Skip to content

CHANGELOG.md

Latest commit

 

History

History
580 lines (261 loc) · 23.8 KB

CHANGELOG.md

File metadata and controls

580 lines (261 loc) · 23.8 KB

4.5.13 (2026-04-21)

Bug Fixes

  • build: use non-destructured require for @strapi/utils (1402eef)

4.5.12 (2026-04-21)

Bug Fixes

  • build: declare @strapi/utils as peerDependency — preventive zod/v4 fix (729e794)

4.5.11 (2026-04-21)

Bug Fixes

  • rbac: make plugin::magic-sessionmanager.access visible in role editor (21779d8)

4.5.10 (2026-04-21)

Bug Fixes

  • build: pin @strapi/sdk-plugin to ^5.4.0 — v6 produces broken 23-line stub bundles (7e8784b)

4.5.9 (2026-04-21)

Bug Fixes

  • deps: pin styled-components to ^6.3.9 to avoid npm ci ERESOLVE (81aaacd)

4.5.8 (2026-04-20)

Bug Fixes

  • license: raise fetch timeout to 12s + add 1 retry, downgrade grace-period log to info (6f02c20)

4.5.7 (2026-04-20)

Bug Fixes

4.5.6 (2026-04-20)

Bug Fixes

  • enduser: honest logout message + consistent 5xx envelope across session controller (7e5f6b8)

4.5.5 (2026-04-20)

Bug Fixes

  • security: enforce plugin-access permission on every admin route (7935a63)

4.5.4 (2026-04-20)

Bug Fixes

  • login,logout: no-login-drop-off for OAuth/TOTP, add /logout-others (afeebb2)

4.5.3 (2026-04-20)

Bug Fixes

  • ux,dx: communicate termination reason, consistent 401s, grace-aware endpoints (3eb5bc2)

4.5.2 (2026-04-20)

Bug Fixes

  • settings: implement geofencing UI, dynamic cleanupInterval, retention cleanup (50d7ee0)

4.5.1 (2026-04-20)

Bug Fixes

  • settings: wire sessionCreationGraceMs and cleanupUseDbDirect end-to-end (782278c)

4.5.0 (2026-04-20)

Bug Fixes

  • rbac: keep routes functional, only hide UI for unpermitted roles (97744f7)
  • session,security: close 11 correctness and hardening gaps (7742c9c)

Features

  • notifications,security: slack webhook, new-location alerts, lockout (ccfe87a)
  • rbac: add access permission for role-based visibility (6310696)

4.5.0 (2026-04-20)

Bug Fixes

  • rbac: keep routes functional, only hide UI for unpermitted roles (97744f7)

Features

  • notifications,security: slack webhook, new-location alerts, lockout (ccfe87a)
  • rbac: add access permission for role-based visibility (6310696)

4.5.0 (2026-04-15)

Bug Fixes

  • rbac: keep routes functional, only hide UI for unpermitted roles (97744f7)

Features

  • rbac: add access permission for role-based visibility (6310696)

4.4.7 (2026-02-27)

Bug Fixes

  • prevent old terminated sessions from blocking new magic-link logins (5c6c4ae)

4.4.6 (2026-02-16)

Bug Fixes

  • comprehensive security audit - 30 fixes across 14 files (9372c9f)

4.4.5 (2026-02-16)

Bug Fixes

  • critical security hardening for license routes, SSRF, and encryption (beb35b7)

4.4.4 (2026-02-08)

Bug Fixes

  • use props.theme.colors.neutral0 for dark mode card backgrounds (1a33e81)

4.4.3 (2026-02-07)

Bug Fixes

  • dark/light mode compatibility for entire admin UI (f6b1e9e)

4.4.2 (2026-01-29)

Bug Fixes

  • add terminatedManually session reactivation feature documentation (fdde3a2)

4.4.1 (2026-01-29)

Bug Fixes

  • check specific session by token hash instead of any user session (c8950d8)

4.4.0 (2026-01-29)

