0.6.6

• [BREAKING]: The OAuth 2.0 authenticator's serverTokenRevocationEndpoint property has been renamed to serverTokenRevocationEndpoint ("k" to "c").
• The new UnauthenticatedRouteMixin mixin can be used for routes that do not allow the session to be authenticated like the login route, see #236.
• The localStorage store's localStorageKey property can now be configured, see #300.
• The AuthenticatedRouteMixin and UnauthenticatedRouteMixin will now check for infinite redirection loops, see #293.
• The cookie store now sets path=/ for its cookies so that there is only one Ember Simple Auth cookie per application, see #288.
• The browserified distribution does not correctly export the test helpers, see #283.
• authorizationFailed will now only be triggered for requests that were actually authenticate by Ember Simple Auth, see #271.
• Fixed a bug that prevented the browserified version from being used in older versions of Internet Explorer, see #266.

Note if you're using the Ember CLI Addons

You now need to run the package's generator after installing the addon, e.g.:

ember generate ember-cli-simple-auth-oauth2

You also do not need to install the base library explicitly anymore if you're using on of the extension libraries as that's now automatically installed as a dependency.

0.6.5

This was messed up - please use 0.6.6...

0.6.4

• The new package ember-simple-auth-testing was added that contains test helpers that simplify testing of authenticated routes, e.g.:

  test('a protected route is accessible when the session is authenticated', function() {
    expect(1);
    authenticateSession(); // <--
    visit('/protected');
  
    andThen(function() {
      equal(currentRouteName(), 'protected');
    });
  });

• Ember Simple Auth now allows to define a custom session class which e.g. makes adding custom methods to the session much simpler, e.g.:

  App.CustomSession = SimpleAuth.Session.extend({
    account: function() {
      var accountId = this.get('account_id');
      if (!Ember.isEmpty(accountId)) {
        return this.container.lookup('store:main').find('account', accountId);
      }
    }.property('account_id')
  });
  …
  container.register('session:custom', App.CustomSession);
  …
  window.ENV['simple-auth'] = {
    session: 'session:custom',
  }

• A race condition was fixed that could have broken synchronization of multiple tabs or windows, see #254. The stores will now only store one cookie, one localStorage key etc. holding a JSON representation of the session's data instead of one cookie, localStorage key etc. per property. This change includes 2 breaking changes:

  • The cookie store's cookieNamePrefix property is now just cookieName as there's only one cookie now.
  • The localStorage store's keyPrefix property is now just key as there's only one key now.

• The session will now persist custom content that is assigned manually without the authenticator, see #260.

• A bug was fixed that caused session events to trigger multiple action invocations when the application was started via a deep link to an authenticated route, see #257.

• The AMD distribution does no longer require the Ember global but will try to require it with require('ember') if the global does not exist, see #255.

• The used Ember Simple Auth libraries and their respective will now be logged on application startup together with the Ember core libraries, e.g.:

  [Debug] DEBUG: -------------------------------
  [Debug] DEBUG: Ember                       : 1.6.1
  [Debug] DEBUG: Handlebars                  : 1.0.0
  [Debug] DEBUG: jQuery                      : 1.9.1
  [Debug] DEBUG: Ember Simple Auth           : 0.6.4
  [Debug] DEBUG: Ember Simple Auth OAuth 2.0 : 0.6.4
  [Debug] DEBUG: -------------------------------
  

• The LoginControllerMixin's authenticate action now returns the promise returned by the session so that controllers can use that to handle successful authentication or authentication errors, e.g.:

  App.LoginController = Ember.Controller.extend(SimpleAuth.LoginControllerMixin, {
    authenticator: 'simple-auth-authenticator:oauth2-password-grant',
    actions: {
      authenticate: function() {
        this._super().then(function() {
          // authentication succeeded
        },
        function(error) {
          // authentication failed
        });
      }
    }
  });

• Fixed a bug where the OAuth 1.0 authenticator would not try to refresh the token on restore in some situations, see #249.

0.6.3

• added new extension library
  Ember Simple Auth Torii
• Added support for
  OAuth 2.0 token revocation
  in the Ember Simple Auth OAuth 2.0 extension library, see #228
• The browserified distribution does not export the setup function anymore,
  see #235.
• All standard Ember methods that are defined in the mixins will now call
  this._super, see #232.

0.6.2

• The crossOriginWhitelist is now loaded from window.ENV correctly, see #218.

0.6.1

• [BREAKING] All factory properties that previously had a "Factory" suffix
  have been renamed to not include the suffix anymore. If you're currently
  setting storeFactory or authorizerFactory in the configuration be sure to
  change these to store and authorizer. Also change authenticatorFactory
  in the login controller to authenticator.
• The file names of the download distribution have been changed to have the
  "ember-" prefix again.

0.6.0

• [BREAKING] Ember Simple Auth's SimpleAuth object is no longer attached to the Ember global but is now a global itself (in the browserified distribution that exports that global). When you were referring to e.g. Ember.SimpleAuth.ApplicationRouteMixin you now have to change that to just SimpleAuth.ApplicationRouteMixin.
• [BREAKING] The "namespace" for all components that Ember Simple Auth registers in Ember's container has been changed from 'ember-simple-auth-' to just 'simple-auth-'.
• [BREAKING] The names of the distributed files has changed from "ember-simple-auth-…" to "simple-auth-…".
• [BREAKING] The requirement for defining an initializer and call SimpleAuth.setup in that has been dropped. Ember Simple Auth will now setup itself once it is loaded. Existing Ember Simple Auth initializers should be removed.
• [BREAKING] As SimpleAuth.setup was removed there now is a new way to configure Ember Simple Auth. Instead of passing configuration values to the setup method, these values are now defined on window.ENV['simple-auth'](and window.ENV['simple-auth-oauth'] etc. for the extension libraries). See the API Docs for Configuration for more information.
• [BREAKING] All underscores have been replaced with dashes in filenames. This only affects users that were using the AMD build.
• [BREAKING] The AMD builds are no longer distributed in the 'amd/' subfolder but in the root level along with the browserified versions.
• The ApplicationRouteMixin now subscribes to the session's events in the beforeModel method, see #199.
• Added documentation on how to disable server sessions when using the Devise extension library, see #204.
• The authorizer will not be used if it is destroyed already, see #191.
• The check for cross origin requests has been simplified, see #190.
• Most of the examples in the READMEs and API docs have been rewritten to focus on Ember CLI and ES6 modules instead of the browserified distribution.
• The cookie store example now implements "remember me" functionality.
• There is a new example that uses the AMD distribution.

0.5.3

• Cleaned up the AMD structure so it can better be used with ember-cli, see #189 (all files export the default export now).
• Fixed the AMD build so it does not depend on the Ember.SimpleAuth global, see #183.
• Added an example for the devise extension library, see #188.

0.5.2

• The ApplicationRouteMixin now uses the configured session property name, see #184.
• The ApplicationRouteMixin will not try to invalidate a session that is not authenticated and thus cannot be invalidated, see #185.

0.5.1

• The OAuth 2.0 authenticator does not schedule automatic token refreshs in the test environment anymore, see #181.