Please add a short line describing the PR you make, if the PR implements a specific feature or functionality, or refactor. Not needed if you add very small and unnoticable changes. Not needed when PR includes only tests for already existing feature.
- Secure operations that require cryptographic keys are protected for each user with the user's password (#889)
- Implemented the functionality to add project to the invites of a new user as outlined in issue 887 (PR888).
- Create endpoint for renewing users project access, e.g. after password reset (886)
- Added tests for web login and change password (900)
- Size-based log rotation working (15*1MiB)#897)
- Added check for project status in RemoveContents endpoint as outlined in issue 898 (PR899).
- Implemented the functionality to add project to the invites of a new user as outlined in issue 887 (PR888).
- Changed and fixed the implementation of password reset (#891
- Changed log rotation to standard format and set maximum to 1MiB per file, max 15 files (897)
- Add functionality for reactivating project access for user (886)
- Check if user is active before allowing password reset (903)
- Add support for database migrations using flask-migrate/Alembic (#890)
- Invite Researchers to projects (911)
- Changed
is_sensitivetonon_sensitiveand set to default False (#913) - Rearrangement and clean up of the token (910)
- Add landing page after password reset (#931)
- Add endpoint for health check (intended for readinessProbe) (#933)
- Introduced a
--no-mailflag in the CLI respectively asend_email: True/Falsejson parameter to fix #924 (#926) - Invite Unit Admin (temporary way) (#938)
- Add support for getting IPs from X-Forwarded-For (#952)
- Relax requirements for usernames (wider length range,
.and-) (#943) - Delay committing project to db until after the bucket has been created (#967)
- Fix logic for notification about sent email (#963)
- Extended the
dds_web.api.dds_decorators.logging_bind_requestdecorator to catch all not yet caught exceptions and make sure they will be logged (#958). - Increase the security of the session cookie using HTTPONLY and SECURE (#972)
- Add role when listing project users (#974)
- Add custom error messages to registration form (#975)
- Fix format of self deletion email (#984)
- Add a full zero-conf development environment (#993)
- Include frontend build in the backend production target (#1011)
- Correct response about project being created when email validation fails for users (#1014)
- Introduced an additional validator
dds_web.utils.contains_disallowed_charactersto fix issue #1007 (#1021). - Fix regex for listing and deleting files #1029
- Hides the "Size" and "total_size" variables according to the role and project status (#1032).
- Introduce a separate error message if someone tried to add an unit user to projects individually. (#1039)
- Catch KeyNotFoundError when user tries to give access to a project they themselves do not have access to (#1045)
- Display an error message when the user makes too many authentication requests. (#1034)
- When listing the projects, return whether or not the user has a project key for that particular project (#1049)
- New endpoint for Unit Personnel and Admins to list the other Unit Personnel / Admins within their project (#1050)
- Make previous HOTP invalid at password reset (#1054)
- New PasswordReset table to keep track of when a user has requested a password reset (#1058)
- New endpoint for listing Units as Super Admin (1060)
- New endpoint for listing unit users as Super Admin (#1059)
- Future-proofing the migrations (#1040)
- Return int instead of string from files listing and only return usage info if right role (#1070)
- Batch deletion of files (breaking atomicity) (#1067)
- Change token expiration time to 7 days (168 hours) (#1061)
- Add possibility of deleting invites (temporary fix in delete user endpoint) (#1075)
- Flask command
create-unitto create unit without having to interact with database directly (#1075) - Let project description include . and , (#1080)
- Catch OperationalError if there is a database malfunction in
files.py(#1089) - Switched the validation for the principal investigator from string to email (#1084).
- Add link in navbar to the installation documentation (#1112)
- Change from apscheduler to flask-apscheduler - solves the app context issue (#1109)
- Send an email to all Unit Admins when a Unit Admin has reset their password (#1110).