Features

  • add terminatedManually field for session reactivation (8887500)

4.3.4 (2026-01-28)

Bug Fixes

  • always block explicitly logged out users (3397e10)

4.3.3 (2026-01-28)

Bug Fixes

  • make session blocking opt-in with strictSessionEnforcement (b089c2b)

4.3.2 (2026-01-28)

Bug Fixes

  • prevent numeric ID fallback in session creation (370fb57)

4.3.1 (2026-01-26)

Bug Fixes

  • Session tracking and UI improvements (d7ec24c)

4.3.0 (2026-01-26)

Features

  • admin: add styled buttons and session heartbeat (789a967)

4.2.16 (2026-01-09)

Bug Fixes

  • middleware: exclude auth endpoints from session validation (830bec4)

4.2.15 (2026-01-04)

Bug Fixes

  • use relative paths for menu and settings links (667020c)

4.2.14 (2026-01-04)

Bug Fixes

  • exclude admin panel routes from session validation (82e37b2)

4.2.13 (2026-01-03)

Bug Fixes

  • optimize session lookups and add geolocation on-demand (bfaa693)

4.2.12 (2026-01-02)

Bug Fixes

  • store geoLocation and device info on session creation (64ca261)

4.2.11 (2026-01-02)

Bug Fixes

  • use tokenHash for O(1) session lookup, add UA parser for device info (34787ae)

4.2.10 (2026-01-01)

Performance Improvements

  • add database index on tokenHash for true O(1) lookup (f923b06)

4.2.9 (2026-01-01)

Performance Improvements

  • O(1) session lookup via tokenHash instead of O(n) decrypt loop (1d68fa0)

4.2.8 (2026-01-01)

Bug Fixes

  • update session activity on ALL requests with valid JWT (702d3ad)

4.2.7 (2025-12-28)

Bug Fixes

  • bump version to 4.2.7 (c6c86a6)
  • validate specific JWT session on each request, add enduser session management endpoints (c07a5a1)

4.2.6 (2025-12-14)

Bug Fixes

  • clean up README formatting (d2082bd)

4.2.5 (2025-12-14)

Bug Fixes

  • remove source folders from npm package (d64f279)

4.2.4 (2025-12-14)

Bug Fixes

  • enable npm provenance with OIDC trusted publishing (f66106c)

4.2.3 (2025-12-14)

Bug Fixes

  • update release workflow for new npm token requirements (88b70ff)

4.2.2 (2025-12-14)

Bug Fixes

  • add debug mode documentation to README (f675180)

4.2.1 (2025-12-14)

Bug Fixes

  • add debug mode for plugin logging (1eff03a)

4.2.0 (2025-12-08)

Features

  • enhance pull request template with session management specific sections and security checklist (bcf9782)

4.1.0 (2025-12-08)

Features

  • enhance GitHub issue templates with session management specific fields and feature request template (78188de)

4.0.3 (2025-12-08)

Bug Fixes

  • update CI workflow to use Node.js 22 for compatibility with dependencies (113e02e)

4.0.2 (2025-12-08)

Bug Fixes

  • add GitHub templates for better open-source collaboration (4322fd4)

4.0.1 (2025-12-05)

Bug Fixes

  • replace emojis with text prefixes for better compatibility (a8b319e)

4.0.0 (2025-12-04)

Bug Fixes

  • migrate to Strapi v5 Document Service API (6ab18d0)
  • Strapi v5 compliance - use documentId instead of id (08a061e)

BREAKING CHANGES

  • Complete migration from Entity Service to Document Service API
  • Migrate all strapi.entityService calls to strapi.documents()
  • Fix Deep Filtering: Use { user: { documentId: userId } } syntax
  • Remove all emojis from logs (54 instances)
  • Replace with text prefixes: [SUCCESS], [ERROR], [WARNING]
  • Remove unused Textarea imports (8 files)
  • Add UID constants for better maintainability

This is a critical Strapi v5 compatibility update. All session management now uses the modern Document Service API.

