Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove permissions hooks and middleware #307

merged 1 commit into from Oct 15, 2016


None yet
2 participants
Copy link

daffl commented Oct 10, 2016

This pull request can be merged once @ekryski moved the permission hooks and middleware into the feathers-permissions repository.


This comment has been minimized.

Copy link

ekryski commented Oct 14, 2016

k this should be good to merge now. I've pulled permissions stuff out into a separate repo

@daffl daffl merged commit bf6f7a6 into 0.8 Oct 15, 2016

2 checks passed

continuous-integration/travis-ci/pr The Travis CI build passed
continuous-integration/travis-ci/push The Travis CI build passed

@daffl daffl deleted the move-permissions branch Oct 15, 2016

marshallswain added a commit that referenced this pull request Oct 16, 2016

ekryski added a commit that referenced this pull request Oct 16, 2016

0.8 client decode jwt (#314)
* Only set app token if it’s not expired.

Modifies the getJWT function to return undefined if the token has expired.  This gives you a quick way of knowing if the user is (more than likely) authenticated without having to make a request.

* Allow client to decode token.

This adds an `app.decodeJWT` function that decodes a token synchronously.  With a non-expired token, it returns the token payload, otherwise it returns undefined.

Will need docs before publishing 0.8 or whichever version we’re doing next.

* adding instanbul code coverage

* Remove permissions hooks and middleware which will be put into feathers-permissions (#307)

* Remove ‘user’ since server no longer supports it.

* Make API better match the server.

The only difference is that verifyJWT and getJWT are sync, so they don’t return promises.

ekryski added a commit that referenced this pull request Nov 16, 2016

1.0 Pre-release (#336)
* cleaning up dependencies

* removing auth redirects and exposing middleware

* expanding express middleware

* moving what I can in services to setup method

* updating dependencies

* cleaning up middleware and adding debug logs

* cleaning up services and adding debug logs

* changing options for populate user hook to conform with other options

* cleaning up main index file

* fixing lint errors

* getting example app working

* fixing options for populate user middlware

* fixing socket logout emitting

* restructuring so you can set hooks to construct your token payload if you want to customize it

* Default to a session cookie instead of 1 day

* Switch to "user" instead of "data" for the response from auth

* Make sure we clear the user out of locals so that you don't end up in a weird state.

* Allow passing options when creating a JWT.

Used to customize the type of token we want to generate (ie. confirmation, password reset, etc.)

* setting version

* don't throw an error in the decode token middleware

* bump version

* clearing cookie if use not found. Setting cookie age to same as JWT

* bump version

* Don’t mix options when signing tokens (#255)

Fixes #254.

* Attempt to get token right away. (#252)

* Attempt to get token right away.

This makes it so that we don’t have to wait for an async response in order to start making authenticated requests.

* Also set up localStorage.

* fix restrict to owner hook methods. Closes #228

* bump version

* cookies should get set regardless of whether it was an xhr request if enabled

* bumping version

* adding migration guide

* reorganizing middleware, hooks and services

* updaing mocha

* updating migration doc of things left to doc/complete

* fixing a bunch of the tests and adding tests for all new middleware

* cleaning up client side tests. Still failing

* getting all tests passing

* updating all middleware to not have default and pull from global config

* finished consolidating options

* bumping version

* adding more details to migration guide

* fix typo missing 'd'

* Fix typo and simplify wording.

* normalize the callbackURL

If the callbackURL doesn’t begin with a slash, the Passport `authenticate()` call will mess up the URL depending on the referrer’s url.  So if the page is ``, the callback URL will become ``.  This normalizes the URL so that relative URLs always begin with a leading slash and absolute URLs don’t get touched.

* Make sure the provider plugin name doesn't overwrite the OAuth provider name

* consistency: `callbackUrl` should be `callbackURL`

* Normalize comparison URL & fix typo

This performs the same normalization to the comparison URL for the callback (as is done for the callbackURL).  Also fixes typo in callbackUrl, updates it to callbackURL.

* Always use service lookup.

Previously, we were setting up this._tokenService and this._userService in the `setup` function.  This was a problem because not all services are registered by the time `setup` runs.  In order to continue to allow the passing of either strings or an actual service object, this PR checks if we only have a string reference to the service stored.  If so, it uses the `app.service` method of service lookup before attempting to use the service.  This also fixes a problem that was occurring when trying to call this._userService or this._tokenService when this was undefined inside the middleware callbacks.

* DRY up the dynamic token and user service lookup.

This moves the dynamic service lookup to a function to be a bit more DRY.

* OAuth require successRedirect with default successHandler

If a successHandler hasn’t been passed, then the default `successHandler` will be used.  The `successRedirect` will now be required in that scenario.

* First cut for authentication middleware (#305)

* First cut for authentication middleware

* Fix service methods

* Allow passing user service and service name

* First cut for authentication middleware (#305)

* First cut for authentication middleware

* Fix service methods

* Allow passing user service and service name

* Cookies will match jwt expiry by default. (#308)

* Cookies will match jwt expiry by default.

* Add missing makeExpiry function.

* Store config at `app.config` (#312)

* Store config at `app.config`

* Use app.set to store config.

* Add test.

* adding instanbul code coverage

* Remove permissions hooks and middleware which will be put into feathers-permissions (#307)

* Started implementation of more modularized module structure

* Some reorganization

* Implement Socket new authentication

* More reorganization and start of integration tests

* eslint fix

* More integration tests and cleanup

* reogranizing

* Applying latest changes and merging with dev other branch

* authentication tests and login logout event

* Improving socket tests and adding Primus

* Some cleanup

* Better error verification tests

* Implement login and logout events for REST authentication (#325)

* Fix tests

* wip

* first cut of auth working with passport. Clean up and tests to do

* fixing event middleware resolution

* Keep github together

* Keep twitter together

* getting tests passing. Still a couple more to do

* removing unused hooks for now. May bring some back later

* fixing lint errors

* removing hashPassword hook. It now lives in feathers-authentication-local

* adding a migration guide and new features docs

* adding more detail to migration doc

* cleaning up dependencies

* getting tests passing again

* adding some more tests. Implementing chained strategies

* cleaning up dependencies

* finishing integration tests and handling socket logout timeout

* cleaning up example app

* fixing up example

* updating README

* updating API docs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.