2925066 by daggerhart, JeroenT, screon, jonas139, jcnventura: Refactor implicitly named setup plugin id expectations to an annotation property
3068084 by ayalon, jcnventura, Feng-Shui: Warning / Notice, if trusted browsers enabled but list of browsers is empty
3177229 by vacho: Text "You have logged in on a trusted browser." can't be translated
3127935 by michael_wojcik, barig, jcnventura: Settings form does not properly handle '0' (zero) on some config value
3089904 by idebr, jcnventura: Reuse default Drupal components in \Drupal\tfa\Form\SettingsForm
3184521 by jcnventura: Move to the Security module group
tfa 8.x-1.0-alpha6
Release notes
This release hardens the code against timing attacks on the code validation. We recommend that all users upgrade to this version.
Changes since 8.x-1.0-alpha5:
3183248 by jcnventura, greggles, Mingsong: Prevent timing attack on code validation
3182168 by jcnventura: Specify the $defaultTheme property in all functional tests
3069417 by Sergiu Stici, alexmoreno, jcnventura, greggles, omkar06: Weak algorithms usage should be avoided
tfa 8.x-1.0-alpha5
Release notes
Important note: modules that extend TFA must now declare as array the parameter of the getOverview() function.
Changes since 8.x-1.0-alpha4:
3166652 by jcnventura: Coding standards
3163387 by jcnventura: Mark the mcrypt encryption plugin deprecated
2978265 by jcnventura, artematem, Manuel Garcia, daggerhart, jhedstrom, nerdstein, andypost, harshil.maradiya, wturrell, baikho: Default encryption method mcrypt is deprecated since PHP7.1
3164087 by harishh: License "GPL-2.0+" is a deprecated SPDX license identifier, use "GPL-2.0-or-later" instead
3050102 by olofbokedal, baikho: Fix compatibility with Encrypt 8.x-3.0-rc2
3046504 by jcnventura, Manuel Garcia, dpi, acbramley, vatsalkhanna: Drupal 9 readiness
3090073 by daggerhart, idebr: Use form action wrapper with a primary button for a consistent user interface experience
2924691 by daggerhart, Waldoswndrwrld, therealssj, idebr, benjifisher, ryan.gibson, JeroenT: Remove fallback plugins, make recovery code concept into validation & setup plugins
hook_help_implementa.patch
3089880 by idebr, daggerhart: Link to 'Add encryption profile' page when no encryption profiles are configured
3061760 by e.ruiter: '#theme' => 'html_tag' should be '#type' => 'html_tag'
3074323 by samuel.seide, mrossi113, baikho: Description help text displays wrong recovery code syntax
3070153 by greggles, shrop: Documentation how to easily disable TFA for development/testing
2958950 by markdorison: Provide TFA enabled status field via views
3039597 by jhedstrom: Use formatPlural for number of remaining attempts message
2862312 by moshe weitzman: Sanitize plugin for TFA user data
2844201 by Manuel Garcia, nehakhadke, holist, therealssj, daggerhart, rajeshwari10, sanduhrs: $this->t() should be used instead of t() for Drupal 8 version
2958377 by Prashant.c: Convert module to use short array syntax (new coding standard)
2945119 by Manuel Garcia: Move TfaConfigTest to the phpunit tests directory
3001488 by chipway, volkswagenchick: Dependencies must be prefixed
3036842 by jhedstrom, Manuel Garcia, daggerhart: Add unit tests for TfaContext
3037533 by jhedstrom, daggerhart: Unit test for TfaRecoveryCode validation plugin
2944682 by Manuel Garcia, jhedstrom: Add test coverage for logging in
2937336 by jhedstrom, daggerhart, wturrell, nerdstein, ryan.gibson, Manuel Garcia, benjifisher, gbirch: Bad UX around "required to setup TFA" concept and users who have skipped validation too many times
2930535 by Manuel Garcia, daggerhart, nerdstein: Add & improve tests around the test Setup plugin in tfa_test_plugins
2943972 by Manuel Garcia, benjifisher, JeroenT: The tfa.settings route should use the permission "admin tfa settings"
2953757 by StijnStroobants, Manuel Garcia: Routing paths should start with a leading slash
2988233 by daniel_rose, volkswagenchick: Update the Hook Help text
tfa 8.x-1.0-alpha7
Release notes
Changes since 8.x-1.0-alpha6:
2925066 by daggerhart, JeroenT, screon, jonas139, jcnventura: Refactor implicitly named setup plugin id expectations to an annotation property
3068084 by ayalon, jcnventura, Feng-Shui: Warning / Notice, if trusted browsers enabled but list of browsers is empty
3177229 by vacho: Text "You have logged in on a trusted browser." can't be translated
3127935 by michael_wojcik, barig, jcnventura: Settings form does not properly handle '0' (zero) on some config value
3089904 by idebr, jcnventura: Reuse default Drupal components in \Drupal\tfa\Form\SettingsForm
3184521 by jcnventura: Move to the Security module group
tfa 8.x-1.0-alpha6
Release notes
This release hardens the code against timing attacks on the code validation. We recommend that all users upgrade to this version.
