Miroslav Bajtoš
0a4940e31e
Merge pull request #3683 from edwardchoh/master
...
Support options.filter in createChangeStream
2017-12-14 14:59:14 +01:00
Edward Choh
00169d2312
Support options.filter in createChangeStream
...
Implement "options.filter" argument in Persisted.createChangeStream()
by leveraging loopback-filter module.
2017-12-14 13:08:28 +01:00
Miroslav Bajtoš
7c030c6900
Merge pull request #3728 from strongloop/update-eslint-config
...
Update eslint and eslint-config to latest
2017-12-14 13:07:14 +01:00
Miroslav Bajtoš
243af4bfc2
3.17.1
...
* Update nestRemoting to pass optionsFromContext (bmatson)
* fix(test): rem exclusive test (Samuel Reed)
* fix(test): working test with 0 userId (Samuel Reed)
* fix(AccessContext): Tighten userid/appid checks (Samuel Reed)
* fix(id): replace with != null (Samuel Reed)
2017-12-12 19:43:30 +01:00
Miroslav Bajtoš
b045e4a6be
Merge pull request #3681 from zipitwireless/master
...
Update nestRemoting to pass optionsFromContext
2017-12-12 19:00:09 +01:00
bmatson
317e00d92c
Update nestRemoting to pass optionsFromContext
...
Fix the code invoking relation getter to correctly pass through
the "options" argument.
2017-12-12 17:24:35 +01:00
Miroslav Bajtoš
010bbc6369
fixup! add top-level dep on eslint-plugin-mocha
2017-12-12 13:08:05 +01:00
Miroslav Bajtoš
73cc950b1b
Update eslint and eslint-config to latest
2017-12-12 09:33:15 +01:00
Miroslav Bajtoš
fdb453943a
Merge pull request #3725 from STRML/fix/exclusive-test
...
fix(test): rem exclusive test
2017-12-08 20:19:01 +01:00
Samuel Reed
3af6a1bbaa
fix(test): rem exclusive test
...
Ref: #3720
2017-12-08 11:14:15 -06:00
Miroslav Bajtoš
3bf84bacde
Merge pull request #3720 from STRML/fix/falsy-id-3.x
...
Fix handling of falsy model ids
2017-12-08 15:24:13 +01:00
Samuel Reed
2bfd67ccaa
fix(test): working test with 0 userId
2017-12-07 10:10:35 -06:00
Samuel Reed
b362776e73
fix(AccessContext): Tighten userid/appid checks
...
An application may have a use for a falsy ID.
2017-12-05 10:03:52 -06:00
Samuel Reed
0bac0a933f
fix(id): replace with != null
...
Ref: #2356 , #2374 , #3130 , #3693
2017-12-05 09:54:28 -06:00
Diana Lau
1babfcde9f
3.17.0
...
* Added missing DateString type in loopback index (CSLTech)
* chore:update license (Diana Lau)
2017-11-29 15:49:28 -05:00
Kevin Delisle
5dd5a674ce
Merge pull request #3689 from CSLTech/master
...
Added missing DateString type in loopback index
2017-11-22 13:34:25 -05:00
CSLTech
1a2d8a4571
Added missing DateString type in loopback index
2017-11-21 11:56:36 -05:00
Diana Lau
0737f5476d
Merge pull request #3687 from strongloop/license
...
chore:update license
2017-11-13 14:55:53 -05:00
Diana Lau
b67a096f9e
chore:update license
2017-11-09 13:12:39 -05:00
Miroslav Bajtoš
cb600d1470
3.16.2
...
* Fix "POST /change-password" for multi-user setup (Miroslav Bajtoš)
2017-10-30 09:03:15 +01:00
Miroslav Bajtoš
825d5a6373
Merge tag 'v3.16.1'
...
Bring in changes from #3674 that were accidentally not landed on master:
* Fix createOnlyInstance for related methods (Raymond Feng)
Close #3674
2017-10-30 09:00:16 +01:00
Miroslav Bajtoš
91729ee550
Merge pull request #3675 from strongloop/fix/change-password-multiple-users
...
