Commit Graph

666 Commits

Author SHA1 Message Date
Daijiro Wachi 75b4a45968 Use `localhost` instead of `::` for local 2017-06-15 22:29:37 +02:00
Piero Maltese 4735efa41f
Support remoting adapters with no ctx.req object
Fix `Model.createOptionsFromRemotingContext()` to correctly handle
the case where `ctx.req` is not defined, e.g. when using
websocket-based adapters.
2017-05-22 13:21:44 +02:00
Raymond Feng 69df11bb8e Refactor access token to make it extensible
1. Make it possible to reuse getIdForRequest()
2. Introduce a flag to control if oAuth2 bearer token should be base64
encoded
3. Promote resolve() to locate/validate access tokens by id
2017-05-02 10:55:51 -07:00
ebarault b9fbf51b27 Remote method /user/:id/verify
This commit adds:
- user.prototype.verify(verifyOptions, options, cb)
- remote method /user/:id/verify
- User.getVerifyOptions()

The remote method can be used to replay the sending of a user
identity/email verification message.

`getVerifyOptions()` can be fully customized programmatically
or partially customized using user model's `.settings.verifyOptions`

`getVerifyOptions()` is called under the hood when calling the
/user/:id/verify remote method

`getVerifyOptions()` can also be used to ease the building
of identity verifyOptions:

```js
var verifyOptions = {
  type: 'email',
  from: 'noreply@example.com'
  template: 'verify.ejs',
  redirect: '/',
  generateVerificationToken: function (user, options, cb) {
    cb('random-token');
  }
};

user.verify(verifyOptions);
```

NOTE: the `User.login()` has been modified to return the userId when
failing due to unverified identity/email. This userId can then be used
to call the /user/:id/verify remote method.
2017-04-26 19:05:41 +02:00
Miroslav Bajtoš c5ca2e1c2e
Implement more secure password flow
Improve the flow for setting/changing/resetting User password to make
it more secure.

 1. Modify `User.resetPassword` to create a token scoped to allow
    invocation of a single remote method: `User.setPassword`.

 2. Scope the method `User.setPassword` so that regular tokens created
    by `User.login` are not allowed to execute it.

For backwards compatibility, this new mode (flow) is enabled only
when User model setting `restrictResetPasswordTokenScope` is set to
`true`.

 3. Changing the password via `User.prototype.patchAttributes`
    (and similar DAO methods) is no longer allowed. Applications
    must call `User.changePassword` and ask the user to provide
    the current (old) password.

For backwards compatibility, this new mode (flow) is enabled only
when User model setting `rejectPasswordChangesViaPatchOrReplace` is set
to `true`.
2017-04-20 10:22:21 +02:00
Miroslav Bajtoš e27419086c
Add User.setPassword(id, new, cb)
Implement a new method for changing user password with password-reset
token but without the old password.

REST API

    POST /api/users/reset-password
    Authorization: your-password-reset-token-id
    Content-Type: application/json

    {"newPassword": "new-pass"}

JavaScript API

    User.setPassword(userId, newPassword[, cb])
    userInstance.setPassword(newPassword[, cb])

Note: the new REST endpoint is not protected by scopes yet, therefore
any valid access token can invoke it (similarly to how any valid access
token can change the password via PATCH /api/users/:id).
2017-04-20 10:18:49 +02:00
Miroslav Bajtoš d95ec66a23
Fix method setup in authorization-scopes.test
Fix the code builing a scoped method to correctly handle the case
when the setup method is called twice and the previously defined
method has to be overriden with new remoting metadata.
2017-04-18 13:01:15 +02:00
Miroslav Bajtoš 9c63abef52
Add missing tests for reset password flow 2017-04-18 13:01:14 +02:00
ebarault 912aad8b35 forwarding context options in user.verify
change original "options" argument to "verifyOptions"
adds ctx options argument as "options"
forward context "options" down to relevant downstream functions
review verifyOptions assertions
code cleaning
tests code cleaning
2017-04-11 17:54:45 +02:00
Miroslav Bajtoš c5145bdf34
Add support for scoped access tokens
Define a new property `AccessToken.scopes` to contain the list of
scopes granted to this access token.

Define a new remote method metadata `accessScopes` to contain a list
of scope name required by this method.

