github marketcalls/openalgo openalgo-smtp-dual-pwd-reset
v1.0.0.29
on GitHub

latest releases: openalgo-react-v2, openalgov1-final, openalgo-websocket-pooling...
6 months ago

Version 1.0.0.29 Launched

31st July 2025

Major Features

Dual-Mode Password Reset System

  • TOTP Authentication: Secure password reset using Time-based One-Time Passwords
  • Email Verification: Alternative password reset via secure email links
  • Method Selection UI: Users can choose between TOTP or email verification
  • Fallback Support: TOTP always available, email requires SMTP configuration

Complete SMTP Integration

  • Profile-Based Configuration: SMTP settings accessible via /auth/change profile page
  • Secure Credential Storage: Passwords encrypted using Fernet encryption in database
  • Gmail Support: Both personal Gmail and Gmail Workspace configurations
  • Real-time Testing: Built-in test email and debug functionality
  • Visual Configuration: Comprehensive setup guides and troubleshooting tips

Enhanced Profile Management

  • Tabbed Interface: Organized profile settings into Account & Password, SMTP Config, and TOTP tabs
  • Tab Persistence: Maintains active tab after form submissions and page reloads
  • TOTP Integration: QR code and secret key management directly in profile
  • Visual Password Requirements: Real-time password strength indicator with progress bar

User Interface Improvements

Modern Password Requirements Display

  • Badge-Style Layout: Compact rounded badges replacing vertical list
  • Real-time Feedback: Icons change from ✗ to ✓ as requirements are met
  • Progress Bar: Visual strength meter (None → Weak → Fair → Good → Strong)
  • Color-coded States: Dynamic colors based on password strength
  • Responsive Grid: 2-column layout adapting to screen size

Enhanced Email Templates

  • Professional Design: Clean, modern HTML email templates
  • Gmail Compatibility: Fixed button text color issues in Gmail
  • Security Styling: Clear security notices and warnings
  • Mobile Responsive: Templates work across all email clients

Security Enhancements

Advanced Password Security

  • Strengthened Requirements: 8+ chars, uppercase, lowercase, numbers, special characters
  • Real-time Validation: Instant feedback as users type passwords
  • Secure Token Generation: 32-byte cryptographically secure tokens
  • Session-based Validation: Server-side token management

Rate Limiting Improvements

  • Separate Login Limits: 5/minute, 25/hour for login attempts
  • Password Reset Limits: 15/hour for reset requests
  • Configurable Rates: Environment-based rate limit configuration
  • Anti-enumeration: Consistent responses preventing user enumeration

SMTP Security

  • Encrypted Storage: Password encryption using Fernet symmetric encryption
  • App Password Support: Full support for Gmail App Passwords
  • Connection Security: Proper SSL/TLS and STARTTLS handling
  • Debug Logging: Secure diagnostic information without credential exposure

📡 Broker Enhancements & WebSocket Fixes

Common WebSocket Proxy (All Brokers)

  • WebSocket Stability: WebSocket made robust across Windows, macOS, and Linux
  • Thread Cleanup: Fixed heartbeat thread timeouts and non-terminating threads
  • Graceful Shutdown: WebSocket proxy now shuts down cleanly across all platforms

Flattrade

  • Subscription Handling: Fixed rapid unsubscribe/subscribe edge cases
  • Order Accuracy: Equity orders now use average price (avgprc) for precision
  • Cache & Snapshot Cleanup: Ensures all maps, snapshots, and subscriptions are cleared

Zerodha

  • UI Data Streaming Fix: Resolved issue where UI wasn’t reflecting WebSocket data
  • Subscription Timeout Fix: Large symbol list subscriptions no longer timeout

Firstock

  • WebSocket Integration: Native Firstock WebSocket support fully integrated
  • Index Symbol Handling: Common index symbols mapped and standardized
  • LTP Update Fixes: Resolved inconsistencies in LTP data stream
  • Historical Data Fix: Fixed historical candle fetch via REST

🛠️ Technical Improvements

Database Enhancements

  • New SMTP Schema: Added 7 new columns for SMTP configuration
  • Migration Support: Cross-platform Python migration scripts
  • Multi-database Support: SQLite, PostgreSQL, MySQL compatibility
  • Data Validation: Input sanitization and format validation

Authentication Flow Updates

  • Streamlined Setup: Account creation redirects directly to login
  • Improved Messaging: Clear SMTP configuration prompts
  • Session Management: Enhanced session security and regeneration
  • Error Handling: Comprehensive error messages and user guidance

API & Backend

  • New Endpoints: /auth/test-smtp, /auth/debug-smtp, /auth/smtp-config
  • Enhanced Routing: Password reset email link handling
  • Logging Integration: Comprehensive audit logging for security events
  • Error Recovery: Graceful handling of SMTP and authentication failures

Documentation

New Documentation Files

  • PASSWORD_RESET.md: Complete password reset system documentation
  • SMTP_SETUP.md: Gmail configuration and troubleshooting guide
  • Migration guides: Step-by-step upgrade procedures

Enhanced Existing Docs

  • Updated API documentation with new endpoints
  • Added security best practices
  • Included troubleshooting guides
  • Cross-platform installation instructions

Configuration Changes

New Environment Variables 

# Rate Limiting Configuration
LOGIN_RATE_LIMIT_MIN=5 per minute
LOGIN_RATE_LIMIT_HOUR=25 per hour  
RESET_RATE_LIMIT=15 per hour

# Environment Version
ENV_CONFIG_VERSION=1.0.3

Database Schema Updates

  • Added smtp_server, smtp_port, smtp_username columns
  • Added smtp_password_encrypted, smtp_use_tls columns
  • Added smtp_from_email, smtp_helo_hostname columns

Breaking Changes

  • Account Setup Flow: QR code no longer displayed after account creation
  • Profile Structure: Profile page reorganized into tabbed interface
  • Password Requirements: Updated visual layout (functionality unchanged)
  • Environment Config: New variables required in .env file

Dependencies

  • No new external dependencies: All features use existing Python libraries
  • Enhanced existing usage: Improved cryptography, email, and session handling
  • Cross-platform compatibility: Removed Windows-incompatible shell scripts

Upgrade Instructions

See UPGRADE for detailed upgrade procedures from previous versions.

Migration Notes

  • Database migration required for SMTP functionality
  • Environment file updates needed for rate limiting
  • Profile page changes may affect custom styling
  • Password reset flow completely redesigned

Support

  • Documentation: Check /docs folder for detailed guides
  • Issues: Report bugs on GitHub Issues
  • SMTP Problems: Use built-in debug functionality
  • Migration Help: See upgrade documentation
Check out latest releases or
releases around marketcalls/openalgo openalgo-smtp-dual-pwd-reset

Don't miss a new openalgo release

NewReleases is sending notifications on new releases.

Get notifications