forked from mkrisher/oauth-plugin
-
Notifications
You must be signed in to change notification settings - Fork 4
/
CHANGELOG
187 lines (164 loc) · 7.96 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
0.5.1
- Support slim templates for consumer [pelle]
- Add via argument to match routes to support 4.0 [pelle]
0.5.0
- Make compatible with Rails 4 [tomhughes]
- Added support for RefreshTokens [RubenHoms]
- allow? should return false when token is not found [thetizzo]
- add license to gemspec [jordimassaguerpla]
- update documentation for Rails 2.x [yann]
0.4.1
- Security fix for OAuth1 provider. Please upgrade if you're using any 0.4 version. Thanks to [tomhughes]
- Limit index size in ConsumerToken migration to deal with very large tokens [devainandor]
- Accept ancient OAuth2 Token token=asfavasd like tokens. Just for complete compatibility. [pelle]
- oauth2 errors should return http 400 [pelle]
0.4.0
- fix migrations to use expires_at instead of valid_to [pelle]
- add force parameter for forcing token refresh [afeld]
- make it work in rails 2x [Kimtaro]
- Use 0.5+ OAuth2 gem [kookster]
- prevent addition of ? marks to callback url when not needed [kookster]
- make .credentials accessible to TwitterToken [afeld]
0.4.0-rc2
- Better OAuth2 support.
- Refactored authorizer into a Authorizer object which is now better tested
0.4.0-rc1
PLEASE help test this so we can mark it as final
- Update to OAuth2 draft 22 which is likely the final release. [pelle] ACTION REQUIRED BY YOU, see README.
- Update forms to work with rails 3.1 [morgz]
- Allow nil callbacks for oob in OAuth 1.0a [Shaliko Usubov]
- OAuthFilter:oauth2_token to rejects headers that explicitly state oauth_version="1.0" [KentonWhite]
0.4.0-pre7
- OAuth 1 requests using query or form encoded parameters where being interpreted as OAuth2 [pelleb]
- OAuth 2 requests were not checking for invalidated tokens. Please upgrade for this if you offer OAuth 2 [rymai]
- Handle case where credentials[:options] in consumer plugin was nil [marnen]
- Better facebook example [marnen]
0.4.0-pre6
- fixes issue with erb generator in rails 3 [pelleb]
- various cleanups in generators [akonan]
0.4.0-pre5
- protect oauth consumer relay with :expose configuration option. It's off by default. [pelle]
- Reenable twitter client. It is now configurable for twitter tokens. :client=>:twitter_gem or :oauth_gem [pelle]
- fix issues with new consumer tokens [afeld]
- More forgiving about oob callback values[chrisrhoden]
- Update Twitter consumer to use latest Twitter Gem [afeld]
- removed portable_contacts client from Google Token [p8]
- Fixes various mongoid issues [3en]
- Adds oauth2 consumer support
- Fixes oauth2 provider. parameter should be redirect_uri not redirect_url [Kimtaro]
- Most core OAuth functionality is being put into OAuthFilter. This means Rails 2.3 and above only
0.4.0-pre4
- Fixed bug when creating a new user from a new consumer token
- Fix typo in consumer token [krasio]
- Fix issue with mongoid not supporting find_by_x style queries. [3en]
0.4.0-pre3
- Experimental rack filter for OAuth 1.0a:
see lib/oauth/rack/oauth_filter.rb for details
0.4.0-pre2
- mongoid defaults to being embedded
- new :auto_login option in oauth_config.rb which lets you use eg. twitter as a primary authentication method
0.4.0-pre1
- mongoid support in rails 3 [Alexander Semyonov]
- OAUTH 2.0 authorization_code and password grant types
- Supports OAuth 2.0 draft 10 (Note this is incompatible with previous drafts)
- Refactored application_controller_methods to be a lot less intrusive
- Increased default token and key size in anticipation of OAuth2 support
- Rails 3 support
- Rails 3 generators [Paul Rosiana] and patches by [Alexander Flatter]
- Modularized Rails 3 generators [Alexander Semyonov]
- Callback urls now allow query parameters. Multiple patches but I used [Unk]'s.
