1.2.0 [2025-10-24]

Features

• Added support for simultaneous-use #615.
• Added Called/Calling-Station-Id to the authorize API for improved Simultaneous-Use accuracy #648.
• Close stale sessions on Accounting-On requests #617.
• Added --number\_of\_hours option to cleanup\_stale\_radacct command.

Changes

Other changes

• Large batch user creation operations are now executed asynchronously #608.
• Allowed counters to return multiple replies #634.
• Included RADIUS replies of the new group in Change of Authorization (CoA) requests #643.
• Added handling of MaxQuotaReached in CoA: users who exceed their limits now receive a Disconnect Message instead of a CoA Request #643.
• Refactored CoA logic to reuse counter and attribute handling from AuthorizeView.\_check\_counters for improved maintainability #643.
• Allowed overriding configured RADIUS replies on MaxQuotaReached.

Dependencies

• Bumped openwisp-users~=1.2.0.
• Bumped openwisp-utils~=1.2.0.
• Bumped weasyprint>=65,<67.
• Bumped dj-rest-auth>=6.0,<7.1.
• Bumped django-ipware>=5.0,<7.1.
• Added support for Django 5.x.
• Added support for Python 3.11, 3.12, and 3.13.
• Dropped support for Django 3.2 and 4.1.
• Dropped support for Python 3.8.

Bugfixes

• Fixed timezone handling in delete\_old\_radiusbatch\_users command #611.
• Fixed creation of RadiusGroup objects with related Group Checks or Group Replies from the admin #604.
• Fixed SMS message templates not being picked up by makemessages #510.

1.1.2 [2025-08-18]

Bugfixes

• FreeRADIUS API: forgive empty input_octets/output_octets
• Exclude location_id from radius_acc extra_tags if missing
• Optimized query for RADIUS monitoring dashboard charts

1.1.1 [2025-01-31]

Bugfixes

• Fixed bug in FreeRADIUS PostAuthView that caused a server 500 error when called_station_id exceeded 50 characters. The maximum length has been updated to 253 characters.
• Fixed handling of UTF-16 encoded CSV files for batch user creation.

1.1.0 [2024-11-21]

Features

• Added integration with OpenWISP Monitoring to collect and visualize metrics for user-signups and RADIUS traffic.
• Added support for Change of Authorization (CoA).
• Added MonthlyTrafficCounter and MonthlySubscriptionTrafficCounter.
• Added API endpoint to fetch user's latest PhoneToken status.
• Added OPENWISP_RADIUS_SMS_COOLDOWN to configure cooldown time for requesting a new PhoneToken.
• Extended OPENWISP_USERS_EXPORT_USERS_COMMAND_CONFIG to include registration method and verification status.
• Added MAC address authentication for roaming users.
• Added OPENWISP_RADIUS_SMS_MESSAGE_TEMPLATE setting to customize SMS messages.
• Added OPENWISP_RADIUS_USER_ADMIN_RADIUSTOKEN_INLINE setting to display RadiusTokenInline in UserAdmin.
• Added OPENWISP_RADIUS_UNVERIFY_INACTIVE_USERS setting to unverify users after a defined period of inactivity.
• Added OPENWISP_RADIUS_DELETE_INACTIVE_USERS setting to delete inactive users after a specified period.
• Added API endpoint to return user's RADIUS usage.
• Supported password expiration feature from openwisp-users.
• Added initial support for Gigaword RADIUS attributes.
• Added LoginAdditionalInfoView to collection additional user details in SAML sign-up flow.
• Added autocomplete support for filters in the admin interface.

Changes

Backward incompatible changes

• Renamed delete_old_users command to delete_old_radiusbatch_users.
• The OPENWISP_RADIUS_BATCH_DELETE_EXPIRED setting now expects days instead of months.

Deprecation warnings

• Using the default key in OPENWISP_RADIUS_PASSWORD_RESET_URLS is deprecated. Use __all__ instead.
• Using organization slugs for key in OPENWISP_RADIUS_CALLED_STATION_IDS are deprecated. Use organization IDs instead.
• In delete_old_radiusbatch_users management command, the --older-than-months option is deprecated. Use --older-than-days instead.

Dependencies

• Bumped weasyprint~=59.0.
• Bumped pydyf~=0.10.0.
• Bumped dj-rest-auth~=6.0.0.
• Bumped openwisp-utils[rest,celery]~=1.1.1.
• Bumped openwisp-users~=1.1.0.
• Bumped django-private-storage~=3.1.0.
• Bumped django-ipware~=5.0.0.
• Bumped djangosaml2~=1.9.2.
• Added support for Django 4.1.x and 4.2.x.
• Added support for Python 3.10.
• Dropped support for Python 3.7.
• Dropped support for Django 3.0.x and 3.1.x.

