0.7 Release

[ekryski]

This PR has a bunch more bug fixes and some pretty critical security fixes

• Lock down cookie ([Security] JsonWebToken Lifecycle Concerns; Set HttpOnly = true in JWT cookie #132)
• Add unit tests for cookie options
• can now use default redirect routes with a custom handler (Want the default success/fail routes, not the sendFile #121)
• Add middleware tests for successfulLogin
• Add middleware tests for failedLogin
• Prevent emitting auth service events ([security] Generated tokens are broadcast to all socket clients (by default) #126)
• Add tests to make sure auth service events are not fired
• RestrictToOwner hook needs to throw an error (restrictToRoles hook needs to throw an error and not scope the query #128)
• RestrictToRoles hook needs to throw an error (restrictToOwner hook needs to throw an error and not scope the query #127)
• OAuth user profile should be updated ([oAuth] User profile should be updated every time they are authenticated #124)
• All hooks should support internal usage passthrough (Make all hooks optional if used internally #138)
• Clear cookie on logout (Logout should clear the cookie #122)
• Update docs, examples and generator
• de-auth socket on logout (logout should de-authenticate a socket #136)
• get logout integration tests working
• Move to bcryptjs instead of native brcrypt
• Removes ability to authenticate with the cookie that is used to transmit the JWT to the client

[daffl]

It's like your dad's JWT 😉

[marshallswain]

Yep. JWT on punch cards.

[ekryski]

LOL. Man I always make that typo. Cracks me up every time.

[ekryski]

Ok this is good to go! Just need to merge some docs PRs and update the generator to use the restrictToAuthenticated hook.

[ekryski]

This isn't actually broken it just depends on feathersjs-ecosystem/feathers-hooks#64.