2.24.0-quota-projection.1 (2023-09-13)

Bug Fixes

• 404 if asset object not found (#6149) (ae31aa5)
• add .txt ending to domain validation as given in console (#6079) (d8b8236)
• add Date header to email headers RFC822 (#6302) (4123ab7)
• add font color on new label policy (#6155) (9fed1a7)
• add quota integration tests (309c34d)
• add quota integration tests (a24b001)
• add quota integration tests (47bfe41)
• add quota integration tests (23eca31)
• add quota unit tests command side (0d6c9bd)
• add quota unit tests command side (4683629)
• add quota unit tests command side (e9865fe)
• add quota unit tests command side (791f46c)
• add quota unit tests command side (7299972)
• add quota unit tests command side (9a333ba)
• add quota unit tests command side (c34ef93)
• add quota unit tests command side (9bc7fc8)
• add quota unit tests command side (d979a22)
• add scope profile to PAT (#6154) (6319fdd)
• add spans in auth requests (#6368) (6672dcd)
• add texts after template reset (#6237) (d937ee3)
• Allow Auth over non-TLS SMTP connections (#6402) (14d799e)
• always update the timestamp in trigger (#6326) (3c7b603)
• api docs (#6229) (07ef9af)
• api: handle id_token_mapping in generic oidc provider correctly (#6428) (94d13fd)
• api: naming cleanup in user and session service (#6379) (a9fb2a6)
• api: return correct http code on assets api (#6388) (69b49ac)
• autofill related issues (#6201) (bcf4bfc)
• avatar missing on login after going back (#6238) (85423b7)
• build css for login correctly (#6265) (2183b9a)
• change force local mfa on org (#6432) (54508eb)
• check if application is active in saml logic (#6003) (8dfaa1d)
• check if session is reused on reauthentication (#6322) (57857b8)
• check linked users before postAuthentication action (#5980) (0b1738d)
• cnsl-redirect-uris ngModel & formGroup issue (#5731) (79c528a)
• console: add state filter to org table, filter context (#5650) (2ec36bd)
• console: back button in detail view should not navigate to create dialog again (#6018) (c98307f)
• console: disallow inline fonts, critical styles (#5714) (11d75d0)
• console: display links on the app detail from well-known/openid-connect endpoint correctly (#6469) (c8775c4)
• console: fallback to default language if browser language not supported (#5999) (dafa8ab)
• console: filter already selected user in authorization (#6168) (b383892)
• console: initial project list size (3011268), closes #6140
• console: LDAP UI optimization for better required field recognition, improve onboarding all done visibility (#5659) (c420de1)
• console: refine onboarding styles and behavior, i18n (#5616) (2ee7b9c), closes #5617
• console: set metadata value encoding to utf-8 (#6392) (a141b8f)
• console: set options (#5605) (e79e280)
• console: show warn dialog when view switched to instance (#5935) (6c90f08)
• console: show warn on idp removal (#6004) (40a073f)
• console: url safe base64 to array buffer (#6019) (e39d1b7)
• console: warning for actions (#6390) (ff651ae)
• correct tracing in access interceptor (#5766) (40bf7e4)
• database: allow postgres sslmode=require without root cert (#4972) (8c92636)
• delete cookies (#5885) (2e86c44)
• delete e2e tests as intergation tests cover functionality (2561a5d)
• delete org project mapping by grant id (#5607) (8141d90)
• delete SMTP correctly (#6391) (8b44794)
• deps: upgrade oidc and otel (#6468) (87cdd20)
• display loginname in machine client credentials (#5936) (d5eaa8f)
• domain discovery should be case insensitive (#6134) (78eae6f)
• don't show steps in create app when pro mode (#5730) (767b3d7)
• emit project.grant.member.changed event (#6252) (f6bc047)
• ensure minimal scope for azure ad (#5686) (4c48261)
• ensure resource owner in update human profile (#6253) (13e284d)
• event handling on UserIDPLinkWriteModel (#6054) (7e6434f)
• eventstore: add created_at column (#5818) (a77f299)
• eventstore: backfill column (b9a3fac)
• eventstore: cache instances (#6501) (0f06e84)
• eventstore: correct creation date of events (#5683) (8da8fbe)
• eventstore: new column to test clock_timestamp() (c6d29fc)
• eventstore: use creation_date for existing columns (5a3d09d)
• extend message text lengths and change to bytes (#6429) (8c444a8)
• external user check (#6038) (1c8037f)
• Fix OIDC example (#6138) (5f5f155)
• footerText has no effect (#6297) (6ca789a)
• go back to user selection from other user (#6255) (dfd469c)
• handle metadata from post authentication on auto creation (#6389) (90a62b7)
• handle missing parameters in external provider callback (#6158) (26d63cd)
• handle password data correct on user creation (#6515) (62d679e)
• handle userID and context correctly (#5755) (6774e7f)
• handling of org idp migrations and google events (#5992) (66e639b)
