-
Notifications
You must be signed in to change notification settings - Fork 510
/
ChangeLog
270 lines (267 loc) · 17.4 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
master
- Upgraded to sbt-pgp 1.1.1
- Fixed #616: Add cookie SameSite
- Fixed wrong registration flag in provider.scala.html
- Fixed missing binding in scala demo (thanks @gmethvin)
- Migrate to Play 2.6 (thanks @gmethvin)
3.0-M8 - 2017-03-28
- Fixed #604: Facebook oauth token format change causes error
3.0-M7 - 2017-03-10
- Recover to None if an authenticator builder fails
- Fixed #601: Security: password reset email host injection
3.0-M6 - 2017-02-17
- Upgraded to Play 2.5.12
3.0-M5 - 2017-02-17
- Pull request #576: added missing @inject annotation for UserAware (thanks @raunak)
- Pull request #534: Make SecuredRequest and RequestWithUser path independent (thanks @k4200)
3.0-M4 - 2015-11-29
- Upgraded to Play 2.4.4.
- Pull request #573: Turkish translation (thanks @aladagemre)
- Fixed #512: RuntimeEnvironment should use def instead of val
- Fixed #572: Wrong @Inject import in ProviderController
- Pull request #568: Update installation document regarding routes (thanks @aladagemre)
- Pull request #489: Add support for path to custom bootstrap css file (thanks @tro2102)
- Pull request #535: Update password-plugins.md (thanks @m4bwav)
- Pull request #536: Removed unnecessary semicolon (thanks @tototoshi)
- Fixed #500: Add redirect-setting in case user cancels authorization
- Pull request #571: Fixed GoogleProvider (thanks @dstrupl)
- Pull request #540: Fixed: case sensitive email, when restoring password (thanks @n0tel)
- Pull request #522: enable use of referer if user is already authenticated (thanks @anfuerer)
- Pull request #528: greek translations (thanks @AlexJoom)
- Pull request #525: Use plugable not authorized page (thanks @lukestephenson)
- Pull request #532: added extraction of dropbox email field (thanks @amn41)
- Pull request #541: Slack OAuth2 provider (thanks @k4200)
- Pull request #560: Spotify integration (thanks @mvallerie)
- Pull request $543: Fixed url to get authenticated user on Foursquare provider (thanks @mduarte)
- Pull request #550: Fixes 500 responses from failed logins (thanks @pkaeding)
- Pull request #549: clean-up sessions upon signup with skipped login (thanks @phammer)
- Event is not sealed anymore
- Pull request #533: Hash Leading Zeros Get Trimmed (thanks @bsyk)
- Pull request #566: Migration to Play 2.4.2 (thanks @DamianoVerdone)
3.0-M3 - 2015-02-01
- Changed some method names in RoutesService to make it more consistent and added password change routes
- Pull request #517: Fixed mail and registration views to use RouteService (thanks @maohde)
- Pull request #508: added type parameter (thanks @mkoester)
- Pull request #511: Fix hardcoded execution context (thanks @danielkza)
3.0-M2 - 2015-01-26
- Pull request #480: Missing type parameter for RuntimeEnvironment (thanks @jaceklaskowski)
- Pull request #472: Soundcloud provider (thanks @amertum)
- Pull request #438: Concur provier (thanks @anfuerer)
- Pull request #506: fix case of absoluteTimeoutInMinutes in samples (thanks @chris-cooper)
- Pull request #503: request fixing hardcoded HTTP header name in fromRequest (thanks @jglodek)
- Fixed signup and password change errors in the Scala sample app
- Added CSRF support
- Fixed #435: i18n does not work
- Fixed #471: Continue with authentication if AvatarService is None (thanks @cemcatik)
- Fixed #484: missing public folder
- Fixed #501: Requests get redirected to wrong routes (Java)
- Pull request #441: Update user-service.md (thanks @salaj1986)
- Pull request #495: disable generateRefReverseRouter (thanks @amertum)
- Pull request #461: Use large version of Facebook profile picture (thanks @nguyentruongtho)
- Fixed #468: Redirect loop when canceling Facebook Login Dialog
- Added crossbuild and upgraded to Play 2.3.7
- Fixed #494: source and target versions are 1.6 now
- Fixed #493: BoxedUnit cannot be cast to Authenticator (thanks @amertum)
- Upgraded to Play 2.3.5 and fixed most compiler warnings
- Fixed: CacheService.Default was ignoring ttl
