* added banner
* Changed banner image allignment
* changed location of banner again
* added to acknowledgement
* added to acknowledgement 1
* changed image size
* k
* l
* s
* s
* .
* added link to the banner in readme.md
* fixed image redirect
* fixed image allignment
* made changes in readme and index.js
* Changed the source of the banner image
* added banner to the footer of the site
* chore(deps): add next and react to dev dependencies
* chore: move build configs to avoid crash with next dev
* chore: add next js dev app
* chore: remove .txt extension from LICENSE file
* chore: update CONTRIBUTING.md
* chore: watch css under development
* style(lint): run linter on index.css
* chore: fix some imports for dev server
* refactor: simplify client code
* chore: mention VSCode extension for linting
* docs: reword CONTRIBUTING.md
* chore: ignore linting pages and components
Full end-to-end integration tests for Twitter (OAuth 1) and GitHub (OAuth 2) using Puppeteer and Mocha.
This replaces Cypress tests due to issues with Cypress not being able to run tests against external URLs, which we need for our integration tests.
The integration test runner is hosted outside of GitHub Actions (it cannot be hosted by GitHub or on AWS due to IP access controls placed on sign in by providers like Twitter and GitHub) and so the integration tests may not pass if the test runner is offline. If this happens, tests can be re-run later when the test runner is available.
See Pull Request #641 for details.
* Add cypress, testing-library/cypress and server dev helper to package dev dependencies
* Add initial signin test and placeholder cypress files
* Add initial signout tests
* Add initial verify-request test
* Move page-only tests into a 'pages' directory
* Add an invalid email signup workflow test
* Use home-page sign in button for email workflow
* Some tests to check that clicking the button takes the user to the correct OAuth page (warning: fragile!)
* Add a couple of npm scripts to make it easier to run/ developer e2e tests
Co-authored-by: Iain Collins <me@iaincollins.com>
* Uses `require_optional` and `peerOptionalDependencies` instead of dynamic import to resolve issue some users have experience with using using compliers/bundlers (especially on starter projects) that don't handle dynamic imports well.
This should (hopefully) also make it easier to support older versions of Internet Explorer by avoiding bundlers that choke on dynamic imports unless MongoDB is included as a dependancy (even though it's not code they need to compile).
We use `require_optional` to load `ObjectID` conditionally, if NextAuth.js is using MongoDB. This is also exactly how the MongoDB driver itself loads the ObjectID from the `bson/bson-ext` module.
Should resolve#251
* The default name for the TypeORM connection is now 'nextauth' instead of 'default'.
This should help people avoid problems with connection re-use when not using serverless (including in local development), especially if they are doing things with their default connection that differ from whats expected by NextAuth.js (like not using UTF-8 for encoding or UTC timezones).
* Now uses connection manager object from the connection, to allow a custom TypeORM connection name to be specified (resolves#459).
Working implementation (with limited key length and no exp check) using node-jose from Cisco.
I want to compare it panva/jose which has more features before building it out.
Not a breaking change, just a refactor!
* Removes dependency on external library
* Resolves problem of messy logic in models and transform by putting it all in a naming strategy
* No change to table / collection schemas!
## Database
- [x] Databases are now optional - useful with OAuth + JWT if you only need access control
- [x] Updated documentation and added example code for custom database adapters
## JWT
- [x] JWT option is now an object that groups JWT related options together (was a boolean)
- [X] Refactored JWT lib and add AES encryption / decryption as well as signing / verification
- [x] Allows JWT encode/decode methods to be overridden as options
- [x] Contents of JWT can easily customised - without needing to use custom encode/decode
- [x] Exported JWT methods so they can be called from custom API routes
- [x] Updated documentation for new JWT options
## Sessions
- [x] All session options (eg. `maxAge`, `updateAge`) now grouped under single `session` option
- [x] Using JWT for sessions is now enabled from session object (`session.jwt: true`)
- [x] All options involving time now use seconds (instead of milliseconds) for consistency
- [x] Added option to customise the Session object that is returned from `/api/auth/session`
- [x] Update documentation for new Session options
## Other improvements
- [x] Added `allowSignin()` option to control what users / accounts are allowed to sign in
- [x] Refactored `callbackUrlHandler()` - this option is now called `allowCallbackUrl()`
- [x] Minor improvements to NextAuth.js client API methods
- [x] Minor to NextAuth.js API routes
- [x] Minor improvements to built-in error pages
- [x] Refactored database models
All tables now include a `created` column for each row which contains the `datetime` of when the row (e.g. User / Account / Session) was created.
Additionally, sessions now use the name 'expiry' for the expiry `datetime` value for consistency with other models.
These changes fix compatibility issues with common SQL databases including MySQL, MariaDB and Postgres.
* Fixes#147 - datetime now ANSI SQL timestamp
* Fixes#160 - AccessToken and RefreshToken type change from varchar to text
* Adds Docker Compose files to make it easier to test database integration.
TODO:
* Update documentation with configuration examples and latest compatibility info
* Create DB URI parser (currently only object config works)
* Database table/collection name prefix (will default to `next-auth_`)
* MongoDB support
MongoDB has some issues which mean it will require additional work and refactoring to support (while preserving SQL DB support, which is important).
It's going to take some thinking about to get right; MongoDB support might have to be dropped from 2.0 (and follow in a subsequent release) but I'm going to review options and consider the impact before making a call.
* Added email verification adapater methods
* Added support on sign in page for email providers
* Added check email page
* Added SMTP transport to send email messages
Includes refactoring of model and handlers for the email verification flow.
Twitch recently made breaking changes to their oAuth API.
It no longer works like other oAuth 2 providers. The documentation for it is extensive, but poor quality.
This update still has intermittant problems, but as far as I can make out the problem is the API; they have completed their roll out to 100% but it's still failing sometimes.
* Run `npm run lint` to find (and where possible, fix) linting issues.
* Includes some minor refactoring, including directory structure for adapters and models, so that code for an adapter and the models for it sit together.
Background:
I've added elint to try and ensure a consistent style and to uncover hidden bugs.
I don't actually care much about what the rules are, it's just helpful to have a baseline.
If it's hard to get code to be compliant, I would rather we just disable a rule in that block of code until we can figure it out and am totally fine with that.
I'd much prefer that than the chore of maintaining a custom set of rules, which is why I just picked Standard JS.
Unfortunately, there is quite a lot that doesn't match the Standard JS format at this point, so this is going to be a big PR.
The file size has gone down in quite a few places, which is nice. I think it may have uncovered potential bugs.
I've run through the flow and everything seems to work as before, though it took some debugging after refactoring.
I have not yet added eslint to a commit hook and am in two minds about that.
This is an open source project and I'd like to make it easy to maintain, but also to have as low a barrier to entry as possible for contributors.
I'm happy to go with encouraging folks to run the linter and try to fix errors they find and to take on the work of wrangling any issues myself.
