verdnatura-mirror
/
loopback
mirror of https://github.com/strongloop/loopback.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,232 Commits 62 Branches 176 Tags 11 MiB
Commit Graph

2232 Commits

Author SHA1 Message Date
Miroslav Bajtoš 010bbc6369
fixup! add top-level dep on eslint-plugin-mocha 2017-12-12 13:08:05 +01:00
Miroslav Bajtoš 73cc950b1b
Update eslint and eslint-config to latest 2017-12-12 09:33:15 +01:00
Miroslav Bajtoš fdb453943a
Merge pull request #3725 from STRML/fix/exclusive-test 
fix(test): rem exclusive test
 2017-12-08 20:19:01 +01:00
Samuel Reed 3af6a1bbaa
fix(test): rem exclusive test 
Ref: #3720
 2017-12-08 11:14:15 -06:00
Miroslav Bajtoš 3bf84bacde
Merge pull request #3720 from STRML/fix/falsy-id-3.x 
Fix handling of falsy model ids
 2017-12-08 15:24:13 +01:00
Samuel Reed 2bfd67ccaa
fix(test): working test with 0 userId 2017-12-07 10:10:35 -06:00
Samuel Reed b362776e73
fix(AccessContext): Tighten userid/appid checks 
An application may have a use for a falsy ID.
 2017-12-05 10:03:52 -06:00
Samuel Reed 0bac0a933f
fix(id): replace with != null 
Ref: #2356, #2374, #3130, #3693
 2017-12-05 09:54:28 -06:00
Diana Lau 1babfcde9f 3.17.0 
* Added missing DateString type in loopback index (CSLTech)
 * chore:update license (Diana Lau)
 2017-11-29 15:49:28 -05:00
Kevin Delisle 5dd5a674ce
Merge pull request #3689 from CSLTech/master 
Added missing DateString type in loopback index
 2017-11-22 13:34:25 -05:00
CSLTech 1a2d8a4571 Added missing DateString type in loopback index 2017-11-21 11:56:36 -05:00
Diana Lau 0737f5476d
Merge pull request #3687 from strongloop/license 
chore:update license
 2017-11-13 14:55:53 -05:00
Diana Lau b67a096f9e chore:update license 2017-11-09 13:12:39 -05:00
Miroslav Bajtoš cb600d1470
3.16.2 
* Fix "POST /change-password" for multi-user setup (Miroslav Bajtoš)
 2017-10-30 09:03:15 +01:00
Miroslav Bajtoš 825d5a6373
Merge tag 'v3.16.1' 
Bring in changes from #3674 that were accidentally not landed on master:

 * Fix createOnlyInstance for related methods (Raymond Feng)

Close #3674
 2017-10-30 09:00:16 +01:00
Miroslav Bajtoš 91729ee550
Merge pull request #3675 from strongloop/fix/change-password-multiple-users 
Fix "POST /change-password" for multi-user setup
 2017-10-30 08:58:07 +01:00
Raymond Feng 010c7bcd5f 3.16.1 
* Fix createOnlyInstance for related methods (Raymond Feng)
 2017-10-27 21:43:40 -07:00
Raymond Feng 6570b94843 Fix createOnlyInstance for related methods 
For scoped or related create method, the createOnlyInstance flag should
be calculated on the target model. For example, User.createAccessTokens
should set the flag only if AccessToken has updateonly properties.
 2017-10-27 18:51:56 -07:00
Miroslav Bajtoš 3996f56ab9
Fix "POST /change-password" for multi-user setup 
Fix the code extracting current user id from the access token provided
in the HTTP request, to allow only access tokens created by the target
user models to execute the action.

This fixes the following security vulnerability:

* We have two user models, e.g. Admin and Customer

* We have an Admin instance and a Customer instance with the same
  id and the same password.

