Skip to content
This repository has been archived by the owner on Dec 12, 2018. It is now read-only.

Latest commit

 

History

History
673 lines (413 loc) · 25.7 KB

CHANGELOG.md

File metadata and controls

673 lines (413 loc) · 25.7 KB
Raw

stormpath-sdk-node Change Log

0.20.1

Released February 3, 2017

  • Updated usage of the crypto library to avoid deprecated use of pbkdf2.
  • Several documentation updates.

0.20.0

Released January 24, 2017

  • Added a new authenticator class, StormpathAccessTokenAuthenticator. This can be used to authenticate any access token that has been issued by an application in your Tenant. You an optionally specify an application as an authorization check, using stormpathAccessTokenAuthenticator.forApplication(application), doing so will cause authentication to fail if the access token is not issued by the specified application. This decoupled application check allows you to decide if the issuing application should be checked as an authorization check, e.g. this would not be necessary if you are building a Single-Sign-On solution between multiple Stormpath applications.
  • The JwtAuthenticator has been deprecated in favor of StormpathAccessTokenAuthenticator.

0.19.2

Released January 24, 2017

  • Patched an issue where the utils.extend implementation would fail when the object did not have a prototype pointing to Object. Fixes #590.

0.19.1

Released January 16, 2017

0.19.0

Released November 21, 2016

New Features:

Implemented the following getter methods:

Other improvements:

  • Added a cache region for Organization resources.
  • Fixed the link clicking issue on the JsDoc site: link text is now click-able.
  • Improved error handling and HREF validation.

Fixed bugs:

  • StormpathAssertionAuthenticator throws on LOGOUT callbacks.
  • Expanded resources are not constructed as their type.

Updated production dependencies:

0.18.5

Released August 11, 2016

Released July 20, 2016

0.18.4

0.18.3

Released June 22, 2016

0.18.2

Released March 24, 2016

Fixing a bug with the JwtAuthenticator. If the local validation option was specified, and you gave it a JWT that was created by the client-credentials workflow, the getAccount() method would fail because the authentication result has an incorrect reference for the account HREF. This bug was introduced in 0.18.0 but is now fixed in this patch release.

0.18.1

Released March 23, 2016

0.18.0

Released March 14, 2016

  • Added an invalidate() method to resource objects. This method will purge the resource from the cache.

  • The JwtAuthentictor will now authenticate access tokens that have been created by the client_credentials workflow. Previously it would only authenticate access tokens that were created by the password grant workflow.

  • Fixed: when calling account.save(), errors were swallowed. They are now passed to the callback, as expected.

0.17.5

Released March 2, 2016

  • Updated dependency stormpath-config from version 0.0.20 to 0.0.22.

0.17.4

Released February 22, 2016

Internal change, on the request executor, to allow other Stormpath modules to set the User-Agent on a per-request basis.

0.17.3

Released February 19, 2016

Fixed the baseUrl option as used with stormpath.Client({ baseUrl: 'xx'}). Previously this option would cause an exception in the request executor, making it impossible to use an alternate base URL.

0.17.2

Released February 18, 2016

0.17.1

Released February 5, 2016

  • Fixed: the JwtAuthenticator would throw errors during token validation. It now calls the provided callback instead.

  • Removed un-used dependencies flat and glob.

0.17.0

Released February 4, 2016

  • Added the new OAuthStormpathTokenAuthenticator, this authenticator can be be used to exchange Stormpath assertion tokens for an OAuth2 Access Token and Refresh Token. Stormpath assertion tokens are JWTs that are provided on callback from ID Site or SAML providers.

  • Adding deprecation notice for OAuthIdSiteTokenGrantAuthenticator, please use the new OAuthStormpathTokenAuthenticator instead.

  • Added the following methods to the Organization resource:

  • createAccount()

  • createAccount()

  • getAccounts()

  • getCustomData()

  • getDefaultAccountStore()

  • getDefaultGroupStore()

  • getGroups()

  • getIdSiteModel()

  • Internal refactor of argument parsing logic for all callback-based functions.

  • Updated production dependencies:

  • [email protected] -> [email protected]

  • [email protected] -> [email protected]

  • [email protected] -> [email protected]

  • [email protected] -> [email protected]

0.16.0

Released January 22, 2016

  • SAML Support! Please see the documentation of the SamlIdpUrlBuilder, for initiating SAML redirects, and StormpathAssertionAuthenticator, for consuming the callback assertion token from Stormpath. Application resources now have a getSamlPolicy() method, and directory.getProvider() will return a SamlProvider instance if the directory is a SAML directory.

