## Added new features / Bug fixed

・TOTP（Time-based One-Time Password）認証機能を追加。
・ユーザー・グループ・組織単位で、IPアドレス制限を除外する機能を追加。
・一括更新のダイアログで複数選択が可能な項目のプルダウンリストが前面に表示されない問題を解消。
・タイトル結合で、数値項目の値がNULLの場合に「0」と表示される問題を解消。
・期限付きテーブルで、ビューのカンバン表示の集計種別が画面上の設定と異なる問題を解消。
・サーバスクリプトで、 items.Sum時のフィルタにリンク先の項目を指定するとエラーとなる問題を解消。
・ユーザの更新時、ユーザのメールアドレスに履歴レコードのメールアドレスが設定されるケースがある問題を解消。

Implem.CodeDefiner/Implem.CodeDefiner.csproj

@@ -5,9 +5,9 @@
     <TargetFramework>net8.0</TargetFramework>
     <Copyright>Copyright © Implem Inc 2014 - 2024</Copyright>
     <Description>This program does the automatic code creation and merging of existing code based on the definition. Also it will make the configuration change of sql server database.</Description>
-    <AssemblyVersion>1.4.1.1</AssemblyVersion>
-    <FileVersion>1.4.1.1</FileVersion>
-    <Version>1.4.1.1</Version>
+    <AssemblyVersion>1.4.2.0</AssemblyVersion>
+    <FileVersion>1.4.2.0</FileVersion>
+    <Version>1.4.2.0</Version>
     <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
   </PropertyGroup>
 

Implem.DefinitionAccessor/Def.cs

@@ -1911,6 +1911,7 @@ public static void SetColumnDefinition()
                     case "Users_Disabled": Column.Users_Disabled = definitionRow[1].ToString(); SetColumnTable(ColumnTable.Users_Disabled, definitionRow, ColumnXls); break;
                     case "Users_DisableSecondaryAuthentication": Column.Users_DisableSecondaryAuthentication = definitionRow[1].ToString(); SetColumnTable(ColumnTable.Users_DisableSecondaryAuthentication, definitionRow, ColumnXls); break;
                     case "Users_EnableSecondaryAuthentication": Column.Users_EnableSecondaryAuthentication = definitionRow[1].ToString(); SetColumnTable(ColumnTable.Users_EnableSecondaryAuthentication, definitionRow, ColumnXls); break;
+                    case "Users_EnableSecretKey": Column.Users_EnableSecretKey = definitionRow[1].ToString(); SetColumnTable(ColumnTable.Users_EnableSecretKey, definitionRow, ColumnXls); break;
                     case "Users_FirstAndLastNameOrder": Column.Users_FirstAndLastNameOrder = definitionRow[1].ToString(); SetColumnTable(ColumnTable.Users_FirstAndLastNameOrder, definitionRow, ColumnXls); break;
                     case "Users_FirstName": Column.Users_FirstName = definitionRow[1].ToString(); SetColumnTable(ColumnTable.Users_FirstName, definitionRow, ColumnXls); break;
                     case "Users_Gender": Column.Users_Gender = definitionRow[1].ToString(); SetColumnTable(ColumnTable.Users_Gender, definitionRow, ColumnXls); break;
@@ -1936,6 +1937,7 @@ public static void SetColumnDefinition()
                     case "Users_RememberMe": Column.Users_RememberMe = definitionRow[1].ToString(); SetColumnTable(ColumnTable.Users_RememberMe, definitionRow, ColumnXls); break;
                     case "Users_SecondaryAuthenticationCode": Column.Users_SecondaryAuthenticationCode = definitionRow[1].ToString(); SetColumnTable(ColumnTable.Users_SecondaryAuthenticationCode, definitionRow, ColumnXls); break;
                     case "Users_SecondaryAuthenticationCodeExpirationTime": Column.Users_SecondaryAuthenticationCodeExpirationTime = definitionRow[1].ToString(); SetColumnTable(ColumnTable.Users_SecondaryAuthenticationCodeExpirationTime, definitionRow, ColumnXls); break;
+                    case "Users_SecretKey": Column.Users_SecretKey = definitionRow[1].ToString(); SetColumnTable(ColumnTable.Users_SecretKey, definitionRow, ColumnXls); break;
                     case "Users_ServiceManager": Column.Users_ServiceManager = definitionRow[1].ToString(); SetColumnTable(ColumnTable.Users_ServiceManager, definitionRow, ColumnXls); break;
                     case "Users_SessionGuid": Column.Users_SessionGuid = definitionRow[1].ToString(); SetColumnTable(ColumnTable.Users_SessionGuid, definitionRow, ColumnXls); break;
                     case "Users_SynchronizedTime": Column.Users_SynchronizedTime = definitionRow[1].ToString(); SetColumnTable(ColumnTable.Users_SynchronizedTime, definitionRow, ColumnXls); break;
@@ -9235,6 +9237,7 @@ public class ColumnColumn2nd
         public string Users_Disabled;
         public string Users_DisableSecondaryAuthentication;
         public string Users_EnableSecondaryAuthentication;
+        public string Users_EnableSecretKey;
         public string Users_FirstAndLastNameOrder;
         public string Users_FirstName;
         public string Users_Gender;
@@ -9260,6 +9263,7 @@ public class ColumnColumn2nd
         public string Users_RememberMe;
         public string Users_SecondaryAuthenticationCode;
         public string Users_SecondaryAuthenticationCodeExpirationTime;
+        public string Users_SecretKey;
         public string Users_ServiceManager;
         public string Users_SessionGuid;
         public string Users_SynchronizedTime;
@@ -9795,6 +9799,7 @@ public class ColumnTable
         public ColumnDefinition Users_Disabled = new ColumnDefinition();
         public ColumnDefinition Users_DisableSecondaryAuthentication = new ColumnDefinition();
         public ColumnDefinition Users_EnableSecondaryAuthentication = new ColumnDefinition();
+        public ColumnDefinition Users_EnableSecretKey = new ColumnDefinition();
         public ColumnDefinition Users_FirstAndLastNameOrder = new ColumnDefinition();
         public ColumnDefinition Users_FirstName = new ColumnDefinition();
         public ColumnDefinition Users_Gender = new ColumnDefinition();
@@ -9820,6 +9825,7 @@ public class ColumnTable
         public ColumnDefinition Users_RememberMe = new ColumnDefinition();
         public ColumnDefinition Users_SecondaryAuthenticationCode = new ColumnDefinition();
         public ColumnDefinition Users_SecondaryAuthenticationCodeExpirationTime = new ColumnDefinition();
+        public ColumnDefinition Users_SecretKey = new ColumnDefinition();
         public ColumnDefinition Users_ServiceManager = new ColumnDefinition();
         public ColumnDefinition Users_SessionGuid = new ColumnDefinition();
         public ColumnDefinition Users_SynchronizedTime = new ColumnDefinition();

