v1.0.0

1.0.0 (2019-11-21)

Bug Fixes

• add alias for logAPIErrorResponse (#15) (301f8ab)
• add exports (1452425)
• add logging for null access token after refresh (#38) (3d6fcce)
• busted test (3854c32)
• change identifyAuthenticatedUser function signature (957c154)
• change name of configuration phase to loadConfig (#31) (8ff07a8)
• check cookie value and add logs (dbbe4f6)
• clean-up research for null refresh token (f429dee)
• configure i18n with logging service (#6) (dcc2aa0)
• do not expose FormattedHTMLMessage (#18) (75d02da)
• export LOCALE constants from top level i18n.js (fa7ea68)
• fetchUserAccount did not return the action (5da6796)
• fixing module exports and locking versions (5cd9dd5)
• initialize segment (#15) (a669ce4)
• log error to loggingService not just the message (0d7e9d0)
• merge messages deeply (166c853)
• npm audit fix (278d5d0)
• pass userId parameter to callback function (38cbfe9)
• redirect to correct place if Route has match params (9fdb081)
• refactor ensurePublicOrAuthenticationAndCookies (100960e)
• remove usage of CSRF_TOKEN_NAME enviroment variable (#35) (70c6960)
• removing requirements and extract translations (5d7679d)
• removing some bad env exports (#14) (c770d40)
• set config immediately and un-pin peer dependencies (a87566b)
• tests and making mergeMessages more flexible (1de6ab3)
• throw error for missing refresh token (23ecbeb)
• update peer dependency (163d2f9)
• updating peer dependencies (#13) (3ea96fd)
• updating to frontend-auth 7 (#12) (eaa1d91)
• use consistent entry points for each package (9cc05a3)
• use frontend-build and cleanup dist (#39) (ae7a78a)
• use frontend-build and remove extra dev dependencies (#83) (5b8530c)
• use global instead of window (1dd9e4f)
• use setConfig when initializing config service. (b392f57)
• userId required for identifyAuthenticatedUser (8bcba25)
• various improvements to the base interface (#9) (e85669a)
• App.ready: remove _ready private variable (f4d4815)
• deps: pin dependencies (ee64ce2)
• deps: update dependency iso-countries-languages to v0.3.0 (a425243)
• add administrator flag to authentication state (cf6e133)
• add console logs when in dev. change webpack target to node (a826c19)
• add NPM and Github tokens to .travis.yml (3ce1788)
• allow pass through of node env without setting target to node (#4) (4b48e5a)
• fixing webpack mode (e8adfc4)
• handle null locale cookie (e9d5330)
• improve error logging (155ac27)
• lint (158c76e)
• log accessToken for debugging purposes (29728f2)
• log all cookies on identify user error (097d97f)
• log network errors as info (4e90687)
• make library SSR friendly (5ad18bb)
• make react-i18n a peer dependency (49afb0e)
• make react-i18n a peer dependency (#6) (23813aa)
• make SSR friendly (bf73266)
• make stylesheet updating more resilient (8a6e480)
• README (0349f35)
• remove error log when redirecting a logged out user to sign in (#27) (36dc23e)
• remove sort from country and language lists (4d52292)
• remove sort from country and language lists (#8) (b6bc1a0)
• reorder axios interceptors to avoid dead end (5b12993)
• update readme (b4136ee)
• update to SSR-friendly logging package (68d7744)
• update webpack mode (f558989)
• update webpack mode (d08b50f)
• webpack fixes (842c3f6)
• authinterface: check jwt expiration when checking for valid auth (94c2453)
• authinterface: fix login refresh on app load (4c78527)
• axiosconfig: non-existant jwt should not trigger a token refresh (d602a90)
• dependencies: move standard packages to peerDependencies (898b476)
• dist: transpile es6 modules and check for es5 (0760499)
• package: add commitlint (6305b16)
• package: guard against login redirect loop (a91a1d0)
• package: multiple babelrc environment configs (e65f814)
• package: npm publish (dfe67ce)
• package: npm publish public (1721e04)
• private_route: account for empty authentication state object (d29ea4c)
• saving: removing code related to saving actions (3f0c1b7)

Features

• add callback for handling a token refresh failure (#29) (e64a48d)

• add custom attributes to logInfo (#12) (b4b2340)

• add gh and npm tokens to travis.yml (1bfe0cb)

• add more passthrough components from react intl (0e88175)

• adding locale to AppContext (3e107e9)

• anonymous access (#82) (de68ed4)

• anonymous access and API features (#41) (9cd29c4)

• call frontend-analytics identifyAuthenticatedUser, sendPageEvent (#37) (6f2e713)

• create new frontend-analytics library (32af525)

• handle rtl with attribute only (#12) (7653376)

• make initialize params optional (#16) (15e09bf)

• provide makefile and utils scripts in bin directory (50f057e)

• provide wrapping interface for logging service (9bfbef4)

• refactor csrf and jwt roken refreshing and tests (1667c95)

• replacing requireConfig with ensureConfig (#32) (d52e69a)

• requireConfig returns immediately (09589cb)

• static config is now available immediately (#11) (566f2d3)

• update analytics to new api usage (#5) (969f218)

• update logging of axios errors (#14) (cadb9ed)

• upgrade frontend-auth with anonymous access capability (#46) (2638f76)

• v1 of frontend-i18n (2e02169)

• actions: export more actions for userAccount (0c588a0)

• authentication: add userId and drop email (6561932)

• authstate: add roles to state (a2be6ab)

• package: add logging service (e5be21c)

• umd: Make UMD build available on both browsers and Node.js (cb97981)

• use configured logging service (b097fc4)

• package: add CSRF token management (e9f9b9a)

• package: make use of jwt cookies for auth explicit (458639e)

• reducers: add a loaded flag to userAccount (7079186)

• user_profile: add user profile action and reducer (597b1f4)

• Merge pull request #61 from edx/djoy/promise-ify-ensure-methods (fbccbcb), closes #61

Code Refactoring

• promises: consistently return promises from ensure methods (289f782)

BREAKING CHANGES

• Uses the new api offered by frontend auth. App.apiClient no longer has methods login, logout, getDecodedAccessToken or refreshAccessToken. Refer to edx/frontend-auth#82 for more info.

