Changelog 2018

December 2018

New Features

Query Projections

• Added QueryExtensions.ToProjection

• Better query projection support

Configuration

• Use DbConfiguration for VidyanoDbContext

• Always use named connection string

Fixes

• Fixed issue #237

• Fixed issue #218

• Ignore various WebSocket exceptions

Maintenance

• Made ApiArgs.Version writeable

• Don't use ApiController.Request property

• AI improvements

• GroupingInfoArgs comment change

• Updated DocumentFormat.OpenXml (reverted to 2.7.2 for compatibility)

• Updated Newtonsoft.Json to 12.0.1

• Updated NuGet packages

• Builder changes

November 2018

New Features

Performance Optimizations

• Optimized POA constructor

• Optimized BulkConstructPersistentObjectAsync

• Optimized IncludeFilters logic

• Optimized IsAllowed checking

• Performance improvements throughout

User Communication

• Added SendData to User for sending data over websockets

• Tweaked IUser.SendData to provide more information

Loading Strategy

• Better LoadingStrategy.IncludeReferences handling

• Expose LoadEntityByObjectIdArgs.Included as ISet

Settings

• Added Advanced.IsSettingValueValid

• Use Setting.DataType

Fixes

• Fixed issue #226

• Fixed issue #233

• Fixed issue #234

• Fixed issue with impersonated user not having enough viAudit rights

• Fixed NRE when Sorting on reference property with invalid DisplayAttribute

• Fixed issue when saving new DataType

Maintenance

• Added ITargetContext interface

• Profile precision changed to 0.01ms

• Made PO.GetDisplayAttributeValue synchronous

• Extra profiling info during different Construct phases of PO

• Skip logic faster for attributes that aren't used anyway

• GetGroupingInfo hook

• Split GetObjectAsync/GetObjects

• Also update AI operation name for GetPO/GetQuery during exception

• Set empty Actions array for LightConstruct Query

• Also flag notification as read when archiving

• Ensure POActions are disposed

• Ensure we copy data from AggregateException when logging exception

• Chart tweaks

• Also log method that was used for a failed request

• Strip zero width spaces from user names

• HandleUnknownWebsocketMessage hook

• Show extra groups that aren't in the security.json file

• Force ExportToCsv to use BOM

• Obsoletes clean up

• Ignore I/O exception from WebSocketException

• Added Manager.GetLogsSince

October 2018

New Features

Loading Strategy

• Added PO.LoadingStrategy

• Cache LoadingStrategy logic

Query Features

• Added POA.OptionalColumn

• Added IQueryable.FilterByObjectId

Advanced Features

• Added Advanced.LoadEntityByObjectId

• Added Manager.HasRepositoryConnection

Fixes

• Fixed issue #220

• Fixed issue with circular PO reference

• Only send values for columns that are defined after QueryExecuted logic

Maintenance

• Ignore ReplaceSensitiveUrlPart if Uri is empty

• Optimized Include path for DbQuery/ObjectQuery

• Saml2.0 tweaks

September 2018

New Features

Audit System (vi-audit)

