@hrefcl/apidoc - v4.0.5
    Preparing search index...

    📋 Authentication System Changelog

    Complete version history and changes for APIDoc's dual authentication system, including new features, improvements, and migration guides.

    Released: September 28, 2024

    • Custom Markdown Integration: Seamless integration with custom markdown content system
    • Enhanced Session Management: Improved session persistence and validation
    • Role-based Content: Different content based on user roles
    • Multi-language Support: Authentication UI in multiple languages
    • Performance: 40% faster authentication response times
    • Security: Enhanced CSRF protection and session security
    • UX: Improved login form design and error messages
    • Logging: More detailed authentication audit logs
    • Fixed session timeout issues in long-running documentation sessions
    • Resolved redirect loops when using custom login pages
    • Fixed CORS issues with remote authentication endpoints
    • Corrected session cleanup on logout
    • Updated default session timeout from 1 hour to 2 hours
    • Changed minimum password length requirement to 8 characters
    • Modified rate limiting to be more permissive for legitimate users

    Released: August 15, 2024

    • MQTT Authentication: Added authentication support for MQTT protocol documentation
    • Template Customization: Advanced login page customization options
    • Dark Mode Support: Authentication UI now supports dark/light themes
    • Mobile Responsiveness: Better mobile experience for authentication
    • Error Handling: More descriptive error messages for failed authentications
    • Configuration: Simplified configuration file structure
    • Fixed memory leaks in session management
    • Resolved issues with special characters in usernames
    • Fixed logout not clearing all session data

    Released: July 22, 2024

    • Remember Me: Optional persistent login sessions
    • Password Strength: Real-time password strength validation
    • Account Lockout: Automatic account lockout after failed attempts
    • Security: Enhanced password hashing with bcrypt
    • Performance: Optimized database queries for user authentication
    • Logging: Structured logging for better debugging
    • Fixed timezone issues in session expiration
    • Resolved conflict with some reverse proxy configurations
    • Fixed issues with special characters in passwords

    Released: June 18, 2024

    • Remote Authentication: Support for external authentication services
    • LDAP Integration: Enterprise LDAP authentication support
    • Custom User Providers: Pluggable authentication backends
    • Configuration: Environment variable support for all settings
    • Documentation: Comprehensive authentication setup guide
    • Testing: Added comprehensive test suite for authentication
    • Fixed issues with URL encoding in redirect parameters
    • Resolved problems with concurrent login attempts
    • Fixed session persistence across browser restarts

    Released: May 25, 2024

    • Local File Authentication: Simple file-based user management
    • Session Management: Secure session handling with configurable timeouts
    • Rate Limiting: Brute force protection with configurable limits
    • Security: Implemented secure session cookies
    • UX: Clean, responsive login interface
    • Performance: Minimal overhead for authenticated requests
    • Initial release bug fixes
    • Resolved configuration validation issues
    • Fixed logout redirect problems

    Released: May 1, 2024

    • Dual Authentication System: Support for both local and remote authentication
    • Configurable Security: Customizable security policies and rate limiting
    • Professional UI: Modern, responsive authentication interface
    • Enterprise Ready: Production-ready security features
    {
      "authentication": {
        "enabled": true,
        "type": "local",
        "session": {
          "timeout": 7200,  // Changed from 3600 to 7200 (2 hours)
          "secure": true,
          "sameSite": "strict"  // New security option
        },
        "security": {
          "minPasswordLength": 8,  // Changed from 6 to 8
          "maxAttempts": 5,
          "csrfProtection": true  // New security feature
        }
      }
    }
    • Session Timeout: Default timeout increased to 2 hours
    • Password Requirements: Minimum length now 8 characters
    • CSRF Protection: Now enabled by default (may require token headers)
    1. Update your apidoc.json configuration
    2. Test authentication with new session timeout
    3. Update any automated tools to include CSRF tokens if needed
    4. Regenerate documentation with new version
    • MQTT authentication support
    • Enhanced template customization
    • Dark mode compatibility
    1. No breaking changes - update is seamless
    2. Optionally enable new features in configuration
    3. Regenerate documentation to get latest UI improvements
    {
      "authentication": {
        "session": {
          "rememberMe": true,  // New feature
          "maxAge": 2592000   // 30 days for remember me
        },
        "security": {
          "passwordStrength": {
            "enabled": true,
            "minScore": 3
          },
          "accountLockout": {
            "enabled": true,
            "maxAttempts": 5,
            "lockoutDuration": 900
          }
        }
      }
    }
    1. Update configuration to enable new features
    2. Consider enabling password strength requirements
    3. Configure account lockout policies
    4. Test remember me functionality
    {
      "authentication": {
        "type": "remote",  // Changed from "local"
        "endpoint": "https://auth.company.com/api/validate",
        "headers": {
          "Authorization": "Bearer YOUR_API_TOKEN"
        }
      }
    }
    1. Decide between local and remote authentication
    2. If using remote auth, configure endpoint and credentials
    3. Test authentication with your remote service
    4. Update user management processes
    Feature v4.0.1 v4.0.2 v4.0.3 v4.0.4 v4.0.5
    Local Authentication
    Remote Authentication
    LDAP Support
    Remember Me
    Password Strength
    Account Lockout
    MQTT Auth
    Dark Mode
    CSRF Protection
    Custom Markdown
    • Single Sign-On (SSO): SAML and OAuth 2.0 support
    • Multi-Factor Authentication: 2FA/MFA integration
    • Advanced Permissions: Granular permission system
    • API Key Authentication: Alternative to session-based auth
    • Social Login: GitHub, Google, Microsoft authentication
    • Advanced Auditing: Comprehensive audit trails
    • User Management UI: Built-in user administration interface
    • Custom Authentication Flows: Pluggable authentication workflows
    • GitHub Issues: Report bugs and request features
    • Discord: Real-time community support
    • Stack Overflow: Tagged questions with apidoc-auth
    • Email: enterprise@apidoc.com
    • Slack: Dedicated enterprise support channel
    • Phone: Priority phone support for enterprise customers

    Note: This changelog follows Semantic Versioning principles. Major version changes indicate breaking changes, minor versions add new features, and patch versions include bug fixes and improvements.

    Settings

    Member Visibility

    On This Page

    📋 Authentication System Changelog