Remove deprecated code from before v1.0

History.md

@@ -188,6 +188,70 @@ N/A
 * `facebook-oauth@1.7.3`
   - is now using Facebook GraphAPI v8. [#11160](https://github.com/meteor/meteor/pull/11160)
 
+## v2.0, TDB
+
+### Breaking changes
+
+N/A
+
+### Migration steps
+
+N/A
+
+### Changes
+
+#### Highlights
+
+##### Hot module replacement (HMR):  
+
+  To use Hot module replacement in your Meteor app you need to add the package `hot-module-replacement`. You can do this by running `meteor add hot-module-replacement`. 
+
+  This package is only for development (`debugOnly`). You don't need to worry about it affecting your production bundle.
+
+  HMR updates modified files in the app without having to reload the page or restart the app. This is usually faster (many times updating the page before the build has finished), and allows state to be preserved, though it is also less reliable. In situations where HMR is not supported, it uses hot code push to update the page.
+
+  HMR is only available for apps that use the modules package. It will probably not work correctly with apps that use globals (though globals from packages or npm dependencies are fine) since it uses import/require to detect which modules need to be re-evaluated. [more](https://github.com/meteor/meteor/pull/11117)
+
+##### Tree Shaking:
+
+  Tree-shaking is a strategy that the bundler uses to remove unused files and code from the final bundle. This implementation is totally backward compatible, so it will only be enabled by following the steps .
+
+  This PR implements 2:
+
+  1. Remove unused Files, by checking es6 imports/exports
+  2. Remove unused exports, by checking used imports.
+
+  This PR does not implement yet a verification for actual usage in the code, for tree shaking. It is restricted to imports, and also deals with dynamic and nested imports.
+
+  *Usage on your app:*
+  For enabling tree shaking in your app, simply add the flag:
+    > sideEffects: false
+
+  to your package.json.
+
+  *packages*
+  For packages, you can use on package.js the following:
+  >  api.setSideEffects(false);
+
+  inside the Package.onUse section. Note that if you use api.export(), tree shaking will be disabled.
+
+#### Meteor Version Release
+* `meteor-tool@2.0`
+  - HMR
+  - Tree-shaking
+
+* `accounts-base@1.7.1`
+  - adds method `setDefaultPublishFields` to `Accounts` so you can customize what fields are published by default from the `Users` collection.
+    ```js
+    Accounts.setDefaultPublishFields({username: 1, profile: 1, emails: 1, 'foo.bar': 1});
+    // or
+    Accounts.setDefaultPublishFields({'do.not.publish.this': -1});
+    ```
+
+
+#### Independent Releases
+N/A
+
 ## v1.11.1, 2020-09-16
 
 ### Breaking changes

packages/accounts-base/accounts_server.js

@@ -569,62 +569,6 @@ export class AccountsServer extends AccountsCommon {
       this.setUserId(null);
     };
 
-    // Delete all the current user's tokens and close all open connections logged
-    // in as this user. Returns a fresh new login token that this client can
-    // use. Tests set Accounts._noConnectionCloseDelayForTest to delete tokens
-    // immediately instead of using a delay.
-    //
-    // XXX COMPAT WITH 0.7.2
-    // This single `logoutOtherClients` method has been replaced with two
-    // methods, one that you call to get a new token, and another that you
-    // call to remove all tokens except your own. The new design allows
-    // clients to know when other clients have actually been logged
-    // out. (The `logoutOtherClients` method guarantees the caller that
-    // the other clients will be logged out at some point, but makes no
-    // guarantees about when.) This method is left in for backwards
-    // compatibility, especially since application code might be calling
-    // this method directly.
-    //
-    // @returns {Object} Object with token and tokenExpires keys.
-    methods.logoutOtherClients = function () {
-      const user = accounts.users.findOne(this.userId, {
-        fields: {
-          "services.resume.loginTokens": true
-        }
-      });
-      if (user) {
-        // Save the current tokens in the database to be deleted in
-        // CONNECTION_CLOSE_DELAY_MS ms. This gives other connections in the
-        // caller's browser time to find the fresh token in localStorage. We save
-        // the tokens in the database in case we crash before actually deleting
-        // them.
-        const tokens = user.services.resume.loginTokens;
-        const newToken = accounts._generateStampedLoginToken();
-        accounts.users.update(this.userId, {
-          $set: {
-            "services.resume.loginTokensToDelete": tokens,
-            "services.resume.haveLoginTokensToDelete": true
-          },
-          $push: { "services.resume.loginTokens": accounts._hashStampedToken(newToken) }
-        });
-        Meteor.setTimeout(() => {
-          // The observe on Meteor.users will take care of closing the connections
-          // associated with `tokens`.
-          accounts._deleteSavedTokensForUser(this.userId, tokens);
-        }, accounts._noConnectionCloseDelayForTest ? 0 :
-          CONNECTION_CLOSE_DELAY_MS);
-        // We do not set the login token on this connection, but instead the
-        // observe closes the connection and the client will reconnect with the
-        // new token.
-        return {
-          token: newToken.token,
-          tokenExpires: accounts._tokenExpiration(newToken.when)
-        };
-      } else {
-        throw new Meteor.Error("You are not logged in.");
-      }
-    };
-
     // Generates a new login token with the same expiration as the
     // connection's current token and saves it to the database. Associates
     // the connection with this new token and returns it. Throws an error