- Switched back to Play 2.3.2 (problems publishing signed artifacts see https://github.com/sbt/sbt-pgp/issues/59)
- Added scalariform
- Separate creation and storage of mail tokens (thanks @normenmueller)
- Upgrade to Play 2.3.3 (thanks @benmccann)
3.0-M1 - 2014-08-13
- Updated GoogleProvider to use the new Google endpoints (see https://developers.google.com/+/api/auth-migration#timetable)
- Code is now compatible with Play 2.3
- Added SecureSocial.currentUser to support Websockets
- Fixed #429: null pointer exception in UserAware Java API (thanks @mangecoeur)
- Pull request #159: Weibo support (thanks @qiuzhanghua and @wuhaixing)
- Pull request #398: Dropbox support (thanks @deterdw)
- Pull request #426: Extract oauth clients (thanks @jeantil)
- Pull request #422: Use named loggers for all providers logging (thanks @jeantil)
- Fixed #420: Xing provider references VkProviderSettings
- Fixed #419: bad sequence of a and p tags (thanks @jglodek)
- Updated XingProvider to work with their latest APIs (thanks @muhlig)
- Fixed serialization problems with Authenticators (#417 and #416)
- Fix logged messages in ProviderController (thanks @AlekseiS)
- Add a string so SaveMode compares will work (thanks @ddispaltro)
- Propagate implicit lang parameter from mailer to mail templates (thanks @jeantil)
- Changed to managed controllers
- Removed RoutesHelper
- Added a module default routes file
- Refactored things not to use Play plugins anymore
- Created services out of helper classes
- Added RuntimeEnvironment
- Identity trait replaced by BasicProfile
- Improved Authenticator framework: AuthenticatorService + AuthenticatorBuilders
- Added support for X-Auth-Token header
- Changes to SecuredAction to use content negotiation for error responses
- Added async support
- Removed ajaxCall
- Added API to login to better support SPA and mobile apps
- removed unnecessary fix for http context in SecuredAction (Java): Play sets the http context properly now.
- Fixed handling of IDs greater than 32bits for TwitterProvider
- Prevent errors caused by missing email in FacebookProvider (thanks @chrisbeach)
- Handle onSignUpGoTo configuration when signupSkipLogin is enabled (thanks @paiou)
- LinkedInOAuth2Provider: retrieve email address and add sample configuration (thanks @paiou)
- Improve logging behaviour (thanks @jeantil)
- Add test helpers for unit and integration testing of securesocial controllers (thanks @jeantil)
- Added Finnish translation (thanks @hannikkala)
- Fixed error in Hebrew message file: was utf-8, now utf-8 without bom (thanks @katrinsharp)
- Added Swedish translation (thanks @ricn)
- Added Japanese translation (thanks @orih)
- /authenticate/:provider routes can now receive a 'redirectTo' parameter. This is where the user is redirected
after succesful authentication (if used overrides the url set in OriginalUrl by SecuredAction)
- ProviderController.authenticate signature changed. Breaks compatibility: routes file needs to be adjusted (see sample apps)
- Added support for linking accounts. New 'link' method in UserService needs to be implemented.
- Update messages.fr for single quotes (thanks @fmasion)
- Small fixes for NL messages (thanks @francisdb)
- Added German translation (thanks @l0rdn1kk0n)
- Added Arabic translation (thanks @Ahimta)
- Added Brazilian Portuguese translation (thanks @jeohalves)
- Added Polish translation (thanks Dominik Sienkiewicz)
- Added Spanish translation (thanks @jorgeolmos)
- Added Hungarian translation (thanks @bubbanat)
- Added French translation (thanks @afigoureux)
- Added Serbian translation (thanks @vitalije)
- Added Hebrew translation (thanks @katrinsharp)
- Added Persian translation (thanks @AmirKarimi)
- Fixed i18n issues: API breaking changes in TemplatesPlugin, PasswordValidator and templates (they need an implicit Lang as parameter now). Part of the i18n fixes are based on the pull request by @fernandoacorreia, thanks!
- Removed duplicate entry in Russian locale
- Added Russian locale (thanks @siman)
- Add ability to set extra params to oauth2 url endpoints (thanks @chazmcgarvey and @nascosto)
- Updated docs for maven and fixed a rendering problem in the password change page.