Define a special built-in scope name "DEFAULT" that's used when
a method/token does not provide any scopes. This allows access
tokens to grant access to both the default scope and any additional
custom scopes at the same time.

Modify the authorization algorithm to ensure that at least one
of the scopes required by a remote method is allowed by the scopes
granted to the requesting access token.

The "DEFAULT" scope preserve backwards compatibility because existing
remote methods with no `accessScopes` can be accessed by (existing)
access tokens with no `scopes` defined.

Impact on existing applications:

 - Database schema must be updated after upgrading the loopback version

 - If the application was already using a custom `AccessToken.scopes`
   property with a type different from an array, then the relevant code
   must be updated to work with the new type "array of strings".
2017-04-07 13:04:40 +02:00
Aaron Buchanan fbf818b2dc
Fix user-literal rewrite for anonymous requests
Currently any `currentUserLiteral` routes when accessed with a bad
token throw a 500 due to a SQL error that is raised because
`Model.findById` is invoked with `id={currentUserLiteral}`
(`id=me` in our case) when the url rewrite fails.

This commit changes the token middleware to return 401 Not Authorized
when the client is requesting a currentUserLiteral route without
a valid access token.
2017-04-04 16:30:08 +02:00
Flavien DAVID 981bd309fc
Add new event "remoteMethodAdded"
Emit a new method "remoteMethodAdded" whenever a new method is added,
typically when `Model.remoteMethod` or `Model.nestRemoting` is called.

The method is emitted both by the Model affected and the application
object.
2017-03-31 15:32:19 +02:00
Miroslav Bajtoš 94f267884f
Forward options in prepareForTokenInvalidation 2017-03-28 15:59:20 +02:00
Miroslav Bajtoš b550cdcf43
Check max password length in User.changePassword 2017-03-28 15:46:01 +02:00
Miroslav Bajtoš 27ed712528
Add User.changePassword(id, old, new, cb)
Implement a new method for changing user passwords the secure way.
The method requires the old password to be provided before a new
password can be used.

REST API:

    POST /api/users/change-password
    Authorization: your-token-id
    Content-Type: application/json

    {"oldPassword":"old-pass", "newPassword": "new-pass"}

JavaScript API:

    User.changePassword(userId, oldPassword, newPassword[, cb])

There is also an instance-level (prototype) method that can be used
from JavaScript:

    userInstance.changePassword(oldPassword, newPassword[, cb])
2017-03-24 11:01:04 +01:00
ebarault 8aa98a80ef Propagate authorized roles in remoting context
Adds an authorizedRoles object to remotingContext.args.options
which contains all the roles (static and dynamic) that are
granted to the user when performing a request through
strong-remoting to an app with authentication enabled.

The authorizedRoles object for example looks like:
{
  $everyone: true,
  $authenticated: true,
  myRole: true
}

NOTE: this pr also covers a number of jsdoc fixes as well
as refactoring in ACL.js and access-context.js
2017-03-20 12:29:33 +01:00
agriwebb build 3f4b5ece71
Allow custom properties of Change Model
Allow custom properties to be added to Change Model,
and make change filter customizable through mixins
to allow to add the custom property to the filter
used to look up relevant changes during change replication.
2017-03-09 08:58:42 +01:00
phairow 0969493ab7
Fix User.verify to convert uid to string
Applications using MongoDB connectors typically have `user.id`
property of type ObjectID.

This commit fixes the code building the verification URL to
correctly convert the user id value into string.
2017-03-08 16:03:53 +01:00
Miroslav Bajtoš 48bf16bd5a Merge pull request #3245 from strongloop/fix/token-middleware-custom-model
fix custom token model in token middleware
2017-03-06 18:10:41 +01:00
Hiran del Castillo a22b1e13f1
Pass options.verificationToken to templateFn
Enhance User.prototype.verify to pass the generated token
to the templating function in addition to other existing properties.

