Web Changelog
Key πŸ”‘ security βž• new feature πŸ”§ update 🐞 bug fix

13 Sept 2021 v8.0.4 (Power)

🐞unsigned error in push_token migration (power plan)

8 Sept 2021 v8.0.3

🐞unsigned int bug in account_users migration 🐞unsafe-line typo in server.js

2 Sept 2021 v8.0.2 Beta

🐞master dashboard user tally including master account in total 🐞base64 API key doesn't work 🐞updating profile in /users throws permissions error 🐞inviting multiple emails doesn't reflect invites in UI 🐞knex migration doesn't work on digital ocean due to primary key constraint 🐞export Event not working on Heroku 🐞form labels are only rendered if label prop exists 🐞clicking logo in email doesn't load website πŸ”§added placeholder prop to search component πŸ”§updated mongo model for mongoose 6 πŸ”§enabling 2fa requires entering code to confirm πŸ”§2fa backup code added πŸ”§updating all delete modals to use destructive prop (also changed from isDestructive) πŸ”§added utilities for en/decoding base64 πŸ”§suspicious sign-in logic improved for 2 devices βž•create a new master account using the toolbelt βž•new account actions cards βž•utilty.assert to check for negative values and throw error

2 Sept 2021 v8.0.2 Beta

🐞user invite flow doesn't accept multiple emails at once

20 August 2021 v8.0.1 Beta

🐞undefined email when deleting account in mission control 🐞suspicious sign in magic link had email instead of 🐞successful login after a blocked login doesn't enable user account 🐞registering a parent or child using email/password when already registered via social doesn't save the new password 🐞reset password flow breaks when 2fa is enabled

16 August 2021 v8.0 Beta

πŸ”‘ PrivateRoute component allowing a user to access a restricted UI route with empty data 🐞form component not updating file list 🐞get method of model generated by toolbelt has conditional id selector 🐞date picker clipped when rendered inside a modal 🐞date picker styling issues 🐞props.onChange called inside input components if non-existent 🐞conditional table badge function can't compare boolean values 🐞padding issue on fieldset with .error class 🐞table removing time from date strings 🐞styling of signout button in mobile nav 🐞reading null card values in accountController.card 🐞magic and social signin views calling API twice when context updates 🐞await missing on user.account.add and user.account.delete (mongo only) 🐞feedback metrics not showing in mission control (mongo only) 🐞account.get not selecting master account (mongo only) 🐞socialController.handleCallback not adding social IDs if email is already registered with a parent account 🐞admin can't close their own account βž•added support for API keys βž•added client side event tracking and analytics in mission control βž•API requests are logged (when using API key) βž•Two-factor authentication πŸ”§removed unused account var in account.create model πŸ”§added developer role πŸ”§custom table actions can be conditionally rendered πŸ”§form accepts isDestructive prop which sets confirm button to red (instead of green) πŸ”§message can render child props inside the component πŸ”§added mask method to utilities to mask strings πŸ”§checkbox default can have multiple values πŸ”§improved fieldset layout using grid component πŸ”§removed legacy /api/account/update endpoint πŸ”§date component formats a pretty date πŸ”§refactored authController with new authenticate function to remove duplicate code πŸ”§user.enable_support changed to user.support_enabled for consistency with 2fa_enabled

5 June 2021 v7.2.1

🐞register a child user via social when email is already a child of another account fails auth 🐞bin/view is checking for non existent env variable to test if Mongo is used

3 June 2021 v7.2

πŸ”‘fixed updating user permission updates owner permission πŸ”§removed division formulas in scss files (unsupported from sass 2.0) 🐞can't update user via mission control 🐞selecting EU region for Mailgun in setup sets base URL to EU 🐞multiple file inputs in a form sharing the one file store

