Miroslav Bajtoš
743b2d1495
Remove forgotten debugger statement
2018-03-22 09:21:44 +01:00
Miroslav Bajtoš
77d3d57252
Merge pull request #3835 from strongloop/fix/role-acl-with-multiple-users
...
Fix role check in apps with multiple user models
2018-03-22 09:18:37 +01:00
Miroslav Bajtoš
f4527c9c91
Fix role check in apps with multiple user models
2018-03-20 14:15:44 +01:00
Miroslav Bajtoš
6ddf268cb6
Merge pull request #3820 from strongloop/fix/eslint-issues
...
Fix formatting issues reported by recent eslint
2018-03-16 13:32:19 +01:00
Miroslav Bajtoš
c611bbbe04
Fix formatting issues reported by recent eslint
2018-03-05 10:03:59 +01:00
Miroslav Bajtoš
8e9fd36878
Merge pull request #3799 from strongloop/welcome-nitro404
...
CODEOWNERS: add nitro404
2018-02-16 09:17:58 +01:00
Miroslav Bajtoš
49bdf2fe3c
CODEOWNERS: add nitro404
2018-02-15 16:00:29 +01:00
Miroslav Bajtoš
66497ead70
Merge pull request #3787 from strongloop/fix/dangling-promise-in-test
...
test: add missing "return" in a promise-style test
2018-02-09 08:20:10 +01:00
Kevin Delisle
38f3d728b1
3.18.2
...
* model: fix infinite loop on nestRemoting (Kevin Delisle)
* Use statusCode prop for user errors (Zak Barbuto)
2018-02-08 13:26:18 -05:00
Kevin Delisle
0feda03d5b
Merge pull request #3789 from strongloop/nestRemoting/prevent-endless-relation-recursion
...
model: fix infinite loop on nestRemoting
2018-02-08 13:12:32 -05:00
Kevin Delisle
386615a1df
model: fix infinite loop on nestRemoting
...
Prevent endless recursion on nestRemoting calls for
two-way model links.
2018-02-08 11:26:02 -05:00
Miroslav Bajtoš
3723f107db
test: add missing "return" in a promise-style test
...
Before this change, when the test failed, the rejected promise
was not reported back to mocha and triggered "unhandled promise
rejection" warning only.
2018-02-02 14:25:52 +01:00
Raymond Feng
d23ff84587
Merge pull request #3784 from zbarbuto/fix/user-status-code
...
Use statusCode prop for user errors
2018-01-31 15:16:27 -08:00
Zak Barbuto
50e2b49efe
Use statusCode prop for user errors
2018-02-01 09:40:13 +10:30
Taranveer Virk
0eeb99060f
3.18.1
...
* update: juggler to version including security fix. (Taranveer Virk)
2018-01-31 16:56:12 -05:00
Taranveer Virk
6b4234b18d
Merge pull request #3781 from strongloop/update-juggler
...
update: juggler to version including security fix.
2018-01-31 16:40:55 -05:00
Taranveer Virk
2c909b8223
update: juggler to version including security fix.
2018-01-31 14:33:37 -05:00
Miroslav Bajtoš
c5ff5faf0d
3.18.0
...
* fix: preserve datasource name (Kevin Scroggins)
* Update Copyright Years (Justin Ross)
* Support options.filter in createChangeStream (Edward Choh)
* fixup! add top-level dep on eslint-plugin-mocha (Miroslav Bajtoš)
* Update eslint and eslint-config to latest (Miroslav Bajtoš)
2018-01-29 16:36:14 +01:00
Miroslav Bajtoš
60c9dd166b
Merge pull request #3733 from nitro404/hotfix/retain-datasource-name
...
Fixe data sources not retaining the correct name value
2018-01-19 17:08:22 +01:00
Kevin Scroggins
ab791fc258
fix: preserve datasource name
...
Modify the code creating juggler DataSource objects to correctly
forward the datasource name provided by the user.
2018-01-19 15:58:33 +01:00
Miroslav Bajtoš
72d48c3bfa
Merge pull request #3746 from JustinTRoss/patch-1
...
Update Copyright Years
2018-01-16 14:36:14 +01:00
Justin Ross
60750b4508
Update Copyright Years
...
Update copyright years to include 2018
2018-01-16 13:55:02 +01:00
Miroslav Bajtoš
0a4940e31e
Merge pull request #3683 from edwardchoh/master
...
Support options.filter in createChangeStream
2017-12-14 14:59:14 +01:00
Edward Choh
00169d2312
Support options.filter in createChangeStream
...
Implement "options.filter" argument in Persisted.createChangeStream()
by leveraging loopback-filter module.
2017-12-14 13:08:28 +01:00
Miroslav Bajtoš
7c030c6900
Merge pull request #3728 from strongloop/update-eslint-config
...
Update eslint and eslint-config to latest
2017-12-14 13:07:14 +01:00
Miroslav Bajtoš
243af4bfc2
3.17.1
...
* Update nestRemoting to pass optionsFromContext (bmatson)
* fix(test): rem exclusive test (Samuel Reed)
* fix(test): working test with 0 userId (Samuel Reed)
* fix(AccessContext): Tighten userid/appid checks (Samuel Reed)
* fix(id): replace with != null (Samuel Reed)
2017-12-12 19:43:30 +01:00
Miroslav Bajtoš
b045e4a6be
Merge pull request #3681 from zipitwireless/master
...