- Patch: Add check for unanswered invite when creating project and adding user who is already invited (#1117)
- Cronjob: Scheduled task for changing project status from Available to Expired (#1116)
- Cronjob: Scheduled task for changing project status from Expired to Archived (#1115)
- Add a Flask command for finding and deleting "lost files" (files that exist only in db or s3) (#1124)
- New endpoint for adding a message of the day to the database (#1136)
- Patch: Custom error for PI email validation (#1146)
- New Data Delivery System logo (#1148)
- Cronjob: Scheduled task for deleting unanswered invites after a week (#1147)
- Checkbox in registration form and policy to agree to (#1151)
- Patch: Add checks for valid public_id when creating new unit to avoid bucket name errors (#1154)
- Renamed
api/units.pytoapi/superadmin_only.pyto reflect that it's only Super Admin accessible resources (#1159) - Add unit tests for the "set_available_to_expired" and "set_expired_to_archived" functions (#1158)
- DC Branding: SciLifeLab logo + "Data Delivery System" in nav bar & DC branding in footer (#1160)
adr-toolsto document architecture decisions (#1161)- Bug: API returning float again and CLI
--sizeflag works again (#1162) - Bug: Check for timestamp
0000-00-00 00:00:00added and invite deleted (#1163) - Add documentation of status codes in
api/project.py(#1164) - Add ability to switch to using TOTP and back to HOTP for MFA (#936)
- Patch: Fix the warning in web for too soon TOTP login (within 90 seconds) (#1173)
- Bug: Do not remove the bucket when emptying the project (#1172)
- New
add-missing-bucketsargument option to thelost-filesflask command (#1174) - Bug: Corrected
lost-fileslogic and message (#1176)
- Allow all characters but unicode (e.g. emojis) in project description (#1178)
- Cronjob: Scheduled task for monthly usage data (#1181)
- New tests for
dds_web/__init__.py(#1185) - New tests for
dds_web/utils.py(#1188) - Removed FontAwesome from web (#1192)
- Get MOTD from API (#1198)
- New endpoint for listing all users (#1204)
- Only print warning about missing bucket if the project is active (#1203)
- Removed version check (#1206)
- Do not send one time code to email if the email 2fa is getting activated (#1236)
- Raise AccessDeniedError with message when token specified but user not existent (#1235)
- Display multiple MOTDS (#1212)
- Allow Super Admins to deactivate user 2FA via authenticator app (#1247)
- Get troubleshooting document from Confluence (#1244)
- Quarterly cron job calculating projects storage usage based on the database (#1246)
- Add Technical Overview page with links to Confluence and to a PDF download (#1250)
- Technical Overview moved to repository (#1250)
- Troubleshooting document moved to repository and buttons added to web to link and download (#1255)
- Add storage usage information in the Units listing table for Super Admin (#1264)
- New endpoint for setting project as busy / not busy (#1266)
- Check for if project busy before status change (#1266)
- Bug fix: Default timestamps fixed (#1271)
- Change docker image to alpine (#1272)
- Added trivy when publishing to dockerhub (#1276)
- Bug fix: Cost value displayed by the --usage flag fixed (#1274)
- New endpoint: SendMOTD - send important information to users (#1283)
- New table:
Maintenance, for keeping track of DDS maintenance mode (#1284) - New endpoint: SetMaintenance - set maintenance mode to on or off (#1286)
- New endpoint: AnyProjectsBusy - check if any projects are busy in DDS (#1288)
- Bug fix: Fix the Invite.projects database model (#1290)
- New endpoint: ListInvites - list invites (#1294)
- Limit projects listing to active projects only; a
--show-allflag can be used for listing all projects, active and inactive (#1302) - Return name of project creator from UserProjects (#1303)
- Add version to the footer of the web pages (#1304)
- Add link to the dds instance to the end of all emails (#1305)
- Troubleshooting steps added to web page (#1309)
- Bug: Return instead of project creator if user has been deleted (#1311)
- New endpoint: ProjectInfo - display project information (#1310)
- Link to "How do I get my user account?" from the login form (#1318)
- Dependency: Bump
certifidue to CVE-2022-23491 (#1337) - Dependency: Bump
jwcryptodue to CVE-2022-3102 (#1339) - Cronjob: Get number of units and users for reporting (#1324)
- Add ability to change project information via ProjectInfo endpoint (#1331)
- Fix the reporting file path (1345)
- Refactoring: Move flask commands to own module
commands.py(#1351) - Workflow: Scan with Snyk on PR and schedule (#1349)
- Flask command (cronjob): Monitor unit usage and warn if above level (#1350)
- Workflow: Do not publish to DockerHub anymore (#1357)
- Refactoring: move cronjobs previously handled by APScheduler to flask commands (#1355)
- Bug: Fix type issue in 0c9c237cced5 (latest) migration (#1360)