  • Improved error messages from our HTTP Request executor, to give better insight on network failures between your application and our REST API.

0.15.5

Released January 21, 2016

  • Fixed: collection.every(iterator, callback). The callback was being invoked on every page request to the API (it should only be called once the entire collection has been paginated). The iteration wouldn't be aborted if the iterator returned false. This is now fixed.

  • Tests have been improved for readability.

  • Test runner has been fixed, all unit tests are now running.

0.15.4

Released January 13, 2016

  • Upgraded stormpath-config to v0.0.18. Contains fix for when absolute path is provided but home environment isn't set.

0.15.3

Released January 13, 2016

  • Upgraded stormpath-config to v0.0.17. Contains fix for when home environment isn't being set.

0.15.2

Released December 18, 2015

  • Upgrade stormpath-config to 0.0.16.

  • Scope factory, for client_credentials workflow, can now be asynchronous.

0.15.1

Released December 8, 2015

The upgrade to stormpath-config includes a fix for a bug with client.cacheOptions.client, where the client prototype was being mutated (resulting in an undefined method exception if you attempted to provide your own Redis client).

0.15.0

Released November 20, 2015

0.14.0

Released November 12, 2015

  • Implemented the ID Site Token Authenticator, allowing you to exchange and ID Site Result JWT for a Stormpath Access Token (documentation coming soon).

  • Implemented client.getRefreshToken() for fetching refresh token resources.

  • Fixed: using local validation with the JWT authenticator would throw an exception because the account property was not defined on the authentication result object.

  • Updated glob dependency to 6.0.1

0.13.5

  • Fixed OAuth error responses to include the error code invalid_client, where appropriate.
  • Updated dependencies (see latest package.json).
  • Test improvements (cleaning up IT resources, caching client for speed).

0.13.4

  • Refactor: DataStore and RequestExecutor now uses options.client.apiKey instead of options.apiKey.

0.13.3

  • Fixed: Old environment variables (STORMPATH_API_KEY_ID and STORMPATH_API_KEY_SECRET) were not being read. They are now being read again for backwards compatibility.
  • Fixed: OAuthAuthenticator was not passing local validation option to the JwtAuthenticator.

0.13.2

  • Changed: Config files are now loaded before environment config.
  • Fixed: Error: API key ID and secret is required.
  • Fixed: Passing Redis client to config causes "Maximum call stack size exceeded" with deep-extend.

0.13.1

Moving lodash to dependencies, it was incorrectly placed in the dev dependencies

0.13.0

  • Configuration is now loaded all async.
  • Added tests for configuration.
  • Added getters and setters for access tokens and refresh tokens.
  • Added Account.getAccessTokens(), Client.getAccessToken(), and Account.getRefreshTokens().
  • Fixed TTL bug in AuthenticationResult.getJwt()

0.12.2

  • Supporting LinkedIn configuration options.

0.12.1

  • Fix: enable the /me route if the website option is used in the config parser

0.12.0

Organization Support

This SDK now supports the new Organization Resource in Stormpath. Create Organizations through the Client, and create Organization Account Store Mappings through an Organization instance.

Application.createIdSiteUrl now has more options that allow you to enable Organization features on ID Site sessions.

Please see the documentation for more information.

0.11.5

  • Adding tests for Config.

0.11.4

  • Updating API docs -- fixing bugs, cleaning up code samples, etc.
  • Adding tests for Application.getAccount().
  • Improved error handling for Application.getAccount() so it can't be used improperly.
  • Removing resource.customData.get -- use resource.getCustomData instead =) This wasn't used anywhere anyhow: so this doesn't need to be a major version upgrade.
  • Adding tests to ensure URI fragments can be retrieved (they can).

0.11.3

  • Fixing issue with null request bodies when using our AuthRequestParser class.
  • Adding tests for AuthRequestParser class.
  • Adding support for Node 0.11, 0.12, and iojs. Yey!

0.11.2

  • Modifying our test runner. If you run npm test, all tests will be ran -- not just the mocks.
  • Removing a dependency on the $HOME environment variable being set. It now works without it =)
  • Making our tests publish coverage results to coveralls.io.
  • Adding a coverage badge to the README.md.
  • Fixing issue with customData field removal. Previously if you tried removing the last customData field, it would error out.