• Added vi-audit functionality

• Added dummy Placeholder system PO

• Tweaked vi-audit to use Placeholder PO

• Handle empty ObjectId for viAudit

• Allow adding of viAudit UserRight

Job Scheduling

• Made JobSchedules a system setting

• Fixed RepositorySynchronizer to fix non-system setting

SAML 2.0

• Added hooks for Saml2.0 processing

• Detect ScimHandler implementation

Fixes

• Fixed issue with new RepeatingJob not triggering

• Fixed issue with impersonated user not having enough viAudit rights

• Always clean up UpdatingMetadata flag

• Persist changed attributes after unchanged

Maintenance

• Set Import PO as OpenInEdit

• Profile CreateUserSession creation

• Replace LogVerboseData's authToken with expiration info

• Tweaked Height for LogVerboseData Data attr

• Use C# 7.2

August 2018

New Features

Cache Updates

• RepositoryVersion V60 - CacheUpdates changes

• Fixed CacheUpdate issues

SCIM Extensions

• Added custom user schema support

• Fixed filter issues

Authentication

• Added AuthenticatorService.HandleUnknownAuthenticate

Fixes

• Fixed issue when saving readonly cache when model load autofixes

• SelectInPlace threading issue

• Fixed cacheupdate after sync

• Fallback to default sorting when sort fails

• Fixed issue with custom AddReference action needing Edit rights

• Don't reuse ObjectContext for DbQueries

Maintenance

• Reuse original context for DbQueries

• ReSharper speller dictionary

• Added test code for working with interfaces as TContext

• Updated docs

• Changed logic for creating new context in POActions/AsyncCustomAction

• Added ActionLabels docs

• Also show non-database SqlErrors to end-users

• Show error when viRestartApp failed

• Don't use ReadContext when executing Vidyano queries

• Removed duplicate right

• Diagnostics: Handle case where GenerateMessage throws a ValidationException

• Added WebsiteArgs.Redirect method

• Enabled applicationInitialization

July 2018

New Features

Async Custom Actions

• Added AsyncCustomAction

• Added PO.DialogSaveAction

Hashids

• Fixed entropy issue when using Hashids

• Hashids changes

Performance

• Performance optimizations

• Use CompiledGenericAccessor for distincts

ProjectionStringLength

• Added ProjectionStringLengthAttribute (#208)

• ProjectionStringLength use cases

Fixes

• Fixed issue #195

• Fixed issue #196

• Fixed issue #194

• Fixed issue #198

• Fixed issue #199

• Fixed issue #202

• Fixed issue #204

• Fixed issue #205

• Fixed issue for detecting 4.7.1, added detection for 4.7.2

• Fixed model load for invalid query columns

• Fixed issue with handling PUT request (SCIM)

• Fixed issue with caching during QueryResultItem reflection

• Fixed caching issue logic on QueryResultItem property

• Don't show stack traces to end-users

Maintenance

• Added Vidyano.AuthTokenExpirationDevMultiplier appSetting

• Added Reload/SessionLost message use DefaultTranslations for new message

• Cache vulcanized request for 5min on Global.IsReadOnly

• Redirect to Web2 CDN by default instead of proxying the requests

• Replace all web2/* imports (except vulcanize) with direct cdn links

• SqlDependency logging and cleanup

• Don't use JsonPoolConvert for VisualStudioIntegration

• Use WebsiteRoot in docs

• Made System.Buffers usage opt-in

• Ignore some WebSocket related exceptions

• Invalid usage on ReportService when System.Buffers is not available

• Added JsonPoolConvert.DeserializeObject

• SCIM: allow PATCH/PUT user.Name

• Missing notification duration in some methods as parameter

• TODO cleanup

• Handle duplicate patch import, ignoring applied change

• Updated grouping docs

• Added MaybeArrayPool

June 2018

New Features

User Notifications

• UserNotification changes and improvements

• Support AccountSAS for AzureStorageConnector

Application Insights

• ApplicationInsights integration

• AI suffix for Api/GetReport

• AI opt-out

Web2 Master Support

• Added Web2 master support

• Web2 CDN/Master caching/fallback logic (#192)

SCIM Completeness

• SCIM extensions for completer API

• Expose more information on Group members

Fixes

• Fixed issue #187

• Fixed issue #186

• Fixed issue #191

• Fixed issue #193

• Fixed issue when getting SAS for blobName with special characters

• Don't allow groups for Manager.DeleteUser

Maintenance

• Refactored WebController.Api method to CustomApiController.Handle

• Expose ExecuteAction parameters on ChartArgs

• Allow ProjectedType for view entities

• Renamed AzureAD to SAML2

• Skip "EntityFramework: " prefix for generic log-id message

• Make sure we update the cache when verifying authToken

• Skip total/count/chart for Report/Excel/Word

• Don't log GlobalSearch parent as IsSystem entry

• Fixed issue with Web2 version setting not allowing http anymore

• Correctly suggest custom query methods

• Allow Search parameter for QueryFilter.RefreshColumn

• Added helpers to replace sensitive url information

• AI: ExecuteAction operation suffix should be set sooner

• Added missing references in default new Vidyano project

• WIP #179

• Fixed Add menu not working when opening solution directly #179

• Made Builder compatible again with VS2015

• Updated Azure Blob Service Rest API version

• Always allow TLS 1.1 and 1.2

• Improved Web2Cdn speed

• Set parent IsNew/ObjectId before calling OnConstruct for POAWR

• Removed version override support on web2 endpoint

• Add logging information to ExecuteQuery when an exception is thrown

May 2018

New Features

User Notifications & Jobs (#177)

• User notifications server side + Jobs

• Extra user notifications communication

• WebSocket updates

Short/Hash IDs

• Added ShortIds

• Added UnhashShortId extension method

• Renamed ShortObjectId to HashObjectId

• More methods to work with short ids (for instant search)

