All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Rails 8 testing support (#80)
- Reinstated static code analysis checks in CI (#73)
- Add optional
on_login_successcallback (#90)
- Return boolean from
AccountTypes#student_account?(#91)
- Refresh access tokens before expiry (#89)
- Allow OmniAuth setup phase to be configured (#76)
- Add
RpiAuth::Models::Roles#parsed_roles(extracted from experience-cs) (#87) - Add
RpiAuth::Models::AccountTypes#student_account?(extracted from experience-cs) (#87)
- Fix requiring of oauth2 to avoid
NoMethodError: undefined method 'config' for module OAuth2(#86)
- Add access token-related functionality including auto-refresh (#83)
- Fix use of
User#expires_atinSpecHelpers#stub_auth_for(#82)
- Support for Ruby 3.3 (#78)
- Load error when using Rake (#77)
- Don't use cached user if session has been reset (#79)
- Support for Ruby 2.7 (#78)
- Test controller/view to allow apps to log in without having to interact with the RPF Global Nav component. (#70)
session_keys_to_persistconfig option to allow for specific session keys to be persisted across logins (since logging in will reset the session: https://guides.rubyonrails.org/security.html#session-fixation-countermeasures)
v1_signupparam as it is no longer needed (https://github.com/RaspberryPiFoundation/profile/pull/1512)
- Add country attribute to
Authenticable(#60)
- Allow for customisation of returnTo param on log out (#56)
- Allow
success_redirectto be configured as a block that is executed in the context of the AuthController (#57)
- Altered default value of the
issuerto track theauthorization_endpointrather than thetoken_endpoint(#54)
- Ensure
redirect_uriis set in the OpenID Connect configuration (#53)
- Replaced usage of omniauth-rpi strategy with omniauth_openid_connect (#51)
- Added dummy route for
/auth/rpito add path helperrpi_auth_login(#44) - Request and routing specs inside the "dummy" testing app (#44)
- Refactored
RpiAuth::AuthenticationHelperinto a concern RpiAuth::Controllers::CurrentUser (#44) - Refactored
RpiAuth::Models::Authenticatableto fix "include"/"extend" issues (#44) - Refactored
RpiAuth::AuthController#callbackto reduce its complexity (#44) - Refactored how auth bypass is enabled (#44)
- OmniAuth origin parameter name set as
returnTo(#47)
- Bump rack from 2.2.4 to 2.2.7 (#49)
- Bump globalid from 1.0.0 to 1.1.0 (#48)
- The
brandparameter can now optionally be set (for use by the Profile application)
- Make
RpiAuth::Models::Authenticatableextendable to support additional methods and attributes in theuser_model.
- Removed default setting of
success_redirect = '/'in RpiAuth config
- omniauth-rpi gem updated to fix nil user ID in returned user object
- Defaults to setting the
user_idparam on the model rather than id (so that the application can use an internal ID structure for the user model).
- Updates Omniauth-rpi to latest version (fixing a bug where the returbed uid was empty)
- Rails 7 / Ruby 3.1 support (these are the only officially supported versions)
- omniauth-rpi strategy to auth via Hydra1
- include omniauth rails csrf protection
- configuration to allow setting endpoints and credentials for auth
- rails model concern to allow host app to add auth behaviour to a model
- callback, logout and failure routes to handle auth