Please read the Upgrading section before starting your upgrade.

What's New

Services updates

• Services have been split into individual modules. #594 along with #677, #676, #680, #682
• Access to Services is now granted via Django's permission system rather than states. #692
• Jabber renamed Openfire to correctly reflect the external service name.
• Forums renamed phpBB3 to correctly reflect the external services name.
• Service admin actions previously found under AuthServicesInfo are now found under User.
• Service data is now stored in service-specific tables rather than AuthServicesInfo.
• Mumble's default hashing algorithm is now bcrypt. Old SHA1 passwords will be replaced with the new algorithm when the user next updates their password. #671
• Mumble's authenticator script has had its requirements split out of requirements.txt into /thirdparty/Mumble/requirements.txt.
• Evernus Alliance Market password handling has been fixed and improved. #700
• IPS4 password handling has been fixed and improved.
• Changed Teamspeak 3 connectors communications library to support Python 3. Change affects Python 2 as well. #705
• Implemented XEP-106 username escaping for Openfire. #703
• Improved random password generation in services. Now uses the full alphabet instead of hexadecimal and provides Python 3 support. #630, #594
• Added Beta SeAT integration Thanks to @mikelovskij #704 and #546

Javascript and third party libraries

• Third Party CSS, javascript and fonts are now delivered via CDN by default instead of being included in the repository and distributions. #709
• Updated Optimer, Timerboard and Fleetup to use moment.js, improved maintainability and fixed a strange date bug. #685, #688, #695

Groups and Permissions

• Individual groups can be granted access to services. By default the migration will add the permission to the Member or Blue groups if there are any members in those groups with a service account. #692 Word of warning: If you remove the service permission from the Members group all members will be immediately removed from that service unless the permission is already granted by another group.
• Access to join or request groups is now based on the 'Can request non-public groups' (request_groups) permission. By default this is added to the Member group. This replaces the old state based checking for MEMBER_STATE meaning you can allow blues and others to join and request groups.
• Groups can be marked as publically accessible by setting the AuthGroup.public flag to True, allowing any user to be added, join or request to join them. In combination with the above, this means you can now grant public level access to your services. #698
• Added a permissions auditing tool. Because of the much heavier reliance on permissions in this release, we felt it was important that you be able to quickly and easily see who has access to which permissions. #698

i18n

• Timerboard, Optimer and Fleetup javascript dates have improved i18n support. #685, #688, #695
• Big German localisation update. Thanks @iAddz #701

General fixes and improvements

• Corps and Alliances can now be set "static blue" which will maintain their blue status regardless of in-game standings. #708
• Customisable API auditing URLs for Corputils #652
• Pip requirements will be updated when update.sh is run if there are updated packages available. #681
• HR search will no longer fail if alliance_name is None. #684
• Corrected startup error when provider settings are blank. #665

Development

• Development of services has been greatly improved. Documentation on writing services modules/apps has been added. See the Integrating Services page on readthedocs. #594, #677
• Unit testing has been added. You can run the tests by installing the requirements in testing-requirements.txt and running python runtests.py #594
• Continuous integration has been added via Travis CI. #594
• Test Coverage has been added via Coveralls. #594

Changes from 1.15-rc.1

• Fixed problems with IPS4 and Market password hashing #727
• Fixed an issue with ESI endpoint versioning. #726
• Prevent refresh from resubmitting comments on HR applications. #715
• Add documentation for groups. #728
• Fixed some broken translation tags.
• Add missing trailing slash in zKillboard API URL which prevented SRP from being submitted
• Corp Utils changes. #668
• Changed default services database usernames to make SQL permissions errors more obvious.

Thanks to everyone who reported issues during the RC.

New Permissions

Upgrading

Backup your database first. You should keep regular backups anyway, but due to the large number of data migrations in this update it is especially important to backup before you upgrade. Backup your services databases too, if you have any.

1. Stop the server (WSGI or Apache) running Alliance Auth.
2. Stop Celery beat and all workers. Clearing out your Celery queue might be a good idea for this update too python manage.py celery purge. If you don't want to purge the tasks you can use redis-cli -n 0 llen celery to check how many are left in the queue.
3. Update your distribution: git fetch origin and git checkout v1.15.0.
4. Update your Python libraries: pip install --upgrade -r requirements.txt. If you use mumble, also run pip install --upgrade -r thirdparty/Mumble/requirements.txt.
5. Move your old settings file somewhere else and start a new config from fresh. mv alliance_auth/settings.py alliance_auth/settings.old.py and cp alliance_auth/settings.py.example alliance_auth/settings.py. There have been a significant number of config changes. If you want to try and edit your existing file you can follow the git diff here. Under INSTALLED_APPS you do not have to install every service listed. You should remove any service that you do not use by commenting out the specific lines with a #.
6. Now run the migrations: python manage.py migrate --fake-initial. Watch for any error messages that might indicate that things have not run as expected. If you get a warning that data may be lost when running the migration, you're missing a service for which you have account data. Install the service for the migration and then afterwards you can migrate it zero and remove it from installed apps.
7. Collect the static files python manage.py collectstatic.
8. Bring up the Django web server ONLY (WSGI or Apache). Login to the admin panel and check the Member and Blue groups have the appropriate permissions for services you expect to be active for them. If the "Can access the service_name service" permissions don't appear for all your active services, you must add them before you continue or risk having those users purged. You can double check who has permissions to access services via the new Permissions Audit page in the main site.
9. Once you're 100% satisfied that the permissions are correct you can bring up Celery beat and the Celery workers.
10. Set the SERVICES_MIGRATED setting to True in settings.py. You don't need to restart everything for this change, it just lets the migrations know they should run in a certain way if you enable a service in the future.

If you use Mumble, be sure to also update your authenticator.py script as it includes table and password hashing changes.

If you use Discord, the callback for Discord's OAuth has changed, from /discord_callback/ to /discord/callback/

If you use Teamspeak3, please keep an eye out for issue #713. It has been almost impossible to replicate reliably.

Celery

We're in a bit of a transition period with Celery and how tasks are decorated and scheduled tasks are configured. If the old python manage.py celerybeat and python manage.py celeryd fail to pickup the new style tasks you can instead run (with your virtualenv active, if you're using one) celery -A alliance_auth beat and celery -A alliance_auth worker. You may also need to delete stale (removed) scheduled tasks from djcelery in the admin console.

If you have any issues you can contact us on Gitter or open an issue here on GitHub.