Release notes - arXiv-NG - Version accounts-0.4.1

Bug

• [ARXIVNG-1467] - Session inconsistency between NG and classic
• [ARXIVNG-2063] - Duplicate cookie clobbering routine refers to route that may not exist

New Feature

• [ARXIVNG-946] - Implement legacy integration for registration
• [ARXIVNG-950] - User should be able to create a new account
• [ARXIVNG-951] - Captcha for user registration
• [ARXIVNG-952] - Ability to view/edit user profile
• [ARXIVNG-1468] - Endorsements should be represented more efficiently
• [ARXIVNG-2131] - Tool for generating tokens in arxiv.auth should have a CLI

Task

• [ARXIVNG-1321] - Write tests for arxiv.users package, to meet or exceed 90%
• [ARXIVNG-2175] - Add helm charts for auth apps
• [ARXIVNG-2176] - Add Vault integration for auth apps
• [ARXIVNG-2177] - Security fixes for auth apps

Release notes - arXiv-NG - Version accounts-0.3.1

Bug

• [ARXIVNG-1920] - NG auth session should not clobber built-in Flask session interface

Release notes - arXiv-NG - Version authenticator-0.1.6

Task

• [ARXIVNG-1321] - Write tests for arxiv.users package, to meet or exceed 90%

Release notes - arXiv-NG - Version accounts-0.2.7

Bug

• [ARXIVNG-1688] - tapir_session cookie is created with undefined IP address

Release notes - arXiv-NG - Version accounts-0.2.6

Bug

• [ARXIVNG-1196] - Users cannot log out if a permanent token is set
• [ARXIVNG-1653] - Too many redirects on login

Release notes - arXiv-NG - Version accounts-0.2.5

Bug

• [ARXIVNG-1647] - Session expiry will not exceed 35999

Release notes - arXiv-NG - Version accounts-0.2.4

Bug

• [ARXIVNG-1632] - Changes to session expiry config settings are not reflected in auth cookies

Minor bugfixes related to user authentication.

Bugs

• Fixed a bug related to session inconsistency in administrative interfaces.
• Fixed a bug related to account status.

Other

Performance improvement to session backend.

Release notes - arXiv-NG - Version accounts-0.1

Bug

• [ARXIVNG-1094] - Patch Catalyst tapir_session cookie verification to prevent session hijacking

New Feature

• [ARXIVNG-945] - Implement legacy integration for endorsements
• [ARXIVNG-947] - Implement legacy integration for authentication
• [ARXIVNG-948] - Decorator to enforce authz scope on Flask routes
• [ARXIVNG-949] - Middleware to unpack auth tokens on requests
• [ARXIVNG-953] - Users with permanent tokens should be automatically logged in
• [ARXIVNG-1050] - Redirect user to referrer after login

Task

• [ARXIVNG-86] - Implement ORM for user session & user tables, etc.
• [ARXIVNG-87] - Create service module to generate legacy session
• [ARXIVNG-89] - Implement blueprint with routes for login and logout
• [ARXIVNG-287] - Implement service module to create session in distributed session store
• [ARXIVNG-288] - Implement login controller
• [ARXIVNG-289] - Implement logout controller
• [ARXIVNG-290] - Implement templates for login and logout
• [ARXIVNG-318] - Implement creation of legacy + NG cookies for login
• [ARXIVNG-319] - Implement invalidate method for legacy session store
• [ARXIVNG-320] - Implement method on database service to validate password
• [ARXIVNG-958] - Documentation with examples of authentication/authorization integration
• [ARXIVNG-1049] - Display error formatting when username/password is incorrect
• [ARXIVNG-1124] - Update arxiv.user to use redis cluster (vs single node)