Commit Graph

49 Commits

Author SHA1 Message Date
Ritchie Martori 4b6dcd6271 Document user settings 2015-02-04 14:09:01 -08:00
Miroslav Bajtoš a77b3bbac7 Remove usages of deprecated `req.param()`
Express has recently deprecated `req.param()` to force developers
to be explicit about the source of the value. To avoid deprecation
warnings, this commit replaces all calls of `req.param()` with a
simplified inline version.
2015-01-21 19:27:53 +01:00
Ron Edgecomb a028d9d198 Add error code property to known error responses.
Enhance the error objects with a `code` property containing
a machine-readable string code describing the error, for example
INVALID_TOKEN or USER_NOT_FOUND.

Also improve 404 error messages to include the model name.
2015-01-21 19:04:47 +01:00
Ritchie Martori 0b0927b56b Merge pull request #992 from TorchlightSoftware/repl-optimize
don't send queries to the DB when no changes are detected
2015-01-19 09:32:17 -08:00
Ryan Graham 8fa04fd32f Merge pull request #1015 from strongloop/feature/rmg-basic-auth-support
Extend AccessToken to parse Basic auth headers
2015-01-16 10:52:02 -08:00
Ryan Graham fbb091e3b3 Extend AccessToken to parse Basic auth headers
Allow convenient URLs for curl and browsers such as:
 - http://some-long-token@localhost:3000/
 - http://token:some-long-token@localhost:3000/

Basic Auth specifies a 'Basic' scheme for the Authorization header
similar to how OAuth specifies 'Bearer' as an auth scheme.

Following a similar convention, extract the access token from the
Authorization header when it specifies the 'Basic' scheme, assuming
it is the larger of the <user>:<pass> segments.
2015-01-15 22:53:09 -08:00
Raymond Feng 563a06fa7e Make sure EXECUTE access type matches READ or WRITE
See https://github.com/strongloop/loopback/issues/1011
2015-01-14 13:38:44 -08:00
Ritchie Martori e0e9d6ecff Merge pull request #943 from BerkeleyTrue/refactor/user-remote-method
Use User.remoteMethod instead of loopbacks method
2015-01-13 10:20:43 -08:00
bitmage c28698c1ba don't send queries to the DB when no changes are detected 2015-01-10 11:28:55 -07:00
Raymond Feng f5eac871fd Merge branch 'master' of https://github.com/greaterweb/loopback into greaterweb-master 2015-01-07 16:35:00 -08:00
Raymond Feng 90fd62ec0a Merge pull request #941 from strongloop/feature/workaround-issue-251
Allow User.hashPassword/validatePassword to be overridden
2015-01-07 14:01:03 -08:00
Raymond Feng b7db9808b2 Allow User.hashPassword/validatePassword to be overridden
See https://github.com/strongloop/loopback/issues/251
2015-01-06 16:03:30 -08:00
Berkeley Martinez 4fc07fe125 Use User.remoteMethod instead of loopbacks method
This is needed for loopback-connector-remote authorization.
Addresses https://github.com/strongloop/loopback/issues/622.
2015-01-06 08:18:57 -08:00
Ron Edgecomb dc055e5559 Require valid login credentials before verified email check.
- strongloop/loopback#931.
2015-01-05 18:40:59 -05:00
Ritchie Martori 270dfc2603 Merge pull request #955 from alFReD-NSH/checkpoint-leak
Fix Change.getCheckpointModel() giving new models each call
2015-01-05 09:40:29 -08:00
Clark Wang 2f9400fc87 fix User.settings.ttl can't be overridden in sub model
Signed-off-by: Clark Wang <clark.wangs@gmail.com>
2014-12-28 16:02:37 +08:00
Farid Neshat d5d7ecd0bb Fix Change.getCheckpointModel() giving new models each call
This was a huge memory leak in our app...
2014-12-27 23:48:56 +08:00
Raymond Feng cb2f40bb86 Fix bcrypt issues for browserify 2014-12-08 14:59:21 -08:00
Raymond Feng 1e932e72ed Allow native bcrypt for performance
See https://github.com/strongloop/loopback/issues/892
2014-12-03 09:03:36 -08:00
Miroslav Bajtoš a603ffa0f5 AccessToken: optional `options` in findForRequest
Fix `AccessToken.findForRequest` to correctly handle the case when
the options argument was omitted:

