* Fix User.verify to convert uid to string (phairow)
* Configure Travis CI to cache phantomjs binaries (Miroslav Bajtoš)
* Improve "filter" arg description (Raymond Camden)
* Fix creation of verification links (Miroslav Bajtoš)
* Include link to docs in logoutSessions warning (Miroslav Bajtoš)
* Fix detection of logoutSessionsOnSensitiveChanges (Miroslav Bajtoš)
* Preserve sessions on User.save() making no changes (Miroslav Bajtoš)
* Remove unused dependencies (Miroslav Bajtoš)
* Fix logout to handle no or missing accessToken (Ritchie Martori)
* Use English when running Mocha tests (Miroslav Bajtoš)
* Role model: resolves related models by name (Benjamin Kroeger)
* Fix User methods to use correct Primary Key (Aris Kemper)
Applications using MongoDB connectors typically have `user.id`
property of type ObjectID.
This commit fixes the code building the verification URL to
correctly convert the user id value into string.
Fix User.prototype.verify to call `querystring.stringify` instead
of concatenating query-string components directly.
In particular, this fixes the bug where `options.redirect` containing
a hash fragment like `#/home?arg1=value1&arg2=value2` produced incorrect
URL, because the `redirect` value was not correctly encoded.
Modify the code detecting whether logoutSessionsOnSensitiveChanges
is enabled to correctly handle the case when the model is not attached
to any application, as is the case with loopback-component-passport
tests.
Return 401 when the request does not provide any accessToken argument
or the token was not found.
Also simplify the implementation of the `logout` method to make only
a single database call (`deleteById`) instead of `findById` + `delete`.
Disable invalidation of access tokens by default to restore backwards
compatibility with older 2.x versions.
Add a new application-wide flag logoutSessionsOnSensitiveChanges
that can be used to explicitly turn on/off the token invalidation.
When the flag is not set, a verbose warning is printed to nudge the user
to make a decision how they want to handle token invalidation.
Fix User model to preserve the current session (provided via
"options.accessToken") when invalidating access tokens after a change
of email or password property.
* Emit resetPasswordRequest event with options (Sergey Reus)
* Fix false emailVerified on user model update (박대선)
* Add new flag injectOptionsFromRemoteContext (Miroslav Bajtoš)
* Contextify DAO and relation methods (Miroslav Bajtoš)
* Implement new http arg mapping optionsFromRequest (Miroslav Bajtoš)
* Fix package.json CI downstreamIgnoreList nesting (David Cheung)
We noticed that every time the user model updates, the emailVerified
column would change to false, even though the email was not changed
at all.
I took a look and realized there might be an error in
https://github.com/strongloop/loopback/commit/eb640d8
The intent of the commit just mention is to make emailVerified false
when the email gets changed, but notice that ctx.data.email is null
on updates, so the condition is always met and emailVerified always
becomes false.
This commit fixes the issue just mentioned.
Hide the new "options" arguments behind a feature flag
injectOptionsFromRemoteContext that is disabled by default for backwards
compatibility.
Fix construction of sharedCtor remoting metadata to prevent the
situation when we are configuring remoting metadata after
strong-remoting has already picked up data from our parent (base) model.
Define a new Model method "createOptionsFromRemotingContext" that allows
models to define what "options" should be passed to methods invoked
via strong-remoting (e.g. REST).
Define a new http mapping `http: 'optionsFromRequest'` that invokes
`Model.createOptionsFromRemotingContext` to build the value from
remoting context.
This should provide enough infrastructure for components and
applications to implement their own ways of building the "options"
object.
Raymond Feng
Miroslav Bajtoš
Miroslav Bajtoš
phairow
Raymond Camden
Ritchie Martori
Benjamin Kroeger
Aris Kemper
João Ribeiro
Sergey Reus
박대선
David Cheung
David Cheung
Simon Ho
kobaska