4.31 - 30 april 2021
Incompatibilities and deprecations
- Various WRDAuth deprecations and removals to make room for 2FA support, contact us if you need any of these APIs:
- Removes the following APIs from wrdauth: ProcessPasswordReset, ProcessPasswordResetPost, CreateEmailVerificationLink, HandleEmailVerificationPage, HandleEmailVerificationData, UpdateUserAccountFields, GetWRDAuthConfig, PrepareMail
- Removes
wrdauth
from the wrdauth plugin. It will be temporary available as__GetWRDAuth()
but our intention is to completely remove the object 'behind' wrdauth and merge it into the plugin, so don't rely on this one staying around or receiving a warning when it finally goes away. - Support for wrdauth plugins overriding
VerifyPassword
has been removed passwordpolicy
andpasswordcheck
can no longer be overridden by wrdauth plugins- Password fields no longer support
onpolicycheck
andpolicy
/policytid
onpolicycheck
andpolicy(tid)
are no longer supported by Tollium<password>
fields. Policy should be specified usingvalidationchecks
- The usermgmt app and the Tollium backend expect the WRD schemas used for authentication to use
<authenticationsettings>
instead of<password>
. The standardsystem:usermgmt
schema will be upgraded automatically but if you changed how backend authentication works, you need to do this yourself - JS import
dompack/browserfix/url
is obsolete, the WebHare polyfill already fixes this. You can just remove this import everywhere (at least back to 4.28) - We are strongly considering deprecating deriving from WebtoolFormBase and to have the RPCs always use the 'fast' path, avoiding the webdesign too. We need to know about use cases which cannot switch to the faster webtool formhooks.
- The module
dompack
has been merged into WebHare - The split datetimefields used non-BEM-ified classes for year/month/day/hour/minute/second classes. This has now been fixed.
- Emails no longer receive a
X-WebHare-Origin
header as this is a potential information leak. The origin is now shown with the mail headers in the dashboard. - IsRPCTrafficLogged is now implicitly checked by LogRPCForWebbrowser, LogRPCTraffic and LogCurrentRequestToRPCLog. IsRPCTrafficLogged will be deprecated as a public API
system/js/compat/cookie.es
has been removed as there seem to be no more users. Usedompack/extra/cookie.es
if you still used it.- Emails composed using PrepareMailWitty can no longer directly embed any WebHare resource - their extension must be one of .png, .jpg, .gif, .svg or .css and they
must be either a
mod::
or asite::
source - If you're using old video widgets (EmbeddedObjectBase) make sure you listen to the
wh-video--aspect_16_9
andwh-video--aspect_4_3
classes wherever you are now listening toaspect_16_9
andaspect_4_3
classes, as those latter non-BEM-prefixed classes will be dropped. - PrepareMailWitty would invoke RewriteDomStyles twice (and still once even if restructuring was disabled). This is now fixed.
- This release drops support for old style 'structure definition' (
<richstructure>
) files for RTD and support for<richdocumenteditor>
in site profiles - Addon modules can no longer use modules from the central node_modules to prevent an accidental undeclared dependency
Things that are nice to know
<filetype kind="rawfile">
didn't actually imply 'requirescontent' - documentation updated- The label on the send button in the standard maildialog can be overridden by passing
sendbuttontitle
to RunSendEmailDialog - A new type of schedulde task "Replace with..." allows you to replace the contents of an existing file at a specific time.
- Webtool form hooks can add 'hidden' fields which will be present in the final form results.
- Adds GetYearlyHoliday to calculate when well known holidays are celebrated
- All
<text>
s components in Tollium should have a selectable value now, even when not explicitly set as selectable - Moduledefinitions now support
<customsource>
in<catalog>
nodes to define module content sources - Adds 'Download original' button to image properties in the RTD
dompack/extra/storage.es
offers convenience wrappers for localStorage and sessionStorage, adding a fallback storage in case storage itself throws (eg due to privacy settings). It also isolates storage if<html data-wh-isolate-storage>
is set - this is used so eg. widget previews don't disturb each other or CI tests.- Tollium
<richdocument>
supports ausercss
property which contains additional CSS to include after the RTD css files - PrepareMailWitty now supports linking to images using GetModuleResourceURL and will automatically embed them
- siteprofile
<to>
rules can use 'withintype' to match the type of any parent or ancestor folder (within the same site) <screen>
,<fragment>
and<tabsextension>
can now useobjectname=
to specify an explicit relative reference to their implementation, ie you don't have to set "library=" and match the object's name exactly. Keep in mind that<tabsextension>
will still require animplementation="lib"
attribute.OpenRTDType
has been added as a public API to RestructureDocument.ExtractExcerpt
andExtractRTDExcerpt
have been added to PublishableRichDocument and WebDesign respectively to quickly grab contents of a RTD without having to use RichDocumentFilter- WRD fields can be marked as
unsafetocopy
which will prevent them from being exported, synced or duplicated. This can be used to prevent api keys/secrets from being cloned and having multiple servers talking to eg. the same upstream service. - WRD schema metadata files can now use
<migration>
nodes to run preconversions before the schema is applied.
Things you should do
-
Switch WRD schemas from
<password>
to<authenticationsettings>
, especially if they are used for the backend. You don't need to run an explicit conversion, just change the schema definition. However, this has the following effects:- we no longer support `` and
*
as different password hashes, where the first meant "this user may not login" and the second meant "this user does not have a password set, but may login.". Any loginblock must be implemented explicitly by overriding IsLoginDenied
- we no longer support `` and
4.31.1
- Adds
WRDEntity::UpdatePassword
to properly set a user password without destroying the password history (as CreateAuthenticationSettingsFromPasswordHash would do) UpdateUserPassword
has been readded to the WRDAuth api
4.31.2
- SMTP failures happening after DATA will be logged for each recipient so that it can be processed similar to a failure at RCPT