* The Customer can change Admin's password using their
  regular access token.
 2017-10-27 09:47:07 +02:00
Kevin Delisle 4d4070e542 3.16.0 
* Fix "POST /reset-password" for multi-user setup (Miroslav Bajtoš)
 * test: extract helpers for logging HTTP errors (Miroslav Bajtoš)
 * CODEOWNERS: move @lehni to Alumni section (Miroslav Bajtoš)
 2017-10-24 14:12:37 -04:00
Kevin Delisle 2761e62533 Merge pull request #3666 from strongloop/fix/multi-user-reset-password 
Fix "POST /reset-password" for multi-user setup
 2017-10-24 14:10:35 -04:00
Miroslav Bajtoš 0a2a45512c
Fix "POST /reset-password" for multi-user setup 
Fix the code extracting current user id from the access token provided
in the HTTP request, to allow only access tokens created by the target
user models to execute the action.

This fixes the following security vulnerability:

* A UserA with id 1 (for example), requires a resetToken1

* A UserB with the same id requires a resetToken2.

* Using resetToken2, use the UserAs/reset-password endpoint and change
  the password of UserA and/or vice-versa.
 2017-10-19 13:29:08 +02:00
Miroslav Bajtoš 4ebc517a78
test: extract helpers for logging HTTP errors 
Extract two helpers into a shared file:

 - logAllServerErrors(app)
 - logServerErrorsOtherThan(statusCode, app)
 2017-10-19 13:08:54 +02:00
Miroslav Bajtoš 083fb5d668 Merge pull request #3659 from strongloop/remove/lehni 
CODEOWNERS: move @lehni to Alumni section
 2017-10-19 10:44:20 +02:00
Miroslav Bajtoš c3450df4db
CODEOWNERS: move @lehni to Alumni section 2017-10-19 10:42:54 +02:00
Miroslav Bajtoš f30159cd23
3.15.0 
* update strong-globalize to 3.1.0 (shimks)
 * Fix handling of user verification options (Miroslav Bajtoš)
 * Handle missing getUpdateOnlyProperties fn (Jürg Lehni)
 * test: fix too strict test assertion (Miroslav Bajtoš)
 * Fix typo (Siegfried Ehret)
 2017-10-13 15:33:56 +02:00
Miroslav Bajtoš 64d60fb6f7 Merge pull request #3650 from strongloop/update-strong-globalize 
update strong-globalize to 3.1.0
 2017-10-13 15:27:02 +02:00
shimks 2f02fbac89 update strong-globalize to 3.1.0 2017-10-12 15:08:04 -04:00
Miroslav Bajtoš fb8f3d9df3 Merge pull request #3647 from lehni/model/fix-updateonly-props-check 
Handle missing getUpdateOnlyProperties fn on Model
 2017-10-09 17:00:55 +02:00
Miroslav Bajtoš 9176ee2e11 Merge pull request #3609 from sebastianfelipe/fix/user-verify-duplicated-token 
Fix handling of user verification options
 2017-10-09 14:00:22 +02:00
Miroslav Bajtoš d0a4941668
Fix handling of user verification options 
- Fix `User.prototype.verify` to not modify properties of the supplied
   `verifyOptions` argument. This is needed to allow callers to supply
   the same options object to multiple calls of `verify`.