Changes since 8.x-1.0-alpha5:
3183248 by jcnventura, greggles, Mingsong: Prevent timing attack on code validation
3182168 by jcnventura: Specify the $defaultTheme property in all functional tests
3069417 by Sergiu Stici, alexmoreno, jcnventura, greggles, omkar06: Weak algorithms usage should be avoided
tfa 8.x-1.0-alpha5
Release notes
Important note: modules that extend TFA must now declare as array the parameter of the getOverview() function.
Changes since 8.x-1.0-alpha4:
3166652 by jcnventura: Coding standards
3163387 by jcnventura: Mark the mcrypt encryption plugin deprecated
2978265 by jcnventura, artematem, Manuel Garcia, daggerhart, jhedstrom, nerdstein, andypost, harshil.maradiya, wturrell, baikho: Default encryption method mcrypt is deprecated since PHP7.1
3164087 by harishh: License "GPL-2.0+" is a deprecated SPDX license identifier, use "GPL-2.0-or-later" instead
3050102 by olofbokedal, baikho: Fix compatibility with Encrypt 8.x-3.0-rc2
3046504 by jcnventura, Manuel Garcia, dpi, acbramley, vatsalkhanna: Drupal 9 readiness
3090073 by daggerhart, idebr: Use form action wrapper with a primary button for a consistent user interface experience
2924691 by daggerhart, Waldoswndrwrld, therealssj, idebr, benjifisher, ryan.gibson, JeroenT: Remove fallback plugins, make recovery code concept into validation & setup plugins
hook_help_implementa.patch
3089880 by idebr, daggerhart: Link to 'Add encryption profile' page when no encryption profiles are configured
3061760 by e.ruiter: '#theme' => 'html_tag' should be '#type' => 'html_tag'
3074323 by samuel.seide, mrossi113, baikho: Description help text displays wrong recovery code syntax
3070153 by greggles, shrop: Documentation how to easily disable TFA for development/testing
2958950 by markdorison: Provide TFA enabled status field via views
3039597 by jhedstrom: Use
formatPluralfor number of remaining attempts message2862312 by moshe weitzman: Sanitize plugin for TFA user data
2844201 by Manuel Garcia, nehakhadke, holist, therealssj, daggerhart, rajeshwari10, sanduhrs: $this->t() should be used instead of t() for Drupal 8 version
2958377 by Prashant.c: Convert module to use short array syntax (new coding standard)
2945119 by Manuel Garcia: Move TfaConfigTest to the phpunit tests directory
3001488 by chipway, volkswagenchick: Dependencies must be prefixed
3036842 by jhedstrom, Manuel Garcia, daggerhart: Add unit tests for TfaContext
3037533 by jhedstrom, daggerhart: Unit test for TfaRecoveryCode validation plugin
2944682 by Manuel Garcia, jhedstrom: Add test coverage for logging in
2937336 by jhedstrom, daggerhart, wturrell, nerdstein, ryan.gibson, Manuel Garcia, benjifisher, gbirch: Bad UX around "required to setup TFA" concept and users who have skipped validation too many times
2930535 by Manuel Garcia, daggerhart, nerdstein: Add & improve tests around the test Setup plugin in tfa_test_plugins
2943972 by Manuel Garcia, benjifisher, JeroenT: The tfa.settings route should use the permission "admin tfa settings"
2953757 by StijnStroobants, Manuel Garcia: Routing paths should start with a leading slash
2988233 by daniel_rose, volkswagenchick: Update the Hook Help text