Implem.DefinitionAccessor/Implem.DefinitionAccessor.csproj

@@ -3,9 +3,9 @@
   <PropertyGroup>
     <TargetFramework>net8.0</TargetFramework>
     <Copyright>Copyright © Implem Inc 2014 - 2024</Copyright>
-    <AssemblyVersion>1.4.1.1</AssemblyVersion>
-    <FileVersion>1.4.1.1</FileVersion>
-    <Version>1.4.1.1</Version>
+    <AssemblyVersion>1.4.2.0</AssemblyVersion>
+    <FileVersion>1.4.2.0</FileVersion>
+    <Version>1.4.2.0</Version>
     <Nullable>disable</Nullable>
   </PropertyGroup>
 

Implem.DefinitionAccessor/Initializer.cs

@@ -917,6 +917,14 @@ private static void SetColumnDefinitionAccessControl()
                     SetManageServiceToDisableSecondaryAuthentication();
                     break;
             }
+            if((Parameters.Security.SecondaryAuthentication?.Mode
+                is null
+                or SecondaryAuthentication.SecondaryAuthenticationMode.None)
+                    || Parameters.Security.SecondaryAuthentication?.NotificationType
+                        != SecondaryAuthentication.SecondaryAuthenticationModeNotificationTypes.Totp)
+            {
+                SetManageServiceToEnableSecretKey();
+            }
         }
 
         private static void SetManageServiceToDisableSecondaryAuthentication()
@@ -939,6 +947,16 @@ private static void SetManageServiceToEnableSecondaryAuthentication()
                 o.Id == "Users_EnableSecondaryAuthentication").UpdateAccessControl = "ManageService";
         }
 