- Starting 2.1.3 the module is published to Maven Central
2.1.3 - 2014-01-23
- Change registrationDisabled to registrationEnabled (thanks @hugogoncalves)
- Hide sign up link when Registration provider is disabled (thanks @hugogoncalves)
- Fixed: ProviderController.toUrl was not using the session returned by the event handler
- Added onPasswordChangeGoTo option (thanks @fernandoacorreia)
- Disabled Registration feature (thanks @c-schmitt)
- Fixed: PasswordResetEvent does not have updated password
- Fixed typos in readme and docs (thanks @fayimora, @fernandoacorreia, @nelsonblaha)
- Minor doc updates (thanks @dnephin)
- Added traditional Chinese message file (thanks @yuchuan1)
- Fixed password change with multiple hashers (thanks @FabienPennequin)
- Fixed compiler warnings
- Improved SecureSocial.currentUser to avoid the UserService.find call if the request has the user already
- Added expiration to Cache.set calls
2.1.2 - 2013-11-01
- Fixed example for view customization docs (thanks @yankov)
- Enable retrieving email address from LinkedIn (thanks @targeter)
- Added strings to securesocial.conf in demos (thanks @alanrodas)
- Added idLengthInBytes property to customize the length of session ids (based on changes by @mkubala)
- Improved RoutesHelper to handle multiple assets properly (based on changes by @danielkza)
- Fixed typo in example config (thanks @dhruvbhatia)
- Translation for Dutch (thanks @gerbrand)
- Add indication to register event listeners in play.plugins (thanks @OlivierBlanvillain)
- Added OAuth2 provider for LinkedIn (thanks @gmethvin)
- Upgraded to Play 2.2
- Updated docs to reflect API changes done for 2.1.1
2.1.1 - 2013-08-08
- Renamed class name UserId to IdentityId (breaks backwards compatibility)
- Renamed id field in UserId to userId (breaks backwards compatibility)
- Renamed id field in Identity to identityId (breaks backwards compatibility)
2.1.0 - 2013-08-08
- Upgraded to Play 2.1.3
- Added a enableRefererAsOriginalUrl property to enable/disable the use of the referer as the originalUrl
since this was causing issues for some people (defaults to false). This is a temporary until a final
solution is developed.
- Use referer if originalUrl is not available when the login/signup page is hit (thanks @magro)
- Fixed: Facebook login error when using the publish_stream scope (thanks @fedefrappi)
- Fixed: make minimum default password length to 8 (thanks @wsargent)
- Fixed: ClassCastException on application reload (dev mode) when using Events (thanks @magro)
- Added: Serve the login page using SSL (thanks @magro)
- Fixed: Do not prevent login on missing google profile info (thanks @chazmcgarvey)
- Fixed: NoSuchElementException in FoursquareProvider (thanks @thesmith)
- Moved RequestWithUser outside the SecureSocial controller
- Allow overriding Registration step redirect targets. (thanks @magro)
- Added the email to the flash messages in Registration.handleStartSignUp (thanks @magro)
- Added support for plain text, html and multipart emails in TemplatesPlugin (thanks @magro)
- Made SecureSocial compatible with Play 2.1 [master branch, 2.0.x branch is for Play 2.0 versions now].
2.0.12 - 2013-02-25
- clean securesocial values after login from the session
- renamed keys used in session
- Added a makeTransient property for the authenticator cookie.
- Fixed: absolute timeout was not being picked up from the conf file
- Fixed wrong logout implementation
2.0.11 - 2013-02-21
- Chanded Build.scala files to use the Typesafe community repository.
- Renamed ResetPasswordEvent to PasswordResetEvent.
- Made vals in RoutesHelper lazy
- Added password change, password reset and sign up events
- Added IdGenerator and AuthenticatorStore plugins with their default implementations for the new authenticator cookie.
- Introduced an authenticator cookie to track users. The Play session is not used anymore.
- Fixed issue #144: Successful change password logs user out.
- Fixed wrong package names for the XING, Foursquare and Instagram providers.
- Fixed the error message for invalid token (thanks @playtypii).
- Added Instagram Providers (thanks @poornerd).
- Added Foursquare (tm) and XING Providers (thanks @poornerd).
- Added VK provider (thanks @KonstantinGrigoriev).
- Static files injection to SecureSocial (thanks @pvillega).
- Option to auto-login after completing signup (thanks @platypii).
