- Added a new blueprint for OIDC logout that invalidates the Authentik session and redirects to a specified landing page.
- Introduced custom CSS and JS files for branding, improving the visual integration of Authentik flows.
- Updated Nginx configuration to serve the new branding assets and handle specific routes for signup and password recovery.
- Enhanced the flow completion logic to support OIDC bridge functionality, including session management and redirect handling.
- Implemented unit tests for the new OIDC bridge and flow context functionalities to ensure reliability.
- Added a new handler for completing authentication flows, including session validation and cookie management.
- Implemented flow rate limiting to restrict the number of flow start requests per client IP.
- Enhanced flow session management with Redis support for persistent session storage.
- Updated existing handlers to integrate the new flow completion logic and error handling for various session states.
- Introduced unit tests for the new flow completion and rate limiting functionalities to ensure reliability.
- Added a new blueprint for password recovery (`05-ulti-recovery.yaml`) to facilitate user password reset via email.
- Introduced a new API handler for managing Authentik flow sessions, including starting and responding to flows.
- Implemented flow session management with in-memory storage for tracking user sessions during the recovery process.
- Enhanced error handling for flow session operations and added unit tests for the new functionalities.
- Updated README to include the new recovery flow in the Authentik blueprints documentation.
- Enhanced .env.example with new variables for PUBLIC_HOST, SECURE, and SUITE_ORIGIN to streamline environment setup.
- Updated Authentik blueprints to utilize the new configuration variables for redirect URIs and launch URLs.
- Introduced a new script to render Authentik blueprint templates dynamically based on environment variables.
- Modified docker-compose files to reference the updated environment variables for better maintainability.
- Improved expose.sh script to derive public URLs from the new configuration, ensuring consistency across deployments.
- Updated .env.example to include new configuration options for the UltiAI branding and API endpoints.
- Enhanced Nginx configuration to support new API routes for the MCP and WebSocket connections.
- Introduced sub-filters for branding adjustments in Nginx responses.
- Added new JavaScript patch for API endpoint adjustments.
- Implemented tests for new API functionalities and improved error handling in the AI gateway.
- Introduced new endpoints for managing identity providers, including retrieval of redirect URIs and testing/syncing providers.
- Enhanced organization settings to include identity provider configurations, allowing for self-enrollment and domain restrictions.
- Implemented caching for access policies and added validation for identity provider secrets.
- Added integration tests to ensure proper functionality of identity provider management and policy enforcement.
- Updated environment configuration to unify frontend for mail and drive under a single service.
- Revised README to reflect changes in frontend setup and routing for the unified application.
- Introduced new API documentation endpoints for better accessibility of API specifications.
- Enhanced drive and mail services with improved handling of file uploads and metadata enrichment.
- Implemented new API token management features, including creation, listing, and revocation of tokens.
- Added tests for new functionalities in drive and mail services to ensure reliability and correctness.