+        private static void SetManageServiceToEnableSecretKey()
+        {
+            Def.ColumnDefinitionCollection.FirstOrDefault(o =>
+                o.Id == "Users_EnableSecretKey").CreateAccessControl = "ManageService";
+            Def.ColumnDefinitionCollection.FirstOrDefault(o =>
+                o.Id == "Users_EnableSecretKey").ReadAccessControl = "ManageService";
+            Def.ColumnDefinitionCollection.FirstOrDefault(o =>
+                o.Id == "Users_EnableSecretKey").UpdateAccessControl = "ManageService";
+        }
+
         private static void SetTimeZone()
         {
             Environments.TimeZoneInfoDefault = TimeZoneInfo.GetSystemTimeZones()

Implem.DisplayAccessor/Implem.DisplayAccessor.csproj

@@ -3,9 +3,9 @@
   <PropertyGroup>
     <TargetFramework>net8.0</TargetFramework>
     <Copyright>Copyright © Implem Inc 2014 - 2024</Copyright>
-    <AssemblyVersion>1.4.1.1</AssemblyVersion>
-    <FileVersion>1.4.1.1</FileVersion>
-    <Version>1.4.1.1</Version>
+    <AssemblyVersion>1.4.2.0</AssemblyVersion>
+    <FileVersion>1.4.2.0</FileVersion>
+    <Version>1.4.2.0</Version>
     <Nullable>disable</Nullable>
   </PropertyGroup>
 

Implem.Factory/Implem.Factory.csproj

@@ -3,9 +3,9 @@
   <PropertyGroup>
     <TargetFramework>net8.0</TargetFramework>
     <Copyright>Copyright © Implem Inc 2014 - 2024</Copyright>
-    <AssemblyVersion>1.4.1.1</AssemblyVersion>
-    <FileVersion>1.4.1.1</FileVersion>
-    <Version>1.4.1.1</Version>
+    <AssemblyVersion>1.4.2.0</AssemblyVersion>
+    <FileVersion>1.4.2.0</FileVersion>
+    <Version>1.4.2.0</Version>
     <Nullable>disable</Nullable>
   </PropertyGroup>
 

Implem.Libraries/Implem.Libraries.csproj

@@ -3,9 +3,9 @@
   <PropertyGroup>
     <TargetFramework>net8.0</TargetFramework>
     <Copyright>Copyright © Implem Inc 2014 - 2024</Copyright>
-    <AssemblyVersion>1.4.1.1</AssemblyVersion>
-    <FileVersion>1.4.1.1</FileVersion>
-    <Version>1.4.1.1</Version>
+    <AssemblyVersion>1.4.2.0</AssemblyVersion>
+    <FileVersion>1.4.2.0</FileVersion>
+    <Version>1.4.2.0</Version>
     <Nullable>disable</Nullable>
   </PropertyGroup>
 

Implem.ParameterAccessor/Implem.ParameterAccessor.csproj

@@ -3,9 +3,9 @@
   <PropertyGroup>
     <TargetFramework>net8.0</TargetFramework>
     <Copyright>Copyright © Implem Inc 2014 - 2024</Copyright>
-    <AssemblyVersion>1.4.1.1</AssemblyVersion>
-    <FileVersion>1.4.1.1</FileVersion>
-    <Version>1.4.1.1</Version>
+    <AssemblyVersion>1.4.2.0</AssemblyVersion>
+    <FileVersion>1.4.2.0</FileVersion>
+    <Version>1.4.2.0</Version>
     <Nullable>disable</Nullable>
   </PropertyGroup>
 

Implem.ParameterAccessor/Parts/SecondaryAuthentication.cs

@@ -8,9 +8,15 @@ public enum SecondaryAuthenticationMode
             DefaultEnable,
             DefaultDisable
         }
+        public enum SecondaryAuthenticationModeNotificationTypes
+        {
+            Mail,
+            Totp
+        }
 
         public SecondaryAuthenticationMode Mode;
-        public string NotificationType;
+        public SecondaryAuthenticationModeNotificationTypes NotificationType;
+        public double? CountTolerances;
         public bool NotificationMailBcc;
         public string AuthenticationCodeCharacterType;
         public int? AuthenticationCodeLength;

