Enable external-group sync-errors email notification

Added

• Document (in README) how to set up external-groups syncs from a Google Sheet
• Enable (optionally) sending an email notification if there are any external-groups sync errors
• Log actual changes to Users' groups_external values during a sync
• Document (in local.env.dist) how to format Google JSON key for env. var.

Fixed

• Update dependencies
• Fix incorrect Exception class usage in EmailLog::logMessage()

Add updateUserLastLogin endpoint

Added

• Idp 781 Add updateUserLastLogin endpoint @hobbitronics in #373

New Contributors

• @hobbitronics made their first contribution in #373

Full Changelog: 6.8.3...6.9.0

Ignore upper/lowercase differences in email when syncing external groups

Fixed

• Ignore upper/lowercase differences in email when syncing external groups
  • Whether the Google Sheet has the non-lowercase email address or the ID Broker database has the non-lowercase email, this will now correctly sync the external groups (rather than removing them on every other run).
• Update dependencies

MFA API client User-Agent

Added

• Added a CODEOWNERS file
• Added GitHub Actions config to add semantic version tags to Docker image (e.g. 1.2 for tag 1.2.3)
• Added a User-Agent header to MFA API client

Fixed

• Filled in some gaps in api.raml

Ensure external-groups prefixes start with "ext-"

Fixed

• Require external-groups app-prefixes to start with "ext-"
  • Dummy example: ext-wiki-users
• Improve error message for test step confirming there was a sync error

Sync groups_external from Google Sheets, include in SAML `member` attribute

Added

• Add groups_external field to User
• Sync the new user.groups_external values from a Google Sheet, limiting by specific prefixes
• Include the new external groups in a User's member SAML attribute (e.g. during login)
• Add a timeout to GitHub Action jobs

Changed (non-breaking)

• Update base models, and do so with each "make composerupdate"
• Refine ID Broker's pull-request template
• Pass config values to Sheets component instead of internally retrieving them

Fixed

• Update dependencies

dependency update

Fixed

• Dependency updates, including yii2 update for CVE-2024-4990 (IDP-1136)

log details for Invalid rpOrigin error

Added

• Added a log message with details for "Invalid rpOrigin" error.

Add test for logging in when WebAuthn API is unusable

Added

• Update documentation on how to run just a specific test scenario
• Add automated tests for trying to log in (authenticate) while WebAuthn MFA API is unusable

Changed (non-breaking)

• Move the authentication tests to their own test suite

Fixed

• Simplify the list of paths in the behat.yml file

Enable login even if WebAuthn MFA API is down

Changed (non-breaking)

• If an authInit() calls fails, skip loading that MFA's extra data
  • This allows users to log in even if the WebAuthn MFA API is down, merely preventing those WebAuthn MFA options from working but allowing the "remember me" cookie and the other MFA options to work.

Fixed

• Fix checklist entry and comment-typo