rust-proxmox-tfa (4.0.0-1) stable; urgency=medium

  * Don't automatically drop an empty set of recovery keys, instead.
    This means that now if they are the only 2nd factor, once they're used up,
    login becomes impossible.

  * With no recovery keys present, the TfaChallenge now explicitly includes an
    empty set of recovery keys, so the client can see they are empty, rather
    than not configured.

  * If all 2nd factors are disabled, rather than an empty challenge which
    cannot be solved, act as if no 2nd factor existed, allowing the user to
    login normally.

  * Make failing to generate a webauthn or U2F challenge non-fatal: that is, if
    other 2nd factors are available it should still be possible to login with
    those.

  * Log errors to syslog which previously cancelled the login process.

  * TOTP: Add option to enable remembering and reject the last used TOTP codes
    of a user.

  * TOTP: add a failure limit after which TOTP will be completely blocked for a
    user until a recovery key is used.

  * There can now be alimit on TFA tries in general after which a user gets
    locked and and admin intervention is required.

  * add a 'types' feature exposing the TfaInfo, TfaType etc API types without
    exposing the entire API, so API clients can use those.

 -- Proxmox Support Team <support@proxmox.com>  Thu, 20 Apr 2023 09:19:06 +0200

rust-proxmox-tfa (3.0.0-1) stable; urgency=medium

  * Make `UserChallengeAccess` object-safe:
    - drop `Sized` requirement
    - make `save()` take `&mut self`

  * Drop `Clone` requirement on `OpenUserChallengeData`

  * Drop `Data` associated type from `OpenUserChallengeData`, make methods return
    `Box<dyn UserChallengeAccess>` instead

 -- Proxmox Support Team <support@proxmox.com>  Thu, 02 Feb 2023 11:03:34 +0100

rust-proxmox-tfa (2.1.0-1) stable; urgency=medium

  * expose allow_subdomains property for webauthn, defaulting to true

  * include 'webauthn' property when deserializing a `TfaChallenge` object to
    make it reusable by clients

  * bump edition to 2021

 -- Proxmox Support Team <support@proxmox.com>  Mon, 25 Jul 2022 13:31:25 +0200

rust-proxmox-tfa (2.0.0-1) stable; urgency=medium

  * add Webauthn::digest

  * let OriginUrl deref to its inner Url and add FromStr/TryFrom/Into<String>
    impls

  * make configured webauthn origin optional, allow users to pass an
    origin-override

 -- Proxmox Support Team <support@proxmox.com>  Tue, 23 Nov 2021 16:19:16 +0100

rust-proxmox-tfa (1.3.2-1) stable; urgency=medium

  * fix instantiation of u2f context, use origin instead of always replacing
    it with the appid

 -- Proxmox Support Team <support@proxmox.com>  Mon, 22 Nov 2021 13:26:22 +0100

rust-proxmox-tfa (1.3.1-1) stable; urgency=medium

  * rebuild with base64 0.13

  * bump webauthn-rs to 0.3

 -- Proxmox Support Team <support@proxmox.com>  Thu, 18 Nov 2021 12:59:59 +0100

rust-proxmox-tfa (1.3.0-1) stable; urgency=medium

  * add tfa API entry points and optional api-type/schema generation

 -- Proxmox Support Team <support@proxmox.com>  Wed, 17 Nov 2021 09:27:33 +0100

rust-proxmox-tfa (1.2.0-1) stable; urgency=medium

  * make u2f::AuthChallenge Clone + Debug
  * add version field to u2f::AuthChallenge

 -- Proxmox Support Team <support@proxmox.com>  Tue, 02 Nov 2021 12:53:54 +0100

rust-proxmox-tfa (1.1.0-1) stable; urgency=medium

  * add Totp::digits getter

 -- Proxmox Support Team <support@proxmox.com>  Fri, 29 Oct 2021 14:31:53 +0200

rust-proxmox-tfa (1.0.0-1) stable; urgency=medium

  * initial split out of `librust-proxmox-dev`

 -- Proxmox Support Team <support@proxmox.com>  Mon, 04 Oct 2021 11:38:53 +0200