packages/accounts-password/password_client.js

@@ -43,27 +43,7 @@ Meteor.loginWithPassword = (selector, password, callback) => {
       password: Accounts._hashPassword(password)
     }],
     userCallback: (error, result) => {
-      if (error && error.error === 400 &&
-          error.reason === 'old password format') {
-        // The "reason" string should match the error thrown in the
-        // password login handler in password_server.js.
-
-        // XXX COMPAT WITH 0.8.1.3
-        // If this user's last login was with a previous version of
-        // Meteor that used SRP, then the server throws this error to
-        // indicate that we should try again. The error includes the
-        // user's SRP identity. We provide a value derived from the
-        // identity and the password to prove to the server that we know
-        // the password without requiring a full SRP flow, as well as
-        // SHA256(password), which the server bcrypts and stores in
-        // place of the old SRP information for this user.
-        srpUpgradePath({
-          upgradeError: error,
-          userSelector: selector,
-          plaintextPassword: password
-        }, callback);
-      }
-      else if (error) {
+      if (error) {
         reportError(error, callback);
       } else {
         callback && callback();
@@ -77,35 +57,6 @@ Accounts._hashPassword = password => ({
   algorithm: "sha-256"
 });
 
-
-// XXX COMPAT WITH 0.8.1.3
-// The server requested an upgrade from the old SRP password format,
-// so supply the needed SRP identity to login. Options:
-//   - upgradeError: the error object that the server returned to tell
-//     us to upgrade from SRP to bcrypt.
-//   - userSelector: selector to retrieve the user object
-//   - plaintextPassword: the password as a string
-const srpUpgradePath = (options, callback) => {
-  let details;
-  try {
-    details = EJSON.parse(options.upgradeError.details);
-  } catch (e) {}
-  if (!(details && details.format === 'srp')) {
-    reportError(
-      new Meteor.Error(400, "Password is old. Please reset your " +
-                       "password."), callback);
-  } else {
-    Accounts.callLoginMethod({
-      methodArguments: [{
-        user: options.userSelector,
-        srp: SHA256(`${details.identity}:${options.plaintextPassword}`),
-        password: Accounts._hashPassword(options.plaintextPassword)
-      }],
-      userCallback: callback
-    });
-  }
-};
-
 // Attempt to log in as a new user.
 
 /**
@@ -172,30 +123,10 @@ Accounts.changePassword = (oldPassword, newPassword, callback) => {
     [oldPassword ? Accounts._hashPassword(oldPassword) : null,
      Accounts._hashPassword(newPassword)],
     (error, result) => {
-      if (error || !result) {
-        if (error && error.error === 400 &&
-            error.reason === 'old password format') {
-          // XXX COMPAT WITH 0.8.1.3
-          // The server is telling us to upgrade from SRP to bcrypt, as
-          // in Meteor.loginWithPassword.
-          srpUpgradePath({
-            upgradeError: error,
-            userSelector: { id: Meteor.userId() },
-            plaintextPassword: oldPassword
-          }, err => {
-            if (err) {
-              reportError(err, callback);
-            } else {
-              // Now that we've successfully migrated from srp to
-              // bcrypt, try changing the password again.
-              Accounts.changePassword(oldPassword, newPassword, callback);
-            }
-          });
-        } else {
-          // A normal error, not an error telling us to upgrade to bcrypt
-          reportError(
-            error || new Error("No result from changePassword."), callback);
-        }
+    if (error || !result) {
+        // A normal error, not an error telling us to upgrade to bcrypt
+        reportError(
+          error || new Error("No result from changePassword."), callback);
       } else {
         callback && callback();
       }

packages/accounts-password/password_server.js

@@ -351,79 +351,6 @@ Accounts.registerLoginHandler("password", options => {
   );
 });
 