Implem.ParameterAccessor/Parts/Security.cs

@@ -4,6 +4,7 @@ namespace Implem.ParameterAccessor.Parts
     public class Security
     {
         public List<string> AllowIpAddresses;
+        public List<string> IpRestrictionExcludeMembers;
         public bool MimeTypeCheckOnApi;
         public List<string> PrivilegedUsers;
         public bool RevealUserDisabled;

Implem.Pleasanter/App_Data/Definitions/Definition_Code/Controller_Users_Body.txt

@@ -1,4 +1,5 @@
 using Sustainsys.Saml2.AspNetCore2;
+using System;
 using System.Collections.Generic;
 using System.Data.Common;
 using System.Linq;

Implem.Pleasanter/App_Data/Definitions/Definition_Code/Model_Utilities_DashboardGridRowsReturn_Body.txt

@@ -11,7 +11,7 @@
 <!--Model_Utilities_ClearOriginalId-->
 
         .CloseDialog(_using: offset == 0)
-        .ReplaceAll("#CopyDirectUrlToClipboard", new HtmlBuilder()
+        .ReplaceAll("#CopyToClipboards", new HtmlBuilder()
             .CopyDirectUrlToClipboard(
                 context: context,
                 view: view))

Implem.Pleasanter/App_Data/Definitions/Definition_Code/Model_Utilities_GridRowsReturn_Body.txt

@@ -9,7 +9,7 @@
 <!--Model_Utilities_ClearOriginalId-->
 
     .CloseDialog(_using: offset == 0)
-    .ReplaceAll("#CopyDirectUrlToClipboard", new HtmlBuilder()
+    .ReplaceAll("#CopyToClipboards", new HtmlBuilder()
         .CopyDirectUrlToClipboard(
             context: context,
             view: view))

Implem.Pleasanter/App_Data/Definitions/Definition_Column/Users_EnableSecretKey.json

@@ -0,0 +1,32 @@
+{
+    "Id": "Users_EnableSecretKey",
+    "ModelName": "User",
+    "TableName": "Users",
+    "Label": "ユーザ",
+    "ColumnName": "EnableSecretKey",
+    "LabelText": "秘密鍵有効",
+    "No": "156",
+    "History": "156",
+    "GridColumn": "156",
+    "GridEnabled": "1",
+    "FilterColumn": "156",
+    "FilterEnabled": "1",
+    "EditorColumn": "156",
+    "EditorEnabled": "1",
+    "LinkColumn": "156",
+    "HistoryColumn": "156",
+    "TypeName": "bit",
+    "Default": "0",
+    "ReadAccessControl": "ManageTenant",
+    "CreateAccessControl": "ManageTenant",
+    "UpdateAccessControl": "ManageTenant",
+    "CheckFilterControlType": "2",
+    "ControlType": "ChoicesText",
+    "ChoicesText": "有効\n無効",
+    "LabelText_en": "Enable Secret key",
+    "LabelText_zh": "启用密匙",
+    "LabelText_de": "Sekundäre Secret key",
+    "LabelText_ko": "비밀 키 활성화",
+    "LabelText_es": "Habilitar clave secreta",
+    "LabelText_vn": "Bật Chìa khoá bí mật"
+}

Implem.Pleasanter/App_Data/Definitions/Definition_Column/Users_SecretKey.json

@@ -0,0 +1,19 @@
+{
+    "Id": "Users_SecretKey",
+    "ModelName": "User",
+    "TableName": "Users",
+    "Label": "ユーザ",
+    "ColumnName": "SecretKey",
+    "LabelText": "秘密鍵",
+    "No": "155",
+    "History": "155",
+    "TypeName": "nvarchar",
+    "MaxLength": "128",
+    "Nullable": "1",
+    "LabelText_en": "Secret key",
+    "LabelText_zh": "密匙",
+    "LabelText_de": "Secret key",
+    "LabelText_ko": "비밀 키",
+    "LabelText_es": "Clave secreta",
+    "LabelText_vn": "Chìa khoá bí mật"
+}

