Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

0.1.3 changelog

  • Loading branch information...
commit 9d2158d38a80c632f8132b9f4ebcc91cb84f7e72 1 parent 81d96e7
@cemerick authored
Showing with 66 additions and 18 deletions.
  1. +64 −16 CHANGES.md
  2. +2 −2 project.clj
View
80 CHANGES.md
@@ -1,42 +1,90 @@
## [Friend](http://github.com/cemerick/friend) changelog
+### `0.1.3`
+
+**Core API**
+
+* `cemerick.friend/current-authentication` can now accept either a ring request
+ map or a Friend identity map
+* `cemerick.friend/authenticated` can now accept more than one body form
+ (gh-32)
+* A new `cemerick.friend/authenticate` option, `:unauthenticated-handler`,
+ allows one to provide a separate Ring handler to control how to respond to
+unauthenticated requests when authentication is required (either via setting
+`:allow-anon` to `false`, or via use of `cemerick.friend/authenticated`). The
+prior behaviour (redirecting to the URI specified by `:login-uri`) is currently
+retained by the default `:unauthenticated-handler`,
+`cemerick.friend/default-unauthenticated-handler`. (gh-38)
+
+**Workflows**
+
+* The `http-basic` workflow no longer produces a 401 Unauthorized response when
+ no HTTP Basic credentials are supplied. (gh-38)
+* The OpenID workflow now offers a `:consumer-manager` option for providing a
+ fully-configured `org.openid4java.consumer.ConsumerManager` (to be used
+instead of the in-memory default) (gh-35)
+* Usernames provided as part of an interactive-form workflow authentication are
+ now URL-encoded in the resulting redirect when authentication fails (gh-41)
+
+**Misc**
+
+* New function `cemerick.friend.credentials/bcrypt-verify` now available to
+ verify bcrypt-hashed strings outside of
+`cemerick.friend.credentials/bcrypt-credential-fn` and the
+workflow/authentication process
+* All HTTP redirect responses sent by Friend now use an absolute URL in the
+ `Location` header per the HTTP spec (gh-42)
+* The transitive dependency on Google Guice (needed by the openid4java
+ dependency) has been updated to use the coordinates available via Maven
+Central
+
### `0.1.2`
**Core API**
-* Credential functions may now return maps with a `:cemerick.friend.credentials/password-key`
-slot in their metadata to indicate the key within the credential map itself which holds the
-password.
-* The value of the `:cemerick.friend/redirect-on-auth?` key in workflow may now be a string
-URI to which the user will be redirected (instead of the `:default-landing-uri` provided to
-the `authenticate` middleware).
-* Friend now plays much nicer with Ring sessions; in particular, it no longer quashes
-session data set by lower-level handlers and middleware. (gh-24, gh-26)
+* Credential functions may now return maps with a
+ `:cemerick.friend.credentials/password-key` slot in their metadata to
+indicate the key within the credential map itself which holds the password.
+* The value of the `:cemerick.friend/redirect-on-auth?` key in workflow may now
+ be a string URI to which the user will be redirected (instead of the
+`:default-landing-uri` provided to the `authenticate` middleware).
+* Friend now plays much nicer with Ring sessions; in particular, it no longer
+ quashes session data set by lower-level handlers and middleware. (gh-24,
+gh-26)
**Workflows**
-* The `http-basic` workflow now properly supports empty usernames and passwords (gh-28)
+* The `http-basic` workflow now properly supports empty usernames and passwords
+ (gh-28)
### `0.1.1`
-Bricked.
+Bricked, don't use.
### `0.1.0`
**Core API**
-* `:login-uri` now actually defaults to `"/login"` as indicated in documentation (Yoshito Komatsu, gh-13)
+* `:login-uri` now actually defaults to `"/login"` as indicated in
+ documentation (Yoshito Komatsu, gh-13)
* Authorization failures are now handled more sanely (gh-19):
* `:unauthorized-redirect-uri` is no longer used (was nonsensical)
- * additional data may now be added to the stone thrown upon unauthorized access (see `cemerick.friend/authorize`, `cemerick.friend/authenticated`, and `throw-authorized`)
- * data added to stone thrown by `cemerick.friend/throw-authorized` is now added to the request passed to `:unauthorized-handler` in the `:cemerick.friend/authorization-failure` slot
-* HTTP 401 is now used instead of 403 to properly indicate unauthorized authenticated request (gh-20)
+ * additional data may now be added to the stone thrown upon unauthorized
+ access (see `cemerick.friend/authorize`, `cemerick.friend/authenticated`,
+and `throw-authorized`)
+ * data added to stone thrown by `cemerick.friend/throw-authorized` is now
+ added to the request passed to `:unauthorized-handler` in the
+`:cemerick.friend/authorization-failure` slot
+* HTTP 401 is now used instead of 403 to properly indicate unauthorized
+ authenticated request (gh-20)
* `cemerick.friend/logout*` is now public (John Szakmeister)
**Workflows**
-* http-basic workflow now properly responds with www-authenicate challenge when no credentials are provided and `:allow-anon?` is false (gh-16)
-* the OpenID workflow's `:max-nonce-age` must now be specified in milliseconds instead of seconds
+* http-basic workflow now properly responds with www-authenicate challenge when
+ no credentials are provided and `:allow-anon?` is false (gh-16)
+* the OpenID workflow's `:max-nonce-age` must now be specified in milliseconds
+ instead of seconds
* the OpenID workflow no longer adds unprintable objects to the ring session
**Misc**
View
4 project.clj
@@ -1,4 +1,4 @@
-(defproject com.cemerick/friend "0.1.3-SNAPSHOT"
+(defproject com.cemerick/friend "0.1.3"
:description "Authentication and authorization library for Ring Clojure web apps and services."
:url "http://github.com/cemerick/friend"
:license {:name "Eclipse Public License"
@@ -37,7 +37,7 @@
:compile-path "target/sanity-check-aot"}
:1.2 {:dependencies [[org.clojure/clojure "1.2.0"]]}
:1.3 {:dependencies [[org.clojure/clojure "1.3.0"]]}
- :1.5 {:dependencies [[org.clojure/clojure "1.5.0-alpha4"]]}}
+ :1.5 {:dependencies [[org.clojure/clojure "1.5.0-RC2"]]}}
:aliases {"all" ["with-profile" "dev,1.2:dev,1.3:dev:dev,1.5"]
"sanity-check" ["with-profile" "sanity-check" "compile"]})
Please sign in to comment.
Something went wrong with that request. Please try again.