Fix "POST /change-password" for multi-user setup
2017-10-30 08:58:07 +01:00
Raymond Feng
010c7bcd5f
3.16.1
...
* Fix createOnlyInstance for related methods (Raymond Feng)
2017-10-27 21:43:40 -07:00
Raymond Feng
6570b94843
Fix createOnlyInstance for related methods
...
For scoped or related create method, the createOnlyInstance flag should
be calculated on the target model. For example, User.createAccessTokens
should set the flag only if AccessToken has updateonly properties.
2017-10-27 18:51:56 -07:00
Miroslav Bajtoš
3996f56ab9
Fix "POST /change-password" for multi-user setup
...
Fix the code extracting current user id from the access token provided
in the HTTP request, to allow only access tokens created by the target
user models to execute the action.
This fixes the following security vulnerability:
* We have two user models, e.g. Admin and Customer
* We have an Admin instance and a Customer instance with the same
id and the same password.
* The Customer can change Admin's password using their
regular access token.
2017-10-27 09:47:07 +02:00
Kevin Delisle
4d4070e542
3.16.0
...
* Fix "POST /reset-password" for multi-user setup (Miroslav Bajtoš)
* test: extract helpers for logging HTTP errors (Miroslav Bajtoš)
* CODEOWNERS: move @lehni to Alumni section (Miroslav Bajtoš)
2017-10-24 14:12:37 -04:00
Kevin Delisle
2761e62533
Merge pull request #3666 from strongloop/fix/multi-user-reset-password
...
Fix "POST /reset-password" for multi-user setup
2017-10-24 14:10:35 -04:00
Miroslav Bajtoš
0a2a45512c
Fix "POST /reset-password" for multi-user setup
...
Fix the code extracting current user id from the access token provided
in the HTTP request, to allow only access tokens created by the target
user models to execute the action.
This fixes the following security vulnerability:
* A UserA with id 1 (for example), requires a resetToken1
* A UserB with the same id requires a resetToken2.
* Using resetToken2, use the UserAs/reset-password endpoint and change
the password of UserA and/or vice-versa.
2017-10-19 13:29:08 +02:00
Miroslav Bajtoš
4ebc517a78
test: extract helpers for logging HTTP errors
...
Extract two helpers into a shared file:
- logAllServerErrors(app)
- logServerErrorsOtherThan(statusCode, app)
2017-10-19 13:08:54 +02:00
Miroslav Bajtoš
083fb5d668
Merge pull request #3659 from strongloop/remove/lehni
...
CODEOWNERS: move @lehni to Alumni section
2017-10-19 10:44:20 +02:00
Miroslav Bajtoš
c3450df4db
CODEOWNERS: move @lehni to Alumni section
2017-10-19 10:42:54 +02:00
Miroslav Bajtoš
f30159cd23
3.15.0
...
* update strong-globalize to 3.1.0 (shimks)
* Fix handling of user verification options (Miroslav Bajtoš)
* Handle missing getUpdateOnlyProperties fn (Jürg Lehni)
* test: fix too strict test assertion (Miroslav Bajtoš)
* Fix typo (Siegfried Ehret)
2017-10-13 15:33:56 +02:00
Miroslav Bajtoš
64d60fb6f7
Merge pull request #3650 from strongloop/update-strong-globalize
...
update strong-globalize to 3.1.0
2017-10-13 15:27:02 +02:00
shimks
2f02fbac89
update strong-globalize to 3.1.0
2017-10-12 15:08:04 -04:00
Miroslav Bajtoš
fb8f3d9df3
Merge pull request #3647 from lehni/model/fix-updateonly-props-check
...
Handle missing getUpdateOnlyProperties fn on Model
2017-10-09 17:00:55 +02:00
Miroslav Bajtoš
9176ee2e11
Merge pull request #3609 from sebastianfelipe/fix/user-verify-duplicated-token
...
