-
Notifications
You must be signed in to change notification settings - Fork 20
/
Changes
387 lines (238 loc) · 11.1 KB
/
Changes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
Revision history for Dancer2-Plugin-Auth-Extensible
0.710 Sat 15 May 08:02:00 BST 2021
[BUG FIXES]
* Add Test::Fatal to list of dependencies (thanks yldr)
* Fix config for test (thanks Nick Tonkin)
0.709 Sun 19 Apr 17:44:00 BST 2020
[BUG FIXES]
* Update tests to match RFC 7231 behavior of Dancer2 (thanks Ruth Holloway)
0.708 Fri 26 Apr 09:47:00 GMT 2019
[BUG FIXES]
* Attempt to fix intermittent test failures (thanks Tom Hukins)
* Better check for HTTP::BrowserDetect to prevent strange test failures
0.707 Mon 20 Dec 21:55:00 GMT 2018
[ENHANCEMENTS]
* Add after_reset_code_success hook (thanks Nathan Bailey)
0.706 Mon 17 Dec 18:37:00 GMT 2018
[BUG FIXES]
* Fix various problems with return_url functionality
0.705 Mon 16 Oct 11:54:34 CEST 2017
[BUG FIXES]
* Correctly escape return URLs (Ben "whosgonna" Kaufman GH#79)
[ENHANCEMENTS]
* Add before_logout hook (Dominic Sonntag GH#70)
[DOCS]
* Add docs about making your own login pages (Jason Lewis GH#62)
0.704 Wed 12 Apr 15:04:46 CEST 2017
[BUG FIXES]
* Fix password reset when user is object (Andy Beverley GH#73)
* Fix custom login template (Tadeusz “tadzik” Sośnierz GH#72)
[MISC]
* Deduplicate code related to login page rendering (Tadeusz “tadzik”
Sośnierz GH#71)
0.703 Tue 29 Nov 10:25:10 CET 2016
[BUG FIXES]
* Bump dep on Dancer2 to 0.204000. Prior to that release after `forward`
`params` were still available but were not cloned into `parameters`.
This should fix GH #66.
0.702 Mon 28 Nov 12:34:53 CET 2016
[TESTS]
* Chasing down GH#66 and (hopefully) cut down on unexpected warnings
causing no-realms-configured test to fail.
0.701 Tue 22 Nov 10:32:27 CET 2016
[BUG FIXES]
* Try to make File::ShareDir::Install more reliable (Peter Mottram).
[TESTS]
* Stop tests failing due to 'Name "YAML::XS::NonStrict" used only once'
warning (Peter Mottram).
* Remove debug log from output in no-reset-password-handle test
(Peter Mottram).
0.700 Fri 18 Nov 13:13:36 CET 2016
[ENHANCEMENTS]
* Add new "no-redirect" login handler (Peter Mottram).
* Break out /login and /login/denied html into external files
(Peter Mottram).
[BUG FIXES]
* Escape all params used as input to default login page to prevent
potential injection attacks (Peter Mottram).
* Bump dep on Test::Deep for noneof (Peter Mottram GH#65).
[TESTS]
* Lots more tests added resulting in much better coverage (Peter Mottram).
0.622 Wed 9 Nov 11:35:15 CET 2016
* Add back missing $VERSION to Provider::Example
0.621 Tue 8 Nov 16:44:51 CET 2016
[ENHANCEMENTS]
* auth_provider now croaks if no realm is supplied (Peter Mottram).
[BUG FIXES]
* query_parameter should be query_parameters in get /login route
(Peter Mottram).
* user_password logic corrected (Peter Mottram).
* realm_name should be realm_names in update_user (Peter Mottram).
[TESTS]
* Huge number of new tests added (Peter Mottram).
* Add build dep on HTTP::Cookies (Peter Mottram).
[MISC]
* Remove old Provider::Example since Provider::Config is a much better
example provider (Peter Mottram).
* logged_in_user_lastlogin now stored in session as epoch (Peter Mottram).
* Removed unused _try_realms method (Peter Mottram).