3.7.0 (2025-11-10)

Features

  • Add Spanish, French, and Portuguese translations (5 languages total) (d8bd41d)

3.6.0 (2025-11-09)

Features

  • Add license protection clause matching MagicMark (0bc7508)

3.5.0 (2025-11-09)

Features

  • Add homepage widget screenshot to README (ee6b7f6)

3.4.0 (2025-11-09)

Features

  • Add screenshots for README documentation (3c59705)

3.3.2 (2025-11-09)

Bug Fixes

  • Increase test delays to 8+ seconds before refresh token test (fbe5dad)

3.3.1 (2025-11-09)

Bug Fixes

  • Correct Strapi v5 refresh endpoint to /api/auth/refresh (a4cccbf)

3.3.0 (2025-11-09)

Features

  • Complete Refresh Token tracking and blocking system (0451590)

3.2.1 (2025-11-09)

Bug Fixes

  • Allow admin users to view any user's sessions (fixes 403 error) (87994de)

3.2.0 (2025-11-09)

Features

  • Add encryption key generator in Admin Panel with comprehensive docs (fc24163)

3.1.0 (2025-11-09)

Features

  • Add JWT encryption and unique session IDs for enhanced security (9c6e265)

3.0.2 (2025-11-09)

Bug Fixes

  • Correct admin API route paths (remove /admin/ prefix) (b238e85)

3.0.1 (2025-11-09)

Bug Fixes

  • Use admin API routes in admin components (fixes 401 error) (98e2c88)

3.0.0 (2025-11-09)

Bug Fixes

  • Change collectionName to magic_sessions to avoid conflicts (9fd69e6)

BREAKING CHANGES

  • Database table name changed from 'sessions' to 'magic_sessions'

The generic name 'sessions' can conflict with other plugins or Strapi internals. Using 'magic_sessions' ensures no naming conflicts.

  • Changed: collectionName from 'sessions' to 'magic_sessions'
  • Prevents: 'DB table sessions already exists' error
  • Better namespacing for plugin data

Existing users (if any) will need to migrate data or clear the database.

2.1.0 (2025-11-09)

Features

  • Hide session collection from Content Manager (6a566a9)

2.0.5 (2025-11-09)

Bug Fixes

  • Remove inversedBy from user relation (one-way relation) (ed1f4f7)

2.0.4 (2025-11-09)

Bug Fixes

  • Use short key 'session' in content-types export (Strapi v5 requirement) (0b5343c)

2.0.3 (2025-11-09)

Bug Fixes

  • Export contentTypes in server index to register session schema (f87fdf4)

2.0.2 (2025-11-09)

Bug Fixes

  • Include server and admin source files in NPM package (8cbe0fd)

2.0.1 (2025-11-09)

Bug Fixes

  • Add missing session content-type schema (4f8aa30)

2.0.0 (2025-11-09)

Bug Fixes

  • Correct content-type UID from api:: to plugin:: namespace (7451136)

BREAKING CHANGES

  • Changed all references from 'api::session.session' to 'plugin::magic-sessionmanager.session'
  • Fixed: Cannot destructure property 'kind' runtime error
  • Updated: session.js service with correct UID
  • Updated: session.js controller with correct UID
  • Updated: bootstrap.js middleware with correct UID
  • Updated: last-seen.js middleware with correct UID
  • Updated: README.md documentation with correct UID

This fixes the error when using plugin via NPM: 'Cannot destructure property kind of strapi.getModel(...) as it is undefined'

1.0.1 (2025-11-09)

Bug Fixes

  • Fix styled-components v6 keyframes compatibility (d3cfafc)

1.0.0 (2025-11-09)

Bug Fixes

  • Add missing plugin entry files and LICENSE for NPM publishing (ffc226c)
  • Correct workflow step order - build before verify (fe86334)

Features

  • Add NPM semantic-release and GitHub Actions workflows (6ab4eab)