Update nestRemoting to pass optionsFromContext
2017-12-12 19:00:09 +01:00
bmatson
317e00d92c
Update nestRemoting to pass optionsFromContext
...
Fix the code invoking relation getter to correctly pass through
the "options" argument.
2017-12-12 17:24:35 +01:00
Miroslav Bajtoš
010bbc6369
fixup! add top-level dep on eslint-plugin-mocha
2017-12-12 13:08:05 +01:00
Miroslav Bajtoš
73cc950b1b
Update eslint and eslint-config to latest
2017-12-12 09:33:15 +01:00
Miroslav Bajtoš
fdb453943a
Merge pull request #3725 from STRML/fix/exclusive-test
...
fix(test): rem exclusive test
2017-12-08 20:19:01 +01:00
Samuel Reed
3af6a1bbaa
fix(test): rem exclusive test
...
Ref: #3720
2017-12-08 11:14:15 -06:00
Miroslav Bajtoš
3bf84bacde
Merge pull request #3720 from STRML/fix/falsy-id-3.x
...
Fix handling of falsy model ids
2017-12-08 15:24:13 +01:00
Samuel Reed
2bfd67ccaa
fix(test): working test with 0 userId
2017-12-07 10:10:35 -06:00
Samuel Reed
b362776e73
fix(AccessContext): Tighten userid/appid checks
...
An application may have a use for a falsy ID.
2017-12-05 10:03:52 -06:00
Samuel Reed
0bac0a933f
fix(id): replace with != null
...
Ref: #2356 , #2374 , #3130 , #3693
2017-12-05 09:54:28 -06:00
Diana Lau
1babfcde9f
3.17.0
...
* Added missing DateString type in loopback index (CSLTech)
* chore:update license (Diana Lau)
2017-11-29 15:49:28 -05:00
Kevin Delisle
5dd5a674ce
Merge pull request #3689 from CSLTech/master
...
Added missing DateString type in loopback index
2017-11-22 13:34:25 -05:00
CSLTech
1a2d8a4571
Added missing DateString type in loopback index
2017-11-21 11:56:36 -05:00
Diana Lau
0737f5476d
Merge pull request #3687 from strongloop/license
...
chore:update license
2017-11-13 14:55:53 -05:00
Diana Lau
b67a096f9e
chore:update license
2017-11-09 13:12:39 -05:00
Miroslav Bajtoš
cb600d1470
3.16.2
...
* Fix "POST /change-password" for multi-user setup (Miroslav Bajtoš)
2017-10-30 09:03:15 +01:00
Miroslav Bajtoš
825d5a6373
Merge tag 'v3.16.1'
...
Bring in changes from #3674 that were accidentally not landed on master:
* Fix createOnlyInstance for related methods (Raymond Feng)
Close #3674
2017-10-30 09:00:16 +01:00
Miroslav Bajtoš
91729ee550
Merge pull request #3675 from strongloop/fix/change-password-multiple-users
...
Fix "POST /change-password" for multi-user setup
2017-10-30 08:58:07 +01:00
Raymond Feng
010c7bcd5f
3.16.1
...
* Fix createOnlyInstance for related methods (Raymond Feng)
2017-10-27 21:43:40 -07:00
Raymond Feng
6570b94843
Fix createOnlyInstance for related methods
...
For scoped or related create method, the createOnlyInstance flag should
be calculated on the target model. For example, User.createAccessTokens
should set the flag only if AccessToken has updateonly properties.
2017-10-27 18:51:56 -07:00
Miroslav Bajtoš
3996f56ab9
Fix "POST /change-password" for multi-user setup
...
Fix the code extracting current user id from the access token provided
in the HTTP request, to allow only access tokens created by the target
user models to execute the action.
This fixes the following security vulnerability:
* We have two user models, e.g. Admin and Customer
* We have an Admin instance and a Customer instance with the same
id and the same password.
* The Customer can change Admin's password using their
regular access token.
2017-10-27 09:47:07 +02:00
Kevin Delisle
4d4070e542
3.16.0
...
* Fix "POST /reset-password" for multi-user setup (Miroslav Bajtoš)
* test: extract helpers for logging HTTP errors (Miroslav Bajtoš)
* CODEOWNERS: move @lehni to Alumni section (Miroslav Bajtoš)
2017-10-24 14:12:37 -04:00
Kevin Delisle
2761e62533
Merge pull request #3666 from strongloop/fix/multi-user-reset-password
...
Fix "POST /reset-password" for multi-user setup
2017-10-24 14:10:35 -04:00
Miroslav Bajtoš
0a2a45512c
Fix "POST /reset-password" for multi-user setup
...
Fix the code extracting current user id from the access token provided
in the HTTP request, to allow only access tokens created by the target
user models to execute the action.
This fixes the following security vulnerability:
* A UserA with id 1 (for example), requires a resetToken1
* A UserB with the same id requires a resetToken2.
* Using resetToken2, use the UserAs/reset-password endpoint and change
the password of UserA and/or vice-versa.
2017-10-19 13:29:08 +02:00