Other changes

• The cleanup_stale_radacct management command now uses the session's update_time to determine staleness, falling back to start_time if update_time is unavailable.
• Stopped sending login email notifications when accounting framed protocol is PPP.
• Send login emails only to users with verified email addresses.
• Grouped SMS features in the organization admin.
• Allowed counter's check method to return None to prevent adding a reply to the response.
• The email received from the IdP in SAML registration will be flagged as verified.

Bugfixes

• Fixed validation for organization's password reset URLs.
• Fixed saving RadiusCheck / RadiusReply objects without an organization returning a 500 HTTP response.
• Fixed handling of accounting stop requests with empty octets.
• Prevented user registration with landline numbers.
• Ignored [IntegrityError]{.title-ref} on duplicate accounting start requests.
• Removed default values from fallback fields.
• User need to have required model permissions to perform admin actions.

1.0.2 [2022-12-05]

Bugfixes

• Made private storage backend configurable
• Updated API views to use filterset_class instead of filter_class (required by django-filter==22.1)
• Fixed organization cache bug in SAML ACS view: A forceful update of the user's organization cache is done before performing post-login operations to avoid issues occurring due to outdated cache.
• Added missing Furlan translation for sesame link validity
• Use storage backend method for deleting RadiusBatch.csvfile: The previous implementation used the os module for deleting resisdual csv files. This causes issues when the project uses a file storage backend other than based on file system.
• Added error handling in RadiusBatch admin change view: Accessing admin change view of a non-existent RadiusBatch object resulted in Server Error 500 because the DoesNotExist conditioned was not handled.
• Load image using static() in RegisteredUserInline.get_is_verified
• Use path URL kwarg in "serve_private_file" URL pattern
• Honor DISPOSABLE_RADIUS_USER_TOKEN in accounting stop API view: The accounting stop REST API operation was not taking into account the OPENWISP_RADIUS_DISPOSABLE_RADIUS_USER_TOKEN setting when disabling the auth capability of the radius token.

1.0.1 [2022-05-10]

• Fixed a bug in the organization radius settings form which was causing it
  to not display some default values correctly
• Fixed a bug in allowed mobile prefix implementation:
  the implementation was joining the globally allowed prefixes
  and the prefixes allowed at org level, with the result
  that disabling a prefix at org level was not possible
• Called-station-ID command: log with warning instead of warn or error:
  • warn > warning (warn is deprecated)
  • use warning instead of errors for more temporary connection issues cases

1.0.0 [2022-04-18]

Version 1.0.0 [2022-04-18]

Features

• Allowed to login via API with email or phone number
• Allowed freeradius authorize with email or phone number
• Allowed the usage of subnets in
  OPENWISP_RADIUS_FREERADIUS_ALLOWED_HOSTS
• Made the fields containing personal data of users which are exposed
  in the registration API configurable (allowed, mandatory, disabled)
  via the OPENWISP_RADIUS_OPTIONAL_REGISTRATION_FIELDS setting or the
  admin interface
• Allow to disable registration API via the
  OPENWISP_RADIUS_REGISTRATION_API_ENABLED setting or the admin
  interface
• Added throttling of API requests
• Added OPENWISP_RADIUS_API_BASEURL setting
• Add identity verification feature, configurable via the
  OPENWISP_RADIUS_NEEDS_IDENTITY_VERIFICATION or via admin
  interface
• Added utilities for implementing new registration and identity
  verification methods
• Added captive portal mock views to ease development and
  debugging
• Add possibility to filter users by registration method in the admin
  interface
• Added SAML registration method to implement captive portal
  authentication via Single Sign On (SSO)
• Added management command and celery task to delete unverified
  users
• Added translations of user facing API responses in Italian, German,
  Slovenian and Furlan
• Added Convert RADIUS accounting CALLED-STATION-ID feature,
  celery task and management command, with the possibility of
  triggering it on accounting creation (see
  OPENWISP_RADIUS_CONVERT_CALLED_STATION_ON_CREATE)
• Added an equivalent of the FreeRADIUS sqlcounter feature to the
  REST API
• Added emission of django signal to FreeRADIUS accounting view:
  radius_accounting_success
• Added possibility to send email to the user an they start a new
  radius accounting session
• Added organization level settings and related admin interface
  functionality to enable/disable SAML and social login:
  • OPENWISP_RADIUS_SAML_REGISTRATION_ENABLED
  • OPENWISP_RADIUS_SOCIAL_REGISTRATION_ENABLED
• Added setting to avoid updating username from SAML:
  OPENWISP_RADIUS_SAML_UPDATES_PRE_EXISTING_USERNAME