    AccessToken.findForRequest(req, cb);
2014-11-14 10:42:21 +01:00
Miroslav Bajtoš 7c96aec9af Merge pull request #738 from strongloop/feature/style-cleanup-in-common
common: coding style cleanup
2014-11-05 20:07:34 +01:00
Miroslav Bajtoš d9a426c867 Merge pull request #668 from BerkeleyTrue/fix/dublicateId
This fixes duplicate key issue #649
2014-11-05 19:22:22 +01:00
Miroslav Bajtoš dc762d2514 common: coding style cleanup 2014-11-04 13:52:49 +01:00
Raymond Feng 842d9b0bcd Fix the jsdoc for User.login 2014-11-03 14:07:19 -08:00
Berkeley Martinez 1ee05eb8a7 Deleted instantiation of new Change model.
This PR removes the instantiation of a new change model
as models return from Change.find are already
instances of Change. This solves the duplicate Id issue #649
2014-11-03 13:41:43 -08:00
Miroslav Bajtoš fec8234c4c Merge pull request #616 from jpizarrom/master
added email custom headers in user verify
2014-10-24 19:51:10 +02:00
Juan Pizarro 4098bec2c6 User: custom email headers in verify 2014-10-24 14:42:49 -03:00
Raymond Feng b98ada282f Merge pull request #660 from strongloop/feature/add-realm-support
Add realm support
2014-10-24 08:27:28 -07:00
Raymond Feng 46d1430023 Add realm support 2014-10-23 11:10:39 -07:00
Raymond Feng 03b3c3cda4 Merge pull request #680 from arlaneenalra/feature/fix-676
Force principalId to be a string in Role.getRoles Fix #676
2014-10-23 08:55:17 -07:00
Miroslav Bajtoš b57cd3e409 User: fix `confirm` permissions
Enable authentication for all User unit-tests to check that the ACLs are
correctly configured.

Fix the rule for `confirm` - the correct permission is `ALLOW`, not
`ACL.ALLOW`.
2014-10-23 13:19:43 +02:00
Chris S f678107859 Adjust id handling to deal with 0 and null 2014-10-22 11:36:54 -05:00
Chris S cff0e15936 Force principalId to be a string.
Added a defensive check for undefined to avoid problems
when converting to a string.
2014-10-22 10:05:29 -05:00
Rand McKinney 2384c9d841 Fix JSdoc for registerResolver 2014-10-20 14:45:40 -07:00
Miroslav Bajtoš 20026a9d04 Fix places using undefined variables
Also enable jshint option "undefined" in order to catch these kind
of errors in the future.
2014-10-15 16:44:00 +02:00
crandmck 2f4a54d93c Clean up jsdoc comments
Add class properties, expose some methods that should have
been documented, etc.
2014-10-15 09:42:24 +02:00
Miroslav Bajtoš 0906a6f5b3 models: move Change LDL def into a json file 2014-10-14 09:04:43 +02:00
Miroslav Bajtoš 6cbc231fba models: move Checkpoint LDL def into a json file 2014-10-14 09:04:43 +02:00
Miroslav Bajtoš 461ae92c1c models: move Role LDL def into a json file 2014-10-14 09:04:43 +02:00
Miroslav Bajtoš e9c86163aa models: move RoleMapping def into its own files 2014-10-14 09:04:43 +02:00
Miroslav Bajtoš 7c01d59d80 models: move ACL LDL def into a json file 2014-10-14 09:04:43 +02:00
Miroslav Bajtoš ef890d5f26 models: move Scope def into its own files 2014-10-14 08:58:17 +02:00
Miroslav Bajtoš 5f20652241 models: move AccessToken LDL def into a json file 2014-10-14 08:58:17 +02:00
Miroslav Bajtoš 1e6beabbd2 models: move Application LDL def into a json file
Move some of the comments describing properties into jsdoc.
2014-10-14 08:58:17 +02:00
Miroslav Bajtoš 551d109a20 models: move Email LDL def into `email.json` 2014-10-14 08:58:17 +02:00
Miroslav Bajtoš 920d3be6a3 models: move User LDL def into `user.json` 2014-10-14 08:58:17 +02:00
Miroslav Bajtoš df9fe90d35 Auto-load and register built-in `Checkpoint` model 2014-10-14 08:58:16 +02:00
Raymond Feng 242b44ed2b Skip static ACL entries that don't match the property 2014-10-13 16:45:36 -07:00
Miroslav Bajtoš 1fe0110849 Dismantle `lib/models`.
- Move core models `Model` and `PersistedModel` to `lib/`.
 - Move `AccessContext` class to `lib/`, since it is not a model.
 - Move all other built-in models to `common/models`.

This is a preparation for extracting model definitions to JSON files.
By splitting the change into multiple commits, git is able to keep track
of file moves (renames).
2014-10-13 12:09:27 +02:00