Express has recently deprecated `req.param()` to force developers
to be explicit about the source of the value. To avoid deprecation
warnings, this commit replaces all calls of `req.param()` with a
simplified inline version.
Enhance the error objects with a `code` property containing
a machine-readable string code describing the error, for example
INVALID_TOKEN or USER_NOT_FOUND.
Also improve 404 error messages to include the model name.
Allow convenient URLs for curl and browsers such as:
- http://some-long-token@localhost:3000/
- http://token:some-long-token@localhost:3000/
Basic Auth specifies a 'Basic' scheme for the Authorization header
similar to how OAuth specifies 'Bearer' as an auth scheme.
Following a similar convention, extract the access token from the
Authorization header when it specifies the 'Basic' scheme, assuming
it is the larger of the <user>:<pass> segments.
2.10.1
* Optimize the creation of handlers for rest (Raymond Feng)
* Add a link to gitter chat (Raymond Feng)
* Added context middleware (Rand McKinney)
* Use User.remoteMethod instead of loopbacks method This is needed for loopback-connector-remote authorization. Addresses https://github.com/strongloop/loopback/issues/622. (Berkeley Martinez)
2.10.0
* Revert the peer dep change to avoid npm complaints (Raymond Feng)
* Update strong-remoting dep (Raymond Feng)
* Allow accessType per remote method (Raymond Feng)
* API and REST tests added to ensure complete and valid credentials are supplied for verified error message to be returned - tests added as suggested and fail under previous version of User model - strongloop/loopback#931 (Ron Edgecomb)
* Require valid login credentials before verified email check. - strongloop/loopback#931. (Ron Edgecomb)
2.8.8
* Fix context middleware to preserve domains (Pham Anh Tuan)
* Additional password reset unit tests for API and REST - strongloop/loopback#944 (Ron Edgecomb)
* Small formatting update to have consistency with identical logic in other areas. - strongloop/loopback#944 (Ron Edgecomb)
* Simplify the API test for invalidCredentials (removed create), move above REST calls for better grouping of tests - strongloop/loopback#944 (Ron Edgecomb)
* Force request to send body as string, this ensures headers aren't automatically set to application/json - strongloop/loopback#944 (Ron Edgecomb)
* Ensure error checking logic is in place for all REST calls, expand formatting for consistency with existing instances. - strongloop/loopback#944 (Ron Edgecomb)
* Correct invalidCredentials so that it differs from validCredentialsEmailVerified, unit test now passes as desired. - strongloop/loopback#944 (Ron Edgecomb)
* Update to demonstrate unit test is actually failing due to incorrect values of invalidCredentials - strongloop/loopback#944 (Ron Edgecomb)
* fix jscs warning (Clark Wang)
* fix nestRemoting is nesting hooks from other relations (Clark Wang)
When executing a request using a pooled connection, connectors
like MongoDB and/or MySQL rebind callbacks to the domain which
issued the request, as opposed to the domain which opened the pooled
connection.
This commit fixes the context middleware to play nicely with that
mechanism and preserve domain rebinds.
Pradnya Baviskar
crandmck
Miroslav Bajtoš
Ron Edgecomb
Ritchie Martori
Ryan Graham
Raymond Feng
Raymond Feng
Ryan Graham
bitmage
Pham Anh Tuan
Berkeley Martinez