0.7.3

• [BREAKING] The name of the token attribute used by the devise authenticator and authorizer is now token by default, see #394.
• [BREAKING] The devise authenticator will now send the user's identification for the configured identificationAttributeName instead of always using email, see #403.
• The crossOriginWhitelist now supports whitelisting all subdomains of a specific domain, see #398.
• The docs for defining custom authenticators have been improved, see #399.
• The tests will now run against the newest versions of Ember, Ember.js, jQuery and handlebars.
• The examples now run with handlebars 2.0.0 and jQuery 2.1.3.
• The Google+ example has been fixed so that it will always prompt the user for approval, see #412.
• The template for the API docs was updated so that it works with the newest handlebars version.

0.7.2

0.7.2

• The session's authenticate method now accepts an arbitrary list of arguments to pass to the authenticator's authenticate method which also allows to pass options to torii providers, see #371.
• With the move away from controllers/views and towards components, the session is now injected into components as well, see #364.
• The OAuth 2.0 authenticator now handles access scopes, see #363.
• ApplicationRouteMixin will now send actions to the current route if available or the initial transition, see #367.
• Added a new currentSession() helper to the Ember Simple Auth Testing package that provides access to the current session, see #359.
• Fixed clearing of cookie and localStorage stores, see #349.
• The ajaxPrefilter and ajaxError handlers were cleaned up.

0.7.1

• The localStorage session store now correctly reads its configuration from the Configuration object and in turn can be configured in config/environment.js in Ember CLI projects, see #340.

0.7.0

• [BREAKING]: The Devise authorizer now sends the session token as user_token instead of token for consistency.
• The session store can store nested objects now, see #321.
• The property names for user_token and user_email are now configurable for the Devise authenticator/authorizer, see #319.
• The ApplicationRouteMixin's sessionInvalidationSucceeded action will no longer reload the page in testing mode, see #333.
• The cookie session store now has a cookieDomain setting that can be used if e.g. the session needs to be shared across subdomains, see #332.
• The AMD distribution has been fixed so that it doesn't depend on any specific global objects anymore, see #325, #323.
• Removed the insecure connection warning as it never actually triggers when it actually should, see #318.
• The crossOriginWhitelist setting can now be set to ['*'] to allow requests to all domains, see #309.
• The global ajaxPrefilter and ajaxError hooks will now be setup only once which fixes some problems in testing mode.

0.6.7

• The Ember CLI Addons will now use the project's configuration as defined in config/environment.js and do not depend on window.ENV anymore, see [mainmatter/ember-cli-simple-auth#21]mainmatter/ember-cli-simple-auth#21.
• All configuration data is now held in configuration objects for the OAuth 2.0, cookie store and devise extension libraries as well.

0.6.6

• [BREAKING]: The OAuth 2.0 authenticator's serverTokenRevocationEndpoint property has been renamed to serverTokenRevocationEndpoint ("k" to "c").
• The new UnauthenticatedRouteMixin mixin can be used for routes that do not allow the session to be authenticated like the login route, see #236.
• The localStorage store's localStorageKey property can now be configured, see #300.
• The AuthenticatedRouteMixin and UnauthenticatedRouteMixin will now check for infinite redirection loops, see #293.
• The cookie store now sets path=/ for its cookies so that there is only one Ember Simple Auth cookie per application, see #288.
• The browserified distribution does not correctly export the test helpers, see #283.
• authorizationFailed will now only be triggered for requests that were actually authenticate by Ember Simple Auth, see #271.
• Fixed a bug that prevented the browserified version from being used in older versions of Internet Explorer, see #266.

Note if you're using the Ember CLI Addons

You now need to run the package's generator after installing the addon, e.g.:

ember generate ember-cli-simple-auth-oauth2

You also do not need to install the base library explicitly anymore if you're using on of the extension libraries as that's now automatically installed as a dependency.

0.6.5

This was messed up - please use 0.6.6...

0.6.4

• The new package ember-simple-auth-testing was added that contains test helpers that simplify testing of authenticated routes, e.g.:

  test('a protected route is accessible when the session is authenticated', function() {
    expect(1);
    authenticateSession(); // <--
    visit('/protected');
  
    andThen(function() {
      equal(currentRouteName(), 'protected');
    });
  });

• Ember Simple Auth now allows to define a custom session class which e.g. makes adding custom methods to the session much simpler, e.g.:

  App.CustomSession = SimpleAuth.Session.extend({
    account: function() {
      var accountId = this.get('account_id');
      if (!Ember.isEmpty(accountId)) {
        return this.container.lookup('store:main').find('account', accountId);
      }
    }.property('account_id')
  });
  …
  container.register('session:custom', App.CustomSession);
  …
  window.ENV['simple-auth'] = {
    session: 'session:custom',
  }

• A race condition was fixed that could have broken synchronization of multiple tabs or windows, see #254. The stores will now only store one cookie, one localStorage key etc. holding a JSON representation of the session's data instead of one cookie, localStorage key etc. per property. This change includes 2 breaking changes:

  • The cookie store's cookieNamePrefix property is now just cookieName as there's only one cookie now.
  • The localStorage store's keyPrefix property is now just key as there's only one key now.

• The session will now persist custom content that is assigned manually without the authenticator, see #260.

• A bug was fixed that caused session events to trigger multiple action invocations when the application was started via a deep link to an authenticated route, see #257.

• The AMD distribution does no longer require the Ember global but will try to require it with require('ember') if the global does not exist, see #255.

• The used Ember Simple Auth libraries and their respective will now be logged on application startup together with the Ember core libraries, e.g.:

  [Debug] DEBUG: -------------------------------
  [Debug] DEBUG: Ember                       : 1.6.1
  [Debug] DEBUG: Handlebars                  : 1.0.0
  [Debug] DEBUG: jQuery                      : 1.9.1
  [Debug] DEBUG: Ember Simple Auth           : 0.6.4
  [Debug] DEBUG: Ember Simple Auth OAuth 2.0 : 0.6.4
  [Debug] DEBUG: -------------------------------
  

• The LoginControllerMixin's authenticate action now returns the promise returned by the session so that controllers can use that to handle successful authentication or authentication errors, e.g.:

  App.LoginController = Ember.Controller.extend(SimpleAuth.LoginControllerMixin, {
    authenticator: 'simple-auth-authenticator:oauth2-password-grant',
    actions: {
      authenticate: function() {
        this._super().then(function() {
          // authentication succeeded
        },
        function(error) {
          // authentication failed
        });
      }
    }
  });

• Fixed a bug where the OAuth 1.0 authenticator would not try to refresh the token on restore in some situations, see #249.

0.6.3

• added new extension library
  Ember Simple Auth Torii
• Added support for
  OAuth 2.0 token revocation
  in the Ember Simple Auth OAuth 2.0 extension library, see #228
• The browserified distribution does not export the setup function anymore,
  see #235.
• All standard Ember methods that are defined in the mixins will now call
  this._super, see #232.

0.6.2

• The crossOriginWhitelist is now loaded from window.ENV correctly, see #218.