Commit Graph

2317 Commits

Author SHA1 Message Date
Miroslav Bajtoš 5db00c6ab2
3.10.0
* Allow glob-style patterns for remote options (Zak Barbuto)
 * Fix case of values per doc issue (crandmck)
 * Update translated strings Q3 2017 (Allen Boone)
 * Revert "Validate on updateAll" (Sakib Hasan)
 * Add tests of HTTP normalization on app level (Jürg Lehni)
 * travis: drop Node.js 7.x, add 8.x (Miroslav Bajtoš)
 * Validate on updateAll (ssh24)
 * Update juggler version (loay)
 * update messages.json (Diana Lau)
 * small fix for the title (Michael Alaev)
 * Changed http to https (Michael Alaev)
 * Update Travis registry (loay)
 * Add unit test for empty password (loay)
 * Add CODEOWNER file (Diana Lau)
2017-08-14 17:45:31 +02:00
Miroslav Bajtoš 06a2b6d86b Merge pull request #3504 from zbarbuto/feature/share-method-glob
Allow glob-style patterns for remote options
2017-08-14 17:25:43 +02:00
Zak Barbuto 724a7d1928 Allow glob-style patterns for remote options 2017-08-14 12:23:26 +09:30
Rand McKinney df87c17c08 Merge pull request #3559 from strongloop/acl-apidoc-fix
Fix case of values per doc issue
2017-08-11 11:27:00 -07:00
crandmck 9f8321ad61 Fix case of values per doc issue 2017-08-11 11:10:51 -07:00
Miroslav Bajtoš 132ce4c4ae Merge pull request #3555 from kallenboone/master
Update translated strings Q3 2017
2017-08-11 13:59:01 +02:00
Allen Boone dcb190ffc8 Update translated strings Q3 2017 2017-08-10 15:15:04 -04:00
Sakib Hasan 74cbe12918 Merge pull request #3545 from strongloop/revert-3541-add-validate-updateAll
Revert "Validate on updateAll"
2017-08-04 06:33:59 -04:00
Sakib Hasan 2fd5701ede Revert "Validate on updateAll" 2017-08-03 13:46:01 -04:00
Loay 2809d62990 Merge pull request #3538 from strongloop/juggler-version
Update juggler version
2017-08-03 10:00:05 -04:00
Miroslav Bajtoš d3d0ef4ec1 Merge pull request #3527 from lehni/feature/test-http-normalization
Add tests of HTTP normalization on app level
2017-08-03 14:52:12 +02:00
Jürg Lehni 5cd95e42f2
Add tests of HTTP normalization on app level
Also improve tests on model level to include nested routes

