- Tried to be clear about OAuth2 vs OAuth in all places.
- Allow users to be locked from OAuth logins (if done manually for some
reason other than failed logins)
- Cleaned up some docs and wording around the previously very confusing
(now hopefully only somewhat confusing) oauth2 module.
- Add back the feature to log in after password recovery
- Add new storer functionality to mocks
- Add RecoveringServerStorer
- Add RecoverableUser
- Add RecoverStartValuer, RecoverMiddleValuer, RecoverEndValuer
- Change storers to differentiate between tokens (recover vs confirm)
- Change BCryptCost to be a generic module configuration (doesn't belong
to register)
I have a feeling that I wrote all this fanciness in when the
user was still able to fetch himself from the database. But since
that's been dropped I don't think any of this stuff is necessary.
In terms of setting without an error, we should do validation before
an attempt to save, not every time we set a field. This will just end
up being much nicer error handling, and the database is going to do
it's own validation and we can handle that error in the same way.
Discovered many problems with the abstractions along the way
and did small fixes to get to the end of the auth module.
- Use more constants for random strings
- Create forcing functions to deal with the upgrades to different
interfaces
- Change changelog format to use keepachangelog standard
- Refactor the config to be made of substructs to help organize all the
pieces
- Add the new interfaces to the configuration
- Clean up module loading (no unnecessary reflection to create new value)
- Change User interface to have a Get/SetPID not E-mail/Username, this
way we don't ever have to refer to one or the other, we just always
assume pid. In the case of Confirm/Recover we'll have to make a GetEmail
or there won't be a way for us to get the e-mail to send to.
- Delete the xsrf nonsense in the core
- Document more things
- Remove module code
- Remove callbacks code
- Remove data makers, flash messages, and context providers in exchange
for middlewares that use context (unwritten)
- Move more implementations (responses, redirector, router) to defaults
package
- Rename key interfaces (again), Storer -> User, StoreLoader ->
ServerStorer (opposite of ClientStateStorer) if this is the last time
I rename these I'll be shocked
