Today's update (568f91c) brings with it the following changes:

Bugfixes

• Fixed issue related to e-portal external identifier during e-portal OIDC login.

Today's update (29bf398) brings with it the following changes:

Security issues

• Secure application better against XML-based attack vectors.
• Explicitly use Samesite=Lax cookie policy on insecure cookies.

New features

• Added login and authorization feature against e-portal, based on OpenID Connect workflow. Disabled until e-portal is fully configured.
• Added Log in using e-portal-button to standard right hand side menu. Disabled until e-portal is fully configured.
• Added eportal template function, giving access to issuer, API and logout URLs, making it possible to use these variables in templates.
• User details, institution memberships, groups, roles, course access and student/supervisor relationships are automatically provisioned when logging in using e-portal.
• User identity token (claims collection) from e-portal is verified by signature using JWT semantics. Reduces attack surface. Verification only allows RSA, ECC and Ed algorithms. Decoded identity claims are available in a session variable for use by templates.
• During login using e-portal, the user is redirected to a common Portfolio site before being redirected back to the original site. This is normal and part of the e-portal login process.
• Users without any email registered in e-portal will get an auto-generated email address associated with their Portfolio account.
• If no username has been defined in e-portal, existing users will keep their existing Portfolio username when they login using e-portal.
• If an institution with no owner is imported using e-portal, the owner is set to the orphan user.
• Information from e-portal is cached for a short while to decrease load on e-portal API during login.
• When logging out a session authenticated using e-portal, e-portal session is also logged out.

Enhancements

• Set HTTP user-agent so that when Portfolio is operating as an HTTP client, it can be more easily identified in remote systems.
• Use contact manager UI for adding user in event log report.

Bugfixes

• Logout and redirect to front page when deleting your own account, to avoid a weird login issue.
• Changed the logout request handler to be available to anonymous, so that when you explicitly try to logout when your session is already expired, it doesn't show a login prompt followed by an immediate logout.
• Fixed issue with negative time intervals in time usage reports causing skewed reports.
• Fixed grammar inconsistency with regards to the phrase "login/logout" being used as a verb, when it should be phrased as "log in/log out".
• Ensure consistent phrasing of the word e-portal.

Today's hotpatch update (91deaac) brings with it the following changes:

Bugfixes

• Fixed issue with removing existing recipient when forwarding message.

Documentation

• Added or cleaned up reference documentation for the following modules: Portfolio::Context::Request, Portfolio::PlacementTest::CSVParser, Portfolio::Variable, placement_test(t)

A hotpatch (dcf5929) was deployed today. It contains the following changes:

Bugfixes

• Fixed issue with recipient not visible when replying or forwarding messages.

Today's update (b81e7aa) brings with it the following changes:

Performance improvements

• Students and supervisor relationship table now uses pagination, which increases performance.
• Contact manager has changed backend API from XML to JSON.

Enhancements

• Improved the user experience in new message feature. It is now possible to add recipient using contact manager, and recipient auto-complete is better looking and more accessible.
• Permission editor (for objects and containers) is now using contact manager.
• Added contact manager for username lookup in file manager.
• Reduced technical debt significantly. This means a lot of code has changed, which increases the change of regressions.

Bugfixes

• The message body text area is now focused when the user is replying to a message.

Documentation improvements

• Added more reference documentation for model classes.
• All relevant reference documentation is now available.