authboss v2.3.0 Release Notes

Release Date: 2019-03-30 // over 2 years ago
  • โž• Added

    • โž• Add VerifyPassword method to hide the bcrypt implementation details when authboss consumer code wants to verify the password out of band.
    • ๐Ÿ‘ ClientStateResponseWriter now supports the http.Hijacker interface if the underlying ResponseWriter does (thanks @tobias-kuendig)
    • DelAllSession is a new method called both by Expire and Logout (in addition to still calling DelKnownSession etc. as they do now) to ensure that conforming implementations of ClientStateReadWriter's delete all keys in the session.
    • Config.Storage.SessionWhitelistKeys has been added in order to allow users to persist session variables past logout/expire.

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fix bug where user's expiration time did not start until their first request after login.
    • ๐Ÿ›  Fix bug where expired users could perform one request past their expiration
    • ๐Ÿ›  Fix bug with missing imports (thanks @frederikhors)
    • ๐Ÿ›  Fix bug with inverted remember me checkbox logic
    • ๐Ÿ›  Fix validation not happening when user commences recovery

    ๐Ÿ—„ Deprecated

    • ๐Ÿ—„ Deprecated DelKnownSession for DelAllSession. DelAllSession should be implemented by existing ClientStateReadWriters in order to prevent session values from leaking to a different user post-logout/expire.