Changes

Backward incompatible changes

• Updated prefixes of REST API URLs:
  • API endpoints dedicated to FreeRADIUS have moved to
    /api/v1/freeradius/
  • the rest of the API endpoints have moved to /api/v1/radius/
• Allowed username and phone_number in password reset API, the
  endpoint now accepts the "input" parameter instead of "email"
• Removed customizations for checks and password hashing because they
  are unmaintained, any user needing these customizations is advised
  to implement them as a third party app
• Improved REST API to change password: inherited PasswordChangeView
  of openwisp-users to add support for the current-password field in
  password change view

Dependencies

• Added support for Django 3.2 and 4.0
• Dropped support for Django 2.2
• Upgraded celery to 5.2.x
• Updated and tested Django REST Framework to 3.13.0
• Added support for Python 3.8, 3.9
• Removed support for Python 3.6

Other changes

• Moved AccountingView to freeradius endpoints
• Relaxed default values for the SMS token settings
• Switched to new navigation menu and new OpenWISP theme
• Allowed users to sign up to multiple organizations
• Update username when phone number is changed if username is equal to
  the phone number
• Update stop time and termination to None if status_type is
  Interim-Update
• Send password reset emails using HTML theme: leverage the new
  openwisp-utils send_email function to send an HTML version of
  the reset password email based on the configurable email HTML theme
  of OpenWISP
• Save the user preferred language in obtain and validate token views
• Added validation check to prevent invalid username in batch user
  creation
• Allowed to set the Password Reset URL setting via the admin
  interface
• Added soft limits to celery tasks for background operations
• Generalized the implementation of the fallback model fields which
  allow overriding general settings for each organization

Bugfixes

• Fixed login template of openwisp-admin-theme
• Fixed swagger API docs collision with openwisp-users
• Ensured each user can be member of a group only once
• Radius check and reply should check for organization membership
• ValidateAuthTokenView: show phone_number as null if None
• Freeradius API: properly handle interaction between multiple orgs:
  an user trying to authorize using the authorization data of an org
  for which they are not member of must be rejected
• Fixed radius user group creation with multiple orgs
• Added validation of phone number uniqueness in the registration API
• Fixed issues with translatable strings:
  • we don't translate log lines anymore because these won't be
    shown to end users
  • gettext does not work with fstrings, therefore the use of
    str.format() has been restored
  • improved some user facing strings
• Fixed Accounting-On and Accounting-Of accounting requests with blank
  usernames
• Delete any cached radius token key on phone number change
• Fixed handling of interim-updates for closed sessions: added
  handling of "Interim-Updates" for RadiusAccounting sessions that are
  closed by OpenWISP when user logs into another organization
• Flag user as verified in batch user creation
• Added validation which prevents the creation of duplicated
  check/reply attributes

0.2.1 [2020-12-14]

• Increased openwisp-users and openwisp-utils versions to be consistent with the OpenWISP 2020-12 release
• Increased dj-rest-auth to 2.1.2 and weasyprint to 52

0.2.0 [2020-12-11]

Features

• Changing the phone number via the API now keeps track of previous phone numbers used by the user to comply with ISP legal requirements

Changes

• Obtain Auth Token View API endpoint: added is_active attribute to response
• Obtain Auth Token View API endpoint: if the user attempting to authenticate is inactive, the API will return HTTP status code 401 along with the auth token and is_active attribute
• Validate Auth Token View API endpoint: added is_active, phone_number and email to response data
• When changing phone number, user is flagged as inactive only after the phone token is created and sent successfully
• All API endpoints related to phone token and SMS sending are now disabled (return 403 HTTP response) if SMS verification not enabled at organization level

Bugfixes

• Removed static() call from media assets
• Fixed password reset for inactive users
• Fixed default password reset URL value and added docs
• Documentation: fixed several broken internal links

0.1.0 [2020-09-10]

• administration web interface
• support for freeradius 3.0
• multi-tenancy
• REST API
• integration with rlm_rest module of freeradius
• possibility of registering new users via API
• social login support
• mobile phone verification via SMS tokens
• possibility to import users from CSV files
• possibility to generate users for events
• management commands and/or celery tasks to perform clean up operations and periodic tasks
• possibility to extend the base classes and swap models to add custom functionality without changing the core code