This change allows users to write Mailer implementations that either
spawn their own goroutines or honor proper context usage. The current
behavior of the modules with this setting turned to 'false' creates a race
condition between the original http request's context authboss was handed being
cancelled by the http server, and the use of that context by the mailer
implementation which is being run in a goroutine.
There have been bugs filed in other libraries where rand.Read()
simply returns all 0s, instead use io.ReadFull to ensure that we get
the amount of bytes we want.
- Use io.ReadFull(rand.Reader, ...) instead of rand.Read() for getting
randomness from crypto/rand.
- Make this change to make it a bit more chi/alice friendly
since this is typically the form of middlewares to be constructed
and then turn into a "middleware" function/type.
- Add back the feature to log in after password recovery
- Add new storer functionality to mocks
- Add RecoveringServerStorer
- Add RecoverableUser
- Add RecoverStartValuer, RecoverMiddleValuer, RecoverEndValuer
- Change storers to differentiate between tokens (recover vs confirm)
- Change BCryptCost to be a generic module configuration (doesn't belong
to register)
- Change changelog format to use keepachangelog standard
- Refactor the config to be made of substructs to help organize all the
pieces
- Add the new interfaces to the configuration
- Clean up module loading (no unnecessary reflection to create new value)
- Change User interface to have a Get/SetPID not E-mail/Username, this
way we don't ever have to refer to one or the other, we just always
assume pid. In the case of Confirm/Recover we'll have to make a GetEmail
or there won't be a way for us to get the e-mail to send to.
- Delete the xsrf nonsense in the core
- Change response to be more central to Authboss. Make sure it has
useful methods and works with the new rendering idioms.
- Change the load user methods to all work with context keys, and even
be able to set context keys on the current request to avoid setting
contexts everywhere in the code base.
- Fix#79
- Rename event EventGet to EventGetUser
- Remove double DB fetch
- Add new event callpoint: After(EventGetUser) for things that need to
check that the user is ABLE to be gotten after it's fetched from the
DB. That is before returning to the web app, ensure that the user is
valid from a confirmation/lock etc point of view.
- Add test to make sure all the events are firing in CurrentUser()