- Allow users to test the smtp mailer by sending themselves e-mails
- Add a protection to ensure that either the HTML or the Text body
exists so we never send blank e-mails.
- Fix a bug where if the html body was blank, the mime section for it
was still set and therefore gmail and (probably) other clients would
show a blank e-mail instead of the content in the text e-mails.
- Add helper to directly merge data into a request (common use case)
- Allow parsing of OAuth2PID without panic
- Add oauth2.* strings to the modules list in case people want to be
able to switch on which oauth2 providers are available in their
views.
It was simply too ugly to have a giant data structure for debugging.
This middleware should also basically never be used outside authboss
views so the allocation means nothing.
- Tried to be clear about OAuth2 vs OAuth in all places.
- Allow users to be locked from OAuth logins (if done manually for some
reason other than failed logins)
- Cleaned up some docs and wording around the previously very confusing
(now hopefully only somewhat confusing) oauth2 module.
- Remove extraneous http.ResponseWriter from all read-only queries
against the request context (for the ClientState)
- Instead of using a context.Context on the ClientStateResponseWriter
just store variables for the things we'd like to store, it should be
less expensive and it's much easier to work with and more clear.
- Save the loaded client state into both the ResponseWriter itself and
the Request context, the ResponseWriter will store them simply to send
them into the WriteState() method later on, the Request will store
them to be able to query data.
- Make this change to make it a bit more chi/alice friendly
since this is typically the form of middlewares to be constructed
and then turn into a "middleware" function/type.
- This may seems silly but the functionality is shared
between oauth2 and auth with no changes so it makes it nicer
not to have an oauth2/logout route like before
- Add back the feature to log in after password recovery
- Add new storer functionality to mocks
- Add RecoveringServerStorer
- Add RecoverableUser
- Add RecoverStartValuer, RecoverMiddleValuer, RecoverEndValuer
- Change storers to differentiate between tokens (recover vs confirm)
- Change BCryptCost to be a generic module configuration (doesn't belong
to register)
I have a feeling that I wrote all this fanciness in when the
user was still able to fetch himself from the database. But since
that's been dropped I don't think any of this stuff is necessary.
In terms of setting without an error, we should do validation before
an attempt to save, not every time we set a field. This will just end
up being much nicer error handling, and the database is going to do
it's own validation and we can handle that error in the same way.
- Remove a test that was obsoleted by optimizations. Not 100% sure this
is correct, but it seems like if nothing has changed since the
previous session/cookie read then we shouldn't need to write any new
headers for them. This is especially true in the typical "I use
cookies for everything" use case, but may not be true of other use
cases... Remains to be seen. Since they're optimizations they should
be able to removed "safely" later.