0.620 Thu 3 Nov 16:01:22 CET 2016
[ENHANCEMENTS]
* User returned by providers can now be any kind of object. Previously
the providers were required to return a hashref (Peter Mottram).
* Most provider methods can now throw exceptions which will be caught
by the plugin (Peter Mottram).
* Added new hooks: after_authenticate_user, before_create_user and
after_create_user (Peter Mottram).
* If password is provided to create_user then set it immediately.
[TESTS]
* New tests for testing provider methods directly (Peter Mottram).
* Major test overhaul to enable clearer testing (Peter Mottram).
* Create extended version of Provider::Config for use in tests to allow
most plugin features to be tested without relying on external providers.
0.614 Thu Oct 27 16:03:17 2016 CEST
[ENHANCEMENTS]
* Add priority attribute to force order in which realms are checked
(Peter Mottram).
* Upgrade default encryption algo to SHA-512 (Peter Mottram GH#57).
* Implement disable_roles in plugin (Peter Mottram GH#38).
[DOCUMENTATION]
* Add missing optional methods to Role::Provider (Peter Mottram).
[TESTS]
* Convert tests to Plack::Test's OO style (Peter Mottram).
[MISC]
* Split out LDAP provider into its own distro (Peter Mottram).
* Avoid a memory cycle (Peter Mottram).
0.613 Tue Oct 18 15:35:19 2016 CEST
[DOCUMENTATION]
* Update docs to reflect Provider::Database being an external module
(Henk van Oers, GH #55).
[TESTS]
* Cope with get_user_details in providers returning an object rather
than a hash reference (Peter Mottram).
0.612 Tue Oct 11 12:44:01 2016 CEST
[ENHANCEMENTS]
* Add before_authenticate_user hook (Peter Mottram).
[DOCUMENTATION]
* Add change_session_id to example POST login code (Andy Beverley).
0.611 Tue Aug 30 16:59:49 2016 CEST
[ENHANCEMENTS]
* Add 'after_login_success' hook (Peter Mottram).
0.610 Mon Aug 15 08:17:46 2016 CEST
[ENHANCEMENTS]
* Call Dancer2's change_session_id on successful login. This method has
not yet been merged into Dancer2 core but we want to be ready for it
(Peter Mottram).
[BUG FIXES]
* Incorrect call to user_password from app not plugin
(Andrew Beverly, GH #53).
* Avoid memory leaks in BUILD by passing weakened ref to plugin into
add_route callbacks (Peter Mottram).
* Call $app->session instead of $app->app->session in _post_login_route
(Peter Mottram).
[MISC]
* Creation of temp lexical vars adds overhead so remove some where not
needed (Peter Mottram).
0.601 Tue Jul 12 16:23:22 2016 CEST
[BUG FIXES]
* Don't localise $username in user_password when checking reset code.
This caused user_password( code => '...') to always fail (Peter Mottram).
* Use $plugin instead of $app to call password_reset_send method
(Roman Studenikin, Peter Mottram, GH #50).
* Rename generate-crypted-password (Henk van Oers, Peter Mottram, GH #30).
[ENHANCEMENTS]
* Use Carp::croak instead of die for better stack traces (Peter Mottram).
* Added `use strict` for CPANTS Kwalitee score (Guillermo O. Freschi).
* Added MIN_PERL_VERSION to Makefile.PL (Guillermo O. Freschi).
* Simplify use of from_config and default in plugin attributes (Peter Mottram).
* Use current plugin in route setup (Peter Mottram).
0.600 Tue May 31 15:38:56 2016 CEST
[ENHANCEMENTS]
* Major update for compatibility with plugin2 (Peter Mottram).
For plugin2 details see: https://github.com/PerlDancer/Dancer2/pull/1010
Any old providers that have not been updated will die on using
Provider::Base.
* Add disable_roles attr to Provider roles. This allows this setting to
be different for each realm.
* Providers are now Moo classes. Provider::Base is no longer used
and is replaced by Role::Provider Moo::Role.
* Provider settings now handled as class attributes.
* Use strict and warnings everywhere (except in Moo classes).
