Nemo

Bug fixes
* Fixed a bug where NEMO was incorrectly referencing REST API permissions

Stability improvements
* Increase the number of threads and workers for Gunicorn in the Docker image from 1 to 8. This should allow a NEMO Docker container to comfortably handle many (hundreds) of users

Major new features
* Created the NEMO "Splash Pad" for trying out NEMO
* Zero configuration required
* Comes preloaded with sample data
* Resource outages can now be scheduled, from the Administration menu > Resources > click the link "schedule resource outages"
* Once a resource outage is created, it can be modified or deleted on the tool calendar, or from the "Schedule resource outage" page
* Outages will **not** cause reservations that are coincident to be marked as 'missed'
* "Tool time binning" was added, allowing staff to designate the "task status" of a tool while it's down for maintenance.
* Task Statuses are defined by the NEMO administrator - they could be anything you want... for example
* Parts on order
* Down for calibration
* Repaired and awaiting qualification
* When a task status is changed, that gets recorded as a "Task History" entry. This allows someone to look over the history of all tasks, and analyze trends or identify problems with why a tool is down often
* Added a `run_data` field to tool UsageEvent database rows
* Allows for custom data to be stored (in JSON) for an individual tool run
* This feature will be expanded in the future to be very customizable
* Added "Post usage questions"
* A Tool can be configured with a JSON data structure
* When a user is done using a tool, they are presented with the questions
* The user's answer get recorded in the `run_data` field of their Usage Event
* Database migrations are now shipped with NEMO
* Thanks to Ryan Goggin (Goggin) at the University of Waterloo for recommending that migrations be included with the codebase
* Your database should auto-update when you run a newer version of NEMO from the Docker container
* Use `django-admin migrate` to update your database manually
* Databases that already exist, and used NEMO versions 1.0.0 and 1.1.0 may need to perform the command `django-admin migrate --fake` to catch up for migrations

Minor new features
* Added an introduction message on the Resources page when no resources exist
* Added a `visible` field for Consumables - they are now able to be kept, but hidden. This is useful for keeping history/billing information intact
* Kiosk (tool control tablet page) was reworked
* Users can now control all tools rather than just nearby tools
* Post Usage Questions can be completed when a tool is disabled from a Kiosk
* Because the user can now use the keyboard on a Kiosk, the badge readers attached to the Kiosk must be configured to send <F2><badge number as keyboard input><F2>. The F2 "sentinel" identifies that the badge reader is issuing the keystrokes

Stability improvements
* The authentication logic now has better error logging, so it's easier to figure out why/when authentication is not working
* Shortened the time-description for tool usage. Used to be "Monday, January 12th, 2018 2:43 PM", now is "Monday 2:43"
* Resource restriction messages can now be blank in the database (for when there's no resource outage)
* Made settings and runtime info path constant inside the Dockerfile. Inside the container, `/nemo` is where NEMO expects `settings.py` and other information attached to the volume
* Resource Categories are now sorted by name (in the database), by default
* Bumped NEMO dependency versions in `setup.py` to incorporate latest improvements
* Linted some JavaScript to use `let` instead of `var`, which improves variable scoping
* Removed all popups from the Tool Control page - this design decision was due to the addition of the Post Usage Questions feature

Bug fixes
* The authentication logic now uses `sensitive_post_parameters` to mask passwords in NEMO/Django logs
* The Resources page now displays uncategorized resources
* Fixed a bug where JavaScript AJAX request parameters were being serialized into an array, instead of single values. This was interfering with creating scheduled outages
* Linted nemo.js for better JS comparison operators
* A title is now required for scheduled tool outages
* Enter no longer submits the form when creating a scheduled tool outage. Previously, enter was causing the form to submit and the main calendar page to reload
* Fixed a bug where Alerts datetimes were not being reflected properly by Django

New features
* Added "scheduled outages" for tools. Users who are designated as "staff" in NEMO can now create scheduled outages for a tool from the calendar page. A scheduled outage prevents users from using a tool during the outage period. It does not interrupt use if a tool is already enabled. Staff are still able to enable a tool during a scheduled outage (in order to perform maintenance or other tasks).
* Added a "safe user deactivation" page. This ensures that there are no billable charges in progress nor in the future (i.e. tool usage, staff charges, reservations, and area access). This can be found in the /users/<id>/ page.

Authentication & security improvements:
* Added support for Nginx [kerberos module](https://github.com/stnoonan/spnego-http-auth-nginx-module).
* Fixed a bug where permissions were not properly applied when using LDAP authentication. Thanks to Princeton University's David Barth (dsbarth) and Daniel McNesby (przcomp) for finding and diagnosing the bug.
* Added more robust error checking for invalid username/passwords in LDAP authentication.
* LDAP authentication now **requires TLS version 1.2** between the web server and authentication server.

Stability fixes:
* Pinned all dependency versions (in setup.py) so code doesn't break over time.

Setup and provisioning of NEMO:
* Added two new commands to the "nemo" provisioning utility (binary program) that is created with setup.py:
- `nemo query_public_key` gets the public key of an IP address and port. If the DNS name resolves to multiple IP addresses (e.g. round-robin DNS load balancing), the query is performed for each IP address. This assists with downloading public keys for LDAP authentication setup.
- `nemo test_ldap_authentication` tests LDAP authentication, the same way it is performed in NEMO's code.

Usability improvements
* Added a "getting started" message to the landing page. When there are no choices on the landing page, a message is displayed for the system administrator to tell them how to configure and customize NEMO. This will help new system administrators get started with configuring NEMO.
* Landing page choices can now be hidden from normal users, but visible to staff/super-users/technicians. Fixed a column spacing bug on the landing page.
* Added visual highlights and tool ownership information to the maintenance page. If you are a tool owner, the problems that you "own" on the maintenance page are highlighted in red. If you are a backup tool owner, those problems are highlighted in yellow.

Roadmap and future imporvements
For the next release of NEMO, we plan to implement scheduled resource outages and improved tool-downtime data analytics. This will also coincide with improvements to the NEMO API, to get that data out.

It has also become clear that there are two major challenges with setting up a new instance of NEMO:
1) Authentication is always difficult to integrate with - whether it's LDAP, Kerberos, or some other type. There will likely be some improvements to this area coming soon.
2) Bootstrapping NEMO is also difficult. Organizations that are trying out NEMO for the first time often want to download and run it in a test environment to try it out. It seems pretty clear that there needs to be a simple way to run a test version of NEMO, with no external configuration required. Perhaps creating a separate test/evaluation Docker image would be the best way to go, and we'll be exploring this possibility.

Initial open source release of NEMO.