diff --git a/CHANGELOG.md b/CHANGELOG.md index d602fc6eb..5a41c8d64 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,6 +20,27 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. +## [2.18.0] - 2024-12-17 + + + +### Added + +- UI: More descriptive Add buttons [#2107](https://github.com/openkfw/TruBudget/issues/2107) +- api: Configurable refresh token and session token length [#2103](https://github.com/openkfw/TruBudget/issues/2103) + + +### Changed + +- UI: Refactor styles for Workflow action [#2105](https://github.com/openkfw/TruBudget/issues/2105) +- UI: New TruBudget background [#2097](https://github.com/openkfw/TruBudget/issues/2097) + + +### Fixed + +- ui: Permissions not loaded correctly when switching users [#2109](https://github.com/openkfw/TruBudget/issues/2109) + + ## [2.17.0] - 2024-11-11 @@ -1308,7 +1329,8 @@ If you install TruBudget freshly, this is not an issue for you. If you update to - Updated translation keys and language-specific formatting. - Fixed bug where the subproject permissions dialog would break the details view of another project. -[unreleased]: https://github.com/openkfw/TruBudget/compare/v2.17.0...main +[unreleased]: https://github.com/openkfw/TruBudget/compare/v2.18.0...main +[2.18.0]: https://github.com/openkfw/TruBudget/compare/v2.17.0...v2.18.0 [2.17.0]: https://github.com/openkfw/TruBudget/compare/v2.16.0...v2.17.0 [2.16.0]: https://github.com/openkfw/TruBudget/compare/v2.15.0...v2.16.0 [2.15.0]: https://github.com/openkfw/TruBudget/compare/v2.14.0...v2.15.0 diff --git a/api/environment-variables.md b/api/environment-variables.md index f1c560588..e02045828 100644 --- a/api/environment-variables.md +++ b/api/environment-variables.md @@ -8,7 +8,7 @@ | **ORGANIZATION** | no | MyOrga | In the blockchain network, each node is represented by its organization name. This environment variable sets this organization name. It is used to create the organization stream on the blockchain and is also displayed in the frontend's top right corner. Minimal value: 1. Maximal value: 100. | | **PORT** | no | 8091 | The port used to expose the API for your installation. Example: If you run TruBudget locally and set API_PORT to `8080`, you can reach the API via `localhost:8080/api`. Value is a port with minimal value 0 and maximal value 65535 | | **ORGANIZATION_VAULT_SECRET** | yes | - | This is the key to en-/decrypt user data of an organization. If you want to add a new node for your organization, you want users to be able to log in on either node. **Caution:** If you want to run TruBudget in production, make sure NOT to use the default value from the `.env.example` file! Minimal value: 5. | -| **ROOT_SECRET** | no | 053dd957aaf03669c9c4e04abba7672326f53c18a2186404cf35bee647b5a350 | The root secret is the password for the root user. If you start with an empty blockchain, the root user is needed to add other users, approve new nodes,.. If you don't set a value via the environment variable, the API generates one randomly and prints it to the console **Caution:** If you want to run TruBudget in production, make sure to set a secure root secret. Minimal value: 8. | +| **ROOT_SECRET** | no | 361d01c8e3ad45279314d5d28f9b6ac12634c90a7f9fdd719518c7b71349dc35 | The root secret is the password for the root user. If you start with an empty blockchain, the root user is needed to add other users, approve new nodes,.. If you don't set a value via the environment variable, the API generates one randomly and prints it to the console **Caution:** If you want to run TruBudget in production, make sure to set a secure root secret. Minimal value: 8. | | **MULTICHAIN_RPC_HOST** | no | localhost | The IP address of the blockchain (not multichain daemon,but they are usally the same) you want to connect to. | | **MULTICHAIN_RPC_PORT** | no | 8000 | The