[MISC]
* Dancer2::Plugin::Auth::Extensible::Provider::Database moved into its
own repository.
* Switch from Types::Standard to Dancer2::Core::Types instead.
* Switch all evals to Try::Tiny.
* Update Moo dependency to v2.
* Add security warning to Provider::Unix.
[TESTS]
* Make base tests compatible with Provider::Usergroup.
* Split out DBIC provider role tests into new subtest.
0.502 Thu 11 Feb 16:06:29 CET 2016
[BUG FIXES]
* Use getpwnam/getgrent in Unix provider instead of Unix::Passwd::File.
In addition to the obvious benefit of removing a dependency this also
solves a problem with Unix::Passwd::File where it likes to lock the
passwd file but that will fail if the user does not have permissions
which is normal for a web app (Peter Mottram).
Thanks to Jason Lewis for the heads up about this issue.
0.501 Wed Jan 20 12:07:17 2016 CET
[TESTS]
* Always output log messages on get/post errors (Peter Mottram).
0.500 Tue Jan 19 15:08:37 2016 CET
[TESTS]
* Add infrastructure for provider tests and various other
improvements for testing (Peter Mottram).
0.402 Tue Dec 8 14:44:19 2015 CET
[BUG FIXES]
* Adjust regexp for routes to be stricter in order to prevent
incorrect matches causing redirect loops (Evan Brown, GH #32).
0.401 Wed Jun 10 19:23:30 2015 CEST
[ENHANCEMENTS]
* Allow custom random password generator to be specified
(Andrew Beverly, GH #23).
0.400 Thu May 21 08:36:36 2015 CEST
[ENHANCEMENTS]
* Add logged_in_user_password_expired keyword (Andrew Beverly, GH #26).
* Add functionality to record the last successful login (Andrew Beverly, GH #25).
* Cache user details within each request (Andrew Beverly, GH #24).
* Create and edit users, and manage user passwords (Andrew Beverly, GH #10).
[DOCUMENTATION]
* Add documentation on users method for the example provider (Stefan Hornburg).
* Add documentation for methods of the base provider class (Stefan Hornburg).
* Add documentation for auth_provider method (Stefan Hornburg).
* Fix a few typos (Evan Brown, GH #20).
[TESTS]
* Add POD coverage test (Stefan Hornburg).
0.306 Thu Mar 26 18:41:53 2015 CET
[BUG FIXES]
* Fix crash on /login when already logged in (Gabor Szabo, Stefan Hornburg, GH #18).
0.305 Tue Mar 17 09:48:43 2015 CET
[ENHANCEMENTS]
* Include the dsl object in the provider constructor (Henk van Oers, GH #13).
[BUG FIXES]
* Fix no_default_pages and no_login_handler options (Andrew Beverly, GH #17).
* Add missing "Permission Denied" route (Stefan Hornburg, GH #15).
* Use Dancer2 in the example and test the example (Gabor Szabo, GH #16).
* Remove Mock::Quick from prerequisites (Henk van Oers, GH #8).
[DOCUMENTATION]
* Include the name of the command line tool in the pod (Gabor Szabo, GH #11).
0.304 Fri Feb 20 09:12:18 2015 CET
[ENHANCEMENTS]
* Add support for DBI provider (Andrew Beverley, GH #7).
* Add warning if no realms are configured (Andrew Beverley, GH #6).
* Add simple script to generate crypted passwords (David Precious).
[DOCUMENTATION]
* Fix module name in POD of Database provider (Vince Willems, GH #5).
* Fix mix-up of login_page and login_url (David Precious).
0.303 Tue Oct 28 09:13:46 2014 CET
[BUG FIXES]
* Add version to Dancer2 prerequisite (GH #2, Stefan Hornburg).
Prevents test failure in case psgi_app method isn't present.
[TESTS]
* Suppress core and debug logging for tests.
0.302 Sun Oct 26 17:09:57 2014 CET
[BUG FIXES]
* Fix MANIFEST (Stefan Hornburg).
0.301 Sat Oct 25 21:26:39 2014 CEST
Initial port from Dancer1 (Stefan Hornburg).