This allows application to build multiple URLs in the email template,
for example in order to provide a different URL for desktop and
mobile browsers.
2017-03-06 17:08:35 +01:00
ebarault cf98d379c4 fix custom token model in token middleware
Fixing server/middleware/token.js to handle correctly the
setup of a custom AccessToken model by name in either
middleware.json or using any of :
	app.use(loopback.token({...}));
	app.middlewareFromConfig(loopback.token, {...})
	app.middleware('auth', loopback.token({...})
2017-03-06 16:10:25 +01:00
Miroslav Bajtoš 5ebc9b6a2e Merge pull request #3230 from strongloop/fix/context-passing-for-isOwner
Fix context passing in OWNER role resolver
2017-03-03 16:19:52 +01:00
Miroslav Bajtoš 79f441b9c4
Verify User and AccessToken relations at startup
Modify `app.enableAuth()` to verify that (custom) User and AccessToken
models have correctly configured their hasMany/belongsTo relations
and print a warning otherwise.
2017-03-03 10:18:58 +01:00
Miroslav Bajtoš c45954cdaa
Use local registry in test/replication.rest.test 2017-02-24 15:13:06 +01:00
Miroslav Bajtoš abf8246382
Fix test/access-token.test to use local registry 2017-02-24 14:17:12 +01:00
Benjamin Schuster-Boeckler 4570626e9d
Fix context passing in OWNER role resolver 2017-02-24 12:28:30 +01:00
Miroslav Bajtoš 2cac589860
Fix access-token invalidation for missing relation
Fix the code invalidating access tokens on user email/password changes
to correctly handle the case when the relation
"AccessToken belongs to (subclassed) user" is not configured.
2017-02-23 12:56:13 +01:00
kobaska 7078c5d0e5
Optimise replication
Add a new model-level setting "replicationChunkSize" which allows
users to configure change replication algorithm to issue several
smaller requests to fetch changes and upload updates.
2017-02-22 15:12:54 +01:00
ebarault f0e70dd8a9 Fix Role.isOwner() for multiple user models
Fix `Role.isOwner()` to check both principalId and principalType.
This fixes a bug where users from different User model were treated
as owners as long as their user id was the same as owner's id.
2017-02-17 11:19:07 +01:00
Miroslav Bajtoš a80f844e88 Upgrade supertest to 3.x
Also fix tests relying on internal supertest API to keep working with
then new supertest internals after the upgrade.
2017-02-09 16:17:10 +01:00
Miroslav Bajtoš ea05a2c4dc Fix creation of verification links
Fix User.prototype.verify to call `querystring.stringify` instead
of concatenating query-string components directly.

In particular, this fixes the bug where `options.redirect` containing
a hash fragment like `#/home?arg1=value1&arg2=value2` produced incorrect
URL, because the `redirect` value was not correctly encoded.
2017-02-06 12:39:21 +01:00
Eric 9fe084fffd Enable multiple user models
Allow LoopBack applications to configure multiple User models and share
the same AccessToken model.

To enable this feature:

1) In your custom AccessToken model:

 - add a new property "principalType" of type "string".
 - configure the relation "belongsTo user" as polymorphic,
   using "principalType" as the discriminator

2) In your User models:

 - Configure the "hasMany accessTokens" relation as polymorphic,
   using "principalType" as the discriminator

When creating custom Role and Principal instances, set your
User model's name as the value of "prinicipalType".
2017-02-02 09:42:30 +01:00
Miroslav Bajtoš 5b404cad6c Babelify juggler for Karma tests
Fix configuration of Karma:

 - Disable ES6 modules. The ES6 module transpiler is adding
  "use strict" to all source files, this breaks e.g. chai or juggler
 - Relax "ignore" setting to exclude only strong-task-emitter,
   thus bring back Babel transpilation for chai and juggler.
2017-02-01 14:00:43 +01:00
Miroslav Bajtoš 3c209ee1de Fix Karma config to babelify node_modules too
Before this change, dependencies in node_modules (e.g. strong-remoting)
were not transformed to ES5 and thus crashed the tests in PhantomJS.

