v3.10.0 ~ Glue (pro)

Release date: February 14th, 2023.

With the help of our contributors and community, passbolt is proud to present the release of the self-registration feature and the introduction of MFA policies.

Implementing self-registration makes the registration processes smoother and more efficient. Users can now self-register if their email domain matches the policies defined by the admin.

Release 3.10 also sees the introduction of MFA policies. Administrators will be able to manage the authentication policies for their organisations. The enforcement of MFA will add an extra layer of security and a better user experience.

There are many more features to come. As always, we look forward to continuing to refine passbolt with the support of our users and community.

API

Added

• PB-19784 As a user I can self register if my email domain matches the policy defined by the administrators
• PB-21827 As an administrator I can manage the MFA policies of my organisation

Fixed

• PB-22652 As a user I can authenticate with SSO with an email address having a different case

Improved

• PB-21485 As a server administrator I want to configure the list of active proxies the instance is behind in order to get client IP when necessary
• PB-21682 As an administrator I want to configure the client option of the SMTP settings
• PB-22019 As a server administrator I want to configure TOTP MFA secret length
• PB-22574 As a signed-in user I want the sharing of resources to not perform a cycle detection

Maintenance

• PB-22327 env variable PASSBOLT_PLUGINS_SMTP_SETTINGS renamed in PASSBOLT_PLUGINS_SMTP_SETTINGS_ENABLED (backward compatible)

• PB-22413 bump CakePHP to 4.3.11
• PB-22420 SSO test routes removed

Browser extension

Added

• PB-21752 As a user I can self register if my email domain matches the policy defined by the administrators
• PB-21999 As a signed-in administrator I can force users to authenticate with MFA at each sign-in
• PB-22000 As a signed-in administrator I can force users to enable MFA
• PB-22080 As a signed-in user I should be able to import chromium based browsers csv
• PB-21874 As signed-in user I should be able to import bitwarden csv

Improved

• PB-21910 As a signed-in administrator on the self registration admin settings form I want to see the domain warnings while typing and not after blur event
• PB-22007 As a user finalising my account recovery I should be able to authenticate with SSO after my first sign out
• PB-22619 As a user authenticating with SSO, I should close the SSO popup when I am navigating away in the mainframe
• PB-22617 As a user authentication with SSO, closing the third party popup should not redirect me to the passphrase screen

Fixed

• PB-18371 Fix contextual menu positioning issue when right clicking at the bottom of the page
• PB-22386 As an administrator I want to know if the weak passphrase I am entering to generate an organisation recovery key has been pwned
• PB-22387 As an administrator generating an account recovery organisation key, I should see the warning banner after submitting the form
• PB-22388 Fix as a user recovering my account i should not see that the passphrase i entered has been pwned if it is not the valid passphrase
• PB-22084 As a signed-in user I can import my passwords from 1Password csv export with their new header conventions

Maintenance

• PB-21562 Refactor service worker port and add coverage
• PB-21813 Unit test the private key’s passphrase rotation SSO kit regeneration
• PB-21878 Unit test the user stories related to SSO via quick access
• PB-21932 Unit test: As AD I want my SSO kit to be generated when saving a new SSO settings
• PB-21933 Create a service to parse the sign in url
• PB-22337 Merge both controller AuthController and AuthSignInController to keep consistency
• PB-22353 Remove redundant toDto function in SsoClientPartEntity
• PB-22403 Instead of using new URL when getting sso url login, use an entity to ensure consistency and that the data is validated
• PB-22478 As a developer I should be sure my changes don’t introduce regression in the build
• PB-22479 As a developer I should be sure my changes don’t introduce dependency vulnerabilities
• PB-22614 Avoid telemetries to be sent to Storybook
• PB-22630 Fix the Unit test in the browser extension about method that shouldn’t be called