Implem.Pleasanter/App_Data/Displays/RequireSecondAuthenticationByMail.json

@@ -0,0 +1,33 @@
+{
+    "Id": "RequireSecondAuthenticationByMail",
+    "Type": 240,
+    "Languages": [
+        {
+            "Body": "Authenticate by mail"
+        },
+        {
+            "Language": "zh",
+            "Body": "通过电子邮件认证"
+        },
+        {
+            "Language": "ja",
+            "Body": "メールで認証する"
+        },
+        {
+            "Language": "de",
+            "Body": "Godkendelse via e-mail"
+        },
+        {
+            "Language": "ko",
+            "Body": "이메일로 인증"
+        },
+        {
+            "Language": "es",
+            "Body": "Autentimine e-posti teel"
+        },
+        {
+            "Language": "vn",
+            "Body": "Xác thực bằng email"
+        }
+    ]
+}

Implem.Pleasanter/App_Data/Parameters/Security.json

@@ -1,5 +1,6 @@
 {
     "AllowIpAddresses": null,
+    "IpRestrictionExcludeMembers": null,
     "MimeTypeCheckOnApi": false,
     "PrivilegedUsers": null,
     "RevealUserDisabled": false,
@@ -83,6 +84,7 @@
     "SecondaryAuthentication": {
         "Mode": "None",
         "NotificationType": "Mail",
+        "CountTolerances": 1,
         "NotificationMailBcc": false,
         "AuthenticationCodeCharacterType": "Number",
         "AuthenticationCodeLength": 8,
@@ -92,7 +94,7 @@
         "BlobContainerUri": null,
         "KeyIdentifier": null,
         "KeyFileName": "Keys.xml",
-        "XmlAesKey":  null
+        "XmlAesKey": null
     },
     "HttpStrictTransportSecurity": {
         "Enabled": false,

Implem.Pleasanter/App_Start/BundleConfig.cs

@@ -114,7 +114,10 @@ public static IEnumerable<string> Generals()
                 "~/scripts/relatingcolumns.js",
                 "~/scripts/fieldselectable.js",
                 "~/scripts/tenants.js",
-                "~/scripts/responsive.js"
+                "~/scripts/responsive.js",
+                "~/scripts/qr.js",
+                "~/scripts/authenticatebymail.js",
+                "~/scripts/splittotpform.js"
             };
         }
     }

Implem.Pleasanter/Controllers/UsersController.cs

@@ -12,6 +12,7 @@
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Sustainsys.Saml2.AspNetCore2;
+using System;
 using System.Collections.Generic;
 using System.Data.Common;
 using System.Linq;
@@ -399,15 +400,16 @@ private ActionResult ChallengeBySsoCode(string ssocode, Context context)
         /// </summary>
         [AllowAnonymous]
         [HttpPost]
-        public string Authenticate(string returnUrl)
+        public string Authenticate(string returnUrl, int isAuthenticationByMail = 0)
         {
             var context = new Context();
             var log = new SysLogModel(context: context);
             var json = Authentications.SignIn(
                 context: context,
                 returnUrl: Url.IsLocalUrl(returnUrl)
                     ? returnUrl
-                    : string.Empty);
+                    : string.Empty,
+                isAuthenticationByMail: Convert.ToBoolean(isAuthenticationByMail));
             log.Finish(
                 context: context,
                 responseSize: json.Length);

Implem.Pleasanter/Filters/CheckApiContextAttributes.cs

@@ -44,7 +44,9 @@ public void OnAuthorization(AuthorizationFilterContext filterContext)
                 setPermissions: false,
                 apiRequestBody: requestData);
             if (!IpAddresses.AllowedIpAddress(
+                context: context,
                 allowIpAddresses: Parameters.Security.AllowIpAddresses,
+                ipRestrictionExcludeMembers: Parameters.Security.IpRestrictionExcludeMembers,
                 ipAddress: context.UserHostAddress))
             {
                 filterContext.HttpContext.Response.StatusCode = StatusCodes.Status403Forbidden;
@@ -55,7 +57,9 @@ public void OnAuthorization(AuthorizationFilterContext filterContext)
                     });
                 return;
             }
-            if (!context.ContractSettings.AllowedIpAddress(context.UserHostAddress))
+            if (!context.ContractSettings.AllowedIpAddress(
+                context: context,
+                context.UserHostAddress))
             {
                 filterContext.HttpContext.Response.StatusCode = StatusCodes.Status403Forbidden;
                 filterContext.Result = new JsonResult(