Add a test for HTTP normalization precedence too.
2017-08-03 12:32:54 +02:00
Miroslav Bajtoš 5562dca118 Merge pull request #3543 from strongloop/update/travis-platforms
travis: drop Node.js 7.x, add 8.x
2017-08-03 12:31:25 +02:00
Miroslav Bajtoš 3915c49a89
travis: drop Node.js 7.x, add 8.x 2017-08-03 12:02:26 +02:00
Sakib Hasan 619a0e468d Merge pull request #3541 from strongloop/add-validate-updateAll
Validate on updateAll
2017-08-02 12:27:50 -04:00
ssh24 5dd0d196ee Validate on updateAll 2017-08-02 11:52:56 -04:00
loay 7879ec346a Update juggler version 2017-08-02 11:14:18 -04:00
Diana Lau deec84f3b5 Merge pull request #3537 from strongloop/translate
update messages.json
2017-08-02 10:30:31 -04:00
Diana Lau 679ecbc12d update messages.json 2017-08-02 09:39:33 -04:00
Rand McKinney 8589629e7a Merge pull request #3523 from Alaev/patch-4
Fixed broken link && Changed http to https
2017-07-28 10:44:50 -07:00
Michael Alaev 478e3f3b16 small fix for the title
small fix for the title
2017-07-28 14:09:55 +03:00
Michael Alaev 1fcc40f1d1 Changed http to https
Changed the following links from HTTP to HTTPS as it is supported by loopback and strongloop
2017-07-28 01:14:33 +03:00
Loay 131b78dc84 Merge pull request #3511 from strongloop/empty-password-lb3
Add unit test for empty password
2017-07-25 15:42:22 -04:00
loay a3bf813088 Update Travis registry 2017-07-25 14:40:05 -04:00
loay c761dc5279 Add unit test for empty password 2017-07-25 14:40:04 -04:00
Diana Lau d1f6129eaf Merge pull request #3513 from strongloop/add-codeowner
Add CODEOWNER file
2017-07-25 14:37:20 -04:00
Diana Lau 5ed74ab24b Add CODEOWNER file 2017-07-25 09:41:09 -04:00
Miroslav Bajtoš 839c58639d
3.9.0
* Remove observers from Model on end of the stream (Alexei Smirnov)
 * Fix Model#settings.acls doc type signature (Farid Nouri Neshat)
 * Use `localhost` instead of `::` for local (Daijiro Wachi)
 * Fix API doc for Model class property type (Candy)
 * Update package.json (sqlwwx)
 * Support remoting adapters with no ctx.req object (Piero Maltese)
 * update strong-error-handler (sqlwwx)
2017-07-12 16:17:00 +02:00
Miroslav Bajtoš f7b88e3435 Merge pull request #3474 from bigcup/fixChangeStreamIssue#1569
Removed observers from a Model after finish of the stream
2017-07-12 16:15:20 +02:00
Alexei Smirnov 8ed92a12e0
Remove observers from Model on end of the stream
- Remove flags and properly finish the stream.
 - Destroy emits an end event for compability with ending of
   ReadableStream now.
 - Check for default implementation of destroy() method,
   because in Node.js 8 all types of streams have a native one.
2017-07-12 10:28:27 +02:00
Miroslav Bajtoš ca3a21ddd5 Merge pull request #3444 from alFReD-NSH/patch-2
Fix Model#settings.acls doc type signature
2017-06-23 16:43:47 +02:00
Farid Nouri Neshat 065eedab7b
Fix Model#settings.acls doc type signature 2017-06-23 16:25:54 +02:00
Miroslav Bajtoš f85551b715 Merge pull request #3450 from watilde/fixes-3179
Use `localhost` instead of `::` for local
2017-06-21 17:51:24 +02:00
Daijiro Wachi 75b4a45968 Use `localhost` instead of `::` for local 2017-06-15 22:29:37 +02:00
Candy 1be0a9f3d5 Merge pull request #3448 from strongloop/fix_type
Fix API doc for Model class property type
2017-06-14 15:49:22 -04:00
Candy 04983831ca Fix API doc for Model class property type 2017-06-14 14:38:55 -04:00
Miroslav Bajtoš 359a6a5762 Merge pull request #3396 from sqlwwx/master
Update strong-error-handler to 2.x
2017-05-23 16:58:59 +02:00
sqlwwx 3a10209502 Update package.json 2017-05-23 09:14:38 +08:00
sqlwwx 375d476d28 Update package.json 2017-05-23 09:13:27 +08:00
Miroslav Bajtoš f8db64c9c3 Merge pull request #3376 from pierissimo/patch-1
Support remoting adapters with no ctx.req object
2017-05-22 15:23:51 +02:00
Piero Maltese 4735efa41f
Support remoting adapters with no ctx.req object
Fix `Model.createOptionsFromRemotingContext()` to correctly handle
the case where `ctx.req` is not defined, e.g. when using
websocket-based adapters.
2017-05-22 13:21:44 +02:00
sqlwwx ee68b8067c update strong-error-handler 2017-05-13 18:21:15 +08:00
Raymond Feng 9fb67315f9 3.8.0
* Refactor access token to make it extensible (Raymond Feng)
2017-05-02 11:16:34 -07:00
Raymond Feng a9c13a8f6c Merge pull request #3381 from strongloop/feature/refactor-access-token-id
Refactor access token to make it extensible
2017-05-02 13:14:31 -05:00
Raymond Feng 69df11bb8e Refactor access token to make it extensible
1. Make it possible to reuse getIdForRequest()
2. Introduce a flag to control if oAuth2 bearer token should be base64
encoded
3. Promote resolve() to locate/validate access tokens by id
2017-05-02 10:55:51 -07:00
Miroslav Bajtoš 6a4bd6d09f
3.7.0
* Remote method /user/:id/verify (ebarault)
 * Implement more secure password flow (Miroslav Bajtoš)
 * Add User.setPassword(id, new, cb) (Miroslav Bajtoš)
 * Fix method setup in authorization-scopes.test (Miroslav Bajtoš)
 * Add missing tests for reset password flow (Miroslav Bajtoš)
 * forwarding context options in user.verify (ebarault)
 * update deprecated dependencies (Diana Lau)
 * Add support for scoped access tokens (Miroslav Bajtoš)
 * Fix user-literal rewrite for anonymous requests (Aaron Buchanan)
2017-04-27 13:19:17 +02:00
Eric Barault d1719fd9a8 Merge pull request #3314 from strongloop/feature/enable-email-verification-replay
Provide a solution to finish the user's registration when the user identity verification message is lost or has expired
2017-04-26 20:01:38 +02:00
ebarault b9fbf51b27 Remote method /user/:id/verify
This commit adds:
- user.prototype.verify(verifyOptions, options, cb)
- remote method /user/:id/verify
- User.getVerifyOptions()

The remote method can be used to replay the sending of a user
identity/email verification message.

`getVerifyOptions()` can be fully customized programmatically
or partially customized using user model's `.settings.verifyOptions`

`getVerifyOptions()` is called under the hood when calling the
/user/:id/verify remote method

`getVerifyOptions()` can also be used to ease the building
of identity verifyOptions:

```js
var verifyOptions = {
  type: 'email',
  from: 'noreply@example.com'
  template: 'verify.ejs',
  redirect: '/',
  generateVerificationToken: function (user, options, cb) {
    cb('random-token');
  }
};

user.verify(verifyOptions);
```

NOTE: the `User.login()` has been modified to return the userId when
failing due to unverified identity/email. This userId can then be used
to call the /user/:id/verify remote method.
2017-04-26 19:05:41 +02:00
Miroslav Bajtoš b96605c63a Merge pull request #3350 from strongloop/feature/set-password-with-token
Set password with token, disable password changes via patch/replace
2017-04-20 10:47:04 +02:00
Miroslav Bajtoš c5ca2e1c2e
Implement more secure password flow
Improve the flow for setting/changing/resetting User password to make
it more secure.

 1. Modify `User.resetPassword` to create a token scoped to allow
    invocation of a single remote method: `User.setPassword`.

 2. Scope the method `User.setPassword` so that regular tokens created
    by `User.login` are not allowed to execute it.

For backwards compatibility, this new mode (flow) is enabled only
when User model setting `restrictResetPasswordTokenScope` is set to
`true`.

 3. Changing the password via `User.prototype.patchAttributes`
    (and similar DAO methods) is no longer allowed. Applications
    must call `User.changePassword` and ask the user to provide
    the current (old) password.

For backwards compatibility, this new mode (flow) is enabled only
when User model setting `rejectPasswordChangesViaPatchOrReplace` is set
to `true`.
2017-04-20 10:22:21 +02:00