Note that loopback-datasource-juggler cannot be babelified to ES5
because it does not correctly support strict mode yet.
2017-02-01 12:27:42 +01:00
ebarault ceceb44e78 Add promise support to built-in model RoleMapping 2017-02-01 09:51:43 +01:00
Miroslav Bajtoš c099d8c731 Merge pull request #3163 from ebarault/feature/promisify-acl
Add promise support to built-in model ACL
2017-01-31 14:54:26 +01:00
Miroslav Bajtoš dcb2f159ec Merge pull request #3160 from strongloop/fix/token-invalidation-on-save
Preserve sessions on User.save() making no changes
2017-01-31 14:38:48 +01:00
ebarault a63fad402e Add promise support to built-in model ACL 2017-01-31 14:09:43 +01:00
David Hernandez c072d0695d Add missing type to Role properties definition
Fix "created" and "modified" to be defined with type "date".
2017-01-30 11:37:33 +01:00
Miroslav Bajtoš 5fd79b14f4 Merge pull request #3146 from strongloop/feature/promisify-role
Promise-ify built-in Role model
2017-01-30 11:32:28 +01:00
Miroslav Bajtoš 8f80aecc1f Preserve sessions on User.save() making no changes 2017-01-30 11:30:05 +01:00
Miroslav Bajtoš 5607460854 Merge pull request #3149 from strongloop/fix/es6-in-phantomjs
Enable ES6/ES2015 goodness
2017-01-30 09:36:02 +01:00
Ritchie Martori d45c1ae7bb Fix logout to handle no or missing accessToken
Return 401 when the request does not provide any accessToken argument
or the token was not found.

Also simplify the implementation of the `logout` method to make only
a single database call (`deleteById`) instead of `findById` + `delete`.
2017-01-30 08:56:18 +01:00
Miroslav Bajtoš 0fd8f8af72 Promise-ify built-in Role model 2017-01-27 17:16:59 +01:00
Miroslav Bajtoš be8dd0ded8 Enable ES6/ES2015 goodness
- Remove ES5 parser exception from .eslintrc
 - Configure Karma to use Babel to transpile ES6 sources to ES5,
   because PhantomJS does not support ES6
 - Upgrade es5-shim to es6-shim
2017-01-27 11:31:57 +01:00
Miroslav Bajtoš 78f8b9124a Remove test/support.js from karma config
The file no longer exists.
2017-01-26 10:11:08 +01:00
Miroslav Bajtoš 93ab8644c4 Use English when running Mocha tests 2017-01-26 10:11:08 +01:00
Miroslav Bajtoš dfa1f6035b Merge pull request #3107 from benkroeger/master
Role model: resolve related models by name
2017-01-25 10:48:15 +01:00
Aris Kemper efd8237dc6 Fix User methods to use correct Primary Key
Do not use hard-coded "id" property name, call `idName()` to get the
name of the PK property.
2017-01-20 16:24:59 +01:00
João Ribeiro e63fea83f7 Fix User.resetPassword to call createAccessToken()
This allows User subclasses to override the algorithm used for building
one-time access tokens for password recovery.
2017-01-19 16:27:22 +01:00
Benjamin Kroeger a6d511d8b4 Role model: resolves related models by name
Resolve models related to the `Role` model by name instead of class.
2017-01-16 15:48:24 +01:00
Miroslav Bajtoš e17cc3d23a Preserve current session when invalidating tokens
Fix User model to preserve the current session (provided via
"options.accessToken") when invalidating access tokens after a change
of email or password property.
2017-01-16 10:08:30 +01:00
Miroslav Bajtoš 24bb15233d Clean up access-token-invalidation tests 2017-01-16 10:08:30 +01:00
Miroslav Bajtoš 70eecfab70 Upgrade eslint-config to 7.x 2017-01-06 12:12:35 +01:00
Bram Borggreve cddfb9c77d
Allow password reset request for users in realms 2017-01-05 09:47:18 -05:00
Miroslav Bajtoš 298635dad1 Merge pull request #2992 from DA-14/feature/resetPasswordRequest
Emit resetPasswordRequest event with options
2017-01-05 15:33:22 +01:00
Miroslav Bajtoš f4b167698a Merge pull request #3053 from yumenohosi/fix/email-verified
Fix false emailVerified on user model update
2017-01-05 11:02:54 +01:00
kobaska e15a656714 Add option disabling periodic change rectification
When `Model.settings.changeCleanupInterval` is set to a negative value,
no periodic cleanup is performed at all.
2017-01-04 15:58:44 +01:00
박대선 d9ae32429b Fix false emailVerified on user model update
Yesterday, the loopback we are using in our system was upgraded
via npm, and since the upgrade, we noticed that every time
the user model updates, the emailVerified column would change to false.

I took a look and realized there might be an error in
https://github.com/strongloop/loopback/commit/eb640d8

The intent of the commit just mention is to make emailVerified false
when the email gets changed, but notice that ctx.data.email is null
on updates, so the condition is always met and emailVerified always
becomes false.