2.0.10 - 2013-02-06
- Changed the save() method in UserService to return an Identity so that event callback implementations can receive Identity instances from custom classes.
- Added an event API that can be used to track events(only login/logout yet). Scala only for now.
2.0.9 - 2013-01-25
- The login action redirects the user to the app if he is already authenticated now.
2.0.8 - 2013-01-01
- PasswordHasher and Password validator are abstract classes instead of traits now (simplifies Java integration).
- Fixed: wrong LinkedIn key for getting fullName (thanks @chazmcgarvey).
- Removed servceInfo from OAuth1Info. That object can be retrieved from SecureSocial.serviceInfoFor method now.
- Backward incompatible changes to the Java API: deleted AuthenticationMethod, OAuth1Info, OAuth2Info, PasswordInfo, SocialUser and UserId. This was required because after introducing the Identity trait I need to make sure the user gets its own object in the actions instead of a SocialUser instance. Even though there's not a Java equivalent, the Scala classes can be called from Java easily.
- Added new message to messages file: securesocial.login.errorLoggingIn
- Improved ProviderController.handleAuth to show an error if an error occurrs while logging the user in (eg: if the UserService.save implemewntation throws an exception)
- Fixed: Identity providers were filling wrong provider id values
- Added: UsernamePasswordProvider updates the user avatar if gravatar support is enabled now.
- Added timeout for sessions (30 mins by default, use sessionTimeOut property to change).
- Fixed: PasswordValidator was not being used in password reset
- Fixed: When a token is expired the user is properly redirected to the sign up or reset pages now
- Added enableTokenJob property to enable/disable the background job
- Fixed method typo AuthenticationMethod: toScala.
- Right http codes are returned for ajax calls now
- New assetsController property to override the assets class in RoutesHelper. Needed when a custom Asset controller is used by the app.
- Added hasher id to PasswordInfo
- Added support for registering multiple PasswordHashers to allow upgrading the hashing algorithm.
- Introduced Identity trait. SocialUser now implements it (this will allow developers to return their own user class from UserService.find methods)
2.0.7 - 2012-11-25
- Added password change functionality
- Changed SecureSocial.currentUser/userFromSession methods to support websockets (thanks @KimStevel for catching this)
- Use HTTPS for avatar URL in the Facebook provider (thanks @chazmcgarvey)
- Added documentation for password plugins
- Added base class for Java based password hashers: BasePasswordHasher
- Added PasswordValidator to allow customization of password rules/strength
- Added DefaultPasswordValidator that enforces the length of passwords
- Fixed a RuntimeException in the github provider (thanks @chazmcgarvey)
- Changes to TwitterProvider: use of API 1.1 and https for the image avatar (thanks @chazmcgarvey)
2.0.6 - 2012-11-16
- Fixed a problem where plugins were not being registered when Play recompiled the app
- Added a scheduled task to delete expired signup/password reset tokens
- Added tokenDuration and tokenDeleteInterval properties for userpass
- Changed findByEmail to findByEmailAndProvider in UserService to make it clearer that both fields must match
- Fixed bug: OAuth1Provider was clearing the session at login time (thanks @chazmcgarvey)
2.0.5 - 2012-11-14
- Simplified installation by providing an ivy style repository
- Updated installation steps in the user guide
- Added a change log page to the docs
- Changed the assets directory for SecureSocial to avoid conflicts with apps using it
- Added Bootstrap to demo apps
2.0.4 - 2012-11-11
- Improved signup flow (validates email before allowing registration)
- Added reset password functionality
- Added email notifications
- Added a way to customise views & mails (TemplatesPlugin)
- Added a setting to enable HTTPS in the URLSs for OAUTH callbacks and routes
- Replaced displayName in SocialUser for firstName, lastName and fullName fields
- Added RoutesHelper to build urls using the routes file of the app using the module
- Added a user guide
2.0.3 - 2012-11-02
- Fix to prevent not serializable exception in OAuth1Provider (thanks to @chazmcgarvey)
2.0.2 - 2012-09-24
- Added GitHub provider
- Changed FacebookProvider to use the new Facebook API (user picture)
- Moved to Play 2.0.3
- Fixed #71: Context not available in UserAwareAction
2.0.1 - 2012-06-22
- Added LinkedIn provider
2.0.0 - 2012-06-05
- Initial release of SecureSocial for Play 2 published
- Facebook, Google and Twitter providers