Port of the blockchain where the server is available for incoming http connections (e.g. readiness, versions, backup and restore) | | **MULTICHAIN_PROTOCOL** | no | http | The protocol used to expose the multichain daemon of your Trubudget blockchain installation(bc). The protocol used to connect to the multichain daemon(api). This will be used internally for the communication between the API and the multichain daemon. | @@ -18,7 +18,7 @@ | **BLOCKCHAIN_PROTOCOL** | no | http | The Protocol of the blockchain where the server is available for incoming http connections. | | **SWAGGER_BASEPATH** `deprecated` | no | - | deprecated This variable was used to choose which environment (prod or test) is used for testing the requests. The variable is deprecated now, as the Swagger documentation can be used for the prod and test environment separately. Example values: "/". | | **JWT_ALGORITHM** | no | HS256 | Algorithm used for signing and verifying JWTs. | -| **JWT_SECRET** | yes (if JWT_ALGORITHM=RS256) | 7dbc33dda75136597081 | A string that is used to sign JWT which are created by the authenticate endpoint of the api. If JWT_ALGORITHM is set to `RS256`, this is required and holds BASE64 encoded PEM encoded private key for RSA. | +| **JWT_SECRET** | yes (if JWT_ALGORITHM=RS256) | 9e33c0e28cd6ca61ce4d | A string that is used to sign JWT which are created by the authenticate endpoint of the api. If JWT_ALGORITHM is set to `RS256`, this is required and holds BASE64 encoded PEM encoded private key for RSA. | | **JWT_PUBLIC_KEY** | yes (if JWT_ALGORITHM=RS256) | - | If JWT_ALGORITHM is set to `RS256`, this is required and holds BASE64 encoded PEM encoded public key for RSA. | | **DOCUMENT_FEATURE_ENABLED** | no | - | If true, all uploaded documents are stored using trubudget's storage-service. If false, the document feature of TruBudget is disabled, and trying to upload a document will result in an error. | | **DOCUMENT_EXTERNAL_LINKS_ENABLED** | no | - | If true, it is possible to use external documents links also without TruBudget's storage-service. If false, the external documents links feature of TruBudget is still possible to use in case DOCUMENT_FEATURE_ENABLED equals "true". | diff --git a/api/package-lock.json b/api/package-lock.json index 87c402516..3ff7b08b2 100644 --- a/api/package-lock.json +++ b/api/package-lock.json @@ -1,12 +1,12 @@ { "name": "trubudget-api", - "version": "2.17.0", + "version": "2.18.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "trubudget-api", - "version": "2.17.0", + "version": "2.18.0", "license": "GPL-3.0-or-later", "dependencies": { "@azure/monitor-opentelemetry": "^1.1.1", diff --git a/api/package.json b/api/package.json index 4c21e6754..c53d6aa2a 100644 --- a/api/package.json +++ b/api/package.json @@ -1,6 +1,6 @@ { "name": "trubudget-api", - "version": "2.17.0", + "version": "2.18.0", "private": true, "repository": { "type": "git", diff --git a/blockchain/package-lock.json b/blockchain/package-lock.json index 5bf0977e7..fb81b0c80 100644 --- a/blockchain/package-lock.json +++ b/blockchain/package-lock.json @@ -1,12 +1,12 @@ { "name": "trubudget-blockchain", - "version": "2.17.0", + "version": "2.18.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "trubudget-blockchain", - "version": "2.17.0", + "version": "2.18.0", "license": "GPL-3.0-or-later", "dependencies": { "@kubernetes/client-node": "1.0.0-rc6", diff --git a/blockchain/package.json b/blockchain/package.json index e5174948e..50aa30f65 100644 --- a/blockchain/package.json +++ b/blockchain/package.json @@ -1,6 +1,6 @@ { "name": "trubudget-blockchain", - "version": "2.17.0", + "version": "2.18.0", "private": true, "repository": { "type": "git", diff --git a/docs/environment-variables/api-environment-variables.md b/docs/environment-variables/api-environment-variables.md