From c1b34112f695bda8ef1e2aeec95ceebc41886a2e Mon Sep 17 00:00:00 2001 From: Chris Date: Sat, 17 Oct 2015 13:05:59 +0200 Subject: [PATCH 01/16] Fix post*Handler invocations where using Google Both login and registration handlers were retrieved by parameter names which did not exist in the package tree. --- lib/controllers/google-login.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/controllers/google-login.js b/lib/controllers/google-login.js index 7c8eed21..b313b01f 100644 --- a/lib/controllers/google-login.js +++ b/lib/controllers/google-login.js @@ -26,8 +26,8 @@ module.exports = function(req, res) { var application = req.app.get('stormpathApplication'); var config = req.app.get('stormpathConfig'); var logger = req.app.get('stormpathLogger'); - var loginHandler = req.app.get('stormpathPostLoginHandler'); - var registrationHandler = req.app.get('stormpathPostRegistrationHandler'); + var loginHandler = config.postLoginHandler; + var registrationHandler = config.postRegistrationHandler; if (!req.query.code) { logger.info('A user attempted to log in via Google OAuth without specifying an OAuth token.'); From 7ee1be6a1c797b0435dec43e6f1109b0fe12bb69 Mon Sep 17 00:00:00 2001 From: Chris Date: Sat, 17 Oct 2015 13:07:09 +0200 Subject: [PATCH 02/16] Fix the post*Handlers in linked in. --- lib/controllers/linkedin-login.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/controllers/linkedin-login.js b/lib/controllers/linkedin-login.js index 7839677a..fe0b61e0 100644 --- a/lib/controllers/linkedin-login.js +++ b/lib/controllers/linkedin-login.js @@ -26,8 +26,8 @@ module.exports = function(req, res) { var application = req.app.get('stormpathApplication'); var config = req.app.get('stormpathConfig'); var logger = req.app.get('stormpathLogger'); - var loginHandler = req.app.get('stormpathPostLoginHandler'); - var registrationHandler = req.app.get('stormpathPostRegistrationHandler'); + var loginHandler = config.postLoginHandler; + var registrationHandler = config.postRegistrationHandler; if (!req.query.code) { logger.info('A user attempted to log in via LinkedIn OAuth without specifying an OAuth token.'); From 8da408fb5935dc4a807e34ae19de191fc0152c90 Mon Sep 17 00:00:00 2001 From: greenkeeperio-bot Date: Mon, 19 Oct 2015 16:12:06 -0700 Subject: [PATCH 03/16] chore(package): update supertest to version 1.1.0 http://greenkeeper.io/ --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index df066d76..86d61d90 100644 --- a/package.json +++ b/package.json @@ -45,6 +45,6 @@ "istanbul": "^0.4.0", "mocha": "^2.1.0", "mocha-lcov-reporter": "0.0.2", - "supertest": "^0.15.0" + "supertest": "^1.1.0" } } From 678571acf06e2f27e9c31ffbc0e5e0eef841f7a2 Mon Sep 17 00:00:00 2001 From: Randall Degges Date: Mon, 26 Oct 2015 11:42:06 -0700 Subject: [PATCH 04/16] Updating docs. --- docs/changelog.rst | 14 +++++++++++++- docs/upgrading.rst | 10 ++++++++-- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/docs/changelog.rst b/docs/changelog.rst index d56fff73..802d8e0e 100644 --- a/docs/changelog.rst +++ b/docs/changelog.rst @@ -6,10 +6,22 @@ Change Log All library changes, in descending order. + +Version 2.0.15 +-------------- + +**Not yet released.** + +- Fixing postLogin / postRegistration handlers not being fired when using Google + / LinkedIn logins. Thanks to `@cdaniel `_ for the + pull request! +- Adding `@cdaniel `_ to the contributors list. + + Version 2.0.14 -------------- -** Released on October 18, 2015.** +**Released on October 18, 2015.** - Testing new documentation deployment stuff. - No code changes. diff --git a/docs/upgrading.rst b/docs/upgrading.rst index 2263786e..d06eaac1 100644 --- a/docs/upgrading.rst +++ b/docs/upgrading.rst @@ -8,16 +8,22 @@ This page contains specific upgrading instructions to help you migrate between Express-Stormpath releases. +Version 2.0.14 -> Version 2.0.15 +-------------------------------- + +**No changes needed!** + + Version 2.0.13 -> Version 2.0.14 -------------------------------- -Testing out new doc deployments. +**No changes needed!** Version 2.0.12 -> Version 2.0.13 -------------------------------- -Testing out new doc deployments. +**No changes needed!** Version 2.0.9 -> Version 2.0.10 From a694f0a59515a97b6b9232cdfd7373fb57a495a5 Mon Sep 17 00:00:00 2001 From: Randall Degges Date: Mon, 26 Oct 2015 11:42:42 -0700 Subject: [PATCH 05/16] Adding @cdaniel to contributors. --- docs/contributors.rst | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/contributors.rst b/docs/contributors.rst index 50e5dc64..d1229865 100644 --- a/docs/contributors.rst +++ b/docs/contributors.rst @@ -96,5 +96,13 @@ David has contributed a patch to the project. - Github: https://github.com/dgisser +Chris Daniel +************ + +Chris has contributed a patch to the project. + +- Github: https://github.com/cdaniel + + .. _Stormpath: https://stormpath.com/ .. _an email: info@stormpath.com From 6ae2c9cfdf0f55ef6b5f1174f06b08d1961b1633 Mon Sep 17 00:00:00 2001 From: JrodManU Date: Tue, 27 Oct 2015 18:10:11 -0400 Subject: [PATCH 06/16] Typos --- docs/templates.