Releases
- Fixed delegate user role for to access user's DEK
- Removed conversations and messages endpoints
- Added client task for re-encrypting the account owners KEK during delegation setup
- Added support multiple JWT issuers for OpenIDConnect Authentication flow.
- Added support seamless identity transition on OpenIDConnect identity provider change.
- This feature requires OpenIDConnect JWT to enclose a special claim
extension_meecoUserIdwith value reference to the previous Meeco user identity.
- Added parameters for
GET /connections:delegation=granted_to_the_other_user; the current user has granted delegation to other usersdelegation=granted_to_me; the current user has received delegation from other users
- Changed
GET /sessionshows:- the type of the session (
oidcortoken) - if the type of the session is
token, the access token will be shown
- Added parameters to
GET /items: it is now possible to fetch only items with a certain name via?name=foo - Added Share intents:
POST /invitations/{invitation_id}/share_intentsto create a share intentDELETE /share_intents/:id,GET /share_intents/:idGET /share_intents- Models
InvitationandPublicInvitationhave new fieldshares_to_be_created - response to
POST /connectionscontains a new element: a report on the created connections
- Changed parameters
valid_foradded toPOST /sessions.valid_fordefines the number of seconds the token is going to be valid - Changed handling of errors in
POST /items/shares: fieldextra_infocontains a subset of incoming parameters with the error. - Removed image and background color for the Item model (removed fields
image_background_colour,background_colorwhich are realted) - Removed Item flag
mefrom items. - Changed User field
verified_atso is hidden. - Removed legacy
messagesfeature which was not being used and would need to be upgraded if it were to be used. - Changed the
POST /thumbnailsendpoint request structure to be nested under athumbnailobject - Fixed performance on the
POST /itemsendpoint - Changed classification parameters for
POST /itemsandPUT /itemsendpoints - Changed
POST /classification_nodesto only be used for user managed schemes (tags) - Changed error messages on
POST /itemsendpoint to provide more detailde cause - Added field
owned_by_userto classification scheme - Removed
valuefrom POST /items,encrypted_valuefield should be used instead - Removed POST /images endpoint and all image relations on items and users, images (unencrypted) are now only to be used by system admins, this helps clear confusion and the risk of user's images being sent up unencrypted.
- Removed associations from users and items
- Added enum definitions to the swagger file (and generated sdk) for the following models:
ClientTask.stateClientTask.work_typeEvent.eventable_typeEvent.event_typeOwnConnectionData.connection_typeTheOtherConnectedUserData.connection_typeService.statusOrganization.statusShare.acceptance_requiredShare.sharing_modeOrganizationMember.roleUser.user_type
- Removed updating of a slot in the
PUT /itemsendpoint. You must now specifiy the slot's id to update it, any slot sent up without an id will be treated as a new slot - Changed the flow of downloading attachments so fewer API calls are needed (see newly released cli/sdk implementation for example usage)
- Removed fields
is_app_logging_enabled,unconfirmed_email,share_termsfrom modelUser - Removed UserAccessToken fields
name,device_push_token,push_token_platform - Added
item_idsparameter to retrieve multiple specific items at once. e.g.GET /items?item_ids=abc,xyz,foo,bar - Changed share objects to hide the
owner_idfield from share objects when the sharee is not connected with the owner of the item (e.g. on-share) POST /items- added fieldsnameanddescriptionto the list of accepted item fieldsPOST /items: removed fieldsidand_destroyfrom slot attributes when creating a new item.- Added documentation for
GET /images/:idendpoint - Removed GET /attachments/:id/download from documentation (this endpoint had already be decommisioned in the previous release)
attachment_idin slots no longer changes when sharing a slot with an attachment- Changed the shape of the nested attachment json (on POST /items etc)
- Removed
slots.attachment_uidasattachment_iddoes not change upon share now. - Changed behaviour of attachements to enforce data integrity
- once a slot has an attachment, it is not permitted to remove or replace the attachment
- once a slot has an attachments folder, it is not permitted to remove or replace the attachments folder
- Changed the urls generated by the server for images and thumbnails. Redirects are now handled by 2 endpoints:
GET /blobs/public/{id}/{digest}- for images and thumbnailsGET /blobs/attachment/{id}/{digest}- for attachments and direct attachments
- Removed
PUT /slots/:id. Instead,PUT /items/:idshould be used. - Added attachment folders functionality; managing attachments folders not linked to any slots:
POST /attachments_foldersGET /attachments_foldersGET /attachments_folders/:idDELETE /attachments_folders/:id
- Added attachments folders for slots:
- To attach an existing attachments folder use property
attachments_folder_id, see modelNestedSlotAttributes - To access a attachments folders data use
GET /slots/:slot_id/attachments_folder
- Added new parameters for
GET /items:ownboolean, if true adds constraintitems.user_id = items.owner_id, if false adds constraintitems.user_id != items.owner_idowner_id, if present, adds constraintitems.owner_id = 'parameter goes here'
- Removed Field
encryptedinSlot - Removed fields
cloudname,key_store_admission_token,key_store_id,key_store_url,key_store_usernameinUser
- Added support multiple JWT issuers for OpenIDConnect Authentication flow.
