# Version 1.0.0.29 Launched 31st July 2025 *** #### Major Features **Dual-Mode Password Reset System** * **TOTP Authentication**: Secure password reset using Time-based One-Time Passwords * **Email Verification**: Alternative password reset via secure email links * **Method Selection UI**: Users can choose between TOTP or email verification * **Fallback Support**: TOTP always available, email requires SMTP configuration **Complete SMTP Integration** * **Profile-Based Configuration**: SMTP settings accessible via `/auth/change` profile page * **Secure Credential Storage**: Passwords encrypted using Fernet encryption in database * **Gmail Support**: Both personal Gmail and Gmail Workspace configurations * **Real-time Testing**: Built-in test email and debug functionality * **Visual Configuration**: Comprehensive setup guides and troubleshooting tips **Enhanced Profile Management** * **Tabbed Interface**: Organized profile settings into Account & Password, SMTP Config, and TOTP tabs * **Tab Persistence**: Maintains active tab after form submissions and page reloads * **TOTP Integration**: QR code and secret key management directly in profile * **Visual Password Requirements**: Real-time password strength indicator with progress bar #### User Interface Improvements **Modern Password Requirements Display** * **Badge-Style Layout**: Compact rounded badges replacing vertical list * **Real-time Feedback**: Icons change from ✗ to ✓ as requirements are met * **Progress Bar**: Visual strength meter (None → Weak → Fair → Good → Strong) * **Color-coded States**: Dynamic colors based on password strength * **Responsive Grid**: 2-column layout adapting to screen size **Enhanced Email Templates** * **Professional Design**: Clean, modern HTML email templates * **Gmail Compatibility**: Fixed button text color issues in Gmail * **Security Styling**: Clear security notices and warnings * **Mobile Responsive**: Templates work across all email clients #### Security Enhancements **Advanced Password Security** * **Strengthened Requirements**: 8+ chars, uppercase, lowercase, numbers, special characters * **Real-time Validation**: Instant feedback as users type passwords * **Secure Token Generation**: 32-byte cryptographically secure tokens * **Session-based Validation**: Server-side token management **Rate Limiting Improvements** * **Separate Login Limits**: 5/minute, 25/hour for login attempts * **Password Reset Limits**: 15/hour for reset requests * **Configurable Rates**: Environment-based rate limit configuration * **Anti-enumeration**: Consistent responses preventing user enumeration **SMTP Security** * **Encrypted Storage**: Password encryption using Fernet symmetric encryption * **App Password Support**: Full support for Gmail App Passwords * **Connection Security**: Proper SSL/TLS and STARTTLS handling * **Debug Logging**: Secure diagnostic information without credential exposure #### 📡 Broker Enhancements & WebSocket Fixes **Common WebSocket Proxy (All Brokers)** * **WebSocket Stability**: WebSocket made robust across Windows, macOS, and Linux * **Thread Cleanup**: Fixed heartbeat thread timeouts and non-terminating threads * **Graceful Shutdown**: WebSocket proxy now shuts down cleanly across all platforms **Flattrade** * **Subscription Handling**: Fixed rapid unsubscribe/subscribe edge cases * **Order Accuracy**: Equity orders now use average price (`avgprc`) for precision * **Cache & Snapshot Cleanup**: Ensures all maps, snapshots, and subscriptions are cleared **Zerodha** * **UI Data Streaming Fix**: Resolved issue where UI wasn’t reflecting WebSocket data * **Subscription Timeout Fix**: Large symbol list subscriptions no longer timeout **Firstock** * **WebSocket Integration**: Native Firstock WebSocket support fully integrated * **Index Symbol Handling**: Common index symbols mapped and standardized * **LTP Update Fixes**: Resolved inconsistencies in LTP data stream * **Historical Data Fix**: Fixed historical candle fetch via REST #### 🛠️ Technical Improvements **Database Enhancements** * **New SMTP Schema**: Added 7 new columns for SMTP configuration * **Migration Support**: Cross-platform Python migration scripts * **Multi-database Support**: SQLite, PostgreSQL, MySQL compatibility * **Data Validation**: Input sanitization and format validation **Authentication Flow Updates** * **Streamlined Setup**: Account creation redirects directly to login * **Improved Messaging**: Clear SMTP configuration prompts * **Session Management**: Enhanced session security and regeneration * **Error Handling**: Comprehensive error messages and user guidance **API & Backend** * **New Endpoints**: `/auth/test-smtp`, `/auth/debug-smtp`, `/auth/smtp-config` * **Enhanced Routing**: Password reset email link handling * **Logging Integration**: Comprehensive audit logging for security events * **Error Recovery**: Graceful handling of SMTP and authentication failures #### Documentation **New Documentation Files** * **PASSWORD\_RESET.md**: Complete password reset system documentation * **SMTP\_SETUP.md**: Gmail configuration and troubleshooting guide * **Migration guides**: Step-by-step upgrade procedures **Enhanced Existing Docs** * Updated API documentation with new endpoints * Added security best practices * Included troubleshooting guides * Cross-platform installation instructions #### Configuration Changes **New Environment Variables** ```env # Rate Limiting Configuration LOGIN_RATE_LIMIT_MIN=5 per minute LOGIN_RATE_LIMIT_HOUR=25 per hour RESET_RATE_LIMIT=15 per hour # Environment Version ENV_CONFIG_VERSION=1.0.3 ``` **Database Schema Updates** * Added `smtp_server`, `smtp_port`, `smtp_username` columns * Added `smtp_password_encrypted`, `smtp_use_tls` columns * Added `smtp_from_email`, `smtp_helo_hostname` columns #### Breaking Changes * **Account Setup Flow**: QR code no longer displayed after account creation * **Profile Structure**: Profile page reorganized into tabbed interface * **Password Requirements**: Updated visual layout (functionality unchanged) * **Environment Config**: New variables required in `.env` file #### Dependencies * **No new external dependencies**: All features use existing Python libraries * **Enhanced existing usage**: Improved cryptography, email, and session handling * **Cross-platform compatibility**: Removed Windows-incompatible shell scripts *** ### Upgrade Instructions See [UPGRADE](https://docs.openalgo.in/getting-started/upgrade) for detailed upgrade procedures from previous versions. ### Migration Notes * **Database migration required** for SMTP functionality * **Environment file updates** needed for rate limiting * **Profile page changes** may affect custom styling * **Password reset flow** completely redesigned ### Support * **Documentation**: Check `/docs` folder for detailed guides * **Issues**: Report bugs on GitHub Issues * **SMTP Problems**: Use built-in debug functionality * **Migration Help**: See upgrade documentation *** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.openalgo.in/change-log/release/version-1.0.0.29-launched.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.