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/templates.rst b/docs/templates.rst index e1e7e629..e44b9b9c 100644 --- a/docs/templates.rst +++ b/docs/templates.rst @@ -14,7 +14,7 @@ The views that this library serves by default (if the features are enabled) are: * Login Page * Registration Page * Forgot Password Page -* Chagne Password Page +* Change Password Page * Email Verifiation Page If you want to customize these pages, there are two strategies. You can copy @@ -42,7 +42,7 @@ in the source code: https://github.com/stormpath/stormpath-express/tree/master/l .. note:: - Our library includes Jade and our default templates are written in Jad. If you + Our library includes Jade and our default templates are written in Jade. If you are using custom templates that are not written in Jade, you must enable a view renderer in your Express application. Please see `Using template engines with Express`_. @@ -65,7 +65,7 @@ rendered by this library: +-----------------+-------------------------------------------------------------------+ -If you are letting our library renderer your view (default or custom) you may +If you are letting our library render your view (default or custom) you may want to pass some extra locals to the renderer. You can do that with the ``templateContext`` option:: From b9f9c3b687c712c403c8645477230922253fec33 Mon Sep 17 00:00:00 2001 From: JrodManU Date: Tue, 27 Oct 2015 18:18:30 -0400 Subject: [PATCH 07/16] Typos --- docs/authentication.rst | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/authentication.rst b/docs/authentication.rst index 5ad4ea17..1fd836ab 100644 --- a/docs/authentication.rst +++ b/docs/authentication.rst @@ -10,11 +10,11 @@ Browser Sessions If you are building a web application that serves traditional HTML pages, or a Single Page Application (Angular/React), this library will handle the cookie sessions for you. Behind the scenes we are issuing an OAuth Access Token and -Refresh Token to the browser. +Refresh Token to authenticate the browser. -If you want to ensure that as user is logged into your application, you should +If you want to ensure that the user is logged into your application, you should use the ``loginRequired`` middleware. It will force the user to login if -requird, or continue into your middleware:: +required, or continue into your middleware:: app.get('/secret', stormpath.loginRequired, function(req, res) { /* @@ -43,7 +43,7 @@ To change these settings, you should invoke a node client directly:: .. note:: Express-Stormpath's session management will not interfere with any existing session middleware you might have. The sessions that Stormpath uses are - exclusively used for Stormpath purposes, so it's safe you create your own + exclusively used for Stormpath's purposes, so it's safe you create your own separate sessions. This works by utilizing the Express `router`_. @@ -74,7 +74,7 @@ is how you would protect the secret endpoint with basic authentication:: }); }); -In order for your API clients to authenticate with this endpoing, they need +In order for your API clients to authenticate with this endpoint, they need to supply an HTTP Authorization header, like this:: Authentication: Bearer @@ -87,7 +87,7 @@ You can use Curl to achieve the same request:: API Authentication: Access Tokens --------------------------------- -In the previous example we showd you how to use HTP Basic Auth. An alternative +In the previous example we showed you how to use HTTP Basic Auth. An alternative scheme is the access token scheme, where we exhange our api keys for an access token. The benefit of this approach is that the access tokens are short lived and we can refresh or revoke them, without having to use our api credentials From d6a77c2e9ac92d2af417b30170a14ee55c832263 Mon Sep 17 00:00:00 2001 From: JrodManU Date: Tue, 27 Oct 2015 19:06:27 -0400 Subject: [PATCH 08/16] Typos --- docs/registration.rst | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/docs/registration.rst b/docs/registration.rst index 05cb931d..e22e77a2 100644 --- a/docs/registration.rst +++ b/docs/registration.rst @@ -5,8 +5,7 @@ Registration ============ The registration feature of this library allows you to use Stormpath to create -new accounts in a Stormpath directory. You can create traditional password- -based accounts, or gather account data from other providers such as Facebook and +new accounts in a Stormpath directory. You can create traditional password-based accounts, or gather account data from other providers such as Facebook and Google. If you've opted into the ``{ website: true }`` option in your configuration, you @@ -42,7 +41,7 @@ we will cover them in detail below: Customizing The Fields ---------------------- -The registration form will render these fields by default, and the will be +The registration form will render these fields by default, and they will be required by the user: * giveName @@ -52,7 +51,7 @@ required by the user: While email and password will always be required (you'll get an API error if you omit them), you may not need to require first and last name. These -can be configured, and we'll cover that in the next section +can be configured, and we'll cover that in the next section. You can modify the fields that we render by default. For example, if you want to provide the last name field but not make it required, change the required From 1d192bf2b03bbdad9a7e605b8dd96335f80c9e01 Mon Sep 17 00:00:00 2001 From: JrodManU Date: Tue, 27 Oct 2015 19:11:43 -0400 Subject: [PATCH 09/16] Typos --- docs/introduction.