- Fix bug where setup paths were not mountpathed so twofactor_verify
would redirect to a 404.
- Fix bug in remember where a user would be remembered even if logged in
depending on the middleware order (if something had previously called
LoadCurrentUser/LoadCurrentUserID it was fine, if not, the user was
half-authed even if he was cleared of half-auth previously).
- Remove extraneous http.ResponseWriter from all read-only queries
against the request context (for the ClientState)
- Instead of using a context.Context on the ClientStateResponseWriter
just store variables for the things we'd like to store, it should be
less expensive and it's much easier to work with and more clear.
- Save the loaded client state into both the ResponseWriter itself and
the Request context, the ResponseWriter will store them simply to send
them into the WriteState() method later on, the Request will store
them to be able to query data.
- Change changelog format to use keepachangelog standard
- Refactor the config to be made of substructs to help organize all the
pieces
- Add the new interfaces to the configuration
- Clean up module loading (no unnecessary reflection to create new value)
- Change User interface to have a Get/SetPID not E-mail/Username, this
way we don't ever have to refer to one or the other, we just always
assume pid. In the case of Confirm/Recover we'll have to make a GetEmail
or there won't be a way for us to get the e-mail to send to.
- Delete the xsrf nonsense in the core
- Document more things
- Remove module code
- Remove callbacks code
- Remove data makers, flash messages, and context providers in exchange
for middlewares that use context (unwritten)
- Move more implementations (responses, redirector, router) to defaults
package
- Rename key interfaces (again), Storer -> User, StoreLoader ->
ServerStorer (opposite of ClientStateStorer) if this is the last time
I rename these I'll be shocked
- This addresses the problem of having to update multiple times during
one request. It's hard to have a nice interface especially with JWT
because you always end up having to decode the request, encode new
response, write header, then a second write to it comes, and where do
you grab the value from? Often you don't have access to the response
as a "read" structure. So we store it as events instead, and play
those events against the original data right before the response is
written to set the headers.
- Change response to be more central to Authboss. Make sure it has
useful methods and works with the new rendering idioms.
- Change the load user methods to all work with context keys, and even
be able to set context keys on the current request to avoid setting
contexts everywhere in the code base.
- Re-add the age-old "Values" from the Context. This was originally
there for exactly the documented purpose. However the Context holding
the request form values negated it's use. It's back because of this
new separation.
- Make the auth success path set the authboss.CookieRemember value in
the context before calling it's callback.
- Add a new storer specifically for OAuth2 to enable clients to choose
regular database storing OR Oauth2 but not have to have both.
- Stop storing OAuth2 credentials in a combined form inside username.
- Add new events to capture OAuth events just like auth.
- Have pass-through parameters for OAuth init urls, this allows us to
pass additional behavior options (redirects and remember me) as well
as other things that should be present on the page that is redirected
to.
- Context.LoadUser is now OAuth aware.
- Remember's callbacks now include an OAuth check to see if a horribly
packed state variable contains a flag to say that we want to be
remembered.
- Change the OAuth2 Callback to use Attributes instead of that custom
struct to allow people to append whatever attributes they want into
the user that will be saved.
- Add error handling at the routing level so that all errors can bubble
up and be handled and logged there in one place.
- Add Err variants for ClientStorer and Attributes to facilitate
generating errors for missing type-failing arguments.
- Add better control flow and error handling for callbacks.
- Export ModuleAttrMeta so the modules can access it.
- Add a couple new events for later use.
- Fix a few compile errors.
- Prefix err constants with Err.
