| 1 | # Changelog
|
| 2 | All notable changes to this project will be documented in this file.
|
| 3 |
|
| 4 | The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
| 5 | and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
| 6 |
|
| 7 | ## [Unreleased]
|
| 8 |
|
| 9 | ## [0.7.0] - 2023-11-27
|
| 10 | ### Changed
|
| 11 | - Set `req.authInfo` by default when using the `assignProperty` option to
|
| 12 | `authenticate()` middleware. This makes the behavior the same as when not using
|
| 13 | the option, and can be disabled by setting `authInfo` option to `false`.
|
| 14 |
|
| 15 | ## [0.6.0] - 2022-05-20
|
| 16 | ### Added
|
| 17 | - `authenticate()`, `req#login`, and `req#logout` accept a
|
| 18 | `keepSessionInfo: true` option to keep session information after regenerating
|
| 19 | the session.
|
| 20 |
|
| 21 | ### Changed
|
| 22 |
|
| 23 | - `req#login()` and `req#logout()` regenerate the the session and clear session
|
| 24 | information by default.
|
| 25 | - `req#logout()` is now an asynchronous function and requires a callback
|
| 26 | function as the last argument.
|
| 27 |
|
| 28 | ### Security
|
| 29 |
|
| 30 | - Improved robustness against session fixation attacks in cases where there is
|
| 31 | physical access to the same system or the application is susceptible to
|
| 32 | cross-site scripting (XSS).
|
| 33 |
|
| 34 | ## [0.5.3] - 2022-05-16
|
| 35 | ### Fixed
|
| 36 |
|
| 37 | - `initialize()` middleware extends request with `login()`, `logIn()`,
|
| 38 | `logout()`, `logOut()`, `isAuthenticated()`, and `isUnauthenticated()` functions
|
| 39 | again, reverting change from 0.5.1.
|
| 40 |
|
| 41 | ## [0.5.2] - 2021-12-16
|
| 42 | ### Fixed
|
| 43 | - Introduced a compatibility layer for strategies that depend directly on
|
| 44 | `passport@0.4.x` or earlier (such as `passport-azure-ad`), which were
|
| 45 | broken by the removal of private variables in `passport@0.5.1`.
|
| 46 |
|
| 47 | ## [0.5.1] - 2021-12-15
|
| 48 | ### Added
|
| 49 | - Informative error message in session strategy if session support is not
|
| 50 | available.
|
| 51 |
|
| 52 | ### Changed
|
| 53 |
|
| 54 | - `authenticate()` middleware, rather than `initialize()` middleware, extends
|
| 55 | request with `login()`, `logIn()`, `logout()`, `logOut()`, `isAuthenticated()`,
|
| 56 | and `isUnauthenticated()` functions.
|
| 57 |
|
| 58 | ## [0.5.0] - 2021-09-23
|
| 59 | ### Changed
|
| 60 |
|
| 61 | - `initialize()` middleware extends request with `login()`, `logIn()`,
|
| 62 | `logout()`, `logOut()`, `isAuthenticated()`, and `isUnauthenticated()`
|
| 63 | functions.
|
| 64 |
|
| 65 | ### Removed
|
| 66 |
|
| 67 | - `login()`, `logIn()`, `logout()`, `logOut()`, `isAuthenticated()`, and
|
| 68 | `isUnauthenticated()` functions no longer added to `http.IncomingMessage.prototype`.
|
| 69 |
|
| 70 | ### Fixed
|
| 71 |
|
| 72 | - `userProperty` option to `initialize()` middleware only affects the current
|
| 73 | request, rather than all requests processed via singleton Passport instance,
|
| 74 | eliminating a race condition in situations where `initialize()` middleware is
|
| 75 | used multiple times in an application with `userProperty` set to different
|
| 76 | values.
|
| 77 |
|
| 78 | [Unreleased]: https://github.com/jaredhanson/passport/compare/v0.6.0...HEAD
|
| 79 | [0.6.0]: https://github.com/jaredhanson/passport/compare/v0.5.3...v0.6.0
|
| 80 | [0.5.3]: https://github.com/jaredhanson/passport/compare/v0.5.2...v0.5.3
|
| 81 | [0.5.2]: https://github.com/jaredhanson/passport/compare/v0.5.1...v0.5.2
|
| 82 | [0.5.1]: https://github.com/jaredhanson/passport/compare/v0.5.0...v0.5.1
|