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/introduction.rst b/docs/introduction.rst index 9b0436be..046491c3 100644 --- a/docs/introduction.rst +++ b/docs/introduction.rst @@ -21,7 +21,7 @@ account to continue. You may have noticed that we have another library, the `Stormpath Node SDK`_. -That library is a low-level convience library for the `Stormpath API`_. This +That library is a low-level convenience library for the `Stormpath API`_. This Express library will cover most features that you need for your web application, but if you want to dig deepr into the `Stormpath API`, you may need the `Stormpath Node SDK`_. From 55d3f128a0be0f5b572f4edd183e631dd0574802 Mon Sep 17 00:00:00 2001 From: JrodManU Date: Tue, 27 Oct 2015 19:18:35 -0400 Subject: [PATCH 10/16] Typos --- docs/setup.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/setup.rst b/docs/setup.rst index 7b96aca8..81ad910c 100644 --- a/docs/setup.rst +++ b/docs/setup.rst @@ -11,7 +11,7 @@ with Express-Stormpath. Create a Stormpath Account -------------------------- -Now that you've decided to use Stormpath, the first thing you'll want to use is +Now that you've decided to use Stormpath, the first thing you'll want to do is create a new Stormpath account: https://api.stormpath.com/register @@ -20,7 +20,7 @@ Create an API Key Pair Once you've created a new account, create a new API key pair by logging into your dashboard and clicking the "Create an API Key" button. This will generate -a new API key for you, and prompt you to download your keypair. +a new API key for you, and prompt you to download your key pair. .. note:: Please keep the API key pair file you just downloaded safe! These two keys From 4183abf608ce286a08886531cf3180c636303c01 Mon Sep 17 00:00:00 2001 From: JrodManU Date: Tue, 27 Oct 2015 19:26:16 -0400 Subject: [PATCH 11/16] Typos --- docs/configuration.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/configuration.rst b/docs/configuration.rst index 152cbb82..2017362c 100644 --- a/docs/configuration.rst +++ b/docs/configuration.rst @@ -14,7 +14,7 @@ as **1 minute**! Environment Variables --------------------- -Most Node.js applications exepct your confidential information to be +Most Node.js applications expect your confidential information to be exposed by the environment (not hard-coded in the application). You should export your Stormpath information by running this in the shell: @@ -155,12 +155,12 @@ Single Page Applications ------------------------ This framework is designed to work with front-end frameworks like -Angular and React. This framework provides a JSON API for all the +Angular and React. This framework provides a JSON API for all of the features, you will use this JSON API from your front end application. -Each feature section in this guide has specific information the +Each feature section in this guide has specific information for the JSON API, please see those sections for feature documenation. -In some cases you may need to specity the ``spaRoot`` option. This +In some cases you may need to specify the ``spaRoot`` option. This is the absolute file path to the entry point for your SPA. That option would be defined like this:: From e2812c236bb48b5aeefe9df13e188c9d68e8a595 Mon Sep 17 00:00:00 2001 From: JrodManU Date: Tue, 27 Oct 2015 19:33:10 -0400 Subject: [PATCH 12/16] Typos --- docs/user_data.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/user_data.rst b/docs/user_data.rst index 230397ea..93cd090e 100644 --- a/docs/user_data.rst +++ b/docs/user_data.rst @@ -36,7 +36,7 @@ easily accomplish this with the following code:: }); As you can see above, you can directly modify ``user`` attributes, then -persist any changes by running ``req.user.save()``. +save any changes by running ``req.user.save()``. Custom Data @@ -79,7 +79,7 @@ Automatic Expansion ------------------- In Stormpath, all objects are connected in a graph. You -have to expand a resource to get it's child resources, and this +have to expand a resource to get its child resources, and this is an asynchronous operation. We can pre-fetch the expanded user data for you. Simply use the `expand` config option:: @@ -96,7 +96,7 @@ they are statically available inside your handler:: res.json(req.user.customData); }); -Without enaling this expansion, the response would only contain +Without enabling this expansion, the response would only contain an object which has an href to the resource, that would look like this:: From ba0dc790c368b14fe6a6e4d73b41b86e784a7a03 Mon Sep 17 00:00:00 2001 From: JrodManU Date: Tue, 27 Oct 2015 19:37:48 -0400 Subject: [PATCH 13/16] Typos --- docs/login.