v99.0.8

99.0.8 (2026-04-10)

What's Changed

• feat(oauth-app): Implement the multi-app oauth provider for multiple clients app consumers by @RolandM99 in #9647

Full Changelog: v99.0.7...v99.0.8

v99.0.7

99.0.7 (2026-04-10)

What's Changed

• chore(deps): bump @hono/node-server from 1.19.10 to 1.19.13 by @dependabot[bot] in #9648

Full Changelog: v99.0.6...v99.0.7

v99.0.6

99.0.6 (2026-04-10)

What's Changed

• chore(deps): bump hono from 4.12.7 to 4.12.12 by @dependabot[bot] in #9649

Full Changelog: v99.0.5...v99.0.6

v99.0.5

99.0.5 (2026-04-10)

What's Changed

• [Fix] Help Center Article Description fields patch and retrieve by @GloireMutaliko21 in #9650

Full Changelog: v99.0.4...v99.0.5

v99.0.4

99.0.4 (2026-04-06)

What's Changed

• chore(integration): revamp Zapier and MakeCom plugin integration by @RolandM99 in #9635

Full Changelog: v99.0.3...v99.0.4

v99.0.3

99.0.3 (2026-04-05)

Bug Fixes

• workspace switch disconnects user instead of switching (25f5788)
• workspace switch disconnects user instead of switching (#9643) (4635c7e)

What's Changed

• fix: workspace switch disconnects user instead of switching by @samuelmbabhazi in #9643

Full Changelog: v99.0.2...v99.0.3

v99.0.2

99.0.2 (2026-04-05)

What's Changed

• Fix/magic code by @samuelmbabhazi in #9645

Full Changelog: v99.0.1...v99.0.2

v99.0.1

99.0.1 (2026-04-05)

What's Changed

• fix: use DEMO_PASSWORD_LESS_MAGIC_CODE constant for demo magic login … by @samuelmbabhazi in #9641

Full Changelog: v98.0.9...v99.0.1

v99.0.0

99.0.0 (2026-04-04)

⚠ BREAKING CHANGES

• JWT tokens now include organizationId field. Clients should handle the new token structure.

• fix(ui): restore CHANGE_SELECTED_ORGANIZATION permission check for organization selector

Re-add permission verification that was removed - users without
CHANGE_SELECTED_ORGANIZATION permission should not see the organization
selector in the header.

• fix(migration): remove UNIQUE constraint on userId in SQLite UP migration

Remove CONSTRAINT REL_f4b0d329c4a3cf79ffe9d56504 UNIQUE (userId) from all
CREATE TABLE temporary_employee statements in sqliteUpQueryRunner to allow
many-to-one relationship (multiple employees can reference the same user).

The DOWN migration retains the UNIQUE constraint to restore the original
one-to-one relationship when reverting.

• fix(context): merge duplicate currentOrganizationId methods with proper fallback

Consolidate two currentOrganizationId() methods into one with priority:

1. JWT token organizationId (most secure)
2. User's employee organizationId (fallback for old tokens)
3. Request header organization-id (legacy backward compatibility)

This ensures existing functionality continues to work while preferring
the secure JWT-based organization context when available.

• fix(auth): inject organizationId from JWT into user with fallback

Make organizationId follow the same pattern as employeeId:

• jwt.strategy.ts: inject organizationId from JWT into user.lastOrganizationId
• request-context.ts: currentOrganizationId() reads from user.lastOrganizationId
  with fallback to user.employee.organizationId and header for backward compatibility

This ensures consistency across all context methods while maintaining
backward compatibility with old tokens.

• fix(auth): validate organization access in JWT strategy

• Add UserOrganizationService to validate user has access to organization
• Remove unvalidated header fallback from currentOrganizationId()
• organizationId is now only accepted from validated JWT tokens

• fix(employee): catch specific NotFoundException and validate input

• Catch only NotFoundException instead of all errors
• Add validation for input.user.email before accessing it

• fix(ui): add await for async selectOrganization calls

• Make updateOrganization, deleteOrganization, selectOrganizationById async
• Properly await selectOrganization to prevent race conditions

• fix(ui): add @deprecated to initialize() method

• Mark initialize() as deprecated with JSDoc
• Clean up comments in applyOrganizationData()

• docs(auth): clarify refresh token organization behavior

• Add note explaining refresh token is organization-specific
• Document that /auth/switch-organization should be used to change org

• refactor(ui): use inject() function instead of constructor injection

• Replace constructor parameter injection with inject() function
• Follow Angular modern DI pattern

• fix(auth): include organizationId in refresh token

• Pass organizationId to getJwtRefreshToken in login, signinWorkspaceByToken, and switchWorkspace
• Ensures refresh token contains same organization context as access token

• fix(auth): add cross-validation between employeeId and organizationId in JWT

• Validate that employee.organizationId matches the claimed organizationId
• Prevents JWT token manipulation attacks

• fix(employee): use BadRequestException and check for existing employee

• Use BadRequestException instead of generic Error for proper HTTP 400
• Check if employee already exists for user+organization to prevent duplicates

• fix(ui): validate response fields before applying to store

• Check token and user exist before updating store
• Return false and show error if validation fails

• fix(auth): update user.lastOrganizationId in memory after DB update

• Ensures returned user object has fresh lastOrganizationId value

• fix(employee): load role relation when finding existing user

• Use findOneByOptions with relations: { role: true }
• Fixes 'Cannot read properties of undefined (reading name)' error
• addUserToOrganization requires user.role.name for SUPER_ADMIN check

• Stage (#9305) (59a9cc9), closes #9305 #9303 #9272 #8465 #8465 #8465 #8465 #8465 #8465 #8465 #8465

What's Changed

• Fix/desktop timer offline mode by @syns2191 in #9631
• chore(deps): bump locutus from 3.0.14 to 3.0.25 by @dependabot[bot] in #9632
• chore(deps): bump @apollo/server from 5.4.0 to 5.5.0 by @dependabot[bot] in #9627
• Feat/electron flatpak build by @syns2191 in #9637
• fix: use /user/me endpoint for own profile to avoid ORG_USERS_VIEW pe… by @samuelmbabhazi in #9642
• chore(deps): bump @xmldom/xmldom from 0.8.11 to 0.8.12 by @dependabot[bot] in #9636
• Stage by @evereq in #9644

Full Changelog: v98.0.0...v99.0.0

v98.0.9

98.0.9 (2026-04-04)

Full Changelog: v98.0.8...v98.0.9