Skip to content

v5.2.0
Compare
Choose a tag to compare
@Bubka Bubka released this 29 May 14:27
· 138 commits to master since this release
v5.2.0
a707ad3

2FAuth v5.2 offers a new notification feature. Each user can now decide whether they want to receive an email after a successful login from a new device, or after a failed login.

For now, both notifications are disabled by default. Why this choice when this feature increases security? Because if the email configuration of your 2FAuth instance is not set up correctly, such login attempts will take a while (until all email sending attempts have failed).

If you never set up email sending on your instance, do it. It is the only way to recover your account, whether you use a password or a passkey to authenticate. To help you in this task, all required environment variables are described here. Since v5.1, administrators also have access to a test email button to validate the email configuration from the UI.

Notifications will be enabled by default in a future version.

Last but not least :

⚠️ This version drops PHP 8.1 support ⚠️

Added

  • When installed, 2FAuth now offers shortcuts to common actions.
  • User authentication logs (See user management pages in the admin area).
  • Two user preferences to control the notifications sent when authentication events occur.
  • A user preference to set the timezone applied to dates and times displayed in the app.

New env vars

  • APP_TIMEZONE: The timezone applied to dates and times recorded to database (doc).
  • AUTHENTICATION_LOG_RETENTION: The authentication log retention time, in days (doc).
  • PROXY_HEADER_FOR_IP: Name of the HTTP header sent by a reverse proxy to pass the original visitor IP address. (doc).

Changed

  • MAIL_DRIVER env var renamed to MAIL_MAILER.
    This is not a breaking change as the former name is still supported. This is just to stick to Laravel defaults.
  • NGINX server now also listens to ipv6 in Docker image (#336).

Fixed

  • issue #192 DB_DATABASE path not respected by entrypoint script
  • issue #244 gauth qr code can't be imported
  • issue #255 Only one Webauthn Device functioning
  • issue #295 Add support for PHP 8.3
  • issue #331 Last admin can demote to user, leaving the instance administratorless

API [1.4.0]

  • /api/v1/users/{id}/authentications GET path added (doc).
Assets 2
Loading
1 Join discussion