Apostrophe CMS Main Site Forum Home

Apostrophe 2.100.1 and workflow 2.28.0

Note: version 2.100.1 fixed a TOTP reset bug in the briefly available 2.100.0. These are the release notes for 2.100.0, plus the fix.

apostrophe 2.100.1

  • New feature: Google Authenticator two-factor authentication (TOTP) support for Apostrophe accounts. Set the totp: true option of the apostrophe-login module. When enabled, users (including admins) are required to set up and complete authentication with Google Authenticator or a compatible TOTP app on their mobile device. On the user’s next login they set up Google Authenticator; after that they must supply a code from Google Authenticator at each login. If a user loses their device, an admin can reset their access by editing that user via “Manage Users” and selecting “Reset TOTP 2-Factor Authentication.” If the admin loses their device, they can use the new apostrophe-users:reset-totp command line task. Thanks to Michelin for making this work possible via Apostrophe Enterprise Support.
  • New feature: resetLegacyPassword: true option for apostrophe-login. When the passwordRules and passwordMinLength options are present, enabling resetLegacyPassword permits the user to change their password right away at login time if it is correct, but does not meet your new standards for adequate passwords. This does not require receiving a confirmation email; if you are concerned by that, consider enabling passwordReset instead if you are willing to configure email delivery. Thanks to Michelin for making this work possible via Apostrophe Enterprise Support.
  • New feature: resetKnownPassword: true option for apostrophe-login. When enabled, a currently logged-in user is permitted to change their own password without receiving an email, as long as they know their current password. This adds an additional admin bar item, which you may want to group. Thanks to Michelin for making this work possible via Apostrophe Enterprise Support.
  • Performance: Apostrophe is now much faster when editing a piece with hundreds of areas in its schema. Thanks to Bharathkumar Chandrasekaran of Freshworks for his contributions to finding the solution.
  • Bug fix: passwordRules and passwordMinLength no longer break support for new users created via apostrophe-passport who use single sign-on and do not have explicit passwords in Apostrophe.
  • Developer warning: a module that implements a widget must have a name ending in -widgets or the editor will not work properly in the browser. We now display a warning.
  • Developer warning: if the developer tries to configure piecesFilters for the pieces module, rather than the corresponding pieces-pages module, a warning is displayed.
  • UI fix: modal dialog box height corrected. Thanks to Paul Grieselhuber for this contribution.
  • UI fix: better Microsoft Edge support. Thanks to Denis Lysenko.
  • Must confirm when resetting password, since there are no do-overs if we do not have the email confirmation method available (with resetLegacyPassword: true) and since it’s generally a pain not to have this.
  • Fixed the “Reset TOTP authentication” feature of “Manage Users” (2.100.1).

apostrophe-workflow 2.28.0

  • Joins in object fields now remap properly when committing. Thanks to Eric Wong for this contribution.
  • The new apostrophe-workflow:remove task removes workflow from a project completely. You MUST remove apostrophe-workflow from app.js immediately AFTER you run this task, and your site should NOT be running while you run the task. NOTE: if you are localizing content, you will lose ALL BUT ONE of your locales if you remove workflow! You do get to choose which to keep. You really should READ THE DOCUMENTATION for more information about the consequences and the right way to use this in production.