- Database: New
Reportingtable for saving unit / user stats every month (#1363) - Version bump: 2.2.6 (#1375)
- Workflow: Add option to publish dev image manually (#1376)
- Bug: Add value to
Unit.warning_levelfor existing units (#1378) - Workflow: Add option to run trivy on dev and master branches manually (#1380)
- Workflow: Scan with yamllint (#1385)
- Move Rotating log file maximum size and backup count to config variables (#1388)
- Workflow: Scan branch with trivy (#1377)
- Dependencies bumped (#1387)
- Werkzeug: 2.0.3 --> 2.2.3 (CVE-2023-25577)
- MarkupSafe: 2.0.1 --> 2.1.1 (prior bumps)
- Flask-Login: 0.5.0 --> 0.6.2 (prior bumps)
- Flask: 2.0.2 --> 2.0.3 (prior bumps)
- Cryptography: 36.0.1 --> 39.0.1 (CVE-2023-0286)
- Npm vulnerability fixed: CVE-2022-25881 (#1390)
- Logging: Configure action-logging to wrap json with parent key "action" (#1393)
- Workflow: Schedule trivy scan for both dev images and latest release (#1392)
- Improve logging of delete-invites flask command (#1386)
- Workflow: Schedule trivy scan for dev and latest separately (#1395)
- PR template restructured (#1403)
- Only allow latin1-encodable usernames and passwords (#1402)
- Bug: Corrected calculation of used storage space in
monitor_usagecommand (#1404) - Config: Define Argon2 settings in
config.pyand use same settings (as default) during password-hashing as in key-derivation for private key access (#1406) - Bug: Display same message during password reset independent on if the email address is registered to an account or not (#1408)
Nothing merged during this sprint
Nothing merged during this sprint
- Documentation: Minor update of Technical Overview (#1411)
- Documentation: Account roles and their permissions (#1412)
- Command:
- Save number of Unit Personnel instead of total number of unit users (#1417)
- Save total number of projects (#1418)
- Save number of Unit Admins (#1419)
- Save number of active projects (#1423)
- Change
researchuser_countcolumn name toresearcher_countin Reporting table (#1420) - Save number of inactive projects (#1426)
- Save number of unique Project Owners (#1421)
- Save amount of TB's currently stored in system (#1424)
- Save amount of TB's uploaded since start (#1430)
- Save number of TBHours stored in the last month (#1431)
- Save number of TBHours stored in since start (#1434)
- New version: 2.3.0 (#1433)
- Dependency: Bump
requeststo 2.31.0 due to security vulnerability alert (#1427) - Endpoint: Statistics; Return all rows stored in the Reporting table (#1435)
- Dependency: Bump
Flaskto 2.2.5 due to security vulnerability alert(s) (#1425) - Dependency: Bump
redis-pyto 4.5.5 due to security vulnerability alert(s) (#1437) - Change from personal name to unit name if / where it's displayed in emails (#1439)
- Refactoring:
lost_files_s3_dbflask command changed to group with subcommands (#1438)
- Change display project info depending on the user role (#1440)
- New version: 2.4.0 (#1443)
- Bug fix: Web UI project listing fix (#1445)
- Documentation: Technical Overview, section Creating a Unit in the DDS (#1449)
- Empty endpoint:
ProjectBusy(#1446)
- Rename storage-related columns in
Unittable (#1447) - Dependency: Bump
cryptographyto 41.0.3 due to security vulnerability alerts(s) (#1451) - Allow for change of storage location (#1448)
- Endpoint:
UnitUserEmails; Return primary emails for Unit Personnel- and Admins (#1454) - Change message about project being busy with upload etc (#1450)
- Dependency: Bump
certifito 2023.07.22 due to security vulnerability alert(s) (#1452) - New version: 2.5.0 (#1458)
- Added check for Maintenance mode status in MaintenanceMode endpoint (#1459)
- Bug fix: Database rollback added on project creation failure (#1461)
- Only return date (not time) from
Statisticsendpoint (#1456) - Set
sto2*columns inUnittable to nullable (#1456) - Dependency: Bump
MariaDBto LTS version 10.11.5 (#1465) - Bug fixed: Row in
ProjectUsersshould also be added if it doesn't exist when giving Researcher access to a specific project (#1464) - Workflow: Update PR template and clarify sections (#1467)
- Column
sto4_start_timeis automatically set when the create-unit command is run (#1469) - Replace expired invites when there's a new invitation attempt (#1466)
- New version: 2.5.1 (#1471)
- Revoke project access for unaccepted invites (#1468)
- Project title displayed along with the internal project ID email sent when a project is released (#1475)
- Use full DDS name in MOTD email subject (#1477)
- Add flag --verify-checksum to the comand in email template ([#1478])(#1478)
- Improved email layout; Highlighted information and commands when project is released ([#1479])(#1479)
- Added new API endpoint ProjectStatus.patch to extend the deadline ([#1480])(#1480)
- New version: 2.5.2 (#1482)
- New endpoint