Builder Features

• Expose POActions.CheckDetailRules in reference implementation

• Added ServiceWork flag for Manager.Environment

Fixes

• Fixed issue #180

• Always show DisableTwoFactor for users with Two-factor authentication

• Return false instead of exception when ValidateAuthToken is called with empty userName

• Fixed projected type check

Maintenance

• Removed obsolete MigrationHelpers methods

• Firefox screen capture

• Filter UserNotification query

• Expose Query.GroupedBy

• Updated security docs

• Cache DynamicBase referenced type lookup

• Use ProjectedType iso ReferencedType attribute

• Added hook to handle custom path for patch user replace operation

• Show New feedback as dialog

• Try to use browser acceptlanguage for Sign in screen

• Don't log ConnectWebSocket in verbose logs

• Duplicate TS definition

• Added FolderStorageProvider class

April 2018

New Features

Authentication

• Added AuthenticatorService.GetCredentialRedirectUri

• Added CredentialTypeArgs.RedirectTo

• Added Manager.UserCultureInfo

• Added UnableToLoadEntityException

Builder

• Added IBuilder.GetPO/GetQ

Sign-in Experience

• Extra messages for sign-in experience

• Updated messages for sign-in experience

• Use args for GetCredentialType call

Fixes

• Fixed issue #173

• Fixed issue #176

• Fixed HasGetCredentialType detection

• Fixed AmbigiousException on viSearch

• Fixed issue with #176 not displaying correctly on diagnostics page

• Fixed Web2 issue with Owin hosting

• Fixed issue with loadbalancer when trying to add missing settings

Maintenance

• Basic retry logic when uploading to azure storage

• Not-"stay signed in" gives authtoken for 12h by default

• Expose HttpStatusCode in WebsiteArgs

• Added SCIM User/Group filtering

• Allow custom sql errors to be shown to end-users

• Verify two-factor after checking password

• Also filter SCIM get group

• Perf change for cleaning up vidyano logs

• Don't get computed attribute for IsNew if no explicit New visibility

• Authenticate should update cache first

• Don't double save new feedback

• Test code prefer ACS for enabled user with no password

• Security docs update

• Use PO Type for UnableToLoadEntityException if label is empty

• Allow custom label/objectId for UnableToLoadEntityException

• Made POA.DisplaySum public getter

• Include original stack trace for EF exceptions

• Added LoadBalancer tester project

• Updated ConfigureAwaitChecker.Analyzer dev dependency

• Parallel model loading

March 2018

New Features

Computed Attributes

• Added computed attributes

• Don't get computed attribute for IsNew if no explicit New visibility

Authentication & Security

• Added require change password

• Added IUser HasPassword/RemovePassword/ResetPasswordNextLogin

• Flag application as having sensitive data

• Added LoginArgs.HasSensitive

• Added support for online password blacklist check

• Changed CheckOnlinePasswordBlacklist to opt-out

Swagger/OpenAPI

• Added SwaggerUI dist

• Handle Swagger Definitions (arguments/responses/...)