• docs: typo

• docs: update redirect description

• fix: upgrade frontend-auth

• (Behavior Change) Frontend-auth intercepts outbound requests and attempts to refresh the jwt token if it does not exist or is expired. In the case of a 401 response indicating that the user is logged out, frontend auth will not redirect the user to login, and will allow the outbound request to proceed. Prior behavior: Upon receiving a 401 response, frontend-auth would block the request and redirect the user to login.

ensureAuthenticatedUser continues to redirect if the user is logged out.

API Changes

• getAuthenticatedAPIClient has been renamed to getAuthenticatedApiClient. Note the capitalization changes: API > Api.
• redirectToLogout (formerly apiClient.logout)
• redirectToLogin (formerly apiClient.login)
• ensureAuthenticatedUser (formerly apiClient.ensureAuthenticatedUser)

See the updated README for more details.

• frontend-logging is no longer a direct dependency of this package. As a result you must make sure it is configured prior to calling getAuthenticatedAPIClient. In all likelihood all users of this package we already doing this. This change removes a kind of doubling up on configuration of the logging service.

• feat: simplify access token refresh queuing

• test: update authInterface tests

• refactor: breakout access token logic from authInterface

• test: leverage axios mock for tests

• refactor: csrf token manager

• fix: naming of customattributes

• Renaming allowAnonymous to requireAuthenticatedUser and turning it off by default. This breaks current MFEs, which will now be required to turn on requireAuthenticatedUser.

• fix: removing support for fetchUserAccount

• fetchUserAccount is no longer supported. Use hydrateAuthenticatedUser instead, along with AppContext.

• requireConfig has been removed. It has been replaced with ensureConfig, which will throw an exception after APP_CONFIG_LOADED if the specified properties don’t exist. requireConfig was not useful for requiring custom configuration because there was no guarantee it would run late enough to see the config.

Also adding tests for getQueryParameters, and updating frontend-i18n.

• The “configuration” phase has been renamed to “loadConfig” to be clearer.
• UserId is now required for identifyAuthenticatedUser.

This should not require any app changes. If you do need to identify
for an anonymous user, without the userId, use identifyAnonymousUser.

ARCH-948

• • App.authentication has been renamed App.authenticatedUser

• AuthenticationContext has been renamed to AppContext, and contains two subkeys: authenticatedUser and config.

Other changes:

• The initialize function no longer relies on getAuthenticationState()
• The frontendAuthWrapper has been simplified and is nearly gone.

• feat: initialize is now overrideable and publishes events
• Now you call App.initialize instead of initialize directly.

• Also added a dev server for testing.
• Fleshed out the test suite.

• fix: small fixes for pull request

• build: pin dependencies

• Update src/handlers/logging.test.js

Co-Authored-By: Adam Butterworth abutterworth@edx.org

• refactor: folding validation into configuration

• feat: making redux optional

• fix: consistent use of i18n

• The refactor has the following breaking changes:

• Renamed ensurePublicOrAuthenticationAndCookies to
  ensureAuthenticatedUser.
• Removed the capability to handle public routes in
  ensureAuthenticatedUser. Just don't call it.
• Removed getAuthenticationState() function which was unreliable,
  because it used the cookie which could have expired since it was tested.
  Instead, use the new response sent to the ensureAuthenticatedUser
  promise (see below).
• Removed the deprecated callback. Just use the promise instead.

The promise is now resolved with an object of the form:

{
  authenticatedUser: {...},
  decodedAccessToken: {...},
}

In the above object:
- ``authenticatedUser`` is an object containing user account data that
was stored in the access token.
- ``decodedAccessToken`` is the raw version of the data used to create
``authenticatedUser``.

ARCH-948
* Making the callback optional and deprecated. Promises are a more flexible way of waiting for the methods to finish. Breaking change because it technically changes the method return value signature. No known repositories are using the return value, luckily.
* **promises:** Making the callback optional and deprecated.  Promises are the preferred way of waiting for the methods to finish.  Breaking change because it technically changes the method return value signature.  No known repositories are using the return value, luckily.

Also updating eslint-related packages so that the linter will stop complaining about object rest/spread issues.
* logAPIErrorResponse(error, customAttrs) is renamed to logAxiosError(error, customAttrs). It uses processAxiosError which clients can also leverage to normalize axios error objects. logAxiosError will take a messagePrefix specified in customAttrs and prepend that to error messages.
* FormattedHTMLMessage is not XSS safe and should not be exposed for use.
* userId is now a required parameter of the identifyAuthenticatedUser function
* This package will no longer handle toggling rtl css on or off. Prefer to use a single file with rules scoped on [dir='rtl'] or [dir='ltr']
* The configuration of the authClient now requires you
to pass it a loggingService.

ARCH-687
* The LoggingService was renamed to
NewRelicLoggingService, and the new expected usage of the library is to
use the wrapped functions as described in the README.

ARCH-687
* **authinterface:** Signature of ensurePublicOrAuthenticationAndCookies changed
* **saving:** removing actions that aren’t needed
* **authentication:** email is no longer available from authentication state.
Use email from the user profile instead.