0.11.1

Adding configuration options web and api. These are to be consumed by a framework integration, and indicate which features to enable by default

0.11.0

  • Supporting OAuth Password Grant flow, using api.stormpath.com as the data store

  • Supporting new configuration format, for web framework integrations

0.10.2

  • Ignoring .env files so they don't end up in the npm artifacts.
  • Adding new config parsing logic. This will parse a config.json file. This will be used in the upcoming major release, to supply options in a new manner.

0.10.1

Client constructor now accepts baseUrl as an option, allowing you to change the base URL from 'https://api.stormpath.com/v1' to a custom value.

0.10.0

  • The client constructor now allows you to specify the apiKeyEncryptionOptions option. This allows you to configure how Account API Keys are encrypted before being stored in the local cache.

  • Updated application.sendPasswordResetEmail() to to accept an accountStore property, for defining which account store to search for the given email

0.9.3

Fixed Application.authenticateApiRequest to also accept access tokens where the subject is an Account, rather than an API Key.

0.9.2

Fixed: do not cause exceptions when error response body is null.

0.9.1

Add .npmignore to exclude docs, samples, and test from the npm distribution. Thanks @coreybutler

0.9.0

Add these methods to AuthenticationResult to support token creation for Api Keys or Accounts:

  • getJwt() - returns a Jwt instance with a pre-configured body that is set to the appropriate defaults. Also sets the signing key to the api key secret of the current Stormpath client.

  • getAccessToken([jwt]) - calls jwt.compact() on the given jwt, or a default jwt constructed by getJwt()

  • getAccessTokenResponse([jwt]) - constructs an Oauth-compatible response body from the given jwt, or a default jwt constructed with getJwt()

The Jwt instances are provided by the nJwt Library

0.8.1

Cache fix: preserve hrefs of linked resources in the cache entity, but not the properties. This allows getter methods to resolve the linked resource at a later time.

0.8.0

Fixed these caching problems:

  • Touching items in the cache when we don't need to (thanks philipatkinson)
  • When requesting a collection the individual resources in the collection were not being put into their respective cache regions
  • When requesting a resource with expanded resources, the expansions were not being cached
  • When requesting a resource with an expanded collection, the resources in the collection were not being cached

Improvements:

  • Support the passing of client instances for Redis and Memcached, this allows you to share one connection to your store for all Stormpath cache regions (thanks philipatkinson)

0.7.5

  • Fixing bug with GroupMemnberships.getAccount().

0.7.4

  • Implement application.resendVerificationEmail()

0.7.3

  • Add cache region for Custom Data resources. Thanks alavers for finding this issue.

0.7.2

  • Add methods Tenant.getAccounts() and Tenant.getGroups(), use these to fetch all accounts or groups within your tenant.

0.7.1

  • Remove improper use of _.pluck in CustomData.prototype._hasReservedFields (thanks sojournerc)

0.7.0

  • Fixing the status codes (400 vs 401) on errors thar are returned from authenticateApiRequest
  • Upgrading the Redis dependency to ~0.12.1 and fixing constructor options accordingly

0.6.0

Custom Data Improvements

Custom Data is now available on Applications, Groups, Directories, and the Tenant! We're really excited about this improvment and the power it gives you for storing data on Stormpath resources.

Simply call getCustomData() on any of these resources and start using the custom data object like you have been with Accounts. For more information please see the Custom Data documentation

ID Site Improvements

We recently added Single Sign On (SSO) support to our ID Site Feature and this SDK release adds a logout: true option to the application.CreateIdSiteUrl([options],cb) method. When this option is used the user’s SSO cookie will be destroyed and the user will be immediately redirected to the specified callbackUri where the idSiteResult has a new status property which will be the value of 'LOGOUT'

For more information see the createIdSiteUrl and handleIdSiteCallback method documentation.

Fixes

  • Stop caching requests that have query params, fixes problems with resource expansions (#85)
  • Fix caching docs to show correct port and option names for Memcached (#73)
  • Upgraded modules properties-parser, request, moment, node-uuid (#93)

0.5.2

Fix authenticateApiRequest, do not throw if the request is not GET or POST

0.5.1

Fix for case where application.getAccount() receives an error but still tries to read the undefined account object

0.5.0

Breaking Changes

  • application.authenticateApiRequest(options,cb) now requires you to supply the request method as options.request.method
  • OAuth token requests must use POST, see RFC749 3.2

Fixes

  • authenticationResult objects now include the granted scope on the object, see RFC749 5.1
  • Improve documentation of the path option for application.createIdSiteUrl

0.4.3

Cache fix that was preventing expanded resources from being cached

0.4.2

Fix the Oauth authenticator to provide requestedScopes and grantedScopes as an array of strings, not a single string.

