- Change changelog format to use keepachangelog standard
- Refactor the config to be made of substructs to help organize all the
pieces
- Add the new interfaces to the configuration
- Clean up module loading (no unnecessary reflection to create new value)
- Change User interface to have a Get/SetPID not E-mail/Username, this
way we don't ever have to refer to one or the other, we just always
assume pid. In the case of Confirm/Recover we'll have to make a GetEmail
or there won't be a way for us to get the e-mail to send to.
- Delete the xsrf nonsense in the core
- Delete callbacks tests
- Remove some useless code (SendMail), as well as some extra arguments
in certain functions that didn't require them.
- Remove tests for more code that has been moved to default
implementations
- This addresses the problem of having to update multiple times during
one request. It's hard to have a nice interface especially with JWT
because you always end up having to decode the request, encode new
response, write header, then a second write to it comes, and where do
you grab the value from? Often you don't have access to the response
as a "read" structure. So we store it as events instead, and play
those events against the original data right before the response is
written to set the headers.
- Change response to be more central to Authboss. Make sure it has
useful methods and works with the new rendering idioms.
- Change the load user methods to all work with context keys, and even
be able to set context keys on the current request to avoid setting
contexts everywhere in the code base.
- Fix#79
- Rename event EventGet to EventGetUser
- Remove double DB fetch
- Add new event callpoint: After(EventGetUser) for things that need to
check that the user is ABLE to be gotten after it's fetched from the
DB. That is before returning to the web app, ensure that the user is
valid from a confirmation/lock etc point of view.
- Add test to make sure all the events are firing in CurrentUser()
- Having the default logger set to nil was troublesome because some errors
are hard to detect without a logger. This falls under "sane default"
changes and so should be made.