index 5083d3d91..e02045828 100644 --- a/docs/environment-variables/api-environment-variables.md +++ b/docs/environment-variables/api-environment-variables.md @@ -8,7 +8,7 @@ | **ORGANIZATION** | no | MyOrga | In the blockchain network, each node is represented by its organization name. This environment variable sets this organization name. It is used to create the organization stream on the blockchain and is also displayed in the frontend's top right corner. Minimal value: 1. Maximal value: 100. | | **PORT** | no | 8091 | The port used to expose the API for your installation. Example: If you run TruBudget locally and set API_PORT to `8080`, you can reach the API via `localhost:8080/api`. Value is a port with minimal value 0 and maximal value 65535 | | **ORGANIZATION_VAULT_SECRET** | yes | - | This is the key to en-/decrypt user data of an organization. If you want to add a new node for your organization, you want users to be able to log in on either node. **Caution:** If you want to run TruBudget in production, make sure NOT to use the default value from the `.env.example` file! Minimal value: 5. | -| **ROOT_SECRET** | no | 8d0ab15d21b6d2c48d834bad4785a52126573906c84e6120506fce35f5ce4708 | The root secret is the password for the root user. If you start with an empty blockchain, the root user is needed to add other users, approve new nodes,.. If you don't set a value via the environment variable, the API generates one randomly and prints it to the console **Caution:** If you want to run TruBudget in production, make sure to set a secure root secret. Minimal value: 8. | +| **ROOT_SECRET** | no | 361d01c8e3ad45279314d5d28f9b6ac12634c90a7f9fdd719518c7b71349dc35 | The root secret is the password for the root user. If you start with an empty blockchain, the root user is needed to add other users, approve new nodes,.. If you don't set a value via the environment variable, the API generates one randomly and prints it to the console **Caution:** If you want to run TruBudget in production, make sure to set a secure root secret. Minimal value: 8. | | **MULTICHAIN_RPC_HOST** | no | localhost | The IP address of the blockchain (not multichain daemon,but they are usally the same) you want to connect to. | | **MULTICHAIN_RPC_PORT** | no | 8000 | The Port of the blockchain where the server is available for incoming http connections (e.g. readiness, versions, backup and restore) | | **MULTICHAIN_PROTOCOL** | no | http | The protocol used to expose the multichain daemon of your Trubudget blockchain installation(bc). The protocol used to connect to the multichain daemon(api). This will be used internally for the communication between the API and the multichain daemon. | @@ -18,7 +18,7 @@ | **BLOCKCHAIN_PROTOCOL** | no | http | The Protocol of the blockchain where the server is available for incoming http connections. | | **SWAGGER_BASEPATH** `deprecated` | no | - | deprecated This variable was used to choose which environment (prod or test) is used for testing the requests. The variable is deprecated now, as the Swagger documentation can be used for the prod and test environment separately. Example values: "/". | | **JWT_ALGORITHM** | no | HS256 | Algorithm used for signing and verifying JWTs. | -| **JWT_SECRET** | yes (if JWT_ALGORITHM=RS256) | 9640f5d6c8af1bc72275 | A string that is used to sign JWT which are created by the authenticate endpoint of the api. If JWT_ALGORITHM is set to `RS256`, this is required and holds BASE64 encoded PEM encoded private key for RSA. | +| **JWT_SECRET** | yes (if JWT_ALGORITHM=RS256) | 9e33c0e28cd6ca61ce4d | A string that is used to sign JWT which are created by the authenticate endpoint of the api. If JWT_ALGORITHM is set to `RS256`, this is required and holds BASE64 encoded PEM encoded private key for RSA. | | **JWT_PUBLIC_KEY** | yes (if JWT_ALGORITHM=RS256) | - | If JWT_ALGORITHM is set to `RS256`, this is required and holds BASE64 encoded PEM encoded public key for RSA. | | **DOCUMENT_FEATURE_ENABLED** | no | - | If true, all uploaded documents are stored using trubudget's storage-service. If false, the document feature of TruBudget is disabled, and trying to upload a document will result in an error. | | **DOCUMENT_EXTERNAL_LINKS_ENABLED** | no | - | If true, it is possible to use external documents links also without TruBudget's storage-service. If false, the external documents links feature of TruBudget is still possible to use in case DOCUMENT_FEATURE_ENABLED equals "true". | @@ -38,6 +38,8 @@ | **AUTHPROXY_JWS_SIGNATURE** | yes (if AUTHPROXY_ENABLED=true) | - | secret/public key/certificate for verifying auth proxy token signature | | **DB_TYPE** | no | pg | - | | **SQL_DEBUG** | no | - | - | +| **REFRESH_TOKEN_EXPIRATION** | no | 8 | Refresh token expiration in hours. After a defined time, login session will be invalid. | +| **ACCESS_TOKEN_EXPIRATION** | no | 0.25 | Access token expiration in hours | | **REFRESH_TOKEN_STORAGE** | no | - | Determining the type of storage for refresh tokens. Allowed values are "db" or "memory" or blank to disable refresh token functionality. | | **API_DB_USER** | yes (if REFRESH_TOKEN_STORAGE=db) | postgres | Database user for database connection, e.g. postgres | | **API_DB_PASSWORD** | yes (if REFRESH_TOKEN_STORAGE=db) | test | Database password for database connection | diff --git a/e2e-test/package-lock.json b/e2e-test/package-lock.json index 0a35f7a83..f0d0b6cfa 100644 --- a/e2e-test/package-lock.json +++ b/e2e-test/package-lock.json @@ -1,12 +1,12 @@ { "name": "trubudget-e2e-test", - "version": "2.17.0", + "version": "2.18.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "trubudget-e2e-test", - "version": "2.17.0", + "version": "2.18.0", "license": "GPL-3.0-or-later", "dependencies": { "async-each": "^1.0.6", diff --git a/e2e-test/package.json b/e2e-test/package.json index c34021365..c0274bb90 100644 --- a/e2e-test/package.json +++ b/e2e-test/package.json @@ -1,6 +1,6 @@ { "name": "trubudget-e2e-test", - "version": "2.17.0", + "version": "2.18.0", "private": true, "repository": { "type": "git", diff --git a/email-notification-service/package-lock.json b/email-notification-service/package-lock.json index 50806d351..58da30a25 100644 --- a/email-notification-service/package-lock.json +++ b/email-notification-service/package-lock.json @@ -1,12 +1,12 @@ { "name": "email-notification", - "version": "2.17.0", + "version": "2.18.0", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "email-notification", - "version": "2.17.0", + "version": "2.18.0", "license": "GPL-3.0-or-later", "dependencies": { "@hapi/joi": "^17.1.1", diff --git a/email-notification-service/package.json b/email-notification-service/package.json index fc5888ca1..9d4dba87d 100644 --- a/email-notification-service/package.json +++ b/email-notification-service/package.json @@ -1,7 +1,7 @@ { "name": "email-notification", "description": "Sends notification-emails to provided SMTP server to identities saved in a database of choice.", - "version": "2.17.0", + "version": "2.18.0", "private": true, "repository": { "type": "git", diff --git a/excel-export-service/package-lock.json b/excel-export-service/package-lock.json index e79e4a78e..c07f5bc70 100644 --- a/excel-export-service/package-lock.json +++ b/excel-export-service/package-lock.json @@ -1,12 +1,12 @@ { "name": "excel-export", - "version": "2.17.0", + "version": "2.18.0", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "excel-export", - "version": "2.17.0", + "version": "2.18.0", "license": "GPL-3.0-or-later", "dependencies": { "axios": "^1.7.4", diff --git a/excel-export-service/package.json b/excel-export-service/package.json