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/login.rst b/docs/login.rst index 4e4dac2f..8cf6901f 100644 --- a/docs/login.rst +++ b/docs/login.rst @@ -6,7 +6,7 @@ Login This library can serve a login page for your application, this will happen if you opt into the ``{ website: true }`` configuration. By default the login page -will be availble at this URL: +will be available at this URL: http://localhost:3000/login @@ -17,7 +17,7 @@ and create the proper session cookies. Next URI -------- -The form will render with two fields for username and passsowrd, and this form +The form will render with two fields for username and password, and this form will be posted to ``/login``. If login is successful, we will redirect the user to ``/``. If you wish to change this, use the ``nextUri`` config option:: From 1d571da54a1f3eb50413ed3f9c4db8e17863c549 Mon Sep 17 00:00:00 2001 From: JrodManU Date: Tue, 27 Oct 2015 19:51:21 -0400 Subject: [PATCH 14/16] Typos --- docs/social_login.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/social_login.rst b/docs/social_login.rst index dbffff55..c22a0646 100644 --- a/docs/social_login.rst +++ b/docs/social_login.rst @@ -27,7 +27,7 @@ Create a Facebook App The first thing you need to do is log into the `Facebook Developer Site`_ and create a new Facebook App. -You can do this by visiting the `Facebook Developer Site`_ and click the "Apps" +You can do this by visiting the `Facebook Developer Site`_ and clicking the "Apps" menu at the top of the screen, then select the "Create a New App" button. You should see something like the following: From d16f1c57485960408eb56295e72f7732eea7246e Mon Sep 17 00:00:00 2001 From: JrodManU Date: Tue, 27 Oct 2015 19:54:03 -0400 Subject: [PATCH 15/16] Typos --- docs/password_reset.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/password_reset.rst b/docs/password_reset.rst index ad7399e7..321c7a1e 100644 --- a/docs/password_reset.rst +++ b/docs/password_reset.rst @@ -41,7 +41,7 @@ complete a password reset workflow by doing the following steps: Auto Login ---------- -Our library implements the most secure workflow by default: the uesr must +Our library implements the most secure workflow by default: the user must request a password reset link, then login again after changing their password. We recommend these settings for security purposes, but if you wish to automatically log the user in after they reset their password you can enable that functionality From d76f12ed27146bd87874e0c0d126d9c663cd2804 Mon Sep 17 00:00:00 2001 From: JrodManU Date: Tue, 27 Oct 2015 20:21:34 -0400 Subject: [PATCH 16/16] Typos --- docs/changelog.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/changelog.rst b/docs/changelog.rst index 802d8e0e..b693413e 100644 --- a/docs/changelog.rst +++ b/docs/changelog.rst @@ -141,7 +141,7 @@ Version 2.0.3 **Released on September 8, 2015.** - Fixing bug in the ``groupsRequired`` authorization middleware -- it was using - a deprecated option, which was causing the library to throw an error if a user + a depreciated option, which was causing the library to throw an error if a user was NOT a member of the required Groups. @@ -243,7 +243,7 @@ Version 1.0.5 - Adding note for Windows users regarding setting environment variables. - Added option ``sessionActiveDuration``, which can be used to extend a - session if a request is made within the active duration timeframe. This + session if a request is made within the active duration time frame. This is passed to the ``client-sessions`` library and the default is 5 minutes. @@ -437,7 +437,7 @@ Version 0.5.9 file in the current directory, and as a backup, we'll check for ``~/.stormpath/apiKey.properties`` (*platform independent*). - Making ``secretKey`` configuration optional. If no ``secretKey`` is specified - when the Stormpath middleware is initialized, we'll create on automatically. + when the Stormpath middleware is initialized, we'll create one automatically. This makes it easy to do test apps without hard coding a secret key value. This is a very bad idea for production apps, though. - Making ``application`` an optional field -- if no application href is @@ -699,7 +699,7 @@ Version 0.2.9 displayed in a human-readable way. - Improving ``enableAutoLogin`` behavior: it now successfully redirects to the URL specified by the ``next`` querystring (*if it exists*). -- Fixing issue with session max duration. Adding in workaround to get around +- Fixing issue with session max duration. Adding in a workaround to get around the mozilla bug.