AddFailedFilesfor adding failed files to database (#1472) - Change the generate usage command to monthly instead of quartely, and add the command to send a usage report specifying the number of months (#1476)
- New ADR record regarding OKR 2024 (#1483)
- Updated Pillow package version to address vulnerabities (#1486)
- Updated urllib3 package version to address vulnerabities (#1487)
- Updated PostCss Node package to address vulnerabities (#1489)
- Updated Several node libraries to address vulnerabities (#1492)
- New version: 2.6.0 (#1494)
- Implemented swagger documentation (#1495)
- Patch update crypthography package to address cve (#1496)
- Fix listing users was not showing PO (#1497)
- Bug:
flask send-usagepermission issue on testing and production environment (1499) - New version: 2.6.1 (#1501)
- Minor update jinja2 package to address cve (#1503)
- Minor update jwcrypto package to address cve (#1504)
- Document Superadmin endpoints (#1507)
- Document S3 endpoints (#1509)
- Document Project endpoints (#1508)
- Document User endpoints (#1506)
- Use of a fix version of black and linted files to 24.1.1 (#1510)
- Run containers as non-root in development envronment (#1498)
- Criptography update to address cve (#1512)
- Pillow update to address cve (#1511)
- New version: 2.6.2 (#1514)
- Changes in registration from to include user agreement (#1515)
- Add link in footer for new User Agreement and Privacy Policy (#1516)
- New extra release, outside maintenance window, version 2.6.3 (#1518)
- Fix the files endpoints according to the openAPI standards, providing new endpoint version that co-exists with the current one (#1505)
- Added email to troubleshouting webpage, with obfuscation (#1520)
- Update base image and packages to address cve in docker containers (#1523)
- New version: 2.6.4 (#1526)
- Fix the User endpoints according to OpenAPI standar (#1524)
- Update Werkzeug and related libraries to solve CVE(#1530)
- Fix raising error when archiving project, bucket deleted but DB error (#1524)
- Increase the identified less covered files(#1521)
- Parse boolean inputs correctly (#1528)
- Fix the project endpoints according to the OpenAPI standard (#1527)
- Fix the Superadmin endpoints according to the OpenAPI standard (#1533)
- Update pymysql to address cve (#1534)
- Update authlib to address cve (#1535)
- Update node packages to address cve (#1536)
- Move raw Technical Overview doc to repo, add page numbers (#1539)
- Small updates to Technical Overview contents (#1540)
- Build Technical Overview PDF in GitHub Actions, rename to include DDS and remove option to view on GitHub (#1541)
- Fixed index out of range when listing files from root (#1543)
- Update Trivy GitHub Actions (#1545)
- Move raw troubleshooting doc to repo and make small updates (#1546)
Nothing merged during this sprint
- Update certifi to remove GLOBALISSUER certicates (#1549)
- Add CODEOWNERS file in order to define Team Hermes as owners of all files in repository (#708)
- Flask command to update unit quotas (#1551)
- Bump python base image to 3.12 and related libraries in both web and client(#1548)
- Add option to motd command for sending to unit users only(#1552)
- Warning_level option defaults to 0.8(#1557)
- Update readme: backend image is published to GHCR, not DockerHub (#1558)
- Workflow bug fixed: PDFs (Technical Overview and Troubleshooting) were downloaded to incorrect directory(#1559)
- Update trivy action and add a second mirror repository to reduce TOO MANY REQUEST issue(#1560)
- Modify the invoicing commands to send the instance name in the emails(#1561)
- Fix the MOTD endpoint according to post merge review(#1564)
- New version & changelog(#1565)
- Workflow: Bump GitHub checkout action to v4 (#1556)
- Workflow: CodeQL action version(s) bumped to v3 (#1569)
- Workflow: Setup-node, codecov and upload-sarif action versions bumped to v4, v4 and v3, respectively (#1570)
- Removed exception for invalid token to simplify logging and reduce unnecessary error entries (#1572)
- Logging: Add which user name reset password (#1574)
- Change the error raised upon attempt to download data after a password reset to an AuthenticationError to avoid getting an alert (#1571)
- Filter out the MaintenanceModeException from the logs (#1573)
- Bugfix: Quick and dirty change to prevent
dds ls --treefrom failing systematically (#1575) - Update backend Dockerfile to pin a fixed version of mariadb-client (#1581)
- Update documentation regarding 'Upload' or 'Download' added to end of delivery directory name depending on command (#1580)
- Modify the monitor usage command to send warning to the affected unit as well as Data Centre(#1562)
- Run npm audit fix to solve node cve's (#1577
- New version: 2.9.0 (#1584)
- Instructions regarding database migrations moved to migrations directory, and Linkspector action added to scan for incorrect links in MD (#1576)
- Make release template (1587)