populateCurrentRecords() always showed Users successfully fetched on every
successful fetch, so delete/edit/ACL/suspend showed two popups. Add optional
suppressSuccessNotify; use silent refresh after mutations and on initial load.
- robust_delete_administrator: use ORM delete when webauthn_credentials exists; else SQL DELETE after optional webauthn row cleanup and recursive child admins
- Fixes MySQL 1146 ProgrammingError on submitUserDeletion for installs without webauthn migrations
- JSON responses use application/json; errors include deleteStatus for listUsers UI
- After invalid/missing HomeDirectory id, resolve home_dir from best path like auto mode
- Handle MultipleObjectsReturned on path lookup; use get_or_create for UserHomeMapping
- Clear errors for ACL.DoesNotExist and IntegrityError (duplicate username)
- Ensure JSON error responses include createStatus and application/json
- Initialize selectedACL in create user template so JSON POST always includes ACL
- Explicit option values; pass default_acl_name from view for ng-init
- Coerce websitesLimit to int; validate selectedACL before ACL.objects.get
- ensure_csrf_cookie on createUser page load
- Optional /etc/cyberpanel/csrf_trusted_origins for HTTPS IP:port panels
- Allow changeUserACL on getUserHomeDirectories (parity with create user page)
- Sync public/static and static copies of userManagment.js with app static
- Create User: Don't show 'Unknown error' on load; fix inverted success/failure
logic in static/ and public/static/ userManagment.js
- List Users: Use <button> for Edit/Delete/Suspend/Activate; add showModalById/
hideModalById for Bootstrap 3/5; fix public/static missing modal show calls
- Modify User: Fix inverted canotModifyUser/canotFetchDetails in all three
userManagment.js copies; hide modify error when only fetching details
- Add deploy-createuser-fix.sh to copy fixed JS and run collectstatic on server
- Removed {% load user_filters %} which is not needed in v2.4.4
- Removed Home Directory selection section (not in v2.4.4)
- Changed securityLevels to use direct Django template rendering instead of JSON encoding
- Template now matches GitHub v2.4.4 exactly
- Introduced a new endpoint to manually regenerate the 2FA secret for users.
- Updated views to handle 2FA secret regeneration, including security checks and logging.
- Enhanced the user interface with a button to regenerate the 2FA secret, along with appropriate alerts and confirmations.
- Updated JavaScript to manage the regeneration process and display the new secret key and QR code provisioning URI.
https://github.com/usmannasir/cyberpanel/issues/1577
> Thank you!
>
> One more question: is it possible to add WebAuthn 2FA/passkeys/passwordless authentication? Right now, the panel login is the weakest link (assuming SSH key login for the server and tight security on the website).
It has now been added:
https://github.com/usmannasir/cyberpanel/issues/1509#issuecomment-3315474043