10 May 2021 v7.1.1 Beta

πŸ”‘ prevented invite permission from being posted as owner/master in last build 🐞 arrow buttons missing on datepicker 🐞 userController.delete (mongo) 🐞 in accountController.close (mongo) 🐞 added dotenv to knexfile 🐞 user.update bug with postgres 🐞 missioncontrol -> accounts (postgres) 🐞 missioncontrol -> feedback (postgres) 🐞 twitter keys check in socialController 🐞 email not attached to stripe customer πŸ”§master account moved to own section of integration tests πŸ”§changed inviteId to invite_id in user signup flow for consistency

30 Apr 2021 v7.1 Beta

πŸ”‘ patched potential privilege escalation vulnerability in userController.update βž• users can be attached to multiple accounts (new account_users table) βž• user component for switching accounts βž• child user can close their own account βž• full view loading available in view context πŸ”§ loader component accepts fullscreen prop πŸ”§ knexfile uses environment variables πŸ”§ signout link moved to main nav πŸ”§ authController.signup to optimise authentication during signup πŸ”§ user.last_active is set in new GET /auth endpoint πŸ”§ moved user permissions into account_users table πŸ”§ enhanced privilege escalation security defence πŸ”§ pass input type of null to skip rendering input πŸ”§ updated missioncontrol /accounts & /users to reflect multi user/accounts πŸ”§ mission control can delete account via accountController using master token

20 Apr 2021 v7.0 Beta

βž• authenticate with social networks (facebook, twitter) βž• fontawesome icon pack βž• static router for server side routes βž• cryptography support βž• configured for heroku deployment βž• invited users listed in account/users table βž• set the permission level when inviting a user βž• delete or resend a user invite βž• preview card details in /account/billing βž• billing cycle dates in plan UI βž• list past invoices in billing view βž• amazon s3 model for uploading files and interacting with buckets βž• download action added to table βž• view action in table to load a detail view (example in missioncontrol/logs) βž• pagination component βž• log errors and view them in mission control (+ get notified via email) βž• table can render conditional badge colors βž• npmrc file to resolve installation issues with legacy-peer-deps in npm7 βž• signout api endpoint to destory auth tokens πŸ”§ throttle to search component πŸ”§ enhanced security in reset password flow πŸ”§ table can render custom actions for a single row πŸ”§ improved table row callbacks for edit/delete πŸ”§ improved user.create to use a single object as params πŸ”§ authController.signin refactored to handle both email/pass and social πŸ”§ signup form split in two: 1. user/pass OR social 2. plan/payment πŸ”§ jwt contains provider (facebook, twitter etc.) πŸ”§ moved domain section of setup into its own view πŸ”§ updated social share buttons to use fontawesome brand pack πŸ”§ user model updated to handle social network ids πŸ”§ split billing view into smaller components πŸ”§ plan features moved into /config file to simplify pricing component πŸ”§ auth check in client auth.js now checks for social token, jwt, and subscription πŸ”§ moved authentication endpoints into new /api/auth file πŸ”§ added url prop to button for navigating to external links πŸ”§ improved jwt security by storing active token in db πŸ”§ more colors added to icon props πŸ”§ modal form receives server response in callback πŸ”§ replaced mailgun-js with raw api call (fixed vuln with package) πŸ”§ updated packages to latest versions πŸ”§ optimised fetching subscription status (new account.subscription model) 🐞 rejectUnauthorized issue with new version of Postgres 🐞 ; being appended to mongo schema via toolbelt

8 Mar 2021 v6.5

πŸ”‘ vulnerability where free plan can be used via API when free plan isn't configured πŸ”§ duplicate stripe_customer_id in mongo/account πŸ”§ encoding mongo passwords in case of special characters πŸ”§ packages updated to latest versions πŸ”§ installcheck.js updated to use node 15 🐞 set form loading state immediately on submit to avoid duplicate clicks

23 Jan 2021 v6.4

πŸ”‘ updating profile checks if email is already registered βž• goto prop to button component for external URLs πŸ”§ magic token utilises user ID instead of email for extra security πŸ”§ removed duplicate (redundant) permission.json from /src πŸ”§ Bearer token in /test/user had ':' (cosmetic issue) 🐞 'data already declared' bug with mongo template 🐞 sidebar nav hovering too early in Safari

