- Add CIDR-based blocker (configurable per client) to prevent e-mail filters (e.g. Cisco Umbrella) from invalidating a login link
- Add env MYSQL_CA_CERT for MySQL SSL connection
- Upgrade to node 16
- Add env MONGO_DB_CONNECTION_STRING
- Bugfix: csrf
Update version number
- Make the email url brute force more restrictive
- Remove password from return hashed in GET
- Refactor logic so admin can login with both Password and Login via E-mail
- Add external CSRF token
- Fix password login redirect url on return
- Add phone number label
- Don't invalid login token after making a new request, until login is successful
- A login email link is valid max 10 minutes
- Change phone number format to +31 for sending SMS
- Add empty layout option for emails so complete email can be set
- Add logo specific for email only in config
- Make loader text fields configurable
- Add 2 factor auth, configurable per role and client (site)
- Add ellipsis css to login url in email so it will be cut off
- In case password is not set create a random one when creating a user
- Fallback to roleId for member uniqueCode if none defaultRoleId is set
- In case password is not set create a random one
- Add client name to the page title, and client site URL to the logo href
- Add a favicon that can be overwritten in the client config
- Allow labels of required fields to be changed through the client config
- Update NPM modules for security
- Alter tables with foreign keys to user from delete restrict to delete cascade, meaning they automatically get deleted
- Update Openstad logo
- Sender in email fell back to null null, Add check to make sure firstName / lastName exists in order to prevent casting null to string
- Start of using version numbers in changelog