- Added support seamless identity transition on OpenIDConnect identity provider change.
- This feature requires OpenIDConnect JWT to enclose a special claim
extension_meecoUserIdwith value reference to the previous Meeco user identity.
- Changed
GET /sessionshows the validity of the current session - Added endpoint
POST /session/limited_in_time - Added new parameters
valid_foradded toPOST /sessions,POST /sessions/with_login_key, andPOST /srp/sessions.valid_fordefines the number of seconds the token is going to be valid - Fixed Authorizations in the swagger file (userAuthToken, oidc2UserAuthToken, subscriptionKey, meecoDelegationId])
- Added new mandatory parameter in
POST /child_users:delegation_token - Added
private_dek_external_idto the response ofPOST /child_users
- Version bump on most dependencies
- Build directory now fonts and images
- Version bump on most dependencies
- Version bump on most dependencies
- Version bump on most dependencies
users:getrenamed tousers:login, has the effect of recreating tokens if expired.users:getnow returns user's id and other user info.shares:create-configtakes connection and item config files (output ofconnections:createanditems:create) instead of the respective ids.client-task-queue:listno longer accepts--suppressChangingState, pass--updateif you want to set listed tasks toin_progress.client-task-queue:run-batchcan now runfailedtasks too.- new command
client-task-queue:updateallows changing status of client tasks. client-task-queuecommands now have--limitparameter- added
items:create-thumbnail meeco items:listallow filtering list bytemplateId,scheme,classificationandsharedWith.- added
oidc_tokenOIDC token header support for authenticating user.
- Major revamp of Services API:
- All custom service methods specify the required credentials by interfaces
- Services provide their base APIs via the
getAPImethod - Services with paginated responses offer a
listAllmethod
- Added Service for delegating child users
- Added cryppo wrapper classes
SymmetricKeyandPublicKeyto simplify key usage within SDK - Added classes for manipulating Items and Slots:
DecryptedItemfor client-side copies,NewItemandItemUpdatefor pending changes. - Added demo app for sharing and delegation
- added
oidc_tokenOIDC token header support for authenticating user.
- Add user_public_key to response of
GET /invitations/{:token} - Remove
child_public_key_for_loginparameter fromPOST /child_users - Update description of
sharing_modeinPOST /items/{id}/shares - New field
item_shared_via_another_share_idin ShareWithItemData If this field is NULL it means that the rendered item has been created via the currently displayed share. Ifitem_shared_via_another_share_idis not NULL, it means that the rendered item has been created via a different share, and the ID if the share is initem_shared_via_another_share_id. The client is advised to re-run the call with this ID. - Change default behaviour of
GET /client-task-queueto not change task statessupress_changing_stateparameter has been changed to change_state to reflect the change. - Add delegation_token parameter description in
POST /invitations - Change behavour of GET /client_task_queue
- Will now return items of all states by default
- Accepts a list of states instead of a single state as before
- Generated TypeScript client will now require that states are passed using the generated ClientTaskQueueGetStateEnum enum
- Removed logging in with a password
POST /session/login - Add item_ids query parameter for
GET /outgoing_sharesas search filter. - Support for OIDC2
- Added filter target_id to
GET /client_task_queue:GET /client_task_queue?target_id=id - Add
GET /event_feed endpoint - Swagger models
Slot,Attachment, andDirectAttachmentall have a new field:attachment_uid. The function ofattachment_uidis to signal whether the actual file referenced from two different attachments is the same or not. In other words, when an attachment is shared to a different user, a new attachment record is created with a new id, butattachment_uidstays the same. This ID cannot be used to retrieve the attachment. - added filter
classification_node_namestoGET /items: GET /items?classification_node_names=value_1,value_2,value_3 - added filter
shared_withtoGET /items: GET /items?shared_with=user_id. If present, only items will be fetched which have been shared with the given user. Works for items owned by the current user as well as for items owned by someone else and on-shared by the current user.