This commit fixes the issue just mentioned.
2016-12-23 14:04:44 +09:00
Miroslav Bajtoš 60ea3e96bc Contextify DAO and relation methods
Modify remoting metadata of data-access methods in PersistedModel
and relation method in Model and add an "options" argument to "accepts"
list.
2016-12-22 10:26:09 +01:00
Miroslav Bajtoš 4de3aa77e3 Implement new http arg mapping optionsFromRequest
Define a new Model method "createOptionsFromRemotingContext" that allows
models to define what "options" should be passed to methods invoked
via strong-remoting (e.g. REST).

Define a new http mapping `http: 'optionsFromRequest'` that invokes
`Model.createOptionsFromRemotingContext` to build the value from
remoting context.

This should provide enough infrastructure for components and
applications to implement their own ways of building the "options"
object.
2016-12-22 10:26:01 +01:00
Miroslav Bajtoš 29a17f39d5 Invalidate AccessTokens on password change
Invalidate all existing sessions (delete all access tokens)
after user's password was changed.
2016-12-12 13:30:53 +01:00
Sergey Reus fa8bca8d6e Emit resetPasswordRequest event with options 2016-12-09 18:14:32 +02:00
Miroslav Bajtoš 63beaa21fe Merge pull request #3004 from strongloop/fix/email-template-in-transport
Remove "options.template" from Email payload
2016-12-07 10:53:04 +01:00
Miroslav Bajtoš 5016703f21 Remove "options.template" from Email payload
Fix User.confirm to exclude "options.template" when sending the
confirmation email. Certain nodemailer transport plugins are rejecting
such requests.
2016-12-06 16:18:19 +01:00
Miroslav Bajtoš acdfb432d0 Upgrade eslint config and grunt-eslint to latest
- disable ES6 because PhantomJS does not support it yet
 - fix linter errors reported after the upgrade.
2016-12-06 16:05:13 +01:00
Eric b0d6c4a7d2 Add "returnOnlyRoleNames" option to Role.getRoles
Currently the return type of Role.getRoles() method is inconsistent:
role names are returned for smart roles and role ids are returned for
static roles (configured through user-role mapping).

This commit adds a new option to Role.getRoles() allowing the caller
to request role names to be returned for all types of roles.
2016-11-30 16:46:59 +01:00
David Cheung fa7cb923cd add allowArray to relations' create remoteMethod
this is needed because we added allowArray flag to persisted model's
remoteMethod, but when relations try to rebuild such methods, it does
not carry over such flags
2016-11-23 12:00:18 -05:00
Miroslav Bajtoš 1ec7cf0a37 Turn on "no-unused-expressions" rule for eslint
Fix unit-tests relying on property-based assertions to use function
calls instead, using "dirty-chai" to modify chai's property checkers.
2016-11-22 15:30:04 +01:00
Loay 06cb481c3f Update eslint to loopback config v5
Notable side-effects:
 - loopback no longer exports "caller" and "arguments" properties
 - kv-memory connector is now properly added to the connector registry
 - the file "test/support.js" was finally removed
2016-11-22 14:08:02 +01:00
David Cheung b3c43b60cd make test individually runable
previously when you do something like mocha test/model.test.js
you would get an error like "assert is not a function"
2016-11-17 18:05:58 -05:00
Kogulan Baskaran b4f1b2f02c Add options to bulkUpdate 2016-11-15 17:40:44 +01:00
codyolsen 3f5e49c3d6 Fix context within listByPrincipalType role method
- Fix for current implimentation that returned all models that had any
  assigned roles. Context was not carried into listByPrincipalType,
  setting roleId as null.
2016-11-15 14:51:05 +01:00
Adrien Kiren 85da50cbc8 Add templateFn option to User#verify() 2016-11-14 16:22:10 +01:00
Loay eb640d8da0 Require verification after email change
When the User model is configured to require email verification,
then any change of the email address should trigger re-verification.
2016-11-09 13:06:25 +01:00
Candy 8f08398c30 Update doc links 2016-11-04 16:47:12 -04:00
Dhaval Trivedi 4922f425fc adding check of string for case insensitive emails 2016-11-01 18:13:56 -04:00
David Cheung 5252fba376 allow batch create for persisted models
In strong-remoting 3.x, we have stricken the coercion of inputs
methods that are expecting an Object will nolonger accept an array
as input, to preserve backwards compatibility we have added flag
allowArray in remote arguments, which would accept an array of objects
2016-10-25 15:45:00 -04:00
Miroslav Bajtoš 1439446b36 Fix description of updateAll response
Correctly describe the first non-error callback arg as an `info` object
containing a `count` property.
2016-10-12 12:43:53 +02:00
Miroslav Bajtoš 6808159427 Allow tokens with eternal TTL (value -1)
- Add a new User setting 'allowEternalTokens'
 - Enhance 'AccessToken.validate' to support eternal tokens with ttl
   value -1 when the user model allows it.
2016-10-10 13:27:22 +02:00
Tim van der Staaij c58bff6c3d Fix support for remote hooks returning a Promise
Fix beforeRemote/afterRemote to correctly return promises returned
by the user-provided hook callback.
2016-10-05 10:32:44 +02:00
Loay 5f5e874564 Validate non-email property partial update 2016-10-03 15:45:52 -04:00
Richard Pringle 0ab33a82d4 Call new disable remote method from model class. 2016-09-21 14:09:24 -04:00
David Cheung d544ae1bf8 Support uniqueness for realm users 2016-09-20 11:26:56 -04:00
Loay bcc2d99a95 Invalidate sessions after email change 2016-09-19 10:24:30 -04:00
Candy d4b8cf670f Fix remote method inheritance 2016-09-13 13:23:09 -04:00
Miroslav Bajtoš 21ff383eb3 Fix double-slash in confirmation URL
Fix the code building the URL used in the email-verification email
to prevent double-slash in the URL when e.g. restApiRoot is '/'.

