diff options
author | diosmosis <diosmosis@users.noreply.github.com> | 2019-05-16 03:12:05 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-05-16 03:12:05 +0300 |
commit | 05017ba88ec611f63bf223728990351212ff560f (patch) | |
tree | 79c20127a6584a1316bb864b329d0cba713add10 /CHANGELOG.md | |
parent | cecec674a65e4dc2a1aa7c33722a5380be2fd719 (diff) |
Require password confirmation before setting/removing superuser access. (#13975)
* Require password confirmation for changing superuser access and fix issue where getSiteAccess is called w/ superuser when toggling superuser access.
* apply review feedback
* Allow bypassing password confirmation in certain scenarios.
* Fixing tests & adding UI test.
* Update submodule.
* test fixes + remove return; from 2fa tests.
* update submodule
* Fixing tests
* Couple tweaks for screenshot testing.
* test fixes
* Fix TwoFactorAuthUsersManager test.
* More test fixes.
* try to disable all transitions
* More UI test fixes + disable materialize animations globally in UI tests.
* 2fa ui tests now working
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r-- | CHANGELOG.md | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index ea193eb4e8..43151a6369 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ The Product Changelog at **[matomo.org/changelog](https://matomo.org/changelog)* ## Matomo 3.10.0 ### Breaking Changes +* When giving a user superuser access through the `UsersManager.setSuperUserAccess` API, a new parameter `passwordConfirmation` needs to be sent along with the request containing the current password of the user issuing the API request. * Website referrer URLs are now detected using domain only instead of domain and path. This means if you have two different websites on the same domain, but different paths, and a visitor visits from one to the other, it won't have a referrer website set. ### New APIs |