 - Fix `User.getVerifyOptions` to always return a new copy of the
   options object. This is needed to allow callers to modify the
   returned options object without affecting the result returned
   by subsequent calls of `getVerifyOptions`.
 2017-10-09 13:42:22 +02:00
Jürg Lehni 826ee2aca8 Handle missing getUpdateOnlyProperties fn 
If the current scope does not define a getUpdateOnlyProperties
function, the updateOnlyProps value will now be set to false.
 2017-10-09 09:19:47 +02:00
Miroslav Bajtoš 8488da2e26 Merge pull request #3637 from strongloop/fix/build 
test: fix too strict test assertion
 2017-10-05 13:14:52 +02:00
Miroslav Bajtoš 33989d776c
test: fix too strict test assertion 
Rework the test verifying properties of `loopback` to ignore
new express properties added after the test was written.
 2017-10-04 10:31:50 +02:00
Miroslav Bajtoš 1dd0ab31e0 Merge pull request #3636 from SiegfriedEhret/patch-1 
Fix typo in jsdoc
 2017-10-04 10:11:04 +02:00
Siegfried Ehret db8130ac6d Fix typo 
Update a jsdoc thing to match the argument name.
 2017-10-04 09:26:17 +02:00
Raymond Feng c9913927e5 3.14.0 
* Allow declarative nestRemoting for relations (Raymond Feng)
 2017-09-28 11:07:15 -07:00
Raymond Feng c453ad52c2 Merge pull request #3628 from strongloop/declarative-nest-remoting 
Allow declarative nestRemoting for relations
 2017-09-28 11:06:32 -07:00
Raymond Feng c0a0f09f3a Allow declarative nestRemoting for relations 
Now relation.options.nestRemoting can be set to true so that
nestRemoting will be set up automatically without explicitly
calling MyModel.nestRemoting
 2017-09-27 09:22:06 -07:00
Miroslav Bajtoš fcfaf7ef53
3.13.0 
* Fix OWNER role to handle multiple relations (pierreclr)
 * Fix acl.resolvePermission for wildcard req (Farid Neshat)
 * CODEOWNERS: add zbarbuto (Miroslav Bajtoš)
 2017-09-27 17:45:28 +02:00
Miroslav Bajtoš 658d228789 Merge pull request #3140 from pierreclr/feature/allow-mutiple-owners-resolving 
Fix OWNER role to handle multiple relations
 2017-09-27 17:43:48 +02:00
pierreclr e17132d061
Fix OWNER role to handle multiple relations 
Fix the code resolving OWNER role to correctly handle the situation
where the target model has multiple "belongsTo" relations to the User
model.

Introduce a new model setting "ownerRelations" that enables the new
behavior. When "ownerRelations" is set to true, then all "belongsTo"
relations are considered as granting ownership. Alternatively,
"ownerRelations" can be set to an array of the relations which
are granting ownership.

For example, a document can "belongTo" an author and a reviewer,
but only the author is an owner, the reviewer is not. In this case,
"ownerRelations" should be set to "['author']".
 2017-09-27 17:11:36 +02:00
Miroslav Bajtoš ef7175a4d5 Merge pull request #3293 from alFReD-NSH/bugfix/acl-checkpermission 
Fix acl.resolvePermission not working with wildcard request
 2017-09-27 16:51:27 +02:00
Miroslav Bajtoš 2128ecde46 Merge pull request #3625 from strongloop/welcome-zbarbuto 
CODEOWNERS: add zbarbuto
 2017-09-27 11:10:40 +02:00
Farid Neshat d2d8fabb16 Fix acl.resolvePermission for wildcard req 
When acl.resolvePermission was called with a request containing a
wildcard, it would return the matching acl with lowest score instead of
higher.

Fixes #2153
 2017-09-27 02:48:34 +02:00
Miroslav Bajtoš 4c4430ea95
3.12.0 
* Fix relation race condition in model glob (Zak Barbuto)
 * CODEOWNERS: add lehni (Miroslav Bajtoš)
 2017-09-25 15:58:47 +02:00
Miroslav Bajtoš 883667ce8e
CODEOWNERS: add zbarbuto 2017-09-25 09:49:00 +02:00
Miroslav Bajtoš 0f40ca8f8e Merge pull request #3565 from zbarbuto/fix/shared-glob 
Fix relation race condition in model glob
 2017-09-01 09:44:13 +02:00
Zak Barbuto d405432b2d Fix relation race condition in model glob 
Globs working depended on the order that models were imported.
Remote sharing is now re-calculated whenever a new model is remoted.
 2017-09-01 09:18:39 +09:30
Miroslav Bajtoš 30f3161c65 Merge pull request #3595 from strongloop/welcome-lehni 
CODEOWNERS: add lehni as a collaborator
 2017-08-31 11:15:07 +02:00