index 7635cdbed..059450495 100644 --- a/excel-export-service/package.json +++ b/excel-export-service/package.json @@ -1,6 +1,6 @@ { "name": "excel-export", - "version": "2.17.0", + "version": "2.18.0", "private": true, "description": "Export TruBudget data to Excel", "main": "src/index.js", diff --git a/frontend-collector/package-lock.json b/frontend-collector/package-lock.json index 09b8da421..4eb21feac 100644 --- a/frontend-collector/package-lock.json +++ b/frontend-collector/package-lock.json @@ -1,12 +1,12 @@ { "name": "trubudget-frontend-collector", - "version": "2.17.0", + "version": "2.18.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "trubudget-frontend-collector", - "version": "2.17.0", + "version": "2.18.0", "license": "GPL-3.0-or-later", "dependencies": { "@fastify/cors": "^8.4.1", diff --git a/frontend-collector/package.json b/frontend-collector/package.json index 8f3ebc221..8fd161f23 100644 --- a/frontend-collector/package.json +++ b/frontend-collector/package.json @@ -1,6 +1,6 @@ { "name": "trubudget-frontend-collector", - "version": "2.17.0", + "version": "2.18.0", "description": "Collector for TruBudget frontend logs", "main": "serve.js", "repository": { diff --git a/frontend/package-lock.json b/frontend/package-lock.json index 5c24ff35e..ac3783195 100644 --- a/frontend/package-lock.json +++ b/frontend/package-lock.json @@ -1,12 +1,12 @@ { "name": "trubudget-frontend", - "version": "2.17.0", + "version": "2.18.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "trubudget-frontend", - "version": "2.17.0", + "version": "2.18.0", "license": "GPL-3.0-or-later", "dependencies": { "@babel/runtime": "^7.21.5", diff --git a/frontend/package.json b/frontend/package.json index aac75dd5d..b626ceba0 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -1,6 +1,6 @@ { "name": "trubudget-frontend", - "version": "2.17.0", + "version": "2.18.0", "private": true, "repository": { "type": "git", diff --git a/provisioning/package-lock.json b/provisioning/package-lock.json index 95eadfe2a..31e6bde68 100644 --- a/provisioning/package-lock.json +++ b/provisioning/package-lock.json @@ -1,12 +1,12 @@ { "name": "trubudget-provisioning", - "version": "2.17.0", + "version": "2.18.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "trubudget-provisioning", - "version": "2.17.0", + "version": "2.18.0", "license": "GPL-3.0-or-later", "dependencies": { "axios": "^1.7.4", @@ -1029,9 +1029,9 @@ } }, "node_modules/cross-spawn": { - "version": "7.0.3", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", - "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", "dev": true, "dependencies": { "path-key": "^3.1.0", diff --git a/provisioning/package.json b/provisioning/package.json index bf1f2b928..92260f939 100644 --- a/provisioning/package.json +++ b/provisioning/package.json @@ -1,6 +1,6 @@ { "name": "trubudget-provisioning", - "version": "2.17.0", + "version": "2.18.0", "private": true, "repository": { "type": "git", diff --git a/storage-service/package-lock.json b/storage-service/package-lock.json index 61bf92bb6..ef9dacd06 100644 --- a/storage-service/package-lock.json +++ b/storage-service/package-lock.json @@ -1,12 +1,12 @@ { "name": "storage-service", - "version": "2.17.0", + "version": "2.18.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "storage-service", - "version": "2.17.0", + "version": "2.18.0", "license": "GPL-3.0-or-later", "dependencies": { "@azure/identity": "^4.0.1", diff --git a/storage-service/package.json b/storage-service/package.json index 2aee900c6..a513c9003 100644 --- a/storage-service/package.json +++ b/storage-service/package.json @@ -1,6 +1,6 @@ { "name": "storage-service", - "version": "2.17.0", + "version": "2.18.0", "private": true, "description": "Handles the TruBudget object storage", "main": "src/index.js",