- Fix bug where setup paths were not mountpathed so twofactor_verify
would redirect to a 404.
- Fix bug in remember where a user would be remembered even if logged in
depending on the middleware order (if something had previously called
LoadCurrentUser/LoadCurrentUserID it was fine, if not, the user was
half-authed even if he was cleared of half-auth previously).
There have been bugs filed in other libraries where rand.Read()
simply returns all 0s, instead use io.ReadFull to ensure that we get
the amount of bytes we want.
- Use io.ReadFull(rand.Reader, ...) instead of rand.Read() for getting
randomness from crypto/rand.
- Tried to be clear about OAuth2 vs OAuth in all places.
- Allow users to be locked from OAuth logins (if done manually for some
reason other than failed logins)
- Cleaned up some docs and wording around the previously very confusing
(now hopefully only somewhat confusing) oauth2 module.
- Re-add the age-old "Values" from the Context. This was originally
there for exactly the documented purpose. However the Context holding
the request form values negated it's use. It's back because of this
new separation.
- Make the auth success path set the authboss.CookieRemember value in
the context before calling it's callback.
- Add a new storer specifically for OAuth2 to enable clients to choose
regular database storing OR Oauth2 but not have to have both.
- Stop storing OAuth2 credentials in a combined form inside username.
- Add new events to capture OAuth events just like auth.
- Have pass-through parameters for OAuth init urls, this allows us to
pass additional behavior options (redirects and remember me) as well
as other things that should be present on the page that is redirected
to.
- Context.LoadUser is now OAuth aware.
- Remember's callbacks now include an OAuth check to see if a horribly
packed state variable contains a flag to say that we want to be
remembered.
- Change the OAuth2 Callback to use Attributes instead of that custom
struct to allow people to append whatever attributes they want into
the user that will be saved.
- Export ModuleAttrMeta so the modules can access it.
- Add a couple new events for later use.
- Fix a few compile errors.
- Prefix err constants with Err.
