Commit Graph

2260 Commits

Author SHA1 Message Date
Sakib Hasan 74cbe12918 Merge pull request #3545 from strongloop/revert-3541-add-validate-updateAll
Revert "Validate on updateAll"
2017-08-04 06:33:59 -04:00
Sakib Hasan 2fd5701ede Revert "Validate on updateAll" 2017-08-03 13:46:01 -04:00
Loay 2809d62990 Merge pull request #3538 from strongloop/juggler-version
Update juggler version
2017-08-03 10:00:05 -04:00
Miroslav Bajtoš d3d0ef4ec1 Merge pull request #3527 from lehni/feature/test-http-normalization
Add tests of HTTP normalization on app level
2017-08-03 14:52:12 +02:00
Jürg Lehni 5cd95e42f2
Add tests of HTTP normalization on app level
Also improve tests on model level to include nested routes

Add a test for HTTP normalization precedence too.
2017-08-03 12:32:54 +02:00
Miroslav Bajtoš 5562dca118 Merge pull request #3543 from strongloop/update/travis-platforms
travis: drop Node.js 7.x, add 8.x
2017-08-03 12:31:25 +02:00
Miroslav Bajtoš 3915c49a89
travis: drop Node.js 7.x, add 8.x 2017-08-03 12:02:26 +02:00
Sakib Hasan 619a0e468d Merge pull request #3541 from strongloop/add-validate-updateAll
Validate on updateAll
2017-08-02 12:27:50 -04:00
ssh24 5dd0d196ee Validate on updateAll 2017-08-02 11:52:56 -04:00
loay 7879ec346a Update juggler version 2017-08-02 11:14:18 -04:00
Diana Lau deec84f3b5 Merge pull request #3537 from strongloop/translate
update messages.json
2017-08-02 10:30:31 -04:00
Diana Lau 679ecbc12d update messages.json 2017-08-02 09:39:33 -04:00
Rand McKinney 8589629e7a Merge pull request #3523 from Alaev/patch-4
Fixed broken link && Changed http to https
2017-07-28 10:44:50 -07:00
Michael Alaev 478e3f3b16 small fix for the title
small fix for the title
2017-07-28 14:09:55 +03:00
Michael Alaev 1fcc40f1d1 Changed http to https
Changed the following links from HTTP to HTTPS as it is supported by loopback and strongloop
2017-07-28 01:14:33 +03:00
Loay 131b78dc84 Merge pull request #3511 from strongloop/empty-password-lb3
Add unit test for empty password
2017-07-25 15:42:22 -04:00
loay a3bf813088 Update Travis registry 2017-07-25 14:40:05 -04:00
loay c761dc5279 Add unit test for empty password 2017-07-25 14:40:04 -04:00
Diana Lau d1f6129eaf Merge pull request #3513 from strongloop/add-codeowner
Add CODEOWNER file
2017-07-25 14:37:20 -04:00
Diana Lau 5ed74ab24b Add CODEOWNER file 2017-07-25 09:41:09 -04:00
Miroslav Bajtoš 839c58639d
3.9.0
* Remove observers from Model on end of the stream (Alexei Smirnov)
 * Fix Model#settings.acls doc type signature (Farid Nouri Neshat)
 * Use `localhost` instead of `::` for local (Daijiro Wachi)
 * Fix API doc for Model class property type (Candy)
 * Update package.json (sqlwwx)
 * Support remoting adapters with no ctx.req object (Piero Maltese)
 * update strong-error-handler (sqlwwx)
2017-07-12 16:17:00 +02:00
Miroslav Bajtoš f7b88e3435 Merge pull request #3474 from bigcup/fixChangeStreamIssue#1569
Removed observers from a Model after finish of the stream
2017-07-12 16:15:20 +02:00
Alexei Smirnov 8ed92a12e0
Remove observers from Model on end of the stream
- Remove flags and properly finish the stream.
 - Destroy emits an end event for compability with ending of
   ReadableStream now.
 - Check for default implementation of destroy() method,
   because in Node.js 8 all types of streams have a native one.
2017-07-12 10:28:27 +02:00
Miroslav Bajtoš ca3a21ddd5 Merge pull request #3444 from alFReD-NSH/patch-2
Fix Model#settings.acls doc type signature
2017-06-23 16:43:47 +02:00
Farid Nouri Neshat 065eedab7b
Fix Model#settings.acls doc type signature 2017-06-23 16:25:54 +02:00
Miroslav Bajtoš f85551b715 Merge pull request #3450 from watilde/fixes-3179
Use `localhost` instead of `::` for local
2017-06-21 17:51:24 +02:00
Daijiro Wachi 75b4a45968 Use `localhost` instead of `::` for local 2017-06-15 22:29:37 +02:00
Candy 1be0a9f3d5 Merge pull request #3448 from strongloop/fix_type
Fix API doc for Model class property type
2017-06-14 15:49:22 -04:00
Candy 04983831ca Fix API doc for Model class property type 2017-06-14 14:38:55 -04:00
Miroslav Bajtoš 359a6a5762 Merge pull request #3396 from sqlwwx/master
Update strong-error-handler to 2.x
2017-05-23 16:58:59 +02:00
sqlwwx 3a10209502 Update package.json 2017-05-23 09:14:38 +08:00
sqlwwx 375d476d28 Update package.json 2017-05-23 09:13:27 +08:00
Miroslav Bajtoš f8db64c9c3 Merge pull request #3376 from pierissimo/patch-1
Support remoting adapters with no ctx.req object
2017-05-22 15:23:51 +02:00
Piero Maltese 4735efa41f
Support remoting adapters with no ctx.req object
Fix `Model.createOptionsFromRemotingContext()` to correctly handle
the case where `ctx.req` is not defined, e.g. when using
websocket-based adapters.
2017-05-22 13:21:44 +02:00
sqlwwx ee68b8067c update strong-error-handler 2017-05-13 18:21:15 +08:00
Raymond Feng 9fb67315f9 3.8.0
* Refactor access token to make it extensible (Raymond Feng)
2017-05-02 11:16:34 -07:00
Raymond Feng a9c13a8f6c Merge pull request #3381 from strongloop/feature/refactor-access-token-id
Refactor access token to make it extensible
2017-05-02 13:14:31 -05:00
Raymond Feng 69df11bb8e Refactor access token to make it extensible
1. Make it possible to reuse getIdForRequest()
2. Introduce a flag to control if oAuth2 bearer token should be base64
encoded
3. Promote resolve() to locate/validate access tokens by id
2017-05-02 10:55:51 -07:00
Miroslav Bajtoš 6a4bd6d09f
3.7.0
* Remote method /user/:id/verify (ebarault)
 * Implement more secure password flow (Miroslav Bajtoš)
 * Add User.setPassword(id, new, cb) (Miroslav Bajtoš)
 * Fix method setup in authorization-scopes.test (Miroslav Bajtoš)
 * Add missing tests for reset password flow (Miroslav Bajtoš)
 * forwarding context options in user.verify (ebarault)
 * update deprecated dependencies (Diana Lau)
 * Add support for scoped access tokens (Miroslav Bajtoš)
 * Fix user-literal rewrite for anonymous requests (Aaron Buchanan)
2017-04-27 13:19:17 +02:00
Eric Barault d1719fd9a8 Merge pull request #3314 from strongloop/feature/enable-email-verification-replay
Provide a solution to finish the user's registration when the user identity verification message is lost or has expired
2017-04-26 20:01:38 +02:00
ebarault b9fbf51b27 Remote method /user/:id/verify
This commit adds:
- user.prototype.verify(verifyOptions, options, cb)
- remote method /user/:id/verify
- User.getVerifyOptions()

