1. add to `settings.py`:
python
ALLOWED_HOSTS = ["nemo.example.com"]
...
CSRF_TRUSTED_ORIGINS = ["https://{}".format(ALLOWED_HOSTS[0])]
or directly CSRF_TRUSTED_ORIGINS = ["https://nemo.example.com"]
2. the unauthorized_tool_access_email template needs to be updated to the new version which can be found [here](https://github.com/usnistgov/NEMO/blob/master/resources/emails/unauthorized_tool_access_email.html)
New features
- Added a new Tool credentials page for staff, allowing administrators and staff with permissions to add/edit and search tool credentials (username/passwords).
Tool credentials are shown to staff by default in the `Tool control -> Details` tab but require the user to expand the section to see the actual information (for privacy).
- Added a user profile view which, if enabled in `Customization -> Users`, will allow users to see their profile by clicking on their name in the navigation bar. The user profile contains user's general information, projects, area access levels and tool qualifications (Thanks Valilian of UC Irvine for the contribution!).
- Added support for consumable withdrawal adjustment requests
Improvements
- Project usage and project billing will now allow to search for inactive users.
- Added an option to hide inactive projects when looking at a specific account page in `Customization -> Projects & accounts`.
- Added confirmation dialog when marking an adjustment request as applied.
- Automatically adding tool owners, backup owners and superusers when sending a email to all qualified users (in case they are not explicitly qualified).
- Added option to require selecting a user type when creating a new user.
- Training can now be enabled for some specific hidden tools in `Customization -> Training` (Thanks r-xyz for the contribution). 221
- Added settings to allow tool problems and updates to be sent to users if they add them in preferences. only qualified tools are allowed (Thanks `UPenn Singh Center` for the contribution!).
- In user's page, added the last access date for each area access levels. `None` will be displayed in red color if the user has an area access that they never used.
- Personal schedule can now be selected in the calendar to be displayed in the same view as tool reservations (Thanks `UPenn Singh Center` for the contribution!).
- Added an option to sort tools in status dashboard by time of use instead of name (Thanks `Stanford SNF` for the contribution!).
- Added an option in email broadcast to send the message to users with expired access (false by default)
- Max delayed logoff time can now be customized per tool. It replaces the previous checkbox. Any tool that previously allowed delayed logoff will be automatically set to 120 minutes which was the hardcoded value until now.
- Added title for contact information people. 195
API
- Added recurring consumables, physical access levels, buddy requests, temporary physical access requests and adjustment requests endpoint.
- Missed reservation adjustment can now be applied (if times are changed, new times will be applied, and if no times are changed, the reservation will be changed to not missed).
- Simplified API filters in the code for easier maintainability and consistency.
Bug fixes
- Reservation ending email reminders will not be sent anymore when the user has back to back reservations (Thanks r-xyz for the contribution!).
- Fixed the first day of the week not being consistent when using datetime pickers (Thanks r-xyz for the contribution!). 231
- Fixed invalid dates when selecting blank option as a month in my usage/project billing pages. 235
Libraries
- Django 3.2.25 -> 4.2.11
- cryptography 42.0.5 -> 42.0.8
- requests 2.31.0 -> 2.32.3