorized issue with new version of Postgres 🐞 ; being appended to mongo schema via toolbelt

8 Mar 2021

🔧 packages updated to latest versions 🔧 installcheck.js updated to use node 15 🐞 encoding mongo passwords in case of special characters

23 Jan 2021

🔧 updating profile checks if email is already registered 🔧 magic token utilises user ID instead of email for extra security 🐞 bearer token in /test/user had ':' (cosmetic issue) 🐞 'data already declared' bug with mongo template

19 Nov 2020

➕ magic sign in links ➕ helmet.js for enhanced server security ➕ API rate limiting / brute force protection ➕ suspicious sign-in attempts flagged to user ➕ high risk sign-in attempts are blocked ➕ password complexity rules added to password component ➕ validate utility for improved server-side validation ➕ create new component using: gravity create component 🔧 increased email char length in migration scripts to 512 🔧 restricted db inserts on account & user tables to prevent id change attacks 🔧 mongo connection string uses srv 🔧 upgrade mysql driver to mysql2

3 Aug 2020

➕ dynamic email generation using JSON 🐞 toolbelt creates knex migration 🐞 updating profile updates name in nav

15 Jul 2020

➕ support for mongo db ➕ invite multiple users ➕ magic link support 🔧 improved password reset flow 🔧 improved permission handling 🔧 split push tokens into separate database table 🐞 clearStorage but on sign out (iOS)

26 May 2020

🔧 split API into multiple files

20 May 2020

➕ added support for Postgres, MSSQL, MariaDB, SQLite3, Oracle, & Redshift ➕ knex.js query builder ➕ unit tests added to toolbelt 🔧 node 14 support 🐞 invite flow 🐞 search box disappearing when no search results

3 March 2020

➕ released v1