SecureSocial

Change Log

This is the change log for the SecureSocial 2 version. Check the 1.x branch if you're interested in SecureSocial 1.

2.1.4 - 2014-08-08

  • Updated GoogleProvider to use the new Google endpoints. See here for more information.

2.1.3 - 2014-01-23

  • Change registrationDisabled to registrationEnabled (thanks @hugogoncalves)
  • Hide sign up link when Registration provider is disabled (thanks @hugogoncalves)
  • Fixed: ProviderController.toUrl was not using the session returned by the event handler
  • Added onPasswordChangeGoTo option (thanks @fernandoacorreia)
  • Disabled Registration feature (thanks @c-schmitt)
  • Fixed: PasswordResetEvent does not have updated password
  • Fixed typos in readme and docs (thanks @fayimora, @fernandoacorreia, @nelsonblaha)
  • Minor doc updates (thanks @dnephin)
  • Added traditional Chinese message file (thanks @yuchuan1)
  • Fixed password change with multiple hashers (thanks @FabienPennequin)
  • Fixed compiler warnings
  • Improved SecureSocial.currentUser to avoid the UserService.find call if the request has the user already
  • Added expiration to Cache.set calls

2.1.2 - 2013-11-01

  • Fixed example for view customization docs (thanks @yankov)
  • Enable retrieving email address from LinkedIn (thanks @targeter)
  • Added strings to securesocial.conf in demos (thanks @alanrodas)
  • Added idLengthInBytes property to customize the length of session ids (based on changes by @mkubala)
  • Improved RoutesHelper to handle multiple assets properly (based on changes by @danielkza)
  • Fixed typo in example config (thanks @dhruvbhatia)
  • Translation for Dutch (thanks @gerbrand)
  • Add indication to register event listeners in play.plugins (thanks @OlivierBlanvillain)
  • Added OAuth2 provider for LinkedIn (thanks @gmethvin)
  • Upgraded to Play 2.2
  • Updated docs to reflect API changes done for 2.1.1

2.1.1 - 2013-08-08

  • Renamed class name UserId to IdentityId (breaks backwards compatibility)
  • Renamed id field in UserId to userId (breaks backwards compatibility)
  • Renamed id field in Identity to identityId (breaks backwards compatibility)

2.1.0 - 2013-08-08

  • Upgraded to Play 2.1.3
  • Added a enableRefererAsOriginalUrl property to enable/disable the use of the referer as the originalUrl since this was causing issues for some people (defaults to false). This is a temporary until a final solution is developed.
  • Use referer if originalUrl is not available when the login/signup page is hit (thanks @magro)
  • Fixed: Facebook login error when using the publish_stream scope (thanks @fedefrappi)
  • Fixed: make minimum default password length to 8 (thanks @wsargent)
  • Fixed: ClassCastException on application reload (dev mode) when using Events (thanks @magro)
  • Added: Serve the login page using SSL (thanks @magro)
  • Fixed: Do not prevent login on missing google profile info (thanks @chazmcgarvey)
  • Fixed: NoSuchElementException in FoursquareProvider (thanks @thesmith)
  • Moved RequestWithUser outside the SecureSocial controller
  • Allow overriding Registration step redirect targets. (thanks @magro)
  • Added the email to the flash messages in Registration.handleStartSignUp (thanks @magro)
  • Added support for plain text, html and multipart emails in TemplatesPlugin (thanks @magro)
  • Made SecureSocial compatible with Play 2.1 [master branch, 2.0.x branch is for Play 2.0 versions now].

2.0.12 - 2013-02-25

  • clean securesocial values after login from the session
  • renamed keys used in session
  • Added a makeTransient property for the authenticator cookie.
  • Fixed: absolute timeout was not being picked up from the conf file
  • Fixed wrong logout implementation
  • Made SecureSocial compatible with Play 2.1 [master branch, 2.0.x branch is for Play 2.0 versions now].

2.0.11 - 2013-02-22

  • Chanded Build.scala files to use the Typesafe community repository.
  • Renamed ResetPasswordEvent to PasswordResetEvent.
  • Made vals in RoutesHelper lazy.
  • Added password change, password reset and sign up events
  • Added IdGenerator and AuthenticatorStore plugins with their default implementations for the new authenticator cookie.
  • Introduced an authenticator cookie to track users. The Play session is not used anymore.
  • Fixed issue #144: Successful change password logs user out.
  • Fixed wrong package names for the XING, Foursquare and Instagram providers.
  • Fixed the error message for invalid token (thanks @playtypii).
  • Added Instagram Providers (thanks @poornerd).
  • Added Foursquare (tm) and XING Providers (thanks @poornerd).
  • Added VK provider (thanks @KonstantinGrigoriev).
  • Static files injection to SecureSocial (thanks @pvillega).
  • Option to auto-login after completing signup (thanks @platypii).

2.0.10 - 2013-02-06

  • Changed the save() method in UserService to return an Identity so that event callback implementations can receive Identity instances from custom classes.
  • Added an event API that can be used to track events(only login/logout yet). Scala only for now.

2.0.9 - 2013-01-25

  • The login action redirects the user to the app if he is already authenticated now.

2.0.8 - 2013-01-01

  • PasswordHasher and Password validator are abstract classes instead of traits now (simplifies Java integration).
  • Fixed: wrong LinkedIn key for getting fullName (thanks @chazmcgarvey).
  • Removed serviceInfo from OAuth1Info. That object can be retrieved from SecureSocial.serviceInfoFor method now.
  • Backward incompatible changes to the Java API: deleted AuthenticationMethod, OAuth1Info, OAuth2Info, PasswordInfo, SocialUser and UserId. This was required because after introducing the Identity trait I needed to make sure the user received his own object in the actions instead of a SocialUser instance. Even though there's not a Java equivalent, the Scala classes can be called from Java easily.
  • Added new message to messages file: securesocial.login.errorLoggingIn
  • Improved ProviderController.handleAuth to show an error if an error occurrs while logging the user in (eg: if the UserService.save implementation throws an exception)
  • Fixed: Identity providers were filling wrong provider id values
  • Added: UsernamePasswordProvider updates the user avatar if gravatar support is enabled now.
  • Added timeout for sessions (30 mins by default, use sessionTimeOut property to change).
  • Fixed: PasswordValidator was not being used in password reset
  • Fixed: When a token is expired the user is properly redirected to the sign up or reset pages now
  • Added enableTokenJob property to enable/disable the background job
  • Fixed method typo AuthenticationMethod: toScala.
  • Right http codes are returned for ajax calls now
  • New assetsController property to override the assets class in RoutesHelper. Needed when a custom Asset controller is used by the app.
  • Added hasher id to PasswordInfo
  • Added support for registering multiple PasswordHashers to allow upgrading the hashing algorithm.
  • Introduced Identity trait. SocialUser now implements it (this will allow developers to return their own user class from UserService.find methods)

2.0.7 - 2012-11-25

  • Added password change functionality
  • Changed SecureSocial.currentUser/userFromSession methods to support websockets (thanks @KimStevel for catching this)
  • Use HTTPS for avatar URL in the Facebook provider (thanks @chazmcgarvey)
  • Added documentation for password plugins
  • Added base class for Java based password hashers: BasePasswordHasher
  • Added PasswordValidator to allow customization of password rules/strength
  • Added DefaultPasswordValidator that enforces the length of passwords
  • Fixed a RuntimeException in the github provider (thanks @chazmcgarvey)
  • Changes to TwitterProvider: use of API 1.1 and https for the image avatar (thanks @chazmcgarvey)

2.0.6 - 2012-11-15

  • Fixed a problem where plugins were not being registered when Play recompiled the app
  • Added a scheduled task to delete expired signup/password reset tokens
  • Added tokenDuration and tokenDeleteInterval properties for userpass
  • Changed findByEmail to findByEmailAndProvider in UserService to make it clearer that both fields must match
  • Fixed bug: OAuth1Provider was clearing the session at login time (thanks @chazmcgarvey)

2.0.5 - 2012-11-14

  • Simplified installation by providing an ivy style repository.
  • Updated installation steps in the user guide.
  • Added a change log page to the docs.
  • Changed the assets directory for SecureSocial to avoid conflicts with apps using it.
  • Added Bootstrap to demo apps

2.0.4 - 2012-11-11

  • Improved signup flow (validates email before allowing registration)
  • Added reset password functionality
  • Added email notifications
  • Added a way to customise views & mails (TemplatesPlugin)
  • Added a setting to enable HTTPS in the URLSs for OAUTH callbacks and routes
  • Replaced displayName in SocialUser for firstName, lastName and fullName fields
  • Added RoutesHelper to build urls using the routes file of the app using the module
  • Added a user guide

2.0.3 - 2012-11-02

  • Fix to prevent not serializable exception in OAuth1Provider (thanks to @chazmcgarvey)

2.0.2 - 2012-09-24

  • Added GitHub provider
  • Changed FacebookProvider to use the new Facebook API (user picture)
  • Moved to Play 2.0.3
  • Fixed #71: Context not available in UserAwareAction

2.0.1 - 2012-06-22

  • Added LinkedIn provider

2.0.0 - 2012-06-05

  • Initial release of SecureSocial for Play 2 published
  • Facebook, Google and Twitter providers