0.4.1

Updated User-Agent string to be spec compliant and extendable

0.4.0

ID Site Functionality!

Your own hosted, white-labeled Identity Site, what we call an 'ID Site'!

You can have a 100% customizable white-labeled site, for example, https://id.awesomeapp.com or https://my.awesomeapp.com, hosted and served securely by Stormpath. Your ID Site provides your end-users with a hosted and secure registration, login, and password reset functionality, and completely hands-off integration with Google and Facebook!.

Your white-labeled ID Site is beautiful and 'just works' out-of-the box and requires no development effort, but if you want to customize it in any way, you can easily fork our default GitHub repo and customize it as you desire, and we'll serve your fork securely just the same.

All that is required for this to work is that your application redirects your end-user to your secure ID Site URL and, when the user is done, can receive a redirect back to your application. This 0.4.0 release includes two additional functions so you don't have to code that yourself.

See the new createIdSiteUrl method (for redirecting end-users to your ID Site) and the handleIdSiteCallback method (for handling the return reply from your ID Site) for code examples!

For a comprehensive overview of the ID Site feature, see the ID Site Feature Guide

Improvements

  • When you call save() and delete() on any resource, the callback is now optional and can be omitted.
  • HTML/CSS layout improvements to the documentation app, it is now mobile friendly!
  • Several descriptive fixes to the documentation.

0.3.0

New Features

Secure your REST API using OAuth 2!

The Stormpath Node SDK can now act as an OAuth 2 Provider with full API Key management support!

You can now use the Node SDK to create and manage API Keys for your end-users so they can authenticate with your own REST API. You can create, delete, enable/disable as many API Keys as you want for each of your end-user Account resources. See the Account resource's createApiKey and getApiKeys methods.

Now for the really powerful stuff: the Stormpath Node SDK implements OAuth2 provider functionality. Your end-users can use these API Keys to make OAuth 2 requests to your REST API, and the Stormpath Node SDK will authenticate the requests via OAuth as you wish. This includes both OAuth 2 access token requests (e.g. the /oauth/token endpoint) as well as resource requests (e.g. /movies/1234). At no point do you ever need to see, touch, or write OAuth code! The Stormpath SDK does it for you.

See the Application resource's authenticateApiRequest method for detailed information.

Improvements

  • You can use the new method Application.resetPassword() to validate a password reset token AND set a new password, with just one call to our API

  • You can authenticate an account against a specific account store when calling Application.authenticateAccount(), this is a useful performance option if you have a large number of stores and you know which store the user is in.

0.2.0

Improvements:

  • Support Redis and Memcahced as cache stores

  • Social provider support for Google and Facebook

  • Create, modify, delete Account Store Mappings

  • Add iterator methods to collection resources

Fixes:

  • Cache regions are now implemented

  • Tenant.verifyAccountEmail returns an Account object, as expected

Breaking changes:

  • Cache now takes an options hash instead of positional params

0.1.2

Fixed Readme to reflect 0.1.1 changes (this release does not affect code at all).

0.1.1

Minor bugfix point release that fixes a bug where authentication fails when caching is enabled.

Also added a new quickstart.js file that reflects the Stormpath Node.js Quickstart Documentation.

0.1.0

Our first Node.js SDK release!

All functionality compared to our other SDKs is present except:

  • More robust CustomData support. You can create and update an account's or group's custom data as part of the account or group creation or update request - you just can't manipulate and save the custom data by itself (i.e. customData.save() won't work, but account.save() will).

  • Caching implementations for network-accessible stores like Memcache and Redis. A local in-memory (non clustered) cache mechanism is in place however.

  • Exhaustive documentation. We think that the docs we have in place right now are pretty awesome and should cover most needs. However, we want to finish out any remaining missing docs before the next release.

  • Exhaustive tests. While we have been running integration tests regularly, the test coverage can be much better. We already have 100% coverage on some core internals (like the DataStore and RequestExecutor), so we're confident with most of the implementations - enough to cut a release. We will be finishing these entirely however in upcoming releases.

We're already actively working on a follow-up 0.2 release, but in the spirit of 'release early, release often', we wanted to get what we had out the door today to receive community feedback - please let us know your thoughts!

Send us an email to [email protected] or open up a Pull Request and offer suggestions!