10/08/2009
0.3.14
- Fixed the class generation when you have a custom token defined. [Brian Morearty]
10/05/2009
0.3.13
- Got rid of yahoo token. To support it correctly requires way too much work. Let them suffer the consequences of their decissions.
- GoogleToken now uses portablecontacts gem
9/30/2009
0.3.12
- Added a simple PortableContacts adapter for GoogleToken
- Added a SimpleClient wrapper to provide really simple wrapper for OAuth based json web services
- Increased token size in consumer_tokens table because of Yahoo's oversized tokens
- Added support for Yahoo
- Added support for Google (Boon Low)
9/26/2009
0.3.11
- Moved twitter tokens dependency back to regular twitter gem
7/29/2009
0.3.10
- Closed blocks in erb template (jcrosby) while pelle is hiding under his desk
- Handled error case on authorize with non existent token
- Fixed Agree2 token
- Security Fix: Only skip verify_authenticity_token for specific oauth token requests in provider controller
7/25/2009
0.3.9
- Added an Index to oauth consumers controller. Rerun generator to create index template
- Added invalidate action to provider, which allows a token to invalidate itself /oauth/invalidate
- Added capabilities action to provider. Lets you expand to allow auto discovery of permissions and services that token provides.
- Can override how authorize form indicates an authorization. To get around ugly checkbox
def user_authorizes_token?
params[:commit] == 'Authorize'
end
7/23/2009
0.3.8
- Fixed Gem Plugins Loading
7/21/2009
0.3.7
- A blushing Pelle adds a missing file
0.3.6
- Twitter, Agree2 and FireEagle tokens are working in consumer.
0.3.5
- made it a gem
- more thorough tests of OAuth 1.0 consumer
- Add support for a OAUTH_10_SUPPORT constant to switch on support for OAuth 1.0 in provider
7/19/2009
- Added support for OAuth 1.0 consumers (nov)
7/17/2009
- Added back support for OAuth 1.0 for providers (nov)
7/14/2009
- Added OAuth Consumer generator
- Moved oauth controller code to a module to make it easier to upgrade in the future
7/11/2009
- Added support for OAuth version 1.0a
- Added haml support
- Improved OAuth Client Controller gui (alec-c4)
2/11/2009
- Fixed escaping error and file path error in the generator simultaneously reported and fixed by Ivan Valdes and Mike Demers thanks
2/9/2009
- Fixed compatibility issue with OAuth Gem 3.1 (wr0ngway and aeden)
- Added Test:Unit tests to generator (Ed Hickey)
- added missing oauth_clients/edit.html.erb view template (Ed Hickey)
- added missing :oauth_clients resource route in USAGE (Ed Hickey)
- Don't throw NPE it token is not in db (Haruska)
- Cleaned up whitespace (bricolage, Nicholas Nam)
- Fixed bug in default verify_oauth_signature (igrigorik)
- Doc fixes (skippy)
6/23/2008
- Split OAuth controller into two parts: OAuth and OAuth clients. [jcrosby]
revision 31
- patch that fixes a problem in oauth_required from Hannes Tyden and Sean Treadway from SoundCloud. Thanks.
revision 30
- updated to use oauth gem 0.2.1
revision 23
- removed all core libraries from plugin. They are now in the oauth gem.
# oauth-plugin-pre-gem Branch created
revision 18
- added a generator for creation oauth_providers
revision 12
- the bug with post and put has now been fixed.
- better documentation
revision 9
- added a test helper. Include OAuth::TestHelper in your tests or specs to mock incoming requests
revision: 8
- moved tests into oauth folder and renamed them to make them work with autotest by default
- Refactored the request methods to make them more flexible and ready for integrating with ActiveResource
- There are a few tests that fail. All of them to do with put and post requests with payload data. I decided to commit anyway, to get the new api out.
revision: 7
- Done a lot of work on the Server side of things. The Server class has changed a lot and is likely to be incompatible with previous versions
revision: 6
- Throws InsecureSignatureMethod exception if attempting to use straight sha1 or md5.
- Disables plaintext signature over http (throws an InsecureSignatureMethod)
- Better testing of signature methods - the prior tests were seriously flawed.
revision: 5
- Removed support for sha1 and md5
- Implemented draft 6 support of OAuth removing secrets from base string