Before this change, dependencies in node_modules (e.g. strong-remoting)
were not transformed to ES5 and thus crashed the tests in PhantomJS.
Note that loopback-datasource-juggler cannot be babelified to ES5
because it does not correctly support strict mode yet.
Return 401 when the request does not provide any accessToken argument
or the token was not found.
Also simplify the implementation of the `logout` method to make only
a single database call (`deleteById`) instead of `findById` + `delete`.
- Remove ES5 parser exception from .eslintrc
- Configure Karma to use Babel to transpile ES6 sources to ES5,
because PhantomJS does not support ES6
- Upgrade es5-shim to es6-shim
Fix User model to preserve the current session (provided via
"options.accessToken") when invalidating access tokens after a change
of email or password property.
Yesterday, the loopback we are using in our system was upgraded
via npm, and since the upgrade, we noticed that every time
the user model updates, the emailVerified column would change to false.
I took a look and realized there might be an error in
https://github.com/strongloop/loopback/commit/eb640d8
The intent of the commit just mention is to make emailVerified false
when the email gets changed, but notice that ctx.data.email is null
on updates, so the condition is always met and emailVerified always
becomes false.
This commit fixes the issue just mentioned.
Define a new Model method "createOptionsFromRemotingContext" that allows
models to define what "options" should be passed to methods invoked
via strong-remoting (e.g. REST).
Define a new http mapping `http: 'optionsFromRequest'` that invokes
`Model.createOptionsFromRemotingContext` to build the value from
remoting context.
This should provide enough infrastructure for components and
applications to implement their own ways of building the "options"
object.
Currently the return type of Role.getRoles() method is inconsistent:
role names are returned for smart roles and role ids are returned for
static roles (configured through user-role mapping).
This commit adds a new option to Role.getRoles() allowing the caller
to request role names to be returned for all types of roles.
this is needed because we added allowArray flag to persisted model's
remoteMethod, but when relations try to rebuild such methods, it does
not carry over such flags
Notable side-effects:
- loopback no longer exports "caller" and "arguments" properties
- kv-memory connector is now properly added to the connector registry
- the file "test/support.js" was finally removed
- Fix for current implimentation that returned all models that had any
assigned roles. Context was not carried into listByPrincipalType,
setting roleId as null.
In strong-remoting 3.x, we have stricken the coercion of inputs
methods that are expecting an Object will nolonger accept an array
as input, to preserve backwards compatibility we have added flag
allowArray in remote arguments, which would accept an array of objects
- Add a new User setting 'allowEternalTokens'
- Enhance 'AccessToken.validate' to support eternal tokens with ttl
value -1 when the user model allows it.
Fix the definition of "data" argument to
{ type: 'object', model: modelName, ... }
That way strong-remoting passed the request body directly to the model
method (does not create a new model instance), but the swagger will
still provide correct schema for these arguments.
This fixes a bug where upsert in relation methods was adding default
property values to request payload.
Current implementation of `app.model(modelName, settings)`
works as a sugar for model creation. In 3.0, this is
not supported anymore. This implementation reports an
error when sugar is used for model creation.
Includes:
- Updated app.model() method
- Fixed test cases reflecting the change
- Expose "keys()" at "GET /keys"
- Add a dummy implementation for "iterateKeys" to serve a useful error
message when the model is not attached correctly.
Fix token middleware to check if `req.loopbackContext` is active.
The context is not active for example when express-session calls
setImmediate which breaks CLS.
Rework the test suite to always report errors and correctly signal
when async tests are done.
This should prevent spurious test failures on CI servers that are
difficult to troubleshoot, because the error is reported for different
test case.
The remote-connector test has misconfigured the client (remote) model,
where the client model was trying to keep track of changes. That's
redundant because it's up to the server model (attached directly to the
database) to track changes.
This commit fixes that configuration and also cleans up the test code
a little bit to make it easier to distinguish between the remote
(client) model and the server model.
Use local registry in test fixtures to prevent collision in globally
shared models.
Fix issues discoverd in auth implementation where the global registry
was used instead of the correct local one.
- Removes backward compatibility
for legacy end points `/models` & `/routes`
- Removes `legacyExplorer` flag which
enabled these routes
- Update related tests & tests using the
legacyExplorer flag
subsequent token middleware tries to read `token.id` when `enableDoublecheck: true`. That caused a "Cannot read property `id` of `null`" error when the first middleware didn't actually find a valid accessToken.
*Re-mapping `updateAttributes` endpoint to use
`PATCH` and `PUT`(configurable) verb
*Exposing `replaceById` and `replaceOrCreate` via
`POST` and `PUT`(configurable) verb
Rework tests in `test/rest.middleware.test.js` to not depend
on `app.autoAttach()` and global shared registry of Models. Instead,
each tests creates a fresh app instance with a new in-memory datasource
and a new set of Models.
Rework User tests to not depend on `app.autoAttach()` and global shared
registry of Models. Instead, each tests creates a fresh app instance
with a new in-memory datasource and a new set of Models.
Add two new options:
- When `enableDoublecheck` is true, the middleware will run
even if a previous middleware has already set `req.accessToken`
(possibly to `null` for anonymous requests)
- When `overwriteExistingToken` is true (and `enableDoublecheck` too),
the middleware will overwrite `req.accessToken` set by a previous
middleware instances.
Fix `getIdFromWhereByModelId()` to correctly detect the situation
when "bulkUpdate" performs a write operation using a where filter
containing both id attribute but also all other model attributes.
This should significantly improve the performance of change replication,
because the cost of running rectifyAll is very high.
Modify `Change.rectify()` to not make any changes to the Change instance
(most notably to not modify the `checkpoint` field) when the tracked
model instance was not changed.
This should improve the performance of change replication as it reduces
the number of unnecessary replications.
For example, before this commit, every run of `rectifyAll` would
trigger a full sync of all clients, because all change instances would
be moved to the current checkpoint.
Fix `Application.resetKeys()` to reset instance id only if it is not
already set. This fixes a bug where each call of resetKeys created
a new instance.
The decision which Promise implementation to use should be made by
LoopBack user, not by the framework.
This commit moves Bluebird reference from lib/utils.js to
test/support.js.
Miroslav Bajtoš
ebarault
Miroslav Bajtoš
David Hernandez
Ritchie Martori
Aris Kemper
João Ribeiro
Benjamin Kroeger
Bram Borggreve
kobaska
박대선
Sergey Reus
David Cheung
Loay
Kogulan Baskaran
codyolsen
Adrien Kiren
Candy
Dhaval Trivedi
Tim van der Staaij
Richard Pringle
gunjpan
Amirali Jafarian
Sonali Samantaray
Simon Ho
Subramanian Krishnan
Carl Fürstenberg
Samuel Reed
jannyHou
Gunjan Pandya
Simon Ho
Supasate Choochaisri
Ryan Graham
Benjamin Kröger
Ryan Graham
Samuel Gaus
Amir Jafarian
Miroslav Bajtoš
Simo Moujami
wusuopu
Richard Walker
Raymond Feng
Raymond Feng
Pradnya Baviskar
Miroslav Bajtoš