• Swagger changes

API Features

• Added CustomApiController.OnPreApi hook

• Added Manager.LogEntry

Fixes

• Fixed issue #156

• Fixed issue #157

• Fixed issue #161 - word repeating nested sections

• Fixed issue #168

• Fixed issue #171

• Fixed issue #108

• Fixed issue when verbose logger in database received invalid content

• Fixed issue with ResetPasswordNextLogin not showing password attribute

• Fixed issue when saving existing filter

• Fixed issue with VPD on POAWR using enumerable source

Maintenance

• Return AuthToken as header when received as header

• WebException can have null Response

• Fixed issue in .NET example in reports doc

• Log auto-resume exceptions as Warning

• Always return a HttpResponseMessage

• Increase pwnedpasswords api timeout to 10s

• Added extra reserved words

• Default usings for [Schema]Web

• Added extra help message when trying to save new virtual PO

• Hide Advanced ACS methods

• Validate actual password change for ResetPasswordNextLogin

• Attach failed sign-in log to user when user exists

• Consistent EOL for all files

• Expose user parameter in Manager.Log

• Ignore TaskCancelledException in Web2Cdn.CacheVersion

• Minimize timing attacks against unknown users

• Trim incoming userName

• Throw SaveFailedException when OnSave fails

• Handle ResetPasswordNextLogin for users without password

• Throw SaveFailed in SaveExisting/SaveNew/SaveDetails

• Ensure profiler has correct value when returning

• Trim instant search input

• Added POA.CanGroupBy

• Don't expose sensitive database information

• Use secure random string for salt

• Allow HEAD /Poll

• Added option to Include count for Query PUI

• Added localNameSelector for PieChart

• Handle = null difference between DynamicLambda and EntitySQL

• Expose current application root uri

• Don't expose SqlException to non-Administrator users

• Hide Code attribute when disabling newly two-factor

• Actually fixed #108

• Handle sorting of TranslatedString on DB

• Required SQL for generating dummy function

• Also pass parent correctly when checking VPD

• Manager.Current.User can be null

• Skip MemberOf check if not cached

• Move GetGroupingInfo to POActions

• Fixed issue with ComputeTotalItems not working for PageSize=0

• Fixed cast issue in GetGroupingInfo

• Changed default expiration from 2/28 days to 1/2 days

• Added ApiMethodAttribute.TryAuthentication

February 2018

New Features

Two-Factor Authentication

• Added Group.TwoFactorRequired

• Allow TwoFactorRequired on system groups

• Don't show DisableTwoFactor for user that requires Two-factor

Sensitive Data

• Is sensitive flag on attribute and query column

• Flag Vidyano User attributes as sensitive

• Add IsSensitive to sensitive system settings

• Added PO.IsBreadcrumbSensitive

• Flag application as having sensitive data

• Also flag UserHostAddress and RequestId as sensitive

Reporting

• Added support for tsv reports

• Allow $where for reports (#150)

API & Security

• Added viRemovePassword

• Added Setting.Description

• Added IExceptionService.LogWarning

• Expose Path/Operation on SwaggerPathAttribute

• Made POA.ToolTip settable

Fixes

• Fixed issue when deleting attributes that would remove unrelated columns

• Fixed issue with Feedback misusing IsReadOnly

• Reset attributes when SaveDetails fails

• Fixed POAWRBuilder not saving

• Fixed issue #152

• Fixed issue with OnNew flagging PO as IsBreadcrumbSensitive

• Fixed ArgumentNullException when saving User without filling in username

Maintenance

• Missing translations

• ServicePointManager changes for Web2Cdn

• Keep PO.IsReadOnly logic when New/BulkEdit/Delete is called directly

• Some exceptions can be ignored

• Expose WordprocessingDocument in Word.Generate V2

• Ensure Manager is initialized for ACS/OAuth/Authenticate request

• Hide System.Linq/System.Collections.Generic namespace in typediagnostics

• Added notification on New User to inform to which group it will be added

• Reverted back to EF 6.1.3

• Added ObjectEx.GetSHA512

• Fixed issue with OAuth/ACS calling Advanced.GetClientIpAddress twice

• Added docs favicon

• Fixed invalid seed SQL script

• Profiler changes

• Added Manager.OriginalUser

• Keep OriginalUser when impersonating again

• Fixed custom azure table queries

• Log feedback as original user

• Tweaked default builder classes

• Updated Builder

• Only need to add extension once

• Synchronize changes

• Log api method name in verbose logs

• Remove user rights when deleting query

• Use new height typehints

• Show enum options for nullable enum

• Prefer GetAwaiter().GetResult() instead of .Result

• Removed unneeded LINQ call

• Hide some obsolete classes/properties

• Let Manager.GetUser return null for null or empty name

• Handle images as binary

• Updated security docs

• Added support for online password blacklist check

• Allow setting of response headers for index html request

• Check all groups instead of only direct groups

• Removed obsolete migrations

• Support UserName/AuthToken in Authorization header

January 2018

New Features

API Security

• Added ApiArgs.IsValidSignature helper method

• Added diagnostics types info

Authentication

• Sliding login rate limiting (#136)

Word Processing

• Added Word.ConvertToPdf helper

SCIM

• SCIM tweaks

• Better SCIM support

Fixes

• Fixed boolean logic for hidden attributes/detail queries

Maintenance

• Updated release notes for 5.30.0

• Copy-paste issue for SCIM doc

• Set Default QueryLayoutMode to MasterDetail for new projects

---

Note: 2018 was a major year for security enhancements with two-factor authentication, sensitive data handling, online password blacklist checking, and the introduction of the vi-audit system. Performance optimizations and SCIM support were also key focuses.