23 Dec 2020 v6.3

🐞 importing price plans bug in plans.js πŸ”§ url input component regex allows - symbol

16 Dec 2020 v6.2

βž• support for node 15 πŸ”§ swapped node-sass for sass to support node 15 πŸ”§ reference to user.plan -> user.permission in auth component πŸ”§ feedback email notification uses support email in env var 🐞 subscription checks for 'trialing' in auth component & billing view

19 Nov 2020 v6.1

βž• magic sign in links βž• helmet.js for enhanced server security βž• content security policies βž• .env support βž• API rate limiting / brute force protection βž• rounded button prop βž• suspicious sign-in attempts flagged to user βž• high risk sign-in attempts are blocked βž• dedupeArray utility βž• help view with contact form βž• password complexity rules added to password component βž• validate utility for improved server-side validation βž• server servers static build by default in production βž• dummy password_confirm field on signup to defend against bot signups βž• support for react 17 βž• user can toggle impersonation on their account in /help πŸ”§ assign routes & features.js to array before export (React 17 breaking change) πŸ”§ useAPI hook imported with require in auth component (React 17 breaking change) πŸ”§ removed react-moment dependency - now using toISOString in table πŸ”§ increased email char length in migration scripts to 512 πŸ”§ restricted db inserts on account & user tables to prevent id change attacks πŸ”§ form submit button is optional based on buttonText prop πŸ”§ renamed master to mission control in client πŸ”§ mongo connection string uses srv πŸ”§ submitOnChange prop added to form πŸ”§ upgrade mysql driver to mysql2 πŸ”§ support_email added to config πŸ”§ user can access /api/account/subscription πŸ”§ loader styling in onboarding 🐞 fieldset.js calling props.onChange twice when using radio 🐞 missing key on feedback buttons 🐞 fixed credit card not saving

18 Sep 2020 v6.0

βž• user impersonation βž• user feedback widget + reports added to master dashboard βž• create a react component from the toolbelt βž• upload files with drag & drop form component βž• datepicker component added to form βž• onboarding component βž• checklist styling options βž• button type: icon with text βž• contact form component βž• toast notification βž• centered pop animation βž• add custom actions to table πŸ”§ removed body from useAPI (unused) πŸ”§ removed close account via master in unit tests 🐞 auth bug from v5 🐞 issue with drop table in migration template 🐞 bug when clicking sort on table actions column

3 Aug 2020 v5.1

βž• dynamic email generation with JSON βž• links to docs in setup flow βž• improve stripe card error feedback πŸ”§ toolbelt creates knex migration 🐞 updating profile updates name in nav 🐞 patch user returning undefined in string

15 Jul 2020 v5.0

βž• support for mongo db βž• new user interface design βž• animations and animate component βž• hooks: useAPI, usePlans, userPermissions βž• last_active field for users βž• improved billing flow and UI βž• mobile navigation component βž• landing page design (+ pricing, checkout) βž• scoped SCSS βž• new auth page design βž• public auth permission βž• success validation indicator on form inputs βž• support for Node 14.5+ πŸ”§ improved client-side routing πŸ”§ stripe price & interval moved to plan level πŸ”§ improved permission handling πŸ”§ moved to new stripe client package πŸ”§ all packages updated πŸ”§ dynamic pricing component using live prices πŸ”§ improved password reset flow with token πŸ”§ all components migrated to functional πŸ”§ deleted external layout - using new home layout πŸ”§ improved edit/delete functions in tables πŸ”§ removed legacy client sessions πŸ”§ merged Button, IconButton and LoadingButton πŸ”§ tables render clean dates (YYYY-MM-DD) πŸ”§ removed legacy nested form inputs 🐞 missing blank slate icon on chart 🐞 await bug when sending email

26 May 2020

🐞 split API into multiple files 🐞 testing flow 🐞 deleting invite with postgres

16 May 2020

βž• added support for Postgres, MSSQL, MariaDB, SQLite3, Oracle, & Redshift βž• knex.js query builder βž• unit tests added to toolbelt βž• node 14 support πŸ”§ improve setup flow to auto-populate stripe plans 🐞 checkboxes not sending multiple values