Fix handling of user verification options
2017-10-09 14:00:22 +02:00
Miroslav Bajtoš
d0a4941668
Fix handling of user verification options
...
- Fix `User.prototype.verify` to not modify properties of the supplied
`verifyOptions` argument. This is needed to allow callers to supply
the same options object to multiple calls of `verify`.
- Fix `User.getVerifyOptions` to always return a new copy of the
options object. This is needed to allow callers to modify the
returned options object without affecting the result returned
by subsequent calls of `getVerifyOptions`.
2017-10-09 13:42:22 +02:00
Jürg Lehni
826ee2aca8
Handle missing getUpdateOnlyProperties fn
...
If the current scope does not define a getUpdateOnlyProperties
function, the updateOnlyProps value will now be set to false.
2017-10-09 09:19:47 +02:00
Miroslav Bajtoš
8488da2e26
Merge pull request #3637 from strongloop/fix/build
...
test: fix too strict test assertion
2017-10-05 13:14:52 +02:00
Miroslav Bajtoš
33989d776c
test: fix too strict test assertion
...
Rework the test verifying properties of `loopback` to ignore
new express properties added after the test was written.
2017-10-04 10:31:50 +02:00
Miroslav Bajtoš
1dd0ab31e0
Merge pull request #3636 from SiegfriedEhret/patch-1
...
Fix typo in jsdoc
2017-10-04 10:11:04 +02:00
Siegfried Ehret
db8130ac6d
Fix typo
...
Update a jsdoc thing to match the argument name.
2017-10-04 09:26:17 +02:00
Raymond Feng
c9913927e5
3.14.0
...
* Allow declarative nestRemoting for relations (Raymond Feng)
2017-09-28 11:07:15 -07:00
Raymond Feng
c453ad52c2
Merge pull request #3628 from strongloop/declarative-nest-remoting
...
Allow declarative nestRemoting for relations
2017-09-28 11:06:32 -07:00
Raymond Feng
c0a0f09f3a
Allow declarative nestRemoting for relations
...
Now relation.options.nestRemoting can be set to true so that
nestRemoting will be set up automatically without explicitly
calling MyModel.nestRemoting
2017-09-27 09:22:06 -07:00
Miroslav Bajtoš
fcfaf7ef53
3.13.0
...
* Fix OWNER role to handle multiple relations (pierreclr)
* Fix acl.resolvePermission for wildcard req (Farid Neshat)
* CODEOWNERS: add zbarbuto (Miroslav Bajtoš)
2017-09-27 17:45:28 +02:00
Miroslav Bajtoš
658d228789
Merge pull request #3140 from pierreclr/feature/allow-mutiple-owners-resolving
...
Fix OWNER role to handle multiple relations
2017-09-27 17:43:48 +02:00
pierreclr
e17132d061
Fix OWNER role to handle multiple relations
...
Fix the code resolving OWNER role to correctly handle the situation
where the target model has multiple "belongsTo" relations to the User
model.
Introduce a new model setting "ownerRelations" that enables the new
behavior. When "ownerRelations" is set to true, then all "belongsTo"
relations are considered as granting ownership. Alternatively,
"ownerRelations" can be set to an array of the relations which
are granting ownership.
For example, a document can "belongTo" an author and a reviewer,
but only the author is an owner, the reviewer is not. In this case,
"ownerRelations" should be set to "['author']".
2017-09-27 17:11:36 +02:00
Miroslav Bajtoš
ef7175a4d5
Merge pull request #3293 from alFReD-NSH/bugfix/acl-checkpermission
...
Fix acl.resolvePermission not working with wildcard request
2017-09-27 16:51:27 +02:00
Miroslav Bajtoš
2128ecde46
Merge pull request #3625 from strongloop/welcome-zbarbuto
...
CODEOWNERS: add zbarbuto
2017-09-27 11:10:40 +02:00