Before:

  http://example.com//users/confirm?...

Now:

  http://example.com/users/confirm?...
2016-09-13 08:52:49 +02:00
Miroslav Bajtoš 6e1defcb18 Use strong-remoting's new TypeRegistry 2016-09-09 10:01:29 +02:00
Miroslav Bajtoš 92a5a08671 test/user: don't attach User model twice 2016-09-09 09:02:41 +02:00
Miroslav Bajtoš f76edd5d61 Fix remoting metadata for "data" arguments
Fix the definition of "data" argument to

    { type: 'object', model: modelName, ... }

That way strong-remoting passed the request body directly to the model
method (does not create a new model instance), but the swagger will
still provide correct schema for these arguments.

This fixes a bug where upsert in relation methods was adding default
property values to request payload.
2016-09-07 14:27:58 +02:00
gunjpan 832e2c391c Discard sugar method for model creation
Current implementation of `app.model(modelName, settings)`
works as a sugar for model creation. In 3.0, this is
not supported anymore. This implementation reports an
error when sugar is used for model creation.
Includes:
 - Updated app.model() method
 - Fixed test cases reflecting the change
2016-09-07 10:40:23 +02:00
Amirali Jafarian a6f8ec672d Merge pull request #2539 from mountain1234585/upsertWithWhere
Add upsertWithWhere
2016-09-06 15:54:21 -04:00
Miroslav Bajtoš 9a75ee6f30 Rework email validation to use isemail
Drop hand-crafted RegExp in favour of a 3rd-party module that supports
RFC5321, RFC5322 and other relevant standards.
2016-09-06 14:09:00 +02:00
Sonali Samantaray aef6dca30c Expose upsertWithWhere method 2016-09-02 18:10:47 +05:30
Simon Ho 9db0682b07 Add remoting for KeyValue model TTL feature 2016-08-29 14:46:41 -07:00
Subramanian Krishnan 40f0690573 Make the app instance available to connectors 2016-08-29 15:15:53 +02:00
Amirali Jafarian 358fdbf184 Merge pull request #2670 from strongloop/reorder_patch_put
Reorder PATCH Vs PUT endpoints
2016-08-26 16:09:43 -04:00
Loay 5567917c12 Allow resetPassword if emailVerified 2016-08-26 13:11:42 -04:00
Amir Jafarian b80666a507 Reorder PATCH Vs PUT endpoints
*Reorder PATCH Vs PUT endpoints for update* methods
2016-08-26 11:08:35 -04:00
Benjamin Kroeger 01c1656fc2 resolve related models from correct registry
Also modify setup of test servers when ACL was used, force the app
to `loadBuiltinModels` with localRegistry.
2016-08-25 12:51:29 +02:00