3 March 2020

βž• support for Gravity Native βž• notification model for sending push notifications to mobile devices βž• free plan option with upgrade flow βž• support for node 13 βž• show prop on table component to filter which columns to show πŸ”§ replaced "" with '' πŸ”§ sign in blocked on deactivated accounts πŸ”§ removed redundant status keys from controllers 🐞 duplicate key entry in demo/users model

8 Jan 2020

πŸ”§ bug with foreign key constraint when creating multiple views with CLI

14 Oct 2019

βž• CLI Toolbelt to create new MVC files πŸ”§ user invite email automatically injects the email address into the signup form πŸ”§ improved handling of expired token - now redirects to login screen 🐞 API verification in model/auth.js 🐞 user.create() returning insertId, not uuid. 🐞 rendering a single action button in a table row

10 Sep 2019

βž• classnames package for creating css classes 🐞 web font not showing 🐞 sizing of icon button 🐞 notification banner not showing close button 🐞 table not showing loader when loading its own data 🐞 table not re-rendering when data prop changes

24 Aug 2018

βž• feather icons 🐞 bug with table sorting

8 Aug 2018

πŸ”§ improved installation/setup process

6 Aug 2019 v3.1 BETA

βž• SCA payment authentication βž• settings now use ENV vars πŸ”§ html email templates use dynamically injected url πŸ”§ improved server-side chart creation with chart.create() model πŸ”§ stateless application – all server sessions discarded 🐞 invite table not accepting UUIDs

12 Jun 2019 v3.0 BETA

βž• front-end React UI πŸ”§ configured for Node v12 πŸ”§ new API endpoints for React πŸ”§ removed gulp πŸ”§ removed node router πŸ”§ removed node auth (now handled with React)

7 May 2019 v2.1

πŸ”‘ implemented improved security when updating users

14 Apr 2019 v2.0

βž• homepage, pricing and auth page designs βž• API uses token authentication βž• router middleware authentication βž• viewController to reduce complexity of router.js πŸ”§ implemented proper API routing and methods πŸ”§ form urls and methods to utilise new API πŸ”§ improved permission handling πŸ”§ improved structure of controller and models πŸ”§ moved stripe methods into separate stripe model πŸ”§ improved view model to properly utilise respective models πŸ”§ AJAX request now use proper error codes πŸ”§ centralised error handling – no more try/catch πŸ”§ can no longer edit config at runtime 🐞 account.create saving stripe id on error 🐞 config/account not updating email

27 Feb 2019

βž• admin for accounts and users located at /config/accounts and /config/users

5 Feb 2019

πŸ”§ verifySubscription to account.js – automatically checks for an active stripe subscription on in sign in flow

16 Jan 2019

πŸ”§ model & controllers updated to use async/await πŸ”§ removed has_users table: tables are now linked using foreign key 🐞 validation issue with emails using 4 letter domains extensions 🐞 issue with gulp watch only running once

6 Dec 2018 v1.1

βž• forms can be automatically validated & submitted with submitAJAXForm() βž• setup process is now managed in the browser at /config/setup βž• internal config dashboard added at /config (run config/setup first) βž• metrics available at /config βž• isURLValid() added to form.js to check input field for a valid URL string βž• isPhoneValid() added to form.js to check input field for a valid phone number βž• isSelect() valid added to form.js to check that an option has been selected πŸ”§ docs now located at πŸ”§ stripe publishable API key is automatically written to file during setup πŸ”§ settings.js changed to settings.json – update any references to the settings file πŸ”§ chart functions now show a blank message when there is no data to show πŸ”§ isRadioValid(), isCheckboxValid(), isSelectValid() now re-validate when an option is selected πŸ”§ database should be initialised in each model with db.init()
🐞 resolved broken link to /home/privacy in router.js 🐞 plan field length in database updated to 32 chars to accommodate long Stripe plan IDs 🐞 prefixes added to animations