The remote method can be used to replay the sending of a user
identity/email verification message.

`getVerifyOptions()` can be fully customized programmatically
or partially customized using user model's `.settings.verifyOptions`

`getVerifyOptions()` is called under the hood when calling the
/user/:id/verify remote method

`getVerifyOptions()` can also be used to ease the building
of identity verifyOptions:

```js
var verifyOptions = {
  type: 'email',
  from: 'noreply@example.com'
  template: 'verify.ejs',
  redirect: '/',
  generateVerificationToken: function (user, options, cb) {
    cb('random-token');
  }
};

user.verify(verifyOptions);
```

NOTE: the `User.login()` has been modified to return the userId when
failing due to unverified identity/email. This userId can then be used
to call the /user/:id/verify remote method.
2017-04-26 19:05:41 +02:00
Miroslav Bajtoš b96605c63a Merge pull request #3350 from strongloop/feature/set-password-with-token
Set password with token, disable password changes via patch/replace
2017-04-20 10:47:04 +02:00
Miroslav Bajtoš c5ca2e1c2e
Implement more secure password flow
Improve the flow for setting/changing/resetting User password to make
it more secure.

 1. Modify `User.resetPassword` to create a token scoped to allow
    invocation of a single remote method: `User.setPassword`.

 2. Scope the method `User.setPassword` so that regular tokens created
    by `User.login` are not allowed to execute it.

For backwards compatibility, this new mode (flow) is enabled only
when User model setting `restrictResetPasswordTokenScope` is set to
`true`.

 3. Changing the password via `User.prototype.patchAttributes`
    (and similar DAO methods) is no longer allowed. Applications
    must call `User.changePassword` and ask the user to provide
    the current (old) password.

For backwards compatibility, this new mode (flow) is enabled only
when User model setting `rejectPasswordChangesViaPatchOrReplace` is set
to `true`.
2017-04-20 10:22:21 +02:00
Miroslav Bajtoš e27419086c
Add User.setPassword(id, new, cb)
Implement a new method for changing user password with password-reset
token but without the old password.

REST API

    POST /api/users/reset-password
    Authorization: your-password-reset-token-id
    Content-Type: application/json

    {"newPassword": "new-pass"}

JavaScript API

    User.setPassword(userId, newPassword[, cb])
    userInstance.setPassword(newPassword[, cb])

Note: the new REST endpoint is not protected by scopes yet, therefore
any valid access token can invoke it (similarly to how any valid access
token can change the password via PATCH /api/users/:id).
2017-04-20 10:18:49 +02:00
Miroslav Bajtoš d95ec66a23
Fix method setup in authorization-scopes.test
Fix the code builing a scoped method to correctly handle the case
when the setup method is called twice and the previously defined
method has to be overriden with new remoting metadata.
2017-04-18 13:01:15 +02:00
Miroslav Bajtoš 9c63abef52
Add missing tests for reset password flow 2017-04-18 13:01:14 +02:00
Miroslav Bajtoš faa4975b78 Merge pull request #3344 from strongloop/maintenance/passing-context-options-in-user.verify
forward context options in user.verify
2017-04-12 09:13:20 +02:00
ebarault 912aad8b35 forwarding context options in user.verify
change original "options" argument to "verifyOptions"
adds ctx options argument as "options"
forward context "options" down to relevant downstream functions
review verifyOptions assertions
code cleaning
tests code cleaning
2017-04-11 17:54:45 +02:00
Diana Lau 31e22d3b3f Merge pull request #3345 from strongloop/3.x/update-dependencies
update deprecated dependencies
2017-04-10 15:10:26 +00:00
Diana Lau 52d3faed80 update deprecated dependencies 2017-04-07 15:09:31 -04:00