-// Handler to login using the SRP upgrade path. To use this login
-// handler, the client must provide:
-//   - srp: H(identity + ":" + password)
-//   - password: a string or an object with properties 'digest' and 'algorithm'
-//
-// We use `options.srp` to verify that the client knows the correct
-// password without doing a full SRP flow. Once we've checked that, we
-// upgrade the user to bcrypt and remove the SRP information from the
-// user document.
-//
-// The client ends up using this login handler after trying the normal
-// login handler (above), which throws an error telling the client to
-// try the SRP upgrade path.
-//
-// XXX COMPAT WITH 0.8.1.3
-Accounts.registerLoginHandler("password", options => {
-  if (!options.srp || !options.password) {
-    return undefined; // don't handle
-  }
-
-  check(options, {
-    user: userQueryValidator,
-    srp: String,
-    password: passwordValidator
-  });
-
-  const user = Accounts._findUserByQuery(options.user, {fields: {
-    services: 1,
-    ...Accounts._checkPasswordUserFields,
-  }});
-  if (!user) {
-    handleError("User not found");
-  }
-
-  // Check to see if another simultaneous login has already upgraded
-  // the user record to bcrypt.
-  if (user.services && user.services.password && user.services.password.bcrypt) {
-    return checkPassword(user, options.password);
-  }
-
-  if (!(user.services && user.services.password && user.services.password.srp)) {
-    handleError("User has no password set");
-  }
-
-  const v1 = user.services.password.srp.verifier;
-  const v2 = SRP.generateVerifier(
-    null,
-    {
-      hashedIdentityAndPassword: options.srp,
-      salt: user.services.password.srp.salt
-    }
-  ).verifier;
-  if (v1 !== v2) {
-    return {
-      userId: Accounts._options.ambiguousErrorMessages ? null : user._id,
-      error: handleError("Incorrect password", false)
-    };
-  }
-
-  // Upgrade to bcrypt on successful login.
-  const salted = hashPassword(options.password);
-  Meteor.users.update(
-    user._id,
-    {
-      $unset: { 'services.password.srp': 1 },
-      $set: { 'services.password.bcrypt': salted }
-    }
-  );
-
-  return {userId: user._id};
-});
-
-
 ///
 /// CHANGING
 ///
@@ -470,12 +397,6 @@ Accounts.setUsername = (userId, newUsername) => {
 // password. `oldPassword` and `newPassword` should be objects with keys
 // `digest` and `algorithm` (representing the SHA256 of the password).
 //
-// XXX COMPAT WITH 0.8.1.3
-// Like the login method, if the user hasn't been upgraded from SRP to
-// bcrypt yet, then this method will throw an 'old password format'
-// error. The client should call the SRP upgrade login handler and then
-// retry this method again.
-//
 // UNLIKE the login method, there is no way to avoid getting SRP upgrade
 // errors thrown. The reasoning for this is that clients using this
 // method directly will need to be updated anyway because we no longer
@@ -497,18 +418,10 @@ Meteor.methods({changePassword: function (oldPassword, newPassword) {
     handleError("User not found");
   }
 
-  if (!user.services || !user.services.password ||
-      (!user.services.password.bcrypt && !user.services.password.srp)) {
+  if (!user.services || !user.services.password || !user.services.password.bcrypt) {
     handleError("User has no password set");
   }
 
-  if (! user.services.password.bcrypt) {
-    throw new Meteor.Error(400, "old password format", EJSON.stringify({
-      format: 'srp',
-      identity: user.services.password.srp.identity
-    }));
-  }
-
   const result = checkPassword(user, oldPassword);
   if (result.error) {
     throw result.error;
@@ -557,7 +470,6 @@ Accounts.setPassword = (userId, newPlaintextPassword, options) => {
 
   const update = {
     $unset: {
-      'services.password.srp': 1, // XXX COMPAT WITH 0.8.1.3
       'services.password.reset': 1
     },
     $set: {'services.password.bcrypt': hashPassword(newPlaintextPassword)}

packages/babel-compiler/babel.js

@@ -47,5 +47,40 @@ Babel = {
 
   getMinimumModernBrowserVersions: function () {
     return Npm.require("meteor-babel/modern-versions.js").get();
+  },
+  replaceMeteorInternalState: function(source, globalDefsMapping) {
+    try {
+      const globalDefsKeys = Object.keys(globalDefsMapping);
+      return Npm.require("@babel/core").transformSync(source, {
+        compact: false,
+        plugins: [
+          function replaceStateVars({types: t}) {
+            return {
+              visitor: {
+                MemberExpression: {
+                  exit(path) {
+                    const object = path.node.object.name;
+                    const property = path.node.property.name;
+                    const globalDefsForStart = object && globalDefsKeys.indexOf(object) > -1 && globalDefsMapping[object];
+                    const mappingForEnds = property && globalDefsForStart
+                    && Object.keys(globalDefsForStart).indexOf(property) > -1
+                        ? globalDefsForStart[property] : null;
+
+                    if (mappingForEnds !== null && path.parentPath.node.type !== "AssignmentExpression") {
+                      path.replaceWith(
+                          t.booleanLiteral(mappingForEnds === 'true' || mappingForEnds === true)
+                      );
+                      path.skip();
+                    }
+                  },
+                }
+              },
+            };
+          },
+        ],
+      }).code;
+    } catch(e){
+      return source;
+    }
   }
 };