- Tried to be clear about OAuth2 vs OAuth in all places.
- Allow users to be locked from OAuth logins (if done manually for some
reason other than failed logins)
- Cleaned up some docs and wording around the previously very confusing
(now hopefully only somewhat confusing) oauth2 module.
- Make this change to make it a bit more chi/alice friendly
since this is typically the form of middlewares to be constructed
and then turn into a "middleware" function/type.
- Change changelog format to use keepachangelog standard
- Refactor the config to be made of substructs to help organize all the
pieces
- Add the new interfaces to the configuration
- Clean up module loading (no unnecessary reflection to create new value)
- Change User interface to have a Get/SetPID not E-mail/Username, this
way we don't ever have to refer to one or the other, we just always
assume pid. In the case of Confirm/Recover we'll have to make a GetEmail
or there won't be a way for us to get the e-mail to send to.
- Delete the xsrf nonsense in the core
- Fix#79
- Rename event EventGet to EventGetUser
- Remove double DB fetch
- Add new event callpoint: After(EventGetUser) for things that need to
check that the user is ABLE to be gotten after it's fetched from the
DB. That is before returning to the web app, ensure that the user is
valid from a confirmation/lock etc point of view.
- Add test to make sure all the events are firing in CurrentUser()
- Add error handling at the routing level so that all errors can bubble
up and be handled and logged there in one place.
- Add Err variants for ClientStorer and Attributes to facilitate
generating errors for missing type-failing arguments.
- Add better control flow and error handling for callbacks.