- Add
POST /child_usersendpoint - Add
POST /delegationsendpoint - Add
GET,DELETE /delegations/:delegation_tokenendpoint - Add
PUT /delegations/:delegation_token/shareendpoint - Add
PUT /delegations/:delegation_token/reencryptendpoint - Rename
DELETE /session/all:delete_all_session_params query param to :except_current of boolean type. - Add
POST /delegations/:delegation_token/claimendpoint - Added user delegation header
Meeco-Delegation-Id.Meeco-Delegation-Idcontains the ID of a user that the current user has delegation permissions for. If delegation has been set up correctly, the current user of the action will be the user inMeeco-Delegation-Id - Remove encryption spaces endpoints
- Dropped support for
POST /keypairs/external_id/:external_id/decrypt_session_token - Support for OIDC2
- External_identitiers in Keypair is a string, not an object.
- Private_dek_external_id is added to the response of
POST /child_users
- Breaking changes: https://github.com/Meeco/cryppo-js/blob/master/README.md
- Encrypt method now accept bytes UInt8Array as input.
- Decrypt method now produce bytes UInt8Array as output.
- RSA signature also accept bytes UInt8Array as input.
- Private key encryption also accepts bytes as input.
- Updated cryppo version 2.0.0
- Updated Vault-api-sdk: 19.X.X & keystore-api-sdk: 5.X.X
- No functional changes, updated new cryppo version 2.0.0
- On-sharing - the ability to allow other users to share an item that has been shared with you if the item’s owner allows it. This includes a verification step to make sure the on-sharer has not modified the data.
- Organizations - you can now create an account for your organisation and add members and services.
- Accepting of shares - we’ve identified that sometimes the terms of a share need to be reviewed and explicitly accepted or rejected before seeing the data so we’ve now made this possible.
- More efficient file attachments, we now have the ability to receive encrypted chunks of data so an entire file doesn’t have to be encrypted as one before sending it up.
- Improved Sharing - sharing is more streamlined, comprehensible and performant than ever before.
- Sharing of encrypted files with other users.
- Re-encrypting of shared data to cut down on the number of Encryption Keys needed to be stored/managed indefinitely.
- Updated to use latest BSON serialization format from Cryppo.
- Remove the shared key endpoints as sharing keys for shares will now happen in the vault.
- Removed the encryption_spaces endpoints in favor of just using the Date Encryption Key endpoints.
- Added Item Update function
- Added Functions to Retrieve Client Tasks and Execute the Tasks.
- Added some Organization related commands where the logic was not just a simple endpoint req
- Exposed more methods from the user create and user login flow to allow more control from client applications.
- Added Share Delete command.
- Added Item Update function
- Added Functions to Retrieve Client Tasks and Execute the Tasks.
- Added Commands for Creating and Managing Organizations, Organization Services, and Organization Members.
- Added Checking the Client Task Queue after updating an item to see if shares need to be updated.
- Added user login and logout methods.
- Updated to return null when an empty string is passed in instead of returning a serialized empty string.
- Updated to the latest underlying node-forge library.
- Update to use BSON serialization.
- Better handling of character encoding by forcing UTF-8 where appropriate.
- Update to use BSON serialization.
- Added Checking of the Client Task Queue after updating an item to see if shares need to be updated.
- No functional changes, just updated to use new linked libraries.
- Initial release of these browser-js/node-js packages to upload files as chunks of encrypted data.
- Initial release of this html/js library used for adding Meeco’s stylings to your app or components of your app.
Last modified 1yr ago