• i18n: do not translate language itself (#6286) (43cb62c)
• idp: handle scopes in azureAD (#5665) (ed2588f)
• ignore 0 retention on event search (#5614) (29c0adb)
• ignore unchanged console redirect_uris when adding an instance domain (#6156) (a5b4319)
• Improve and sync checkSSL functions for CockroachDB and PostgreSQL (#6271) (c5c7735)
• improve autofill values (#6541) (c790715)
• improve exhausted SetCookie header (#5789) (35a0977)
• increase limit for action scripts (#6520) (3c6168d)
• introduce measures to avoid bots crawling and indexing activities (#5728) (3ca7147)
• login: add some missing translations for OTP (#6409) (e701e05)
• login: ensure auth request information is up-to-date in external user check (#6060) (8408547)
• login: improve and streamline identity provider styles (#5456) (699fc86)
• login: mfa prompt styles (#6366) (d83681a)
• login: url safe encoding base64 (#5983) (58cfb94)
• make: add buf command to core_grpc_dependencies (#6319) (cc4499e)
• management proto delete machine key (#6179) (be1fe36)
• mfa: correct change url (#5663) (c216d6e)
• migrate external id of federated users (#6312) (45262e6)
• migration: speed up step 11 (#6086) (d0cda1b)
• more silence (#5986) (61feb9d)
• nil pointer on create instance add machine (#6000) (855d6b1)
• OIDC: introspection (#6298) (782f7ad)
• one item menus height issue (#6359) (3df4361), closes #6140
• only reuse port for integration tests (#5817) (c07411e)
• org metadata query (#6161) (94fdb9a)
• OTP SMS texts (#6387) (a99f499)
• password hash update and add missing i18n (#6285) (789dcd8)
• project telemetry once for all instances (#6323) (d33a4fb)
• projection: implement GoStringer for postgres (#5716) (5d6399d)
• provide domain in session, passkey and u2f (#6097) (bd5defa)
• provide more information in the retrieve idp information (#5927) (1017568)
• provide tokens in azuread idp session (#6334) (8dc1fd0)
• query: only active by org by primary domain (#5610) (8b5217c)
• remove idp templates when using old / deprecated delete method (#5685) (429a915)
• remove instance IDPs correctly from org policies (#5609) (ea9223a)
• remove logstore beta warning (#6244) (35f4f74)
• rename (t)otp to code in session checks (#6455) (3c8640f)
• rename OTP to TOTP in v2 alpha user api (56e33ce)
• rename OTP to TOTP in v2 alpha user api (#6069) (2c6a2a3)
• rename to given and family name (#6152) (5182cb3)
• render authrequest id only if possible (#5823) (098c27d)
• reset the call timestamp after a bulk trigger (#6080) (c0e45b6), closes #5808 #5808
• rest path for StartIdentityProviderIntent (#6447) (0d94947)
• restrict AllowRegistration check to local registration (#5939) (66772ad)
• return secret generators (#6159) (59d67bd)
• Role (#6160) (48bda9a)
• saml: correct handling of remove (#5606) (d981f0d)
• sanitize primary domain for orgs (#6125) (ffb587f)
• scheduler: add span to trigger method (#6513) (c3c2a43)
• send exhausted property in env json (#5877) (885e338)
• sessions/v2: resolve tOTP TODO for Auth Methods (#6470) (241befc), closes #6450
• set displayname correctly in EnsureDisplayName (#5702) (8e19f0f)
• set exhausted cookie with env json (#5868) (0e251a2)
• set samesite to none for user agent cookie for iframe usage (#6162) (5cba5cd)
• setMetadata in saml and pre access token triggers (#6398) (84faf98)
• setup: smaller transactions (#5742) (13f6b46)
• setup: step 10 for postgres (#5717) (4102527)
• setup: steps 10 and 11 (#5987) (6be41ea)
• setup: update chunks in step 11 (#5965) (ebca7b6)
• step10: separate executions (#5754) (86f4477), closes #5627 #5714 #5717 #5743
• step11: execute step 10 to make sure events are in correct order (4d7a733)
• store auth methods instead of AMR in auth request linking and OIDC Session (#6192) (ee26f99)
• switch log level of failed locks to debug (#5746) (c12c2f0)
• TestCRDB_CreateInstance (#6522) (856d0d1)
• token for post authentication action and change phone and email (#5933) (9aed031)
• trigger session by id in verifySessionToken (#6325) (11b5a73)
• typo at function's name: checkApplicationType (#6039) (4eaf3fb)
• update correct current sequence for refresh tokens (#5608) (23e6cc3)
• update linking users if action changed values (#6024) (2d13d41)
• update saml to v0.0.11 (#5628) (440ba9f)
• upper ZITADEL banner (#6246) (57d6113)
• use correct org id for external authentication actions (#5793) (e0505b2)
• use current sequence for refetching of events (#5772) (458a383)
• use singleton meter provider (#5725) (923f691)
• use system secret config if generator type does not exist on instance (#6420) (cbd2ef0)
• user grant by id (#6242) (cd5e176)
• v2: typo in register u2f endpoint summary (#6059) (83da9ca)

