1.9.0

1.9.0 (August 25, 2024)

• Added a minimum vendor/namespace length of five characters to help prevent collisions with other instances
• Fixed a flash of un-styled content on the Grant Access screens by outputting CSS earlier
• Addressed potential error when the WP_Filesystem class is not found
• Moved TrustedLogin images to inline CSS to simplify the build process
  • Removed need for --relative_images_dir flag in build-sass script
  • Removed src/assets/loading.svg
  • Removed src/assets/lock.svg
• Improved coding standards and documentation

1.8.0

1.8.0 (July 18, 2024)

• Implemented many speed enhancements
• Moved logging directory creation into own private method: Logging::setup_logging_directory() to clean up the Logging::setup_klogger() method
• Now compliant with WordPress PHPCS
• Use gmdate() instead of date() for log files and for users registration dates
• Moved SecurityChecks::get_ip() to Utils::get_ip()
• Added Utils::get_user_agent() to generate a user agent string with an optional max length
• Improved handling of potential errors
• Security enhancements
  • Escaped all error messages
  • Removed usage of $_REQUEST in favor of $_POST and $_GET
• Implemented PHPCS and PHPStan checks (thanks, Daniel)

1.7.0

1.7.0 (January 29, 2024)

• Added Utils class to handle common utility functions
• Converted usage of get_site_transient() and set_site_transient() to using Utils::get_transient() and Utils::set_transient().
  • Scopes the storage to each blog instead of per-network, preventing potential issues with multisite
  • Fixes potential issues with object caching plugins that don't support transients, while allowing for auto-expiring data to be stored in the database
  • Prevents data from being "cleaned up" by site optimization plugins that remove expired transients

1.6.2

1.6.2 (January 26, 2024)

• Removed unnecessary request body when revoking site access
• Added index.php files to prevent directory listings
• Added check for a potential error when revoking support user

1.6.1

1.6.1 (September 22, 2023)

• Improved error logging:
  • Added error data to the logging, in addition to the code & message
  • Now returns the full API response when the response body is invalid
  • Switched to just-in-time creation of logging directory and log file
  • Added "Learn more" link to the logging directory index.html
  • Renamed the log files to client-{namespace}-{Y-m-d}-{hash}.log to be easier to distinguish and less verbose
• Fixed AJAX status code not being properly set when encountering an error

1.6.0

1.6.0 (September 7, 2023)

• Added clone_role configuration setting to allow the support user to be created with an existing role, rather than a clone of a role
• Added a trustedlogin_{ns}_support_role capability to the cloned support user role in order to better identify that the role is created by TrustedLogin
• Added terms_of_service/url setting to allow linking to a custom terms of service page
  • If not defined, the Terms of Service text and link will not be shown
• Converted CSS generation to use SCSS mixins to allow easier overrides by themes and plugins
• Removed borders around the role descriptions in the Grant Access form
• Clarified the language surrounding user roles in the Grant Access form
• Moved the admin toolbar link to next to the "Howdy, {username}" menu
  • Relabeled the link from "Revoke TrustedLogin" to "Revoke Access"
• Improved user creation flow to prevent errors when creating a user with an existing email address
• Fixed error when using PHP in strict mode
• Fixed error creating the Support User when the vendor/website configuration exceeded 100 characters in length

1.5.1

• Fixed PHP error caused by HEREDOC template formatting in Form.php

1.5.0

• Added the ability for users to create support tickets when granting access—to enable, set webhook/create_ticket to true in the configuration array
  • Added second parameter, $ticket_data to Client::grant_access() method
  • Added ticket to the webhook data, with the following keys:
    • message (string)
• Added Config::get_settings() public method to get all settings
• Added Encryption::get_remote_encryption_key_url() public method to get the final URL used to fetch the vendor public key
• Added Logging::get_log_file_path() public method to get the full path to the log file
• Added a bin file build-sass to namespace the CSS file using scssphp (see the composer.json configuration)
• Filtered the $_POST request that generates access to allow only defined fields
• Created new Form.php file and Form class to handle form rendering
  • Moved form-related methods from Admin to Form
• Modified auth.scss to support new ticket fields, admin debugging rendering, and improve styling

1.4.0

• Added ability to send debug data, generated using the WordPress Site Health report, via webhook
• Modified the webhook_url configuration setting to be an array. Now, webhook is an array of url and debug_data keys.
  • Set debug_data to true to send Site Health data with the webhook
  • Passing webhook_url is still supported for backwards compatibility
• Added Client::get_debug_data() private method
• The SDK will no longer load on sites that lack Sodium, which is bundled with PHP 7.2+ and WordPress 5.2+, and available as a PECL extension for PHP 7.0 and 7.1
• Added a public Encryption::meets_requirements() method to check whether the site meets the requirements for encryption
• Removed all Composer package dependencies
  • Added our own logging class
• Fixed typo in trustedlogin/{namespace}/license_key filter name

1.3.7

• Improved styling of the authorization form
• Fixed php-scoper support by setting the root namespace for \WP_Error and \WP_User
• Fixed the role message always showing "similar" to a role when it was the same role
• Fix docblock to prevent Strauss from namespacing it