2.26.0 (2023-12-31)
Bug Fixes
- add check for max password length (#1368) (41aac69)
- add error handling for hook (#1339) (7ac7586)
- check linking domain prefix (#1336) (9194ffc)
- handle oauth email check separately (#1348) (757989c)
- include symbols in generated password (#1364) (f81a748)
- return correct sms otp error (#1351) (5b06680)
- sanitizeUser leaks user role (#1366) (8ce9d3f), closes #1365
- show proper error message on textlocal (#1338) (44e2466)
- update suggested Go version for contributors to 1.21 (#1331) (9feeec4)
Features
- add custom access token hook (#1332) (312f871)
- add haveibeenpwned.org password strength check (#1324) (c3acfe7)
- add manual linking APIs (#1317) (80172a1)
- add mfa verification postgres hook (#1314) (db344d5)
- add required characters password strength check (#1323) (3991bdb)
- add session id to required claim for output of custom access token hook (#1360) (31222d5)
- add weak password check on sign in (#1346) (8785527)
- azure oidc fix (#1349) (97b3595)
- password sign-up no longer blocks the db connection (#1319) (84d4b75)
- properly return hook error (#1355) (890663f)
- refactor for central password strength check (#1321) (5524653)
- refactor hook error handling (#1329) (72fdb16)
- rename
gotruetoauth(#1340) (8430113) - split validation and population of hook name (#1337) (c03ae09)
- unlinking primary identity should update email (#1326) (bdc3300)