Features

• add apple as idp (#6442) (e17b49e)
• add ldap external idp to login api (#5938) (52f68f8)
• add new api services (#5619) (b3d8787)
• add otp name and make it configurable (#5631) (19f2f83)
• add reply-to header in email notification (#6393) (fd00ac5)
• add saml custom attribute action and translations (#6341) (26b28ed)
• add secret generators for OTP (#6262) (2fe76ac)
• allow skip of success page for native apps (#5627) (8bf3630)
• allow to force MFA local only (#6234) (fed1557)
• api/v2: implement TOTP session check (#6362) (0017542)
• api/v2: implement U2F session check (#6339) (86af67d)
• api: add and remove OTP (SMS and email) (#6295) (a1942ec)
• api: add OIDC session service (#6157) (14b8cf4)
• api: add organisation service (#6340) (372755b)
• api: add otp (sms and email) checks in session api (#6422) (bb40e17)
• api: add password reset and change to user service (#6036) (82e7333)
• api: add user creation to user service (#5745) (e4a4b7c)
• api: list authentication method types in user api v2 (#6058) (7046194)
• api: move resource apis to beta (#6530) (be81570)
• api: new session service (#5801) (c2cb84c)
• api: new settings service (#5775) (8d13f17)
• API: support V2 token and session token usage (#6180) (8096112)
• Apply OCI source label to Docker image (#6070) (a36818c)
• Brazilian Portuguese internationalization (#6185) (fcc1acb)
• cli: add setup cleanup sub command (#5770) (c8c5cf3)
• console: add otp sms and otp email as factor (#6343) (a262595), closes #6127
• console: device code (#5771) (2dc016e)
• console: enable ID token mapping for generic OIDC provider (#6426) (29fa3d4)
• console: friendly quota exhausted screen (#5790) (b475068)
• console: user table show timestamp instead of x ago (#6034) (df87907)
• console: warning if backdrop click or escape key is pressed when new action form is dirty (#5989) (33a8ab4)
• crypto: add pbkdf2 support (#6303) (4d09409)
• delete organizations (#6083) (dd80109)
• device authorization RFC 8628 (#5646) (5819924)
• enable grpc server reflection (27e9852)
• enable grpc server reflection (#5689) (e442738)
• enable otp email and sms (#6260) (31ec1d8)
• eventstore: order by creation_date and sequence (#5568) (4c1169b)
• get multiple users by id (#6210) (133789f)
• i18n support for Macedonian language (#6178) (a3a1e24)
• implement register Passkey user API v2 (#5873) (a301c40)
• Improve German translations (#6488) (e844c68)
• improve milestone format (#6150) (9b76800)
• improve translations (#6489) (18c07ab)
• integrate passwap for human user password hashing (#6196) (4589dda)
• internationalization Bulgarian (#5998) (4378eb7)
• login: add OTP (email and sms) (#6353) (7c494fd)
• login: reuse existing session if no prompt is provided and only single session exists (#6272) (dd480f8)
• migrate external idp to other types (#5984) (5562ee9)
• OIDC: add support for end_session for V2 tokens (#6226) (59f3c32)
• OIDC: support token revocation of V2 tokens (#6203) (e1b3cda)
• push telemetry (#6027) (bb75648)
• replace inactive remove active from select account (#6364) (c115ae3)
• session checks with intent (#6031) (1b5d6ce)
• session v2 passkey authentication (#5952) (f456168)
• show all available organizations when creating project grants (#6040) (7b44209)
• show basic info start-from-init (#6183) (0f3c33c)
• show font name & preview font in branding (#6026) (37cf9f5)
• SMS and email OTP texts (#6281) (343a942)
• sort the event types in alphabetical order (#6400) (5dddbe7)
• storage: read only transactions for queries (#6415) (99e1c65)
• user v2 phone verification (#6309) (ef012d0)
• user v2alpha email API (#5708) (095ec21)
• v2alpha user service idp endpoints (#5879) (fa8f191)
• v2: implement user register OTP (#6030) (09aafb3)
• v2: register user u2f (#6020) (2e323e8)
• Zitadel translated into Spanish (#5634) (d140f93)

Performance Improvements

• reduce events read from eventstore (#6280) (d3e403f)
• skip already pushed check (#6164) (08f242e)