3.0.0-beta.2

Full Changelog: 3.0.0-beta.1...3.0.0-beta.2

3.0.0 Beta 1

New authentication library aimed at providing a lightweight and safe set of utilities for dealing with authentication. Currently supports:

• Password hashing (with provided PasswordHasher protocol and implementations for plaintext hashing (for testing) and bcrypt)
• OTP functionality - copied over from the main Vapor repo

What's Changed

• add HeaderValueAuthenticatable by @mattpolzin in #62
• Vapor 4 note by @EricWVGG in #71
• Vapor Authentication 3 by @0xTim in #73

New Contributors

• @mattpolzin made their first contribution in #62
• @EricWVGG made their first contribution in #71

Full Changelog: 2.0.3...3.0.0-beta.1

Auth 2.0.4

Fixed:

• Session authentication middleware now correctly short-circuits if authentication already succeeded (#68, #69)

Auth 2.0.3

Fix issue where people taking the latest release would get compile errors from pulling in incorrect Vapor version

Auth 2.0.2

Fixed:

• Fixed an issue where a new, empty session would be created after unauthenticating a user and destroying the session at the same time. (#60, #59)

Auth 2.0.1

Fixed:

• Moved HTTP bearer and basic auth helpers to vapor/http package. (#54)
• req.unauthenticate(...) now correctly destroys session. (#52)

Auth 2.0.0

Auth 2.0 is here 🎉
👤 Authentication and Authorization framework for Fluent (Authorization coming soon).

The Auth API Template has also been updated:

vapor new Hello --template=auth-template

Docs:
https://docs.vapor.codes/3.0/auth/getting-started/

API Docs:
https://api.vapor.codes/auth/latest/Authentication

Auth 2.0.0 RC 5

Fixed:

• Updated to latest Fluent RCs.

Auth 2.0.0 RC 4.1

Fixed:

• Token authentication middleware no longer throws if not authenticated. (#42)
• Fixed an issue where UserIDType typealias was required. (#41)

Auth 2.0.0 RC 4

New:

• Added GuardAuthenticationMiddleware. Authentication middlewares will no longer fail if they cannot authenticate a user. This allows the package's middlewares to be composed together to do multiple authentication types on a single route.

Use Authenticatable.guardAuthMiddleware() to restore this error throwing behavior.

let protected = router.grouped(
    User.basicAuthMiddleware(...),
    User.guardAuthMiddleware()
)
protected.get("test") { req in
    return "This route is protected"
}

note: calling requireAuthenticated will always throw an error if User is not authed, regardless of the presence of GuardAuthenticationMiddleware.

Fixed:

• Authenticatable protocols have had Model requirements removed. Free conformance still applies where Model conformance exists